Privacy Policy

1. Introduction

XOCHECK ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services at XOCHECK.com.

We comply with all applicable privacy laws including CCPA (California Consumer Privacy Act) and prepare for GDPR compliance for international expansion.

2. Information We Collect

2.1 Information You Provide

Venue Owners:

• Business information: Legal name, DBA, business address, phone, website
• Account information: Name, email, password
• Verification documents: Business licenses, tax ID
• Payment information: Processed by Stripe/PayPal (we don't store card details)
• Communications: Messages, support tickets, feedback

Staff/Performers:

• Personal information: Name, stage name, date of birth
• Identification: Driver's license number (encrypted), state of issue
• Contact information: Email, phone, address
• Professional information: Work history, categories, skills
• Profile photos and documents (if provided)
• Registration code (XO-XXXXXXXX)

2.2 Information Collected Automatically

• Device information: IP address, browser type, operating system
• Usage data: Pages visited, features used, time spent
• Location data: Approximate location based on IP (for venue search)
• Cookies and similar technologies for session management

2.3 Information from Third Parties

• Background check providers (with consent)
• Payment processors (transaction status only)
• Public business databases for venue verification

3. How We Use Your Information

3.1 Primary Uses

• Provide and maintain our Service
• Process registrations and account management
• Facilitate venue-staff connections and team management
• Process payments and maintain records
• Send administrative communications
• Respond to support requests

3.2 Roll-Call System

For the roll-call feature, we track performer presence at venues to display on the public map. This includes:

• Check-in/check-out times
• Current venue location (for active performers)
• Team membership status

3.3 Security and Compliance

• Verify identities and prevent fraud
• Maintain safety through the reporting system
• Comply with legal obligations
• Enforce our Terms of Service

4. Information Sharing and Disclosure

4.1 We DO NOT:

• Sell your personal information to third parties
• Share sensitive data for marketing purposes
• Display full identification numbers publicly
• Share performer contact information without consent

4.2 We MAY Share Information:

Between Platform Users:

• Venue owners can see basic profiles of staff who accept invitations
• Public venue information is visible on the map
• Active performer status at venues (roll-call)
• Registration codes for verification

With Service Providers:

• Payment processors (Stripe, PayPal)
• Email service providers
• Cloud hosting services (encrypted data)
• Background check providers (with consent)

For Legal Reasons:

• To comply with legal obligations
• To respond to lawful requests and legal process
• To protect rights, property, and safety
• To investigate fraud or security issues

5. Data Security

5.1 Security Measures

We implement industry-standard security measures including:

• Two-Factor Authentication (2FA) for enhanced account security
• AES-256 encryption for sensitive data at rest
• TLS/SSL encryption for data in transit
• Secure password hashing (bcrypt)
• Regular security audits and updates
• Access controls and authentication
• Secure data centers with physical security

5.2 Special Protection for Sensitive Data

Driver's license numbers and other government IDs are encrypted using industry-standard encryption. Only hashed versions are used for searches, and full numbers are never displayed publicly.

6. Data Retention

We retain your information for as long as necessary to:

• Provide our services
• Comply with legal obligations
• Resolve disputes and enforce agreements

6.1 Specific Retention Periods

• Active accounts: Retained while account is active
• Closed accounts: Basic data retained for 3 years for legal compliance
• Payment records: 7 years for tax purposes
• Messages: 3 months unless flagged for review
• Roll-call history: 30 days for active records

7. Your Rights and Choices

7.1 Access and Control

You have the right to:

• Access your personal information
• Correct inaccurate data
• Request deletion of your account
• Download your data (data portability)
• Opt-out of non-essential communications

7.2 California Residents (CCPA)

California residents have additional rights including:

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of sale (we don't sell data)
• Right to non-discrimination

7.3 How to Exercise Your Rights

To exercise any of these rights, contact us at privacy@xocheck.com with your request. We will respond within 30 days.

8. Cookies and Tracking Technologies

8.1 Essential Cookies

Required for the Service to function:

• Session cookies for authentication
• Security cookies to prevent fraud
• Preference cookies for settings

8.2 Analytics Cookies

We use analytics to improve our Service. These can be disabled in your browser settings without affecting core functionality.

8.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling cookies may limit some features of the Service.

9. Children's Privacy

Our Service is not intended for anyone under 18 years of age. We do not knowingly collect personal information from children under 18. If we discover that we have collected information from a child under 18, we will delete it immediately.

Venue owners and staff must be at least 21 years old in certain jurisdictions.

10. International Data Transfers

Our Service is operated in the United States. If you access the Service from outside the U.S., please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located.

11. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

For material changes, we will provide additional notice via email or through the Service.

13. Data Breach Notification

In the event of a data breach that may affect your personal information, we will notify affected users within 72 hours of discovery via email and provide information about steps to protect yourself.

14. Contact Information

For questions about this Privacy Policy or to exercise your privacy rights, contact us at:

For CCPA requests, California residents may also call: (800) 952-5210