Privacy Policy
Last Updated: July 12, 2026
XNET Privacy Policy
XNET, Inc.
Effective Date: July 12, 2026 | Last Updated: July 12, 2026
1. Introduction
XNET, Inc. ("XNET," "we," "us," or "our") operates a carrier-grade neutral-host wireless network and provides related websites, mobile applications, application programming interfaces, operator tools, and customer portals. XNET respects the privacy of the individuals and organizations that use our products and services, and we are committed to protecting the personal information entrusted to us.
This Privacy Policy describes how XNET collects, uses, stores, shares, and protects personal information, the choices available to you regarding that information, and the rights you may have under applicable data protection laws. Please read this Privacy Policy carefully. By accessing or using the Services (as defined below), you acknowledge that you have read and understood this Privacy Policy.
If you do not agree with the practices described in this Privacy Policy, please do not use the Services. If you have questions at any time, you may contact us using the information provided in Section 23 (Contact Information).
2. Scope of this Privacy Policy
This Privacy Policy applies to all products and services owned or operated by XNET, including without limitation: (a) the XNET website located at xnetmobile.com and any subdomains; (b) the XNET mobile applications for Android and iOS (the "Apps"); (c) XNET application programming interfaces ("APIs"); (d) operator tools, dashboards, and customer portals; and (e) all related products, services, features, and communications (collectively, the "Services").
This Privacy Policy applies regardless of the device or means you use to access the Services. It does not apply to third-party websites, applications, or services that may be linked from or interoperate with the Services; the privacy practices of those third parties are governed by their own privacy policies, and we encourage you to review them.
Where XNET processes personal information on behalf of an enterprise customer under a separate written agreement, the terms of that agreement govern to the extent of any conflict with this Privacy Policy, as further described in Section 11 (APIs and Enterprise Customers).
3. Definitions
For purposes of this Privacy Policy:
"Personal Information" means any information that identifies, relates to, describes, or is reasonably capable of being associated with or linked to an identified or identifiable natural person. Personal Information does not include information that has been de-identified, aggregated, or anonymized such that it can no longer reasonably be linked to an individual.
"Processing" means any operation performed on Personal Information, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, combination, restriction, erasure, or destruction.
"Services" has the meaning given in Section 2 (Scope of this Privacy Policy).
"Apps" means the XNET mobile applications for Android and iOS, distributed through the Google Play Store and Apple App Store respectively.
"Operator" means an individual or entity authorized by XNET to deploy, maintain, or manage wireless network infrastructure using the Services.
"Enterprise Customer" means a business, partner, or organization that has entered into a written agreement with XNET for access to the Services, including via APIs.
"Data Controller" means the entity that determines the purposes and means of Processing Personal Information.
"Data Processor" means an entity that Processes Personal Information on behalf of a Data Controller.
4. Information We Collect
We collect Personal Information in the categories described below. The specific information collected depends on how you interact with the Services.
4.1 Information You Provide
When you register for an account, request access to the Services, communicate with us, or otherwise provide information directly, we may collect:
- Identity and contact information, such as your name, email address, telephone number, company or organization, and role or title.
- Account registration and profile information.
- Payment and remittance details necessary to process payments to Operators and partners, which are handled through third-party payment processors. XNET does not store full payment card numbers or bank account credentials on its own systems.
- Support requests and communications, including messages, attachments, and related correspondence you send to us.
- Documents you upload to the Services, such as installation records, photographs, permits, and compliance documentation.
- Venue records, including venue names, addresses, site contacts, and deployment details entered into the Services.
- Any other information you voluntarily submit through the Services.
4.2 Automatically Collected Information
When you use the Services, certain information is collected automatically, including:
- Browser type and version, and operating system and version.
- IP address and general network information.
- Device identifiers, device model, and application version.
- Timestamps, access times, pages viewed, features used, and the page or application state that referred you.
- Usage logs describing how you interact with the Services, including session duration and interaction events.
- Crash reports and diagnostic and performance data used to maintain and improve the reliability of the Services.
4.3 Device Information
We collect information about the devices used to access the Services, which may include device type and model, operating system and version, application version, browser type, unique device identifiers, mobile network information, and language and regional settings.
