Effective May 5, 2026
xop.ai, Inc. ("xop.ai", "we") provides AI software to managed service providers (each, an "MSP"). This Privacy Notice covers three audiences:
For end users: xop.ai acts as a service provider / processor on behalf of the MSP. The MSP — not xop.ai — is the controller of your data and decides what is collected, how it is used, and how long it is retained. Direct privacy requests to the MSP first; xop.ai supports the MSP under the MSA. Where this notice and the MSP's notice differ for end-user data, the MSP's notice controls.
Website. Forms (name, email, company, message), cookies, log data (IP, user agent, pages viewed), and analytics events.
MSP customers. Account data for users at the MSP (name, email, role, authentication identifiers), billing information, support correspondence, and configuration settings.
Customer Content. Tickets, transcripts, documentation, prompts, and other data the MSP or its end users submit to the service. Customer Content is owned by the MSP and processed on the MSP's behalf under the MSA.
Operational logs. System logs, performance metrics, and security telemetry needed to operate the service.
xop.ai uses large language models and other AI systems to deliver the service. We do not use Customer Content to train third-party foundation models. Where AI providers process Customer Content on our behalf, we contractually require them to disable training on that content and to apply appropriate security and confidentiality controls.
Service providers. Cloud hosting, AI inference, analytics, email, and payment vendors that operate the service under data-processing agreements with confidentiality and security obligations.
Integrations chosen by the MSP. When the MSP connects a third-party system (e.g., ConnectWise, Autotask, HaloPSA, ServiceNow, IT Glue, Microsoft 365), data flows between that system and the service according to the integration the MSP has configured.
Legal and safety. When required by law, valid legal process, to protect rights and safety, or in connection with a corporate transaction.
We do not sell personal information and do not share personal information for cross-context behavioral advertising.
Customer Content is retained per the MSP's configuration and the MSA. Website form submissions and operational logs are retained only as long as needed for the purposes described in this notice or as required by law, then deleted or de-identified.
We use industry-standard technical and organizational measures, including encryption in transit, encrypted credentials at rest, role-based access control, and tenant isolation. No system is perfectly secure; we cannot guarantee absolute security.
Depending on where you live, you may have rights to access, correct, delete, port, or restrict processing of personal information, and to object to certain processing. To exercise these rights:
The xop.ai website uses cookies and similar technologies for session management, analytics, and product improvement. You can control cookies through your browser settings. Disabling cookies may affect functionality.
We are based in the United States and may process data in the U.S. and other countries where our service providers operate. Where required, we use approved transfer mechanisms such as Standard Contractual Clauses.
The service is not directed to children under 16, and we do not knowingly collect personal information from them.
We may update this notice from time to time. Material changes will be communicated through the service or by email to MSP customers. The effective date at the top of the notice indicates when it was last updated.
Privacy questions: ellen@xop.ai. End-user requests should be directed to your MSP first.