XO Privacy Policy

Last Updated: 6/5/2025

1. Introduction

Your privacy is important to us. This Privacy Policy explains how XO (“we,” “us,” or “our”) collects, uses, stores, and protects your information when you use the XO prediction market platform (the “Service” or “Platform”). XO is designed as a privacy-preserving, non-custodial platform, and we aim to collect minimal personal data – only what is necessary to provide the Service to you. In fact, as detailed below, we generally do not collect any personal data from users, except in limited cases where you might choose to provide it or where certain technical data may be automatically collected for the operation of the Service. We are committed to complying with applicable international data protection laws and principles, including the EU General Data Protection Regulation (GDPR), to the extent they apply. By using XO, you agree to the collection and use of information in accordance with this Privacy Policy.

Scope: This Policy applies to the XO website, app, and any related services or communications. It does not cover any third-party services you might use in connection with XO (such as external wallets or identity providers) except as specifically stated. We encourage you to review the privacy policies of any third-party services you use.

Non-Applicable Scenarios: If you do not use the interactive features of XO (for example, if you simply browse public market data without logging in or connecting a wallet), we do not collect any information beyond what standard web server logs collect (see “Log and Usage Data” below). If you disagree with this Privacy Policy, please discontinue use of the Platform.

2. Key Principles

• No Collection of Sensitive Personal Data: XO does not require you to provide sensitive personal information to use the Platform. We will never ask for data such as your real name, government ID number, home address, phone number, or financial account details. In general, we avoid collecting personally identifiable information (PII) unless absolutely necessary for providing the Service or complying with the law. For most users, all that is needed to use XO is an email or social login (handled by a third-party, as described below) and a crypto wallet – none of which involves providing traditional personal data to XO.
• Data Minimization: We adhere to the principle of data minimization. This means we only collect the minimum data that we need to make the Platform function effectively. If a piece of data is not truly required, we prefer not to collect it at all. Any data that is collected is used solely for the purposes stated and not for other unrelated purposes.
• Transparency: We strive to be transparent about our privacy practices. This Policy outlines in clear language what information we collect (if any), how we use it, and your rights regarding it. If you have any questions, you can contact us using the information at the end of this Policy.
• Security: Even though we collect very little personal data, we take the security of the information we hold seriously. We implement industry-standard measures to protect your data and prevent unauthorized access or leakage (see Section 7 on Data Security).
• Compliance: We design our practices to comply with applicable privacy laws and regulations, such as GDPR, CCPA (to the extent applicable), and others. For example, even if we hold minimal data, we respect rights to access or delete your data as described in Section 9. We do not sell or share personal data for marketing purposes, in line with regulations and our own values.
• International Users: XO’s infrastructure may be global. Regardless of where you are located, we provide the same high standard of privacy protection to all our users. If we transfer data across borders, we do so in compliance with legal requirements (though, as noted, the personal data we handle is minimal).

3. Information We Collect

Personal Data You Provide

In general, XO does not ask you to provide personal data to use the Platform. We do not have typical account registration forms asking for your name or contact details. However, there are a few scenarios in which you might provide or generate data that could be considered personal:

• Email/Social Login (Privy): When you register or log in via our third-party authentication provider, Privy, you may provide an email address or authenticate through a social media or OAuth provider (like Google). This process may give us access to a pseudonymous identifier for your account and potentially an email address or profile name associated with your login (depending on what the identity provider shares). We do not collect or store passwords – authentication is handled externally by Privy. The information XO receives from Privy is limited to what’s necessary to identify your account (such as a unique user ID and your associated blockchain wallet address). We do not use your email for marketing or share it, and if an email is provided, we use it only for essential communications like account recovery or important notices (if at all). If you prefer not to provide an email, some login providers allow anonymous or alias logins; however, not providing an email might limit our ability to help you recover access if you lose credentials.
• Communications: If you contact us directly (for example, via a support email or contact form), we will receive whatever information you choose to send us. This could include your email address, name (if you sign it), and the content of your inquiry. We will use this information solely to respond to your inquiry and support your use of XO. We ask that you not provide any unnecessary personal information when contacting us. Communications may be retained as long as necessary to address your issue and for our record-keeping.
• Content in Markets: If you create markets or otherwise post content on XO, be mindful that this content is public. Do not include personal data (whether yours or someone else’s) in market descriptions or comments. We do not proactively review market content for personal data, but if we are made aware that personal data of an individual has been posted without consent, we may remove it to protect privacy and comply with law. By design, market creation should not require any personal data; it should be about public events.

