XGXrmGhost

Legal

Privacy Policy

Version 1.0.1 — review as of 2026-05-11.

1. Scope

This is the Privacy Policy v1.0.1 for XrmGhost.

This Privacy Policy covers our handling of personal data in connection with the XrmGhost service, our website, billing, support, analytics, and product telemetry. Cookie and analytics disclosures are included in this document; we do not publish a separate cookie policy in this version.

2. Controller and contact

For the processing described in this Privacy Policy, XrmGhost acts as the controller.

For privacy questions, data subject requests, or other legal/privacy matters, you can contact XrmGhost at legal@xrmghost.tech.

3. Categories of data we process

We may process the following categories of personal data and related information:

  • account, profile, contact, and support information;
  • billing and transaction information processed in connection with payments and subscriptions;
  • website and product usage information, including analytics and telemetry data;
  • service and operational data processed through the XrmGhost application stack, including Dataverse and Azure services; and
  • device, installation, and environment information used for telemetry and machine registration, including pseudonymized machine registration identifiers and related operational metadata.

4. Current telemetry and machine registration reality

Phase 1 product telemetry is currently always enabled. There is currently no separate telemetry opt-out because this telemetry is part of how we operate, secure, troubleshoot, monitor, and improve the service.

When XrmGhost provisions, validates, or operates service-connected features, we may process a pseudonymized machine registration identifier derived from limited machine or environment signals. We use that identifier to distinguish installations, support service operations, apply subscription or entitlement logic, investigate abuse, and troubleshoot reliability or security issues. XrmGhost intends that registration identifier to function as an operational pseudonym rather than as a directly identifying customer-facing label.

We use telemetry and machine registration data because they are necessary for service operations, security monitoring, troubleshooting, reliability analysis, subscription administration, and product improvement.

5. Cookies, analytics, and similar technologies

This Privacy Policy also covers our use of cookies, analytics, and similar technologies. We do not publish a separate cookie policy document in this version.

We use a privacy-focused, cookieless web analytics tool (Umami) on our public websites, together with product telemetry, to understand usage, performance, reliability, and service behavior. Umami does not set cookies and does not collect personal data: visitors are counted using an anonymized, salted hash that is rotated daily, so no persistent or cross-day visitor identifier is created. Because no cookies or similar tracking technologies are used for this analytics, no cookie consent banner is required. Product telemetry may collect usage events, browser or device information, and related telemetry data.

Umami supports aggregate website and usage measurement. Product telemetry supports operation of the service, diagnostics, security, reliability monitoring, and product improvement.

6. Why we process data

We process personal data to:

  • provide and operate the XrmGhost service;
  • register installations and operate service-connected features associated with your subscription or use of the service;
  • authenticate users and manage service functionality;
  • process billing and payment events, including payments handled through Stripe;
  • analyze service usage and product behavior through cookieless web analytics (Umami) and product telemetry;
  • maintain security, investigate incidents, prevent abuse, and troubleshoot issues;
  • communicate with customers and respond to support, contractual, or legal requests; and
  • improve product quality, reliability, and roadmap decisions.

7. Legal bases

Where GDPR or similar laws apply, we rely on contract and legitimate interests as the primary legal bases described in this policy.

  • Contract (our Terms of Service): XrmGhost does not use a separate customer contract; the binding agreement is our Terms of Service. On that basis we process data as necessary to provide the service, register installations, manage subscriptions, process payments, deliver support, and fulfill our obligations to customers under those Terms. Where machine registration or related operational processing is required for service-connected functionality, that processing forms part of the contractual service relationship governed by the Terms of Service.
  • Legitimate interests: for processing necessary to secure, monitor, troubleshoot, analyze, improve, and administer the service and related website experience, including product telemetry and website analytics used to understand service performance, reliability, and use.

8. Vendors and processing ecosystem

Our current processing ecosystem includes Stripe, Umami (cookieless analytics), Dataverse, and Azure.

  • Stripe supports payment and billing processing.
  • Umami supports cookieless, privacy-focused website analytics and usage measurement; it does not set cookies or collect personal identifiers.
  • Dataverse is part of the application and data-processing stack.
  • Azure supports hosting and infrastructure operations.

9. Hosting and geographic scope

XrmGhost currently uses EU data residency for the XrmGhost-hosted service components covered by this policy, including the Azure-based hosting footprint used for those components.

Some supporting providers or related business operations may still involve access from, storage in, or transfers to countries outside the European Union or European Economic Area. Where that occurs, XrmGhost will rely on an available lawful transfer mechanism and appropriate safeguards, such as contractual protections required by applicable law.

10. Retention

Telemetry data is currently retained for 24 months.

We may retain other categories of personal data for different periods depending on the purpose of processing, contractual requirements, legal obligations, support needs, security needs, and dispute resolution requirements.

11. Data sharing

XrmGhost may share personal data with service providers, processors, advisors, or authorities when needed for service delivery, compliance, security, support, analytics, billing, machine registration, or legal reasons.

Current service providers and processing ecosystem participants include Stripe, Umami (cookieless analytics), Dataverse, and Azure.

We may also disclose data where required by law, to enforce our rights, or to protect the service, our users, or third parties.

12. Security

We use technical and organizational measures intended to protect personal data in our systems. However, no system is completely secure.

XrmGhost is intended to use pseudonymized machine registration identifiers in the registration path described in this policy. Even where data is pseudonymized, we treat related operational information with appropriate technical and organizational safeguards because pseudonymized data can still be personal data under applicable law.

13. Your rights

Depending on applicable law, you may have rights to request access, correction, deletion, restriction, objection, portability, to lodge a complaint with a supervisory authority, or to seek other privacy-related remedies.

You can contact us about those rights at legal@xrmghost.tech.

14. Policy updates

We may update this Privacy Policy from time to time. If we make material changes, we may update the version, effective date, or related notices associated with this document.