XPlace Privacy Policy
Effective Date: December 04, 2025
This Privacy Policy (“Policy”) explains how Pontech Group L.L.C-FZ (“XPlace”, “we”, “our”, or “us”), the owner and operator of XPlace (available at x.place), collects, uses, stores, and protects your information when you access or use the XPlace mobile application, website, and related services (collectively, the “Platform” or “XPlace”).
By using XPlace, you agree to the terms of this Policy. If you do not agree, please discontinue use immediately.
1. Information We Collect
We collect only the information necessary to operate and improve XPlace in compliance with applicable law.
1.1 Personal Information
When you create or access an account, we may collect:
Email address
Username or display name
Connected wallet address
Authentication data from third-party sign-in providers (e.g., Google, Apple, Twitter)
Membership or XP tier data linked to your account
Note: XPlace is fully non-custodial — we do not request, store, or have access to your private keys, seed phrases, or wallet balances beyond on-chain public data.
1.2 Usage and Technical Data
We may collect limited analytics and technical information, including:
Device type, operating system, and app version
IP address (truncated or anonymized where required)
Session activity, interactions, crash logs, and performance data
Aggregated analytics via Firebase or equivalent analytics services
This data helps us monitor performance, detect errors, and improve user experience.
1.3 Communication Data
If you contact us (e.g., support requests or feedback), we may retain communications to respond and maintain service quality.
2. How We Use Your Information
We process personal data only for legitimate and lawful purposes, including:
Account authentication and management
Providing core platform functionality (e.g., wallet-based swaps, transactions, or XP systems)
Improving security, stability, and user experience
Detecting and preventing fraud, abuse, or technical issues
Complying with legal or regulatory obligations (e.g., AML/CFT verification if applicable)
Aggregating anonymized statistics for analytics and performance insights
We do not use your personal data for targeted advertising or automated decision-making.
3. Lawful Basis for Processing
We process data under the following lawful bases (as defined under UAE PDPL and similar frameworks):
Performance of a contract: To deliver the XPlace services you request.
Legitimate interests: To improve, secure, and maintain the Platform.
Legal obligations: To comply with AML, sanctions, and record-keeping requirements.
Consent: When explicitly granted (e.g., marketing emails or analytics tracking where required).
You may withdraw consent at any time by contacting us at [email protected], though this may limit your use of certain features.
4. Opt-In to Email Communications
By creating an account in the XPlace mobile application, the user may voluntarily provide their email address during registration or within their profile settings. By providing an email address and confirming it, the user agrees (opt-in) to receive transactional and service-related email notifications, including but not limited to:
account verification emails;
security alerts and important product updates;
notifications related to financial transactions, card operations, and account activity;
support communications and responses to user-initiated requests.
We do not send marketing or promotional emails without obtaining explicit user consent where required by applicable laws.
Opt-Out / Revoking Consent
Users may revoke their consent to receiving emails at any time by:
Clicking the “unsubscribe” link included in the footer of any non-transactional email;
Updating their notification preferences in the application settings;
Contacting us directly at [email protected] with a request to stop receiving email communications.
Please note that certain critical service emails (e.g., security alerts, fraud notifications, transactional confirmations) may still be sent as they are required for the operation and security of the service.
Purpose of Email Communication
Email notifications are used solely to support the user experience within XPlace, including:
operating and maintaining the user’s account;
communicating mandatory legal or regulatory information;
delivering important product or security updates;
enabling customer support communication.
XPlace does not share or sell user email addresses to third parties for marketing purposes.
5. Data Sharing and Third-Party Services
5.1 We do not sell, trade, or rent your personal data. 5.2 We may share anonymized or aggregated data with trusted service providers that support our operations, such as:
Firebase (Google LLC) – analytics, crash reporting
Cloud hosting providers – secure infrastructure and backups
Authentication partners – to enable third-party sign-in
Regulated financial or compliance partners – if required for KYC/AML under applicable law
All such partners act under data-processing agreements and must protect your information in accordance with applicable privacy standards.
5.3 We may disclose limited data to authorities if required by law, regulation, or court order.
6. Data Storage, Security, and Retention
6.1 We use industry-standard encryption and security measures to safeguard data against unauthorized access, alteration, or loss. 6.2 Despite our efforts, you acknowledge that no internet or blockchain transmission is completely secure and we cannot guarantee absolute security. 6.3 We retain data only as long as necessary to fulfill the purposes described above or as required by law. After that, it will be anonymized or deleted. 6.4 All personal data is primarily stored on servers located in jurisdictions that provide adequate protection under UAE and international data-protection laws.
7. International Data Transfers
If data is transferred or processed outside the United Arab Emirates (for example, by third-party service providers such as Firebase or AWS), we ensure that:
The recipient country provides an adequate level of data protection; or
Appropriate safeguards (e.g., standard contractual clauses) are in place.
8. Your Rights
Subject to applicable law, you may exercise the following rights:
Access: Request a copy of personal data we hold about you.
Correction: Request updates or corrections to inaccurate data.
Deletion: Request deletion (“right to be forgotten”) of your data.
Objection / Restriction: Object to processing or request limited use in certain cases.
Portability: Request transfer of your personal data to another service.
Requests can be made by contacting [email protected] We may verify your identity before processing such requests.
9. Children’s Privacy
XPlace is not intended for individuals under 18 years of age. We do not knowingly collect or process data from minors. If we become aware that data from a minor has been collected, it will be deleted immediately.
10. Data Breach Notification
In the unlikely event of a data breach that poses a high risk to your rights or freedoms, we will:
Notify affected users promptly in accordance with UAE PDPL requirements; and
Report the incident to the competent UAE Data Office or applicable regulator.
11. Links and Third-Party Content
XPlace may contain links to third-party websites or services. XPlace is not responsible for the privacy practices, security, or content of those external sites. We encourage you to review their privacy policies before sharing information.
12. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in law, technology, or business operations. The updated version will be published on x.place with a revised “Effective Date.” Your continued use of XPlace after such changes constitutes acceptance of the updated Policy.
13. Contact Information
For questions, data-protection inquiries, or to exercise your rights, please contact: [email protected] Pontech Group L.L.C-FZ Meydan Grandstand, 6th Floor Meydan Road, Nad Al Sheba, Dubai, United Arab Emirates
Last updated