1. Introduction

1a. Purpose of This Policy

This Privacy, Storage & Data Retention Policy (“Privacy Policy”) governs the collection, use, storage, and disclosure of personal and non-personal data obtained through your access and use of Xetarev (also referred to as “Xetarev”, ‘xetarev.com’, “we” or “us”), including all associated features, blogs, and Xetarev Labs (“XetaLabs”) projects. This Policy is intended to inform users of their rights and our obligations & practices of privacy for our users, storage and retention of sensitive user data under applicable privacy and data protection laws, including but not limited to the GDPR, CCPA and other relevant frameworks.

1b. Applicability

This Privacy Policy applies & binds all users accessing & browsing the site and all its pages. However it does not apply to clients, enterprise users or those who otherwise engage with Xetarev in the context of contractual services, they are instead governed by our Service Policies.

1c. Consent and Regional Restrictions

1. Implicit Consent by Accessing the Site – By accessing, browsing, or otherwise interacting with any & all pages, blogs, or XetaLabs projects on xetarev.com, you implicitly acknowledge and consent to the collection, processing, and storage of data as described in this Privacy Policy, except where explicit contextual consent is required by applicable law.
2. Regional Privacy Restrictions – We enforce region-based privacy measures to comply with applicable data protection regulations:
   1. European Union (EU) and Californian users are not subject to Whispr Analytics fingerprinting. Learn more on Section 2
   2. Essential session cookies and non-invasive analytics (e.g., GA4, Microsoft Clarity) may still function for site performance and aggregated metrics.
   3. No separate or explicit consent mechanism is provided, and continued use implies acceptance of these limited tracking practices
3. Data Objections and Removal Requests –  Users who object to the collection or storage of their data, or who wish to request deletion of stored identifiers, may contact Xetarev via the email channel provided in Section 6c. Such requests will be honored in accordance with applicable legal obligations and technical feasibility.

2. Data Collection & Tracking

Learn more about the data that we collect and trackers, identifiers & fingerprinters that we implement.

2a. Dynamic IP and Network Data – Logging and geolocation practices

1. xetarev.com automatically collects the IP addresses of all users accessing the website. This collection occurs for the purposes of:
   1. Session validation and security logging. Keeping large scale bots and trackers at bay.
   2. Network diagnostics and performance optimization
   3. Geolocation approximation for analytics and regional privacy enforcement
2. Geolocation and Network Metadata – In addition to the IP address, the following network-related metadata may be derived: Continent, country, region codes, City-level geolocation (approx), Non precise Latitude and longitude, Internet Service Provider (ISP) and Autonomous System Number (ASN), Connection type, domain information
3. Purpose of IP and Network Data Collection – This data is collected to:
   1. Enforce regional restrictions (e.g., disabling Whispr fingerprinting for EU and CA users)
   2. Generate aggregate traffic and usage metrics
   3. Enable security, fraud prevention, and abuse detection
   4. Maintain operational logs for server and application performance
4. This data is stored indefinitely unless a removal request is submitted under Section 5b of this Policy

2b. Device & Browser Data – Whispr Analytics

1. Overview –  We deploy a proprietary analytics and fingerprinting system, Whispr Analytics, which collects granular, non-named device and browser metadata to distinguish unique sessions and returning visitors. Whispr Analytics operates in addition to standard third-party analytics tools.
2. Scope of Data Collected – (a) Device and Hardware Data — Screen size and viewport dimensions (e.g., 1920×1080 / 1905×1080), Device type, CPU cores, memory size, Architecture and platform version (e.g., “arm”, “macOS 15.5.0”), (b) Browser and Rendering Environment — User agent string and full browser version, Browser vendor, rendering engine, and preferred color scheme, JavaScript, WebGL, and touch support flags, (c) Behavioral and Contextual Indicators — Orientation (portrait/landscape) and language preference, Connection type and approximate network latency, Session visit counts and return-visit detection via cookies, (d) Optional Derived Identifiers — UserID and SessionID cookies for session validation, Fingerprint hash for repeat visitor recognition
3. Regional Restrictions – Fingerprinting data is fully active for users outside the EU and CA, US; Essential session cookies and minimal device data may still be collected for functional and security purposes; Fingerprinting data is fully active for users outside the EU and CA.
4. Purpose of Data Collection – Whispr Analytics data is collected and processed solely for session differentiation and repeat visitor recognition, Aggregate traffic and usage analytics, Performance optimization and security auditing.

Data Storage and Retention –  Whispr Analytics data, including any fingerprint hashes and session cookies, is retained indefinitely, Deletion requests may be submitted per Section 5b, subject to verification and technical feasibility.