4.4 Authentication Information
We collect and process credentials and authentication tokens necessary to verify your identity and authorize your access to the Services. Authentication tokens issued to the Apps are stored using platform-provided encrypted storage mechanisms (such as Android Keystore and iOS Keychain), are transmitted exclusively over encrypted HTTPS connections, and are invalidated and removed from the device upon sign-out. Passwords are stored only in salted, hashed form and are never stored in plaintext.
4.5 Operational Data and Network Logs
Operators, partners, and Enterprise Customers may enter operational records into the Services, including deployment records, venue and site information, network configuration data, installation records, and performance metrics. Operational data may include Personal Information where it identifies an individual (for example, the name of the Operator who performed an installation).
As a network operator, XNET automatically collects certain operational and network logs generated by the operation of its wireless network infrastructure. These logs are collected and retained in order to: (a) maintain the integrity, availability, and performance of the network; (b) detect, prevent, and investigate abuse, fraud, and unauthorized use; (c) troubleshoot connectivity and service issues; (d) comply with legal and regulatory obligations applicable to wireless network operators, including FCC recordkeeping requirements; and (e) protect our customers, partners, and infrastructure. Network logs are accessed on a need-to-know basis, are protected by the security measures described in Section 14, and are retained in accordance with Section 13 (Data Retention).
4.6 Information from Third Parties
We may receive information about you from third parties, including:
- Enterprise Customers and partner organizations that provision or administer your access to the Services, such as your name, work contact information, and role.
- Identity providers that facilitate secure sign-in, such as authentication assertions and associated account identifiers.
- Google Maps Platform, in connection with map, geocoding, and address autocomplete features, such as place and address data associated with your queries.
We handle information received from third parties in accordance with this Privacy Policy.
4.7 Location Information
With your permission, we collect approximate and, where authorized, precise location information from your device. Location information is used for map display, venue and address identification, address autocomplete, deployment and site verification, and - where introduced in the future - location-verification features designed to confirm the physical presence of network infrastructure or authorized personnel at a deployment site. Any future location-verification features will operate under the permissions you have granted through your device settings and will be described in this Privacy Policy or in an updated version of it before deployment.
Location information is never used for advertising purposes. Background location is not collected unless and until expressly disclosed in a future update to this Privacy Policy and permitted by your device settings. You may disable location access at any time through your device settings; doing so may limit the functionality of location-dependent features.
4.8 Mobile Application Permissions
The Apps may request the following device permissions, each of which you may grant or revoke through your device settings:
- Location (approximate and precise): used for map, venue, address, and location-verification features as described in Section 4.7.
- Camera: used solely for scanning QR codes and barcodes and for capturing images or content you intentionally choose to capture. Images are not uploaded to XNET unless you affirmatively choose to upload them.
- Network and connectivity state: used to manage connections to network infrastructure and to adapt application behavior to network conditions.
- Notifications: used, with your consent, to deliver service-related alerts and updates.
The Apps do not request access to your contacts, call logs, text messages, or photo library beyond content you explicitly select or capture.
4.9 Cookies and Similar Technologies
Our website may use cookies, pixels, local storage, and similar technologies for essential site functionality, session management, security, preference retention, and analytics. Analytics technologies help us understand how visitors use the website so that we can improve it.
The Apps do not use browser cookies and do not contain third-party advertising SDKs or advertising cookies. XNET does not use Google AdSense or any comparable third-party advertising network anywhere in the Services.
Most web browsers allow you to control cookies through their settings, including blocking or deleting cookies. Disabling essential cookies may impair the functionality of the website.
5. Mobile Applications
In addition to the website, XNET provides Android and iOS applications for authorized Operators, partners, and employees. This section supplements the other sections of this Privacy Policy with disclosures specific to the Apps.
Who the Apps Are For
The Apps require XNET-issued credentials and are intended for authorized Operators, partners, and employees of XNET. The Apps are not intended for, or directed to, the general public.
App Store Distribution
The Apps are distributed through the Apple App Store and the Google Play Store and are subject to the terms, policies, and data disclosure frameworks of those platforms, including Apple's App Privacy details and Google Play's Data Safety section. The disclosures made in those platform frameworks are intended to be consistent with this Privacy Policy. Apple Inc. and Google LLC are not parties to this Privacy Policy and are not responsible for the Services.
Advertising
The Apps contain no third-party advertising SDKs, no advertising identifiers used for advertising purposes, and no advertising cookies. XNET does not sell or rent Personal Information and does not share Personal Information with advertisers for cross-context behavioral advertising.