Information Automatically Collected

Even without actively providing information, some data gets automatically generated when you use any online service. We keep such data collection to a minimum and treat it carefully:

• Blockchain Data: XO transactions (trades, market creations, etc.) occur on public blockchains (such as Ethereum or related sidechains). This means that your blockchain address and your transactional activity (e.g., the markets you participated in, the tokens you hold in a market) are recorded on a public ledger. This data is public by nature and not collected “by XO” in the traditional sense, but XO’s systems will read and use this data to display your portfolio or process trades. For example, when you connect your wallet, we retrieve your blockchain addresses and read balances of relevant tokens to show you your positions. We do not associate your blockchain address with your real-world identity. We treat blockchain addresses as pseudonyms.
  Important: Anyone can analyze public blockchain data, which could possibly be combined with other data to infer identity; while this is outside our service, we want users to be aware of this characteristic of blockchains.
• Log and Device Data: When you use XO, our servers (or the services we use to host our application) may automatically record certain information (“log data”). This can include your IP address, browser type, device type, operating system, the pages or screens you access on our site, the dates/times of access, and other standard web log information. We use this information to ensure the service is delivered properly, to monitor and fix technical issues, and to investigate any malicious activity. We do not use this data to try to identify you. IP addresses can sometimes be considered personal data, but we do not link IP logs to any specific user account except insofar as needed to manage abuse or comply with geo-restrictions. For instance, we might use your IP address to infer your approximate country for the sole purpose of blocking access from restricted regions. We do not store IP data longer than necessary for these purposes.
  Generally, raw log files are kept for a short period (e.g., a few weeks) and then deleted or aggregated, unless required for security investigations.
• Cookies and Local Storage: XO uses minimal cookies or similar technologies. We may use a cookie or local storage in your browser to remember your session (e.g., keep you logged in or remember your preferences such as theme). These are essential or functional cookies, not advertising trackers. We do not use third-party analytics services that track you across sites. However, we may use our own analytics to understand usage of our Platform in an aggregate way (for example, to know how many users we have, which features are most used, etc.). If we do, we will do so in a privacy-preserving manner – e.g., by not collecting full IP addresses or any unique device identifiers beyond what is needed. You have the ability to control cookies through your browser settings: you can refuse or delete cookies. Note that if you disable cookies, some features like staying logged in might not work properly. We do not employ any cookies for advertising or marketing purposes, and we do not share cookie data with third parties.
• Anonymized Usage Data: We may collect some usage telemetry such as performance metrics or error logs from the application in order to improve the user experience. For example, if the app crashes or a smart contract call fails, we might collect a report of that event. These reports do not include personal information – they typically contain technical information (like error codes, which part of the code failed, etc.) and possibly basic device information. Any analytics we perform on usage data will be on anonymized or aggregate data, and cannot be traced back to you personally. We do not maintain browsing history of individual users or any profiling.

Summary: In normal usage, the primary “identifier” we interact with is your blockchain wallet address and an optional email or social ID via Privy. Neither of these inherently reveals your real-world identity to us. Other data collected (IP, device info) is ephemeral and used only for running the service (security, debugging) and not for building any marketing profile. Essentially, we do not collect personal data that can identify you in the real world, unless you voluntarily communicate it to us.

4. How We Use Information

Because we collect very little personal information, our uses of data are quite limited. We use the information we do have in the following ways:

• To Provide and Maintain the Service: We use blockchain data (your wallet address, balance info, transaction history relevant to XO markets) to display your markets, calculate your positions, and facilitate trades. We use authentication data (from Privy) to let you securely log in and access your account. Log and cookie data are used to keep the service running smoothly (for example, ensuring pages load correctly and remembering your settings).
• To Process Transactions: If you create a market or trade, we use the necessary information to execute the transaction via the smart contracts. This includes using your connected wallet address and the details of the transaction (which outcome you want to buy, how much, etc.). This is done through the interface interacting with the blockchain and is fundamentally your own wallet executing the transaction; XO just helps transmit the request.
• To Enforce Restrictions: We may use your IP address or other geolocation hints to enforce our regional restrictions (ensuring users from prohibited jurisdictions cannot access trading functionality). This is a compliance measure. We do not geolocate for any other purpose, and we do not maintain a database mapping IPs to specific individuals – it’s usually an automated check at login or transaction time.
• To Communicate with You: If you provided an email and opted in to communications (for example, to get notifications of market resolutions or important updates), we will use your contact information to send you those communications. We will not spam you or send promotional emails unless you explicitly subscribe to such updates. Primarily, communications might include: confirmations (e.g., if you sign up or if you initiate a password reset through Privy, though Privy might handle those directly), important service announcements (like changes to Terms or downtime notices), or responses to your inquiries. You can opt out of non-essential emails at any time by contacting us or using any unsubscribe mechanism provided.
• To Improve and Debug: Internal analytics and logs help us understand how users interact with XO (in a general sense) so we can improve features or fix bugs. For example, we might track that a certain feature is seldom used, which could prompt us to redesign it. If errors occur, log data and error reports help us diagnose the problem. This usage data is anonymized and aggregated – we look at trends and overall counts, not individual user behavior. If we ever introduce more sophisticated analytics, we will update this Policy and, if required, seek consent.
• Legal Compliance and Security: In the unlikely event that we need to investigate fraud or abuse, we might use data like logs to identify malicious activity (e.g., multiple failed login attempts could trigger security measures, or unusual trading patterns might be analyzed for manipulation in violation of our Terms). If necessary to comply with a legal obligation, we may use whatever minimal information we have to respond (see Section 6). For instance, if law enforcement presents a lawful subpoena, we may have to check our records for any data on the specified user. Generally, because we hold so little personal data, our ability to assist in such cases is limited, but we will comply with the law in good faith.

Importantly, we do not use your data for advertising, nor do we sell your data to any third parties. We do not do any profiling or automated decision-making about users in a way that produces legal effects or similarly significant effects for you. All uses of data are tied to offering the core functionality of XO and maintaining compliance and security.

5. How We Share or Disclose Information

XO’s philosophy is to avoid sharing user data unless absolutely necessary. Since we collect minimal data, there is not much to share in the first place. Nonetheless, here is how information might be shared:

• With Service Providers: We use certain third-party service providers to operate the Platform. These providers might process data on our behalf, but only for the purposes of providing their services to us. Key service providers include:
  • Privy: As mentioned, Privy handles user authentication and wallet management. When you log in or sign up, you are interacting with Privy’s system. Privy will have its own privacy practices, and we recommend reviewing Privy’s privacy policy to understand how they handle your data. From XO’s perspective, we (a) direct you to Privy to authenticate, and (b) receive from Privy a token or confirmation that you are authenticated, along with minimal info like your blockchain address and possibly an email if you provided one. We do not share any other data with Privy except what is needed for the authentication flow. Privy may separately process data such as your login credentials, but that is outside our control (though Privy is designed to be privacy-preserving and secure).
  • Hosting and Infrastructure: Our website and backend might be hosted on cloud servers (for example, using providers like AWS, Cloudflare, Heroku, or others). These providers inevitably handle any data that flows through our site (including possibly IP addresses, requests, etc.) as part of their role. We choose reputable providers that have strong security and privacy practices. For instance, we may use a service like Cloudflare to help protect and deliver our content; Cloudflare will process your IP and requests to filter malicious traffic and cache content. Such providers are not allowed to use your data for their own purposes – they are bound by contract to only process it for us.
  • Analytics/Crash Reporting: If we use a third-party analytics service (currently, we do not use Google Analytics or similar, but if we did, it might process some pseudonymous data about usage). We would choose privacy-focused solutions and configure them to avoid collecting personal data (for example, anonymizing IP addresses). Similarly, if we use any error tracking software, it would handle error logs potentially containing device info or user agent strings.
  • All these service providers are given only the information necessary to perform their functions, and we require them to protect your information and not to use it for other purposes.
• With Other Users / Public: By nature of the Platform, certain information is public. If you create a market, the content you input (the market question, your username or pseudonym if one is shown, etc.) will be visible to others. Likewise, if there is a leaderboard or profile feature, other users might see some information about your trading performance that is tied to your pseudonymous identity (e.g., your wallet address or a chosen username). However, we will not expose personal details like your real name or email to other users. Also, your blockchain transactions (trades, etc.) are recorded on a public ledger accessible to anyone; on XO’s interface, we might show recent trades or market activity including amounts and wallet addresses (shortened for readability). This transparency is part of how blockchain markets work, but rest assured we won’t be publishing any off-chain personal info because we don’t collect it in the first place.
• For Legal Reasons: We may disclose information to courts, law enforcement, governmental authorities, or authorized third parties if and only if required to do so by law or subpoena or if we believe in good faith that such disclosure is reasonably necessary to (a) comply with a legal obligation, (b) protect the rights, safety, or property of XO, our users, or the public, (c) prevent or stop any illegal, unethical, or legally actionable activity, or (d) enforce our Terms of Service (including investigation of potential violations). Given our minimal data collection, any disclosure would likely be limited to confirming whether a certain wallet address has interacted with our Platform, or providing any login or IP records tied to that address, if we have them. We will attempt to notify users of requests for their data before disclosing it, unless we are legally prohibited or the request is an emergency.
• Business Transfers: If XO (or its operating entity) is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be transferred as part of that transaction. We would ensure the new owner or resulting entity is bound by terms that are at least as protective of your privacy as the terms of this Privacy Policy. You would be notified via the Platform or by email if a change in ownership or use of your personal data occurs, as well as any choices you may have regarding your data (for example, if the new entity plans to handle it differently).
• With Your Consent: If we ever want to share your information for any other purpose not covered above, we will ask for your consent. For example, if there’s a new feature that involves sharing data with a partner, we would provide an opt-in choice.

