Privacy Policy
Last updated: 8/16/2024
Overview
At Xeal, we believe that everyone has the right to Privacy, and specifically, should be able to exercise fine-grained control over how their personal information is used by our organization. In support of this belief, Xeal aspires to not only meet the requirements of the jurisdiction specific privacy legislation that applies to an individual, but also to extend a common set of rights which exceeds these requirements to everyone.This document describes how we do this, and how users of Xeal products and services can exercise those rights.
Scope
This policy applies to the entire Xeal organization, and all of our products and services. There are no exceptions.‘Xeal’ refers to the legal entity, EVE Energy Ventures, Inc (“us”, “we”, or “Xeal”), headquartered at 594 Broadway, Suite 805, New York, NY 10012. ‘Products and services’ are defined as any application developed by Xeal for use by our customers, and drivers who interact with Xeal chargers.
Xeal’s Role
Xeal collects personally identifiable information directly from you, for example, when you register for an account on the Xeal mobile application. This role is often referred to as a ‘data collector’.
Legal basis for collection of personally identifiable information
Xeal collects personally identifiable information only where it has a legal basis to do so. Typically, this is because you have expressed an interest in using a Xeal product or service, or attending a Xeal event, such as a webinar or conference, and therefore, we need to deliver the product to you, provide support or send event registration information.Xeal will not intentionally gather information from children under the age of 13.
Types of personally identifiable information collected
Xeal may collect the following types of personally identifiable information:
General personal information, such as full name, email address, mailing and billing addresses.
Credit card information (which is sent to our PCI-DSS compliant payment card processor).
Technical identifiers such as IP addresses, and mobile device ID.
Location data (identify user location, find nearby chargers, and have chargers communicate with the App while in the background).
Browser identifiers, such as user agent strings.
How Xeal uses personally identifiable information
There are three ways in which Xeal uses information collected:
To provide information about the service or product that you have signed up for. By sending you important information about your account, charging sessions, and performing billing functions.
To provide additional information about our company, including new and upcoming products that may be of interest to you.
To improve our existing products and services.
In all cases above, the information is used directly by Xeal, and is not shared with, or made accessible to any third parties.
How Xeal collects personally identifiable information
There are three ways in which Xeal may collect personally identifiable information:
Directly, and voluntarily, from you as a consumer of our products and services. For example, when you register to use our mobile application.
Directly, and autonomously, from your browser or device through visits to Xeal web properties. For example, through automated website analytics.
Indirectly, through third party entities who provide data to Xeal during the course of normal business operations. For example, a third party service provider Xeal has contracted to deliver a specific function, such as a payment service provider.
Disclosure of personal information
Xeal does not ‘sell’ personally identifiable data for direct financial benefit. Xeal may share personally identifiable information with its chosen service providers in support of our principal business operations, but all such relationships are governed by contractual relationships with those service providers, and are routinely vetted to ensure that they meet our strict security and privacy requirements.
Our subprocessors
Name | Address | Processing Purpose |
Amazon Web Services, Inc. | 410 Terry Avenue North, Seattle, WA 98109, USA | Hosting infrastructure |
Atlassian Pty Ltd. | 350 Bush Street Floor 13 San Francisco, CA 94104 | Support ticketing |
Gong, Inc. | 265 Cambridge Ave Ste 60717, Palo Alto, California, 94306 | Call recording |
Google, LLC (Google Workspace, Firebase Analytics, Google Analytics) | 1600 Amphitheatre Parkway Mountain View, CA 94043 United States | Corporate email hosting and website analytics |
Hubspot, Inc. | 2 Canal Park, Cambridge, MA 02141, United States | Customer relationship management |
Intuit Mailchimp | 405 N Angier Ave. NE, Atlanta, GA 30308 USA | Marketing Email Automation |
Mixpanel | One Front Street, 28th floor San Francisco, CA 94111 | Website analytics |
MongoDB, Inc. | 229 W. 43rd Street, 5th Floor, New York, NY 10036, USA | Hosting infrastructure |
Opinion Stage Ltd. | Zmora 8, Shoham, 6085000, Israel (data is hosted in Amazon Web Services, US Region) | Customer surveys |
Routable Inc. | 600 California Street, San Francisco, CA 94108, USA | Property payout management |
Salesforce.com, Inc. | Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105 | Customer relationship management |
Sentry (Functional Software, Inc) | 45 Fremont Street, 8th Floor, San Francisco, CA 94105 | Software crash reporting |
Stripe, Inc. | 354 Oyster Point Blvd South San Francisco, CA 94080 | Payment processing |
Twilio, Inc. (Twilio SMS and Sendgrid) | 375 Beale St Suite 300, San Francisco, CA 94105 | Email and SMS transmission |
ZenLeads Inc. d/b/a Apollo.io | 599 2nd Street San Francisco, CA 94107, United States | Customer relationship management |
Responding to legal requests for information
Xeal may disclose personally identifiable information as is necessary:
To comply with a subpoena or court order.
To cooperate with law enforcement or other government agencies.
To establish or exercise our legal rights.
To protect the property or safety of our company and employees, contractors, vendors, suppliers, and customers.
To defend against legal claims.
To help with internal and external investigations.
Security of personally identifiable information
Xeal has a dedicated information security team that works to ensure that appropriate safeguards and controls are applied to any data collected by Xeal. The security team has input into all aspects of Xeal’s operations, including the development of hardware and software products, as well as setting company-wide policies and performing operational security monitoring. When collecting personal information over the Internet via our websites, all transmissions occur via connections encrypted with Transport Layer Security (TLS). The Xeal application and supporting services are hosted in a leading Infrastructure-as-a-Service environment, which is routinely audited against a variety of data security and compliance standards, including SOC II, and ISO 27001. Payment card data is processed by a third party service provider that has been audited against the Payment Card Industry Data Security Standard (PCI-DSS).
