XealBrax • Legal

Privacy Policy

This Privacy Policy explains what personal data XealBrax collects, how we use it, how long we keep it, and the rights available to you.

Free Business Tools: SEO Audit | Meta Tag Generator | Product Listing Optimizer

Effective Date: May 21, 2026

1. Introduction

XealBrax (“XealBrax,” “we,” “us,” or “our”) operates the website https://xealbrax.com, free SEO and AI-assisted tools, consulting services, contact forms, booking flows, and the private XealBrax Creator Visibility Community (collectively, the “Services”).

This Privacy Policy explains how we collect, use, store, disclose, and protect personal data when you visit the website, use our free tools, contact us, book a service, apply to join the community, log in through Telegram, submit private verification, earn contribution credits, use visibility tiers, or participate in referral recognition.

By using the Services, you acknowledge that we process personal data as described in this Privacy Policy.

2. Data Controller and Contact

For applicable data protection laws, the data controller is:

XealBrax
Lagos, Nigeria
Email: privacy@xealbrax.com

Contact us at the email above if you have questions about this Privacy Policy, want to exercise your privacy rights, or want to raise a privacy concern.

3. Personal Data We Collect

We collect different categories of data depending on how you use the Services.

3.1 Website and Tool Data

  • Technical data: IP address, browser type, operating system, device information, referring URLs, pages viewed, timestamps, and basic interaction data.
  • Free tool inputs: Website URLs, page details, business descriptions, product information, keywords, titles, descriptions, and other information you provide to generate SEO audits, meta tags, or product listing suggestions.
  • Tool outputs: Generated audit summaries, metadata suggestions, listing suggestions, scores, recommendations, and preview results.
  • Email delivery data: Email address and related report delivery data when you request full outputs or reports by email.

3.2 Contact, Booking, and Service Data

  • Contact form data: Name, email address, subject, message, website URL, and any details you include in your enquiry.
  • Consultation and booking data: Name, email address, meeting time, meeting notes, business details, service interests, and communication history.
  • Client service data: Website details, SEO issues, analytics summaries, campaign details, deliverables, implementation notes, and support records.

3.3 Community Account and Signup Data

  • Account data: Full name, email address, display name, platform, platform username or handle, profile image, and member alias.
  • Telegram verification data: Telegram user ID, Telegram username if available, one-time verification or login code records, and login timestamps.
  • Country and IP data: Signup IP address, automatically detected country, country code, country detection source, and signup timestamp.
  • Consent records: 18+ confirmation, agreement to Terms of Service, Privacy Policy, Community Rules, optional marketing consent, consent timestamps, and related IP records.
  • Referral data: Referrer ID, referral link use, invited-member progress, approved verification count, referral reward status, and referral credit records.

3.4 Community Participation and Verification Data

  • Visibility request data: Request title, description, platform, target URL, account/profile reference, requested participation types, selected visibility tier, requested verification types, optional image, expiry date, requester ID, review status, and credit cost.
  • Private verification data: Screenshot uploads, comment text, relevant links, username used, submission timestamp, linked visibility request, participant ID, review status, moderator notes, and approval/rejection records.
  • Contribution credit data: Lifetime contribution credits, available credit balance, used credits, unlocked visibility tier, credit adjustments, referral credits, and recognition-board data.
  • Moderation data: Warnings, restrictions, rejected submissions, account review notes, abuse-prevention records, and enforcement decisions.

3.5 Cookies and Similar Technologies

  • Essential cookies: Login sessions, security, cookie consent records, and website functionality.
  • Analytics cookies: Website usage and performance measurement, where enabled with consent or where otherwise permitted by law.
  • Marketing cookies: Advertising or retargeting measurement, only where enabled with consent.

For more details, see our Cookie Policy.

4. How We Collect Data

  • Directly from you when you submit forms, apply to join, upload proof, create visibility requests, use free tools, or contact us.
  • Automatically through server logs, cookies, security tools, IP-based country detection, analytics tools, and website functionality.
  • From Telegram when you interact with our verification/login bot.
  • From service providers such as booking, email, analytics, hosting, security, and communication tools.

5. How We Use Your Data

We use personal data for the following purposes:

  • To provide the Services: Operate the website, free tools, community, member portal, visibility requests, verification reviews, referral tracking, and support workflows.
  • To verify accounts: Confirm Telegram membership, authenticate returning members, prevent duplicate accounts, and keep member access secure.
  • To detect country during signup: Automatically identify country from IP or server/geolocation headers for moderation, platform integrity, compliance, and abuse prevention.
  • To review private verification: Let moderators inspect submitted screenshots, comment text, links, usernames, and task details to approve or reject contribution credits.
  • To manage contribution credits and tiers: Track total contribution credits, available credit balance, used credits, unlocked visibility tiers, request costs, referral rewards, and recognition data.
  • To communicate with you: Send welcome emails, service notices, login-related information, support replies, report emails, and optional marketing emails if you opted in.
  • To prevent abuse: Detect bots, fake accounts, automated activity, fake verification, referral abuse, credit manipulation, spam, scraping, and security violations.
  • To improve our Services: Analyse usage, diagnose errors, improve tools, refine community workflows, and monitor performance.
  • To comply with legal obligations: Maintain consent records, enforce our Terms, respond to lawful requests, and protect our legal rights.

