This Privacy Policy explains how Xirsys, LLC ("Xirsys," "we," "us," "our") handles Client Personal Data and other information. Capitalized terms not defined here have the meanings in the Terms of Service (/tos). For processing terms and international transfers, see the DPA and SCC Addendum.
2.1 Client Personal Data. Name, email, business details, account credentials, billing info (processed by Stripe), support communications, and account-level Metrics Data (e.g., session counts, bytes transferred).
2.2 Service Traffic (not stored). WebRTC media and related real-time signaling relayed through our STUN/TURN infrastructure are encrypted (DTLS-SRTP) end-to-end between peers. We do not decrypt, inspect, or store communications content.
2.3 Metrics Data (stored). We store aggregated account-level metrics (e.g., counts of sessions, total bytes transferred, availability/error rates, regional capacity use). Metrics Data excludes communications content and is not used to profile End Users.
We use cookies/web storage for authentication, session continuity, preferences, and site analytics. You may control cookies via your browser; some features may not function without them.
Providers act as our sub-processors under contractual confidentiality and security.
We may share Client Personal Data with service providers, professional advisors, acquirers (in a transaction), and authorities where legally required or necessary to protect rights, safety, or security. We do not sell Personal Data.
We use industry-standard safeguards: encryption in transit and at rest for Client Personal Data, access controls, logging/monitoring, least-privilege access, and vulnerability management.
Depending on your jurisdiction (e.g., GDPR/UK GDPR, CPRA), you may have rights to access, correct, delete, or port Client Personal Data, and to object/restrict certain processing. Submit requests to privacy@xirsys.com. End Users should contact the relevant Client.
Xirsys is U.S.-based and operates globally. Transfers of Client Personal Data outside the EEA/UK are protected by the EU 2021 Standard Contractual Clauses and the UK Addendum (see the SCC Addendum).
Services are not directed to children under 13. We do not knowingly collect data from children.
Custodian of Records – Privacy
Xirsys, LLC
25350 Magic Mountain Parkway, Suite 300, Santa Clarita, CA 91355
privacy@xirsys.com
We may update this Policy; material changes will be posted with 30 days’ advance notice. Continued use after the effective date signifies acceptance.
Last Updated: September 16, 2025