Privacy Policy

Information XORA may process

• Account, profile, login, device, session, support, waitlist, invite, billing, subscription, and abuse-prevention records where applicable.
• Message-related metadata required for delivery, sync, safety, abuse prevention, and operational integrity.
• Selected content only when you choose features that require it, such as AI-assisted features, support, reports, or media workflows.

Translation, AI summary, and local models

XORA translation and AI summary features run only when requested. AI summary results are shown as summary cards without displaying original message text, and are not sent to other chat participants unless you explicitly share them. Server sidecar or fallback model processing must be transient and must not store message text in XORA databases, logs, analytics, crash reports, or training datasets.

Messaging and security

XORA is designed around encrypted delivery and privacy-preserving controls where available and enabled. Metadata may still be processed to operate, sync, protect, bill, support, and improve the service. Disappearing messages and capture controls reduce risk but cannot prevent every external copy or platform-level capture.

Legal requests and encrypted content

Where end-to-end encryption is active and XORA does not hold the keys, XORA is not able to decrypt protected message content. XORA may still provide limited retained metadata if lawfully required. See Legal Requests / E2EE Policy.

Account deletion and privacy choices

Accepted deletion requests have a 14-day grace period, and signing in again during that period cancels the request. XORA may retain limited records where required or permitted for security, fraud prevention, abuse prevention, legal compliance, billing disputes, or audit integrity.