Authentication
Authentication tokens are stored in encrypted device storage, transmitted only over HTTPS, and removed upon sign-out, as described in Section 4.4.
Third-Party Services in the Apps
The Apps use Google Maps Platform for map rendering and address autocomplete, as described in Section 10 (Google Maps Platform).
6. How We Use Information
We use Personal Information for the following purposes:
- To provide, operate, and maintain the Services, including account creation, authentication, and access management.
- To verify deployments, manage network infrastructure, and support Operator and partner activities.
- To process payments and remittances to Operators and partners.
- To secure the Services, including detecting, preventing, and investigating fraud, abuse, unauthorized access, and security incidents.
- To monitor, analyze, and improve the performance, reliability, and functionality of the Services and to develop new products and features.
- To communicate with you regarding the Services, including service announcements, technical notices, security alerts, and support responses.
- To comply with applicable laws, regulations, legal processes, and governmental requests, including recordkeeping obligations applicable to wireless network operations.
- To enforce our agreements, terms, and policies and to protect the rights, property, and safety of XNET, our users, and others.
We do not use Personal Information for third-party advertising. XNET does not sell or rent Personal Information and does not share Personal Information with advertisers for cross-context behavioral advertising.
7. Legal Bases for Processing (GDPR)
Where the General Data Protection Regulation (EU) 2016/679 or the UK GDPR applies to our Processing of your Personal Information, we rely on the following legal bases:
- Performance of a contract (Article 6(1)(b)): Processing necessary to provide the Services to you or your organization, including account management, authentication, and payment processing.
- Legitimate interests (Article 6(1)(f)): Processing necessary for our legitimate interests, including securing the Services, preventing fraud, improving our products, and administering our business relationships, where those interests are not overridden by your rights and freedoms.
- Legal obligation (Article 6(1)(c)): Processing necessary to comply with applicable legal and regulatory obligations, including telecommunications recordkeeping and lawful requests from authorities.
- Consent (Article 6(1)(a)): Where we rely on your consent - for example, for precise location access or optional notifications - you may withdraw that consent at any time without affecting the lawfulness of Processing carried out before withdrawal.
8. Sharing of Information
XNET does not sell or rent Personal Information and does not share Personal Information with advertisers for cross-context behavioral advertising, nor do we share Personal Information with third parties for their own marketing purposes. We share Personal Information only in the following circumstances:
- Service providers: With vendors and contractors that perform services on our behalf, as described in Section 9 (Third-Party Service Providers), under contracts that restrict their use of Personal Information to the services they provide to us.
- Enterprise Customers and Operators: Where you use the Services in connection with an organization, that organization may have access to information associated with your account and your activity within its environment.
- Legal compliance: With courts, regulators, law enforcement, or other governmental authorities where we believe in good faith that disclosure is required by law, regulation, legal process, or enforceable governmental request, or is necessary to protect the rights, property, or safety of XNET, our users, or the public.
- Business transfers: In connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, as described in Section 21 (Business Transfers).
- With your direction or consent: Where you direct us to share information or otherwise consent to the sharing.
9. Third-Party Service Providers
We engage third-party service providers to support the operation of the Services. Categories of service providers include:
- Cloud infrastructure and hosting providers that store and process data on our behalf.
- Identity and authentication providers that support secure sign-in.
- Mapping and geolocation providers, including Google Maps Platform (see Section 10).
- Payment processors that handle payments and remittances to Operators and partners.
- Analytics providers that help us understand usage of the Services.
- Communications providers that deliver email and notification services.
- Professional advisors, including auditors, accountants, and legal counsel, where reasonably necessary.
Service providers are contractually obligated to safeguard Personal Information, to Process it only on our instructions and for the purposes for which it was disclosed, and to maintain confidentiality and security measures consistent with this Privacy Policy and applicable law.
10. Google Maps Platform
The Services, including the Apps, use Google Maps Platform services for map rendering, geocoding, and address autocomplete. When you use map-based features, certain information - such as your device location (where permitted) and search queries entered into address fields - is transmitted to Google LLC and processed in accordance with the Google Privacy Policy (available at policies.google.com/privacy) and the Google Maps Platform Terms of Service. By using map-based features of the Services, you acknowledge that Google's processing of that information is governed by Google's own terms and policies.