2c. Third-Party Analytics – Google Analytics GA4 and Microsoft Clarity

1. Overview of Third-Party Analytics – Xetarev utilizes Google Analytics 4 (“GA4”) and Microsoft Clarity to collect behavioral and session-level data regarding visitor interactions with xetarev.com and XetaLabs projects. These tools operate independently of Whispr Analytics and are subject to their own privacy policies and terms:
   1. Google Analytics: policies.google.com/privacy 
   2. Microsoft Clarity: privacy.microsoft.com
2. Data Collected by GA4 and Microsoft –  These analytics platforms may process the following types of information: (a) Session and Device Data, Dynamic IP address (pseudonymized for EU users by GA4), Browser type, operating system, screen resolution, Device type (desktop, mobile, tablet), (b) Interaction and Event Data, Page views, scroll depth, clicks, and navigation flows, Engagement time per page and bounce rates, Heatmap and session recording data (Microsoft Clarity only), (c) Session Identifiers and Cookies, _ga and related GA4 cookies for unique session tracking, _clck and _clsk for Microsoft Clarity session replay and visitor tracking, Lifespan varies per provider (see Section 3b for detailed cookie inventory)
3. Purpose of Third-Party Analytics Data –
   1. Performance and Usage Metrics: Understand site traffic patterns and engagement
   2. Behavioral Insights: Identify content performance and user journey efficiency
   3. Quality Monitoring: Utilize Clarity’s heatmaps and session replays for UX improvements
   4. No Direct Identification: Xetarev does not provide names, emails, or direct personal identifiers to GA4 or Clarity
4. Regional and Legal Considerations –
   1. EU, EEA, CA Users: GA4 applies IP anonymization by default; Whispr fingerprinting is disabled for these users
   2. Third-Party Terms Binding: Use of GA4 and Clarity data is further governed by Google and Microsoft privacy policies
   3. Objections or Removal: Users may request deletion of session data through Xetarev per Section 10, subject to feasibility with third-party providers
5. Retention and Storage – GA4 and Microsoft Clarity store analytics data per their respective retention settings; Xetarev does not directly control third-party data retention, but may configure data aging where supported; Aggregated analytics reports generated by Xetarev may be retained indefinitely.

2d. Session Cookies & Local Storage Keys

1. Overview of Cookies and Local Storage – We deploy first-party cookies and local/session storage keys, these mechanisms do not store names, emails, or directly identifying information. They primarily store hashed session identifiers or device/session fingerprints to support:
   1. Session validation for repeat visits
   2. Analytics and traffic measurement via Whispr Analytics, GA4, and Microsoft Clarity
   3. Internal performance and anti-abuse monitoring
2. Types of Client-Side Storage Used –
   1. HTTP Cookies – Persistent or session-based small data fragments stored in the browser; Used for Whispr session IDs, GA4 _ga cookies, and Clarity _clck cookies;
   2. Local Storage Keys – Used to maintain session return validation for repeat users without server calls;
   3. Session Storage Keys – Used for active session identification during a single visit; Cleared when the browser session ends.
3. Purpose of Cookies and Storage Keys –
   1. Session Tracking: Verify repeat visits and return-user activity
   2. Analytics and Metrics: Allow GA4, Clarity, and Whispr to connect multiple pageviews to the same anonymous visitor
   3. User Experience: Minimize redundant session revalidation checks
   4. Security: Mitigate bot or abusive behavior using heuristics by tracking unusual session patterns.
4. Regional and Compliance Considerations –
   1. EU and CA Users: Whispr Analytics does not perform fingerprinting; Minimal cookies are still set for session functionality and basic analytics;
   2. Opt-Out Mechanisms: Users may clear cookies or disable storage via browser controls (see Section 3c); No formal “withdrawal of consent” mechanism is provided since it is an implied consent model.
   3. Deletion Requests – Users may request deletion of any retained session identifiers as outlined in Section 5c.

2e. XetaLabs Projects & Experimental Features

XetaLabs is a collection of experimental projects and interactive tools offered under the xetarev.com domain. While the XetaLabs platform code itself is stable and maintained, each new project within XetaLabs may have unique data collection behaviors or session‑based requirements to function properly, including:

1. Client‑Side Execution – Most XetaLabs projects operate primarily in the browser and process data on the client side. Data is not automatically transmitted to our servers, except as required for site functionality, security, or analytics.
2. Browser Add‑Ons and Embedded Tools – Certain projects may involve integrations or add‑ons where privacy and data handling are further governed by the policies of the browser or third‑party platform.
3. Tracking Consistency – Labs projects are considered an extension of xetarev.com. They remain subject to the same analytics, logging, and storage terms described in Sections 2a–2d, including the use of Whispr Analytics, GA4, and Microsoft Clarity.
4. Regional Restrictions – As with the main site, Whispr fingerprinting is disabled for users in the EU and California, while essential cookies and basic session analytics remain active.

3. Cookies & Local Storage

This Section explains the use of cookies, local storage, and similar browser‑based technologies on xetarev.com. It informs users about how these technologies work, why they are used, the types of cookies set by Xetarev and third parties, and where to find more resources to manage or learn about cookies.

