Your Privacy, Our Responsibility
We believe transparency is a form of respect. This policy explains exactly what data we collect, why we collect it, and how we protect it — in plain English.
Last updated: June 2026 · Applies to XSpace Technologies Ltd. and all associated services
What We Collect
We collect only what is necessary to provide a great learning experience. We do not sell your data, ever.
Account Information
- Name and email address (provided when you register)
- Profile photo and biography (optional, set by you)
- Role — student, instructor, or mentor
Usage Data
- Courses enrolled, lessons completed, quiz scores
- Video watch position and playback progress
- Notes, discussion posts, and assignment submissions
Technical Data
- IP address, browser type, and operating system
- Device identifiers and referral URLs
- Page views and feature interactions via analytics
Payment Data
- Billing name and address for invoicing
- Card details are handled entirely by Stripe — XSpace never stores card numbers
How We Use It
We use your data for one purpose: to make XSpace better for you. Specifically:
- Provide and personalise your learning experience — tracking progress, resuming videos, saving notes
- Generate AI-powered course recommendations and learning paths based on your profile and history
- Process payments and issue certificates of completion
- Send you course updates, assignment feedback, and relevant announcements (you can opt out of marketing emails at any time)
- Improve platform performance, fix bugs, and develop new features
- Comply with legal obligations and enforce our Terms of Use
We do not use your data for advertising, sell it to third parties, or share it with anyone outside our essential service providers.
Security
We take security seriously. Your data is protected by multiple layers:
TLS encryption
All data in transit is encrypted with TLS 1.3
Encryption at rest
Database storage is AES-256 encrypted via Supabase
Zero password storage
Authentication is handled by Clerk — we never see your password
Access controls
Role-based access: only you and authorised staff can access your data
Secure payments
Card data is tokenised by Stripe and never touches our servers
Regular audits
We audit our infrastructure and dependencies for vulnerabilities
If you believe you have found a security vulnerability, please contact us immediately at security@xspace.dev.
Your Rights
You have full control over your data. Under GDPR and applicable privacy law, you have the right to:
Access
Request a copy of all personal data we hold about you.
Correction
Ask us to correct inaccurate or incomplete information.
Deletion
Request deletion of your account and associated data.
Portability
Receive your data in a structured, machine-readable format.
Opt-out
Unsubscribe from marketing emails at any time via any email footer.
To exercise any of these rights, contact us at privacy@xspace.dev. We will respond within 30 days.
Children's Privacy
Policy Changes
We may update this policy from time to time. When we make significant changes, we will notify you via email and display a notice on the platform at least 14 days before the changes take effect. The "Last updated" date at the top of this page always reflects the most recent revision.
Continued use of XSpace after the effective date constitutes acceptance of the updated policy.
Contact Us
Questions about this policy or how we handle your data? We are always happy to help. Reach our Data Protection team directly:
XSpace Technologies Ltd. · Lagos, Nigeria · Registered company