Last updated: 13 May 2026
Data Processing Policy
This document is provided for transparency and product operation purposes. It is not legal advice.
1. Introduction
This Data Processing Policy explains how Xfatora processes customer business data and personal information submitted to Xfatora services. It helps customers understand responsibilities related to business records, users, permissions, support, security, retention, exports, and deletion.
2. Roles
For customer business data entered into Xfatora, the customer usually determines what data is collected, why it is processed, who can access it, how long it is kept, and how it is used. Xfatora processes that data to provide the service, maintain security, support users, troubleshoot issues, perform backups, improve reliability, and fulfill contractual obligations.
3. Categories of processed data
Xfatora may process user account and contact details, customer and supplier records, lead and sales records, quotation and invoice records, accounting and tax records, inventory and procurement records, project and timesheet records, employee and payroll records, attendance and leave records, helpdesk and warranty records, asset and fleet records, logistics and manufacturing records, survey and goals records, attachments, comments, audit trails, logs, exports, and configuration settings.
4. Processing purposes
Xfatora processes customer data to provide requested software functionality, manage users and permissions, generate reports and exports, support accounting, invoicing, payroll, inventory, CRM, procurement, project, HR, and operational workflows, provide support and implementation assistance, maintain security, prevent abuse, back up and restore systems, improve reliability, and comply with contractual, legal, tax, security, and regulatory obligations.
5. Customer instructions
Xfatora processes customer business data based on customer configuration, user actions, account settings, support requests, written agreements, and operational requirements necessary to provide the service. Customers are responsible for ensuring their instructions are lawful and that they have the required rights, notices, and consents to process data in Xfatora.
6. Confidentiality, access, and service providers
Xfatora restricts access to customer data to personnel and service providers who need access for service operation, support, security, billing, administration, or legal compliance. Xfatora may use service providers to support hosting, storage, security, monitoring, analytics, communication, payment processing, support, backup, and operational delivery.
7. Security measures
Xfatora applies reasonable administrative, technical, and organizational measures designed to protect customer data. Measures may include account authentication, role-based permissions, access restrictions, logging and monitoring, backup procedures, security review, encryption where appropriate, incident response procedures, and internal confidentiality controls.
Customers must also maintain their own security practices, including strong passwords, access reviews, user offboarding, device security, internal approvals, and careful handling of exports.
8. Data subject requests
If Xfatora receives a request from an individual about personal information contained in customer business data, Xfatora may direct the requester to the relevant customer unless required otherwise by law. Customers are responsible for responding to requests relating to data they control. Xfatora may provide reasonable assistance where technically and commercially feasible.
9. Data deletion, return, and backups
Customers may request deletion or export of customer business data according to available product features, support procedures, and written agreements. After account termination, customer data may be deleted, archived, or retained for a limited period according to backup, legal, tax, accounting, fraud prevention, dispute, and business continuity needs. Customer data may remain in backups for a limited period after deletion from active systems.
10. Incidents, audits, international processing, and contact
If Xfatora becomes aware of a security incident affecting customer data, Xfatora will review the incident and take reasonable steps to contain, investigate, and notify affected customers where required by law or agreement.
Customers may request reasonable information about Xfatora data processing practices by contacting support@xfatora.com. Requests must be proportionate and should not compromise the security, confidentiality, or rights of other customers or systems.
Customer data may be processed or stored in countries other than the customer country. Where required, Xfatora uses appropriate safeguards for such processing.
For data processing questions, contact Xfatora at support@xfatora.com. Website: xfatora.com.