Privacy Policy

Last updated: May 21, 2026

1. Introduction

This Privacy Policy describes how Xzect Labs Private Limited ("we," "us") collects, uses, discloses, and protects personal information when you use News Studio at newsstudio.io and related applications (collectively, the "Service").

By using the Service, you acknowledge this Policy and our Cookie Policy. Where required, we rely on consent, contract performance, legitimate interests, or legal obligation as described below.

We design our practices to align with GDPR-style privacy expectations, payment gateway compliance requirements, major platform API policies (including Meta and Google), international SaaS standards, and trust & safety best practices, as further described in this Policy and our Platform Usage Policy.

2. Scope & Roles

For account, billing, and platform operations, Xzect Labs Private Limited is typically the data controller. When you use the Service to process personal data about your readers, sources, employees, or other individuals, you are typically the controller and we act as a processor under our Data Processing Agreement and your instructions.

This Policy does not apply to third-party websites, social networks, or services you connect to the Service; those are governed by their own policies.

3. Information We Collect

We may collect the following categories of information:

  • Account data: name, email, phone, organization, role, password hashes, authentication tokens, team membership, preferences.
  • Billing data: subscription plan, transaction IDs, invoices, tax identifiers (where provided), billing address; payment card data is handled by payment processors (e.g., Razorpay), not stored by us in full.
  • Content & usage: articles, prompts, media, schedules, publishing logs, connected account metadata, feature usage, support tickets.
  • Technical & log data: IP address, device identifiers, browser type and version, operating system, language, referrer URLs, session IDs, timestamps, request/response metadata, error and crash logs, performance traces, and security event logs collected for debugging, fraud prevention, and service reliability.
  • Communications: emails, chat, surveys, and marketing preferences.
  • Inferences: aggregated analytics derived from usage (not used for automated legal decisions with significant effect unless disclosed).

You may choose not to provide certain information, but some features may be unavailable.

4. Analytics & Tracking

We use analytics and monitoring tools to improve platform performance, security, fraud detection, debugging, product development, and user experience. This may include first-party analytics and third-party service providers (e.g., web analytics, error monitoring, CDN, and infrastructure vendors).

Analytics and tracking may involve:

  • Usage metrics: feature adoption, session duration, clicks, funnels, and performance monitoring (latency, errors, uptime);
  • Device and browser data: as described in Section 3, including IP-derived approximate location where available;
  • Cookies and similar technologies: as described in Section 14 and our Cookie Policy;
  • Abuse prevention: signals used to detect suspicious logins, spam, automation abuse, payment fraud, and policy violations.

Where required by law (including in the EU/UK), we obtain consent before non-essential analytics or marketing cookies. You may withdraw consent via cookie controls. Aggregated or de-identified analytics may be used without identifying you personally.

Third-party analytics providers process data under their own policies. We configure providers where possible to minimize data collection and honor regional requirements.

5. OAuth & Social Login

When you sign in with Google, Facebook, LinkedIn, or connect social publishing accounts, we receive tokens and profile information permitted by your authorization (e.g., name, email, page/account IDs, profile picture). We store tokens securely to operate integrations until you disconnect or they expire.

We do not post on your behalf except as directed through the Service. You can revoke access via the third-party platform or our settings. Revocation may disable scheduled publishing.

6. AI Processing

To provide AI features, we process prompts, source material, drafts, and configuration you submit. This may involve third-party AI model providers and cloud infrastructure. Content may be temporarily cached for performance, quality, safety filtering, and abuse prevention.

We do not use your private workspace content to train public foundation models unless clearly disclosed and opted in. We may use aggregated, de-identified data for analytics and service improvement.

AI processing carries inherent risks; see our Terms of Service regarding accuracy and your review obligations.

7. How We Use Information

  • Provide, maintain, secure, and improve the Service;
  • Authenticate users and prevent fraud, abuse, suspicious activity, and security incidents;
  • Operate analytics, performance monitoring, debugging, and product improvement;
  • Process subscriptions, payments, and tax documentation;
  • Publish and schedule content per your instructions;
  • Provide support and respond to inquiries;
  • Send transactional and, where permitted, marketing communications;
  • Comply with law, enforce terms, and protect rights and safety;
  • Generate aggregated analytics and service metrics.

8. Sharing & Processors

We may share information with:

  • Service providers / processors: cloud hosting, databases, CDN, email, analytics, customer support, AI providers, and security vendors.
  • Payment processors: Razorpay and others for billing, fraud screening, and chargeback handling.
  • Third-Party Platforms: when you direct publishing or authentication.
  • Professional advisors: lawyers, accountants, insurers, under confidentiality.
  • Authorities: when required by law or to protect rights and safety.
  • Business transfers: merger, acquisition, or asset sale, subject to this Policy or notice.