11. APIs and Enterprise Customers
XNET provides APIs and enterprise-grade tools to Enterprise Customers under written agreements. Where XNET Processes Personal Information on behalf of an Enterprise Customer in connection with those agreements, XNET acts as a Data Processor, and the Enterprise Customer acts as the Data Controller responsible for the lawfulness of the Processing, for providing notices to its own personnel and end users, and for responding to rights requests relating to data it controls.
In those circumstances, the applicable enterprise agreement - including any data processing addendum - governs our handling of that data, and this Privacy Policy applies only to the extent it does not conflict with that agreement. Enterprise Customers are responsible for ensuring that their use of the APIs and the Services complies with applicable law, including obtaining any consents required from their own users.
API access is authenticated, logged, and monitored. API credentials must be safeguarded by the Enterprise Customer, and XNET may suspend credentials that it reasonably believes have been compromised.
12. International Data Transfers
XNET is headquartered in the United States, and the Services are operated from the United States. Personal Information collected through the Services may be transferred to, stored in, and processed in the United States and other countries where XNET or its service providers operate. These countries may have data protection laws that differ from those of your jurisdiction.
13. Data Retention
We retain Personal Information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Retention periods are determined based on the following criteria:
- Account information: retained for the duration of your account and for a reasonable period thereafter as needed to resolve disputes, enforce agreements, and satisfy legal obligations.
- Wireless network operational records: records related to the operation of wireless networks are retained for a minimum of one (1) year in accordance with FCC recordkeeping requirements applicable to wireless service providers, and longer where required by other legal, regulatory, or contractual obligations.
- Authentication and security logs: retained for the period necessary to detect, investigate, and remediate security incidents and to satisfy audit requirements.
- Payment and transaction records: retained as required by tax, accounting, and financial regulations.
- Support communications: retained for as long as needed to resolve the matter and to maintain a record of the interaction.
When Personal Information is no longer needed for these purposes, we delete it, de-identify it, or securely destroy it in accordance with our data retention schedules. Where deletion is not immediately practicable - for example, data stored in encrypted backups - we securely isolate the information from further Processing until deletion is possible.
14. Security Measures
XNET maintains an information security program that includes administrative, technical, and physical safeguards designed to protect Personal Information against unauthorized access, disclosure, alteration, and destruction. These safeguards include:
- Encryption in transit: all communications between clients and XNET systems are encrypted using TLS (HTTPS).
- Encryption at rest: Personal Information stored in our production systems is encrypted at rest.
- Access controls: role-based access controls, the principle of least privilege, and multi-factor authentication for administrative access to production systems.
- Credential protection: passwords stored only in salted, hashed form; authentication tokens stored in platform-encrypted device storage and invalidated on sign-out.
- Network security: firewalls, network segmentation, and continuous monitoring of production environments.
- Logging and monitoring: security event logging, alerting, and review processes to detect anomalous activity.
- Vendor management: security and confidentiality obligations imposed on service providers with access to Personal Information.
- Personnel measures: confidentiality obligations and security awareness practices for personnel with access to Personal Information.
- Incident response: documented procedures for identifying, containing, investigating, and remediating security incidents, including notification to affected individuals and regulators where required by law.
No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your credentials and for notifying us promptly of any suspected unauthorized access to your account.
15. User Rights
Subject to applicable law, you may have the following rights with respect to your Personal Information:
- Access: to request confirmation of whether we Process your Personal Information and to obtain a copy of it.
- Correction: to request correction of inaccurate or incomplete Personal Information.
- Deletion: to request deletion of your Personal Information, subject to legal retention obligations.
- Restriction: to request that we restrict the Processing of your Personal Information in certain circumstances.
- Portability: to receive your Personal Information in a structured, commonly used, machine-readable format.
- Objection: to object to Processing based on legitimate interests in certain circumstances.
- Withdrawal of consent: to withdraw consent where Processing is based on consent.
Residents of jurisdictions with applicable data privacy laws may have additional rights under those laws, including the rights described in Sections 16 and 17. To exercise any of these rights, contact us using the information in Section 23. We will verify your identity before acting on a request and will respond within the timeframes required by applicable law. We will not discriminate against you for exercising your privacy rights.