We do not sell your personal data. We also do not share data with third-party advertisers or marketers. Since we don’t collect advertising profiles or much personal info at all, there’s nothing of that sort to share.

6. International Data Transfers

XO’s service is global, and the limited data we handle may be processed in various countries. For example, our servers or service providers might be located in the United States, the European Union, or other regions. If you are using the Platform from outside the country where our servers are located, be aware that your information (to the extent any exists) may be transferred to, stored, and processed in a jurisdiction different from your home country. We will take steps to ensure that your data receives an adequate level of protection in the jurisdictions in which we process it. If you are in the European Economic Area (EEA) or the UK, and we transfer personal data about you to a country not deemed to provide adequate data protection (such as transferring an EU user’s data to the U.S.), we will do so under safeguards that comply with GDPR requirements. This could include using standard contractual clauses approved by the European Commission, or ensuring our service providers are certified under frameworks like the EU-U.S. Data Privacy Framework (if applicable). However, given that we store almost no personal data, such transfers are minimal. For example, if your email is stored (for login or contact) and our database is in the U.S., that’s a transfer of personal data. We ensure that any such storage is protected and lawful.

By using XO, you understand that your information may be transferred to our facilities and those third parties with whom we share it as described in this Policy, even if they are in other countries. Those countries may have data protection rules different from those of your country, but we will maintain protections as outlined here.

7. Data Security

We take the security of your data seriously and implement appropriate technical and organizational measures to protect it from unauthorized access, alteration, disclosure, or destruction. Some of the security practices we follow include:

• Encryption: Any data transfer between your browser and XO’s servers is protected by encryption (HTTPS/TLS). Additionally, sensitive data at rest (if any) is encrypted. For instance, if we stored email addresses or other login tokens in our database, we would encrypt them or store them in a hashed form where possible. Private keys for wallets (if using Privy’s embedded wallet) are managed by Privy’s security protocols, which likely involve secure enclaves or multi-party computation – XO itself never sees your raw private keys.
• Access Controls: We restrict access to any systems storing personal data to authorized personnel only, who need access to operate or develop the service. Our team is trained on the importance of privacy and security. Administrative access to databases or servers requires strong authentication and is logged. We also use role-based access such that even internally, no one can access more data than necessary.
• Audit and Monitoring: We monitor our systems for possible vulnerabilities and attacks. We keep software and dependencies up-to-date to patch security issues. We may periodically conduct security audits or engage third-party security experts to test our system (penetration testing). Any detected vulnerabilities are addressed with high priority.
• Data Minimization as Security: One of the best ways we protect your data is by not holding much of it. For example, since we don’t collect sensitive personal info or large amounts of user data, the risk and impact of a data breach are significantly reduced. An attacker cannot steal what we don’t have. Most interactions on XO involve your blockchain transactions which are secured by the blockchain itself and your own wallet’s security. Our servers mainly handle non-sensitive info like market data and pseudonymous IDs.
• Backup and Recovery: We maintain backups of critical system data to ensure continuity of the service. These backups are encrypted. Importantly, because user assets are on-chain, even if our systems have issues, your funds remain safe on the blockchain. In the event of any security incident or data breach that affects personal data, we will notify affected users and relevant authorities as required by law, and work swiftly to mitigate any harm.