3a. Learn About Cookies and Local Storage

1. What Are Cookies? – Cookies are small text files placed on your browser or device by a website you visit, They allow websites to remember your actions, preferences, and session information between page visits or across sessions. Local Storage and Session Storage are similar browser features that store data on your device but are not automatically sent to servers unless your browser or scripts trigger it.
2. How We Use Cookies – Maintain session validation and basic site functionality, Analyze website traffic, engagement, and performance, Distinguish unique sessions for security and abuse prevention, Enable experimental XetaLabs tools to function properly.
3. Learn More About Cookies –
   1. allaboutcookies.org
   2. youronlinechoices.com
   3. networkadvertising.org 

3b. Types of Cookies and Local Storage Keys Set

1. Essential Session Cookies – Required for basic site functionality and session validation, Includes session identifiers stored in cookies or sessionStorage, Cannot functionally be disabled without impairing the website experience.
2. Analytics Cookies – Used by Google Analytics 4 (GA4) and Microsoft Clarity, Measure website performance, traffic patterns, and user engagement, Store non-identifiable session and client IDs for statistical reporting.
3. Fingerprinting & Behavior Tracking Cookies (Whispr Analytics) – Store session hashes and device-specific identifiers to analyze unique visits, Do not store names, emails, or personally identifying information, Disabled for EU and CA users, except minimal session keys for repeat-visit detection.
4. Local and Session Storage Keys – Used to maintain session state and validate returning users, Session storage keys are cleared when the browser session ends.
5. User Management of Cookies –  Users can delete or block cookies and storage keys through browser settings.

4. How We Use Collected Data

Xetarev processes the data collected under Section 2 solely to operate, secure, and improve the website and XetaLabs projects. We do not sell data, conduct automated profiling, or use the information for purposes outside those described below.

4a. Site Functionality & Session Validation

1. Data such as session cookies, IP addresses, and device/browser metadata is used to:
   1. Maintain active sessions and recognize return visits
   2. Ensure pages and XetaLabs tools function correctly
   3. Manage load balancing and performance across our infrastructure
2. Without this data, the website would not reliably distinguish legitimate users from automated requests.

4b. Analytics, Performance & UX Improvements

1. Aggregated data from Whispr Analytics, Google Analytics 4, and Microsoft Clarity is used to:
   1. Measure traffic, engagement, and page performance
   2. Identify popular content and optimize navigation
   3. Evaluate experimental XetaLabs tools for usability
2. This information is collected without attaching personal names, emails, or direct identifiers and is retained for statistical and operational purposes.

4c. Security & Abuse Prevention

1. IP addresses, network metadata, and session behavior patterns are logged to:
   1. Detect bots, fraudulent access, or abuse
   2. Monitor unusual traffic spikes or malicious activity
   3. Enforce regional privacy settings (e.g., disabling Whispr fingerprinting for EU and CA users)
2. Security logs and abuse‑related data are kept indefinitely unless deletion is requested per Section 5b.

4d. No Machine Learning Profiling or Automated Decisions

1. Xetarev does not use collected data to perform:
   1. Machine learning–based profiling or behavior prediction
   2. Automated decision‑making that affects users’ rights or experiences
   3. AI‑driven personalization or marketing segmentation
2. All analytics and security measures are applied in aggregate or at the session level, without individual behavioral modeling.

4e. Third‑Party Sharing & Legal Disclosures

1. Analytics Providers Only – Collected data may be shared with our third‑party analytics providers, Google Analytics 4 and Microsoft Clarity, strictly for the purposes of traffic measurement, performance analysis, and site improvement. These providers process data in accordance with their own privacy policies:
2. No Sale of Data – Xetarev does not sell, rent, or trade user data to any third parties.
3. Legal Compliance – We may disclose stored data to government authorities or legal entities only when required to comply with applicable law, valid legal processes, or enforceable governmental requests.

5. User Rights & Regional Compliance

5a. GDPR, CCPA, and Other Global Privacy Rights

Xetarev complies with major global privacy frameworks, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and similar international laws. Users may have the right to access, correct, or request deletion of their personal or pseudonymous data, as well as to object to certain types of processing where applicable.

5b. Exercising Rights & Verification

Users may submit requests regarding data access, deletion, or objection to processing by contacting us via the email listed in Section 6c. For security, Xetarev may require sufficient verification to confirm the identity of the requester before fulfilling any request.

5c. Opt‑Outs & Technical Limitations

Users may opt out of cookie and local storage usage by clearing browser data or disabling cookies, though this may impair site functionality. Fingerprinting is already disabled for EU and California users. Complete withdrawal of all tracking is technically infeasible, but verified deletion requests will be processed where possible.

6. Information

6a. Policy Updates & Versioning

This Privacy, Storage & Data Retention Policy is effective as of the date listed below and may be updated from time to time to reflect changes in technology, legal requirements, or Xetarev practices. Any significant changes will update the version number and effective date, and continued use of the site constitutes acceptance of the latest version.

• Effective Date: Aug 05, 2025
• Version: 2

6b. Contact Information

For all privacy‑related inquiries, data deletion requests, or objections to data processing, users may contact us at xetarev@aol.com | We will verify requests where required and respond in accordance with applicable legal obligations and technical feasibility.