16. California Privacy Rights (CPRA)
This section applies to California residents and supplements the rest of this Privacy Policy, pursuant to the California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively, the "CCPA/CPRA").
Categories of Personal Information
In the preceding twelve (12) months, we have collected the following categories of Personal Information as described in Section 4: identifiers (such as name, email address, and IP address); professional or employment-related information (such as company and role); commercial information (such as records of transactions and payments); internet or other electronic network activity information (such as log and usage data); geolocation data (where permitted by you); and audio, electronic, visual, or similar information you choose to submit (such as images you capture and upload).
No Sale or Sharing
XNET does not sell or rent Personal Information and does not share Personal Information for cross-context behavioral advertising, as those terms are defined under the CCPA/CPRA, and has not done so in the preceding twelve (12) months. XNET has no actual knowledge that it sells or shares the Personal Information of consumers under sixteen (16) years of age.
Sensitive Personal Information
To the extent we collect precise geolocation or account log-in credentials, which may constitute sensitive Personal Information under the CCPA/CPRA, we use such information only for the purposes of providing the Services, securing the Services, and other purposes permitted by the CCPA/CPRA without a right to limit.
Your California Rights
California residents have the right to know the categories and specific pieces of Personal Information we have collected, the categories of sources, the business purposes for collection, and the categories of third parties to whom Personal Information is disclosed; the right to request deletion; the right to request correction; and the right not to receive discriminatory treatment for exercising these rights. You may exercise these rights by contacting us as described in Section 23. You may designate an authorized agent to submit requests on your behalf; we will require verification of the agent's authority.
17. European Privacy Rights (GDPR)
This section applies to individuals and companies operating in the European Economic Area, the United Kingdom, and Switzerland to the extent the GDPR or equivalent legislation applies to our Processing of their Personal Information.
For Personal Information collected through the Services where XNET determines the purposes and means of Processing, XNET, Inc., 200 Spectrum Center Drive, Irvine, CA 92618, USA, is the Data Controller. Where XNET Processes Personal Information on behalf of an Enterprise Customer, that customer is the Data Controller and XNET acts as a Data Processor, as described in Section 11.
18. Do Not Track Signals
Some browsers transmit "Do Not Track" (DNT) signals. No uniform industry standard for responding to DNT signals has been adopted, and our website does not currently respond to DNT signals. Because the Services do not engage in third-party advertising or cross-context behavioral advertising, browsing activity on the Services is not tracked across third-party websites for advertising purposes regardless of your DNT setting. We will revisit this practice if a recognized standard is established.
19. Children's Privacy
The Services are intended only for individuals who are at least eighteen (18) years of age. XNET does not knowingly collect Personal Information from anyone under eighteen (18). If we learn that we have collected Personal Information from an individual under eighteen (18), we will delete that information promptly. If you believe that an individual under eighteen (18) has provided Personal Information to us, please contact us using the information in Section 23.
20. Account Deletion
You may request deletion of your account and associated Personal Information at any time by: (a) using the in-app account deletion feature, where available; or (b) emailing support@xnetmobile.com with the subject line "Account Deletion."
Upon receipt of a verified deletion request, we will delete or de-identify your Personal Information, except where retention is required or permitted by law - including the FCC recordkeeping requirements described in Section 13, tax and accounting obligations, and records reasonably necessary to resolve disputes, enforce agreements, or maintain the security of the Services. We will inform you if any category of information must be retained and the basis for that retention.
21. Business Transfers
If XNET is involved in a merger, acquisition, financing, due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of the Services to another provider, Personal Information may be disclosed or transferred as part of that transaction, subject to standard confidentiality protections. We will require any successor entity to honor the commitments made in this Privacy Policy or to provide notice and any legally required choices before Personal Information becomes subject to a materially different privacy policy.
22. Changes to this Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the Services, or applicable law. When we make changes, we will revise the "Last Updated" date at the top of this Privacy Policy. If we make material changes, we will provide notice through the Services, by email, or on our website prior to the changes taking effect, and where required by law we will obtain your consent. Your continued use of the Services after the effective date of an updated Privacy Policy constitutes your acknowledgment of the updated policy.
23. Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:
XNET, Inc. 200 Spectrum Center Drive, Irvine, CA 92618, USA. Email: support@xnetmobile.com
For privacy rights requests, please include sufficient information to allow us to verify your identity and describe your request with reasonable specificity.