Despite all these measures, it’s important to note that no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data. You also play a role in security: protect your account credentials, use a strong password, enable two-factor authentication if offered, and be cautious of phishing attempts (we will never ask for your password or private key via email or chat). If you have reason to believe that your interaction with XO is no longer secure (for example, you suspect your account has been compromised), please contact us immediately.

8. Data Retention

We retain the limited personal data we collect for only as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law, whichever is longer. Because our default stance is to not collect or retain data, much of the data is ephemeral:

• Account Data: If you have an account (via Privy login), we retain your account identifier and associated data for as long as your account is active. If you choose to delete your account or if you haven’t used your account for an extended period, we may delete or anonymize the data associated with it (except any data we are required to keep for legal reasons). Note that even if your account is deleted, data recorded on the blockchain (like past trades) cannot be erased by us – they remain on the public ledger.
• Communications: If you contacted support, we may retain those communications until we have resolved your issue and for a reasonable period thereafter in case you return or have follow-up issues. Emails might be retained for record-keeping, typically no longer than necessary (perhaps 1-2 years), unless a longer retention is required for legal purposes.
• Logs: Server logs and analytics data are generally retained for a short duration (e.g., raw logs for a few weeks, summary analytics for a year). We aggregate or delete data that is older unless needed to investigate security incidents. In rare cases, IP logs or similar data might be kept longer if we believe there's an active security threat or legal obligation.
• Backups: Our system backups might incidentally store data for longer periods, but we ensure that when backups expire, they are deleted securely. If personal data was present and we have since deleted it from live systems, it will be removed from backups according to our backup retention schedule.

When we no longer need data, we will destroy it securely or anonymize it so it can no longer be associated with you. For example, if you withdraw consent for us to use your email, we can remove it from our contact list (though we might keep a hashed version solely to remember not to send you emails).

Given that we do not collect much personal data, data retention concerns are minimal. We basically keep what is needed for you to use the service and to comply with law. If you have specific questions about our data retention practices for any particular type of data, you can contact us for more detail.

9. Your Rights and Choices

Depending on your jurisdiction and the applicable laws, you may have certain rights regarding your personal data. XO is committed to honoring applicable rights requests even if our data collection is minimal. Below is a non-exhaustive list of rights you may have under various privacy laws (such as GDPR for EU users, CCPA for California users, etc.), and how you can exercise them:

• Right to Access: You have the right to request a copy of the personal data we hold about you, if any, and to obtain information about how we process it. Because we gather very little personal data, in many cases the only data associated with you might be a wallet address or an email. You can contact us to ask what data we have about you. We will provide it in a structured, commonly used electronic format. For EU users, this is your GDPR Art. 15 right of access.
• Right to Rectification: If you believe the information we have about you is inaccurate or incomplete, you have the right to request that we correct or update it. In practice, since we don’t have profile info beyond maybe an email, rectification might involve updating your email or preferences. If you cannot change it yourself through any account settings, contact us and we will address it if possible.
• Right to Deletion: You have the right to request deletion of your personal data (the “right to be forgotten”). For example, if you created an account and now want to delete it along with any associated personal info, we will fulfill this request, provided we do not have a legal obligation to retain certain data. Note that we cannot delete data recorded on the blockchain (like transaction history) because we do not control the blockchain – that data is public and immutable. But we can delete data on our systems, such as your email, user ID, or any log data associated with you. If you request deletion, we will also direct our service providers (like Privy) to delete the data they hold on our behalf, to the extent applicable.
• Right to Restrict Processing: In some cases, you may have the right to request that we limit processing of your data (for instance, if you contest the data’s accuracy or if you just want us to hold it but not use it). Given our limited use, this might be rarely needed, but you can always ask and we will comply if required. One scenario might be you don’t want us to use your email even for essential updates – you could ask us to not send communications; we can then suppress that email.
• Right to Data Portability: You have the right to obtain your personal data in a format that can be transferred to another service (applicable to data you provided, under GDPR). In our context, this might apply to something like your account data. Practically, since your main “account” on XO is your wallet and that’s already portable (you can use your wallet on other services), and we don’t have a profile of data beyond that, there’s not much to port. But we can provide, for instance, a copy of any account-related data we have, if you need it to move to a different platform.
• Right to Object: You may have the right to object to our processing of your personal data if we were processing it on a legal basis like legitimate interests. Since we mainly process data to provide the service you requested (contractual necessity) or based on consent (like optional email communications), there’s limited scope for objection. However, if you object to any use of your data (for example, if you didn’t want us to even do anonymized analytics), let us know and we will consider such requests seriously. If we ever engaged in direct marketing (which we currently do not), you have the absolute right to object to that and opt out.
• Right not to be subject to Automated Decision-Making: XO does not make any decisions about you that have legal or significant effects solely by automated means without human involvement. The MODRA system that resolves markets is an automated/hybrid mechanism, but it does not use personal data about you – it’s about determining event outcomes. In any case, if such situations arise, you’d have rights to contest automated decisions.
• Withdrawal of Consent: Where we rely on your consent to process data (like if you opted in to a newsletter), you can withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing that happened before the withdrawal. If you withdraw consent for something essential (like using Privy to authenticate), note that we might not be able to provide the service without that, but we will inform you if that’s the case.