Storage and transfer of personally identifiable information
All personally identifiable information collected by Xeal is processed and stored in the United States.
Retention of information
Retention of certain financial and transactional records associated with Xeal generally happens for financial reporting reasons, or to allow us to identify the owner of a given product to provide support. In these cases, such records are retained for 7 years.
Your rights in regards to personally identifiable information
Xeal extends a common set of rights to everyone in regards to how we leverage personally identifiable information. These rights are as follows:
Right to access - you can request a copy of your personally identifiable information held by Xeal. Upon appropriately validating your identity, Xeal will submit a copy, in a legible format, of all personally identifiable data collected in the preceding 12 month period within 30 days of receiving the request.
Right to rectification - in addition to being able to update your Xeal user account directly, you can make a written request to Xeal to update personally identifiable information held about you.
Right to erasure (or right to be forgotten) - you can request that Xeal erase (‘delete’) personally identifiable elements of data from our systems, and we will do so with consideration for any overriding local, state or federal laws. The most likely outcome of this right is to no longer receive Xeal marketing materials. Xeal does retain the right to remember that we’ve been asked to forget you.
Right to restrict processing - You have the right to request that Xeal restrict the processing of your personally identifiable information, under certain conditions.
Right to object to processing - You have the right to object to Xeal processing your information, under certain conditions.
Right to data portability - you have the right to request that Xeal transfer your data directly to you, or to another entity. Xeal will do so providing we can do so securely.
Exercising privacy rights
In order to make a request to exercise any of the rights listed above, you must contact Xeal’s privacy team via email to privacy@xealenergy.com.Xeal will respond to any privacy requests received here within 30 calendar days. Xeal will not disclose, update, or otherwise alter personally identifiable information, unless we can satisfactorily authenticate and identify the subject making the request.
Notice regarding use of Cookies
Xeal, like many other organizations, will store session information (often called “Cookies”) in your browser that will help Xeal to identify information such as browsing activity, IP addresses and page view order. You do have the option to not use these Cookies; the majority of browsers will have a “help” tool that will help you to prevent Cookies if you want to, but Xeal recommends you keep Cookies active as it will provide a better user experience on Xeal’s websites.
Notice to California residents
Xeal operates in accordance with the California Consumer Privacy Act (CCPA), and as such, this policy has been designed to incorporate the specific requirements laid out within the CCPA. We’re committed to protecting the rights of California residents who leverage the Xeal platform, and encourage California residents to contact us to exercise those rights using the mechanism described in the ‘making a privacy request’ section above. Xeal will not discriminate against individuals who exercise their rights under the CCPA.
Categories of personal information collected
Xeal collects the following categories of information, as defined under the CCPA:
Identifiers
Commercial Information
Geolocation data
Inferences about personal preferences and attributes drawn from profiling
Do not sell my information
Since Xeal is not involved in the sale of personal information to third parties for financial gain, we do not maintain a separate opt-out page, in accordance with the CCPA. Authorized Agents A California customer may use an authorized agent to make a CCPA privacy request on the customer’s behalf. To make a request on behalf of a Xeal customer, the authorized agent must first provide a copy of either (a) a letter signed by the customer authorizing the agent to submit a CCPA request on their behalf, or (b) a valid power of attorney issued pursuant to California Probate Code sections 4000 to 4465. An authorized agent must email one of these documents to privacy@xealenergy.com and include a phone number where the agent may be reached during regular business hours.
Information disclosed for business purposes
Over the preceding 12 months, Xeal has disclosed personally identifiable information to its service providers to support the following business activities:
Auditing
Auditing legal and regulatory compliance
Security
Debugging
Identifying and fixing technical errors
Short-term uses
Performing services
Account maintenance
Customer service
Processing transactions
Marketing
Notice to Nevada Residents
We do not sell your personal information as defined under Nevada law. Please contact us if you have any questions or comments in this regard. Nevada law requires us to disclose that you may request to be placed on Xeal’s internal “do not call” list at any time by calling Xeal, and that we are providing this notice to you pursuant to state law, and that you may obtain further information by contacting the Nevada Attorney General, 555 E. Washington Ave., Suite 3900, Las Vegas, NV 89101; phone 702-486-3132; email BCPINFO@ag.state.nv.us.
Notice to Vermont Residents
In accordance with Vermont Laws, we will not share information we collect about Vermont residents with companies who are not affiliates, except as permitted by law, such as with your consent or to service your accounts. We will not share information about your creditworthiness with our affiliates without your authorization or consent, but we may share information about our transactions or experiences with you with our affiliates without your consent.
Notice to European Union and United Kingdom Residents
Xeal currently provides services to customers located solely in North America. The Site and service are directed at an audience in North America only. We do not envision offering products or Services to citizens or visitors of the Member States of the European Union. We also do not monitor their behavior as contemplated in the General Data Protection Regulation (GDPR) and guidance provided by the European Data Protection Board. We make no representation that any of the materials or the services to which you have been given access are available or appropriate for use in other locations. Your use of or access to the Site should not be construed as Xeal purposefully availing itself of the benefits or privilege of doing business in any jurisdiction other than North America.
Updates to this policy
Xeal may update this privacy policy from time to time and is committed to ensuring the latest version of it is publicly available. Please refer to the ‘last updated’ date at the beginning of this policy.