Legal & policy center
Privacy Policy
Last updated: March 17, 2026
XColdPro is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our website and services.
1. Information We Collect
We collect information you provide directly:
- Account information (name, email address)
- Purchase information for orders
- Support communications
- Newsletter subscriptions (with explicit opt-in)
We also automatically collect technical information when you visit our website (IP address, browser type, OS, pages viewed). This is only used for analytics purposes with your consent.
2. Information We Do NOT Collect
XColdPro operates on a zero-knowledge architecture. We never collect:
- Your private keys or seed phrases
- Wallet addresses or transaction history
- Cryptocurrency balances or holdings
- Any data from your air-gapped devices
3. Legal Basis for Processing (GDPR Art. 6)
We process your personal data only where we have a lawful basis:
| Purpose | Legal Basis |
|---|---|
| Processing and fulfilling orders | Art. 6(1)(b) — Contract performance |
| Delivering license keys and downloads | Art. 6(1)(b) — Contract performance |
| Customer support | Art. 6(1)(b) — Contract performance |
| Transactional emails (order confirmation, updates) | Art. 6(1)(b) — Contract performance |
| Marketing emails / newsletter | Art. 6(1)(a) — Consent (explicit opt-in) |
| Analytics (Matomo, self-hosted) | Art. 6(1)(a) — Consent (cookie consent) |
| Advertising tracking (Google Ads) | Art. 6(1)(a) — Consent (cookie consent) |
| Fraud prevention and security | Art. 6(1)(f) — Legitimate interest |
| Legal and tax compliance | Art. 6(1)(c) — Legal obligation |
4. Data Security
We implement industry-standard security measures including SSL/TLS encryption, secure servers, PCI-DSS compliant payment processing via Stripe, and access controls to protect your personal information.
5. Third-Party Services
- Stripe (Stripe, Inc.): Payment processing. PCI-DSS Level 1 certified. Stripe Privacy Policy.
- Cloudflare, Inc.: CDN, security, and DDoS protection. Cloudflare Privacy Policy.
- Matomo Analytics (self-hosted): Only activated with your consent. Hosted at analytics.xcoldpro.com — no data shared with third parties.
- Google LLC (Google Ads): Only activated with your consent. Conversion tracking only. Google Privacy Policy.
We do not sell your personal information to any third party.
6. Data Retention
| Data Category | Retention Period |
|---|---|
| Orders and billing records | 7 years (tax/legal obligation) |
| User account data | Until account deletion + 30 days |
| Marketing email consent | Until unsubscribe / consent withdrawal |
| Analytics data (Matomo) | 13 months (consent-based) |
| Security and access logs | 90 days |
| Customer support records | 3 years from ticket resolution |
7. International Transfers
XDRIP Digital Management LLC is based in the United States. For transfers of personal data from the EEA to the US, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission (Decision 2021/914) for transfers to Stripe and other processors.
- Adequacy Decisions where applicable.
8. Your Rights — EEA Residents (GDPR)
Under GDPR, you have the right to: access your data, correct inaccuracies, request deletion, object to or restrict processing, data portability, and withdraw consent at any time.
You also have the right to lodge a complaint with a supervisory authority in your country of residence. For EU residents: edpb.europa.eu.
9. California Residents — CCPA / CPRA
California residents have the right to: Know what data we collect, Delete it, Correct it, and Opt-Out of sale (we do not sell personal data). Contact contact@xcoldpro.com with subject “California Privacy Rights Request” — response within 45 days.
10. Colorado Residents — Colorado Privacy Act (CPA)
Colorado residents have the right to: Access the personal data we process, Correct inaccuracies, Delete their data, obtain a portable copy (Data Portability), and Opt-Out of (a) the sale of personal data, (b) targeted advertising, and (c) profiling in furtherance of decisions that produce legal or similarly significant effects. We do not sell personal data and we do not engage in profiling that produces legal or significant effects.
Universal Opt-Out Mechanism (UOOM). Pursuant to C.R.S. § 6-1-1306(1)(a)(IV) and 4 CCR 904-3, Rule 5.04 (effective July 1, 2024), we recognize the Global Privacy Control (GPC) browser signal as a valid universal opt-out. When your browser transmits the Sec-GPC: 1 header or exposes navigator.globalPrivacyControl = true, we automatically disable advertising/targeting cookies for your session and treat it as a valid opt-out of the sale of personal data and targeted advertising for your device. You may also use the “Do Not Sell or Share My Personal Information” link in our footer at any time.
How to submit a request. Email contact@xcoldpro.com with subject “Colorado Privacy Request”. We respond within 45 days (extendable once by an additional 45 days when reasonably necessary, with notice to you). We will not discriminate against you for exercising your rights.
Authorized agents. You may designate an authorized agent to submit a request on your behalf. We will require reasonable verification of the agent’s authority (signed permission or power of attorney) and of your identity before fulfilling the request.
Appeals. If we decline to act on your request, you may appeal our decision by replying to our response email or writing to contact@xcoldpro.com with subject “Colorado Privacy Appeal” within a reasonable time. We will respond in writing within 45 days with our decision and reasoning. If your appeal is denied, you may contact the Colorado Attorney General at coag.gov/file-complaint.
11. EU Representative (GDPR Art. 27)
XDRIP Digital Management LLC processes EU personal data primarily for direct purchase transactions. We believe we qualify for the exemption under GDPR Art. 27(2)(a). EU residents may contact us directly at contact@xcoldpro.com.
12. Children’s Privacy
Our services are not directed to individuals under 18. We do not knowingly collect personal information from minors.
13. Contact Us
XDRIP Digital Management LLC — operating as XColdPro
1345 Diana Lane, Colorado Springs, CO 80909, United States
Email: contact@xcoldpro.com
FTC complaints: ftc.gov/complaint · Colorado AG: coag.gov