To exercise any of these rights, please contact us at the contact information provided in Section 11. We will verify your identity (to ensure we don’t give data to the wrong person) before fulfilling the request. Given that we often might not have a lot of identifying info, we may ask you to verify control of the email or account you’re inquiring about. For example, if your “account” is just a wallet address, one way to verify identity is for you to sign a message with that wallet to prove ownership.

We will respond to requests within a reasonable timeframe, and in any event within the timeframe required by law (e.g., within 30 days for GDPR, which may be extended if necessary). If we cannot fulfill your request in whole or part, we will explain why (e.g., if it’s exempt under law or technically not feasible). For instance, if you asked us to delete all data but we have to keep some log for security or a legal obligation, we will let you know.

We will not discriminate against you for exercising any of these rights. The service will be provided to you under the same terms even if you make privacy requests (except to the extent your request might impact our ability to operate the account, in which case we’ll inform you of any consequences).

California Residents (CCPA): Although we do not sell data or use it for targeted advertising, if you are a California resident, you have the right to know what categories of personal information we collect and our purposes, as well as the right to request deletion or know specifics as described above. The categories of data under CCPA that we might collect (for example: identifiers like an email or IP, internet activity logs) and the purposes (all limited to providing the service) are already outlined in this Policy. You can contact us to exercise your rights. We do not sell personal information (as defined by CCPA), and we do not share it for cross-context behavioral advertising.

10. Children’s Privacy

XO is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children (minors under 18 years or under the applicable age of majority in their jurisdiction). Our Platform’s content and services (prediction markets) are designed for adults. If you are under 18, you are not permitted to use XO or provide any personal information to us. We do not knowingly allow minors to create accounts or engage in trading.

If we become aware that we have inadvertently collected personal data from a child under 18, we will take steps to delete such information promptly. For example, if a parent or guardian contacts us and informs us that their child has used our Platform and provided personal data, we will investigate and, if verified, remove the data and terminate the child’s account (if any). Parents or guardians who believe that XO might have any information from or about a child under 18 should contact us immediately (see Section 11). We will then take appropriate measures to ensure compliance with applicable child data protection laws, such as COPPA in the United States or similar regulations elsewhere.

11. Updates to this Privacy Policy

We may update or modify this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will revise the “Last Updated” date at the top of this Policy. If the changes are significant, we will provide a more prominent notice of the update – for example, by posting a notice on our website or sending an email to users (if we have your email on file).

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. If you continue to use XO after Privacy Policy changes go into effect, it will signify your acceptance of the updated terms (to the extent permitted by law). If you do not agree with any updates or modifications, you should stop using the Platform and can request us to remove your data as per Section 9.

In some cases (for instance, if we were to start collecting additional personal data or using it for new purposes), we may seek your explicit consent to those changes if required by law.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, we are here to help. Please contact us through any of the methods below:

• Email: [email protected]
• Support: You may also reach out via our support channels or contact form on our website https://xo.market

We will respond to your inquiries as soon as reasonably possible, and no later than required by applicable law. If you contact us to exercise a privacy right, please provide sufficient information for us to verify your identity (for example, contacting us from the email associated with your account, or providing a signed message from your wallet).

Thank you for trusting XO. We value your privacy and are committed to protecting it. Use of XO is subject to this Privacy Policy and our Terms of Service. We encourage you to read both documents carefully. By keeping our data collection minimal, we aim to give you control and confidence as you participate in the XO prediction market community.