This website is operated by the founding team behind the Xinora project (“we”, “our”, or “us”). We are currently in a pre-launch, pre-incorporation phase, during which we provide early access to features and collect limited personal data from users who choose to join our waiting list. This Privacy Policy explains how we handle personal data on our website www.xinora.io (the “Site”), in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”). A formal legal entity will be incorporated prior to launch, at which point this policy will be updated accordingly.
Data Controllers
Until incorporation, the data controllers under the GDPR are the three individual cofounders of Xinora:
Davide De Caterina
Emanuele Navas
Luca Garbi
For all privacy-related inquiries, please contact by email: d.decaterina@xinora.io
Personal Data We Handle
We may handle the following types of personal data through our Site:
Community submissions: Full name and email address, submitted voluntarily by users wishing to receive updates.
Demo usage: When a user submits a public LinkedIn profile URL into our demo tool, the system temporarily processes publicly available data from that profile (such as job title, summary, and experience) in real time to generate a personality profile preview.
Marketing preferences: Whether the user has opted in to receive promotional emails from us.
Chrome Extension: When using our browser extension, the following data is handled:
Authentication data: Email address and password (or Google OAuth tokens) entered by the user to sign in to their Xinora account within the extension. These credentials are transmitted securely to our authentication service (Supabase) and are not stored in plaintext by the extension.
Authentication session tokens: Access and refresh tokens are stored locally in the browser's chrome.storage.local to maintain the user's session across browser restarts.
LinkedIn profile content: When a user visits a LinkedIn profile page, the extension reads publicly visible information from that page, including: name, headline, summary, profile photo URL, location, work experience, education, languages, certifications, volunteer work, skills, recent posts, and connection information. This data is sent to the Xinora backend for personality analysis and is not sold or shared with third parties.
UI preferences: The position of the floating action button and theme preference (light/dark) are stored locally in chrome.storage.local on the user's device.
We do not collect, store, log, or retain any data extracted via the demo. All such data is processed in-memory and discarded immediately after the session.
Purposes and Legal Basis for Processing
Purpose and Legal Basis:
To manage waiting list registrations and send ongoing updates about the Xinora product: Consent (Article 6(1)(a) GDPR)
To send marketing communications, including promotions and special offers: Consent (Article 6(1)(a) GDPR)
To demonstrate product functionality via the LinkedIn demo tool: Legitimate interest in product development and user education (Article 6(1)(f) GDPR)
3.1 Waiting List Communications
Users who voluntarily join the waiting list may receive ongoing communications about the Xinora product, including launch announcements, feature updates, or invitations to test new functionality. These emails are intended to keep users informed and engaged. Every message includes an unsubscribe link. We do not share email addresses with third parties.
3.2 Marketing Communications
Users who opt in may receive marketing emails from Xinora, including special offers, product promotions, or partner announcements. This type of communication is optional and separate from general product updates. Every marketing message includes a clear unsubscribe link, and users can withdraw consent at any time.
3.3 Demo Feature
When a user pastes a LinkedIn URL, the tool retrieves only publicly accessible information, processes it on the fly, and displays an estimated personality profile. This feature exists solely to illustrate the capabilities of our software. No personal data from third-party LinkedIn profiles is stored, retained, reused, or shared.
3.4 Chrome Extension
The Xinora browser extension processes data for the following purposes:
User authentication: To verify the user's identity and maintain a logged-in session within the extension. Legal basis: performance of a contract / legitimate interest in providing the service (Article 6(1)(b) GDPR).
Personality analysis: Publicly visible LinkedIn profile data is sent to the Xinora backend to generate DISC and OCEAN personality insights for the user. Legal basis: legitimate interest in providing the core product functionality (Article 6(1)(f) GDPR), as the user actively initiates the analysis by navigating to a LinkedIn profile while the extension is installed and they are signed in.
Local preferences: UI settings are stored on-device only and are not transmitted to any server. Legal basis: legitimate interest (Article 6(1)(f) GDPR).