We require processors to protect personal data by contract. A current list of key sub-processors may be provided on request or in our DPA.

9. International Transfers

We are based in India and may process data in India and other countries where we or our processors operate. Where required, we implement appropriate safeguards such as standard contractual clauses, contractual protections, or other lawful transfer mechanisms.

By using the Service, you acknowledge that cross-border transfers may occur. See our DPA for enterprise transfer terms.

10. Security

We implement reasonable administrative, technical, and organizational measures described in our Security Policy, including encryption in transit, access controls, and monitoring. No method of transmission or storage is 100% secure.

You are responsible for safeguarding credentials and configuring team access. Report suspected incidents to contact@newsstudio.io.

11. Retention & Backups

We retain personal data as long as needed to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, and for legitimate business purposes (e.g., fraud prevention).

Backups and logs. Deleted data may persist in encrypted backups, server logs, analytics, and disaster-recovery systems for a limited period before automated purge. Backup restoration is not used to reactivate deleted accounts except where required for integrity or legal hold.

Legal hold. We may retain data longer when litigation, investigation, regulatory request, or compliance obligations require it.

12. Your Rights & Choices

Depending on your location, you may have rights to access, correct, delete, restrict, object to processing, data portability, and withdraw consent. You may also lodge a complaint with a supervisory authority.

To exercise rights, email contact@newsstudio.io with verification information. We may deny requests where permitted by law (e.g., conflicting legal obligations or others' rights). We respond within timelines required by applicable law.

Marketing emails include an unsubscribe link. Transactional messages may still be sent for account and security purposes.

13. Account Deletion

You may request account deletion via settings (where available) or by emailing contact@newsstudio.io. Upon verified request, we will deactivate your account and initiate deletion of personal data from active systems, subject to retention described above.

Deletion does not remove content already published on Third-Party Platforms; you must remove it there directly. Billing records may be retained for tax and accounting compliance.

14. Cookies & Similar Technologies

We use cookies, pixels, local storage, session storage, tags, and similar technologies for authentication, security, preferences, analytics, marketing (where permitted), and abuse prevention. See our Cookie Policy for categories, retention, and third-party providers. You can manage preferences via consent tools and browser settings.

15. Communications

We send service-related emails (receipts, security alerts, product changes) and, with consent or as permitted by law, marketing about features and offers. SMS or WhatsApp messages, if enabled, are used per your preferences and applicable regulations.

16. Child Safety & Age Restrictions

The Service is not intended for children under 13, or under the minimum age for digital consent in your jurisdiction (whichever is higher). We do not knowingly collect personal data from children below these thresholds.

Account holders must be legally capable of entering binding contracts—typically at least 18 years old or the age of majority in your jurisdiction, as stated in our Terms of Service.

We maintain a zero tolerance policy for child sexual abuse material (CSAM), exploitation, grooming, or other illegal child-related content. We may remove content, suspend accounts immediately, preserve evidence, and report to law enforcement, the National Center for Missing & Exploited Children (NCMEC) or equivalent bodies, and platform partners where applicable.

You are solely responsible for ensuring that any uploaded or AI-generated content involving minors complies with law, obtains required parental consent, and does not exploit or endanger children. Report concerns to contact@newsstudio.io.

17. Trust & Safety

We may use automated systems and human review for trust & safety, including abuse detection, spam prevention, malware scanning, and policy enforcement. AI safety filtering and automated classifiers are not perfect and may produce false positives or miss harmful content.

We reserve the right to monitor abuse indicators (including usage patterns, report signals, and integrity checks) and to remove, restrict, or escalate harmful or high-risk content or accounts, as described in our Platform Usage Policy.

We maintain logging and audit trails for security, fraud prevention, dispute resolution, and compliance purposes, subject to retention limits in this Policy.

18. Regulatory Compliance

Our privacy and data practices are designed to support compliance with:

  • GDPR-style expectations (lawful bases, data subject rights, processor terms in our DPA, transfer safeguards);
  • Payment gateway requirements (billing transparency, fraud monitoring, chargeback cooperation—see Refund Policy);
  • Platform API policies (Meta, Google/YouTube, LinkedIn, X, and similar developer and community standards);
  • International SaaS standards for security, incident response, and subprocessors (see Security Policy);
  • Trust & safety best practices for harmful content, child safety, and law enforcement cooperation.

No certification or statement in this Policy guarantees compliance in every jurisdiction; you remain responsible for your own legal obligations when using the Service.

19. Policy Changes

We may update this Policy. Material changes will be notified via the Service or email where required. Continued use after the effective date constitutes acceptance unless prohibited by law.

20. Contact

Data protection inquiries: Xzect Labs Private Limited, India. Email: contact@newsstudio.io.

Privacy Inquiries

Xzect Labs Private Limited

contact@newsstudio.io