Data Sharing
We do not sell, rent, or trade personal data. If we work with trusted service providers to operate the Site (e.g., email list management), they will only access data under strict data protection agreements and solely for the purposes specified.
Data collected by the Chrome extension is transmitted only to Xinora's own backend infrastructure (hosted on Vercel and Supabase) for processing. No extension data is shared with, sold to, or made accessible to third parties. The extension does not transmit any data to LinkedIn or any other external service beyond the Xinora backend.
We may disclose information if required by law or legal process.
Data Retention
Community list data (name and email) is retained only as long as necessary to send product updates or until a deletion request is received.
Data processed via the demo feature is not retained at all — it is handled temporarily in the browser session and immediately discarded.
Chrome extension data: Authentication session tokens stored in chrome.storage.local persist until the user signs out or clears browser data. LinkedIn profile data sent to the Xinora backend for analysis is retained as part of the user's account data and is subject to the same retention policies as other account data. UI preferences stored locally on the device are retained indefinitely until the extension is uninstalled or the user clears browser storage.
Your Rights Under GDPR
You have the following rights regarding your personal data:
Right to erasure;
Right to data portability;
Right to rectification;
Right to restriction of processing;
Right to object to processing;
Right to lodge a complaint with a supervisory authority.
Right to access;
To exercise any of these rights, contact us at d.decaterina@xinora.io .
Security Measures
We implement reasonable technical and organizational safeguards to protect personal data submitted through the Site. Please note, however, that no internet transmission is ever 100% secure.
The Chrome extension stores authentication tokens in chrome.storage.local, which is sandboxed to the extension and inaccessible to websites or other extensions. All communication between the extension and the Xinora backend is encrypted via HTTPS.
Cookies
Our website uses cookies and similar tracking technologies to ensure the proper functioning of the Site and to collect anonymous statistical information about how visitors use our services.
Cookies are small text files that are stored on your device when you visit a website. They help us recognize your browser, remember your preferences, and improve the overall user experience.
Types of cookies we use
We use the following categories of cookies:
a) Strictly necessary cookies
These cookies are essential for the operation of the Site and cannot be disabled. They enable core functionalities such as page navigation and access to secure areas of the website.
b) Analytics cookies
With your consent, we use Google Analytics to collect aggregated and anonymous information about how visitors interact with our Site (for example, pages visited, time spent on pages, device type, and approximate location).
This information is used solely to analyze and improve the performance, usability, and content of our website. We do not use this data to identify individual users.
We do not use cookies for advertising, remarketing, behavioral profiling, or the creation of marketing profiles.
Consent management
When you first visit our Site, you are presented with a cookie banner that allows you to:
Accept all cookies
Reject non-essential cookies
Customize your cookie preferences
Analytics cookies are only set after you have given your explicit consent. You may change or withdraw your consent at any time through the cookie settings available on our website.
Third-party cookies
Some cookies may be set by third-party services that appear on our pages, such as Google Analytics. These third parties may process data in accordance with their own privacy policies.
For more information, you can consult Google’s Privacy Policy at: https://policies.google.com/privacy
How to manage cookies
You can also manage or delete cookies through your browser settings at any time. Most browsers allow you to:
View which cookies are stored
Delete existing cookies
Block all or specific cookies
Please note that disabling certain cookies may affect the functionality and performance of the Site.
Changes to this section
We may update this Cookies section from time to time to reflect changes in the cookies we use or in applicable laws. Any changes will be published on this page and, where required, notified through the cookie banner.
Changes to This Privacy Policy
We reserve the right to update this Privacy Policy at any time. Any changes will be posted here with an updated effective date. Once Xinora is formally incorporated, this document will be revised to reflect the new legal entity and controller information.
Contact
For any questions about this Privacy Policy or your personal data, please contact:
The Xinora Founding Team
Email: d.decaterina@xinora.io