6. Legal Bases for Processing

Where laws such as the GDPR or UK GDPR apply, we rely on the following legal bases:

  • Contract: To provide accounts, community features, free tools, services, reports, support, and requested functionality.
  • Consent: For optional marketing emails, non-essential cookies, and other processing where consent is legally required.
  • Legitimate interests: To secure the Services, prevent abuse, review verification submissions, manage contribution credits, improve tools, operate moderation, and protect platform integrity.
  • Legal obligation: To maintain legally required records, respond to lawful requests, and comply with applicable regulations.

7. Country Detection and IP-Based Location

During community signup, XealBrax automatically detects your country from your connection. Detection may use server headers, hosting or proxy country signals, Cloudflare country headers if available, GeoIP server modules, or a third-party IP geolocation provider.

The country field is locked during signup and cannot be manually edited. We do this to support platform integrity, moderation, fraud prevention, regional compliance, and abuse review. If country detection fails, signup may be blocked until the issue is resolved.

We store signup IP address, detected country, country code, detection source, and signup timestamp with your member record.

8. Telegram Verification and Login

The private community uses Telegram for verification and passwordless login. When you interact with the XealBrax Telegram bot, we may receive your Telegram user ID, Telegram username, one-time verification code status, and login verification data.

Telegram verification codes are temporary. You should not share your codes with anyone. We use Telegram data only to verify community membership, link your account, authenticate returning members, and protect the community from unauthorized access.

9. Contribution Credits, Visibility Tiers, and Referral Data

XealBrax tracks internal contribution credits and visibility tiers to operate the private community. Total contribution credits are used to unlock tiers, available credits are used to submit visibility requests, and used credits record credits already spent.

Referral rewards are also tracked internally. If a member joins through your referral link and completes the required approved private verifications, referral contribution credits may be added to your lifetime total and available balance.

Contribution credits, visibility tiers, and referral rewards are internal community records only. They are not cash, wages, cryptocurrency, securities, stored value, gift cards, or transferable financial assets.

10. Private Verification Submissions

Verification submissions may include screenshots, links, comment text, usernames used, and related request details. These records are reviewed by moderators and are not intended to be public proof walls or public member feeds.

We may remove verification screenshots after review according to our retention practices. We may keep limited metadata such as submission status, linked request ID, credit record, timestamps, and moderation notes where needed for abuse prevention, auditability, and platform integrity.

11. How We Share Data

We do not sell your personal data. We may share data with:

  • Hosting and infrastructure providers: To host and secure the website.
  • Email providers: Brevo or similar providers for optional marketing emails and service emails.
  • Telegram: For bot-based verification and login flows.
  • Analytics providers: Google Analytics/Site Kit and similar tools where enabled.
  • Booking providers: Calendly or similar providers when you book a consultation.
  • Payment processors: Future payment providers if paid services or subscriptions are processed online.
  • Security, anti-abuse, and maintenance providers: To protect the Services, debug issues, prevent spam, and maintain reliability.
  • Legal and regulatory authorities: If required by law, court order, lawful request, or to protect rights, safety, and legal compliance.
  • Business transfer parties: If XealBrax is involved in a merger, acquisition, restructuring, or asset transfer, subject to appropriate protections.

12. International Data Transfers

Your data may be processed in Nigeria and in other countries where our hosting providers, analytics providers, communication providers, email providers, and other processors operate. Where required, we use appropriate safeguards such as contractual protections, data processing agreements, standard contractual clauses, or other lawful transfer mechanisms.

13. Data Retention

We retain data only as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer period is required or permitted by law.

  • Tool reports and generated outputs: Retained only as needed to provide the requested tool output, email report, troubleshooting, security, and abuse-prevention functions. Full tool reports may be deleted after a short retention period, such as 30 days, where configured.
  • Private verification screenshots: May be deleted after approval/rejection review or according to the configured retention period. Rejected screenshots may be deleted immediately where configured.
  • Verification metadata: Status, linked request, timestamps, credit records, and moderation notes may be retained for auditability, abuse prevention, and dispute handling.
  • Community account data: Retained while your account is active and for a reasonable period after closure where needed for security, legal compliance, dispute resolution, and abuse prevention.
  • Consent records: Retained as needed to prove consent, withdrawal, legal compliance, or policy acceptance.
  • Referral and credit records: Retained while needed to operate the community, prevent abuse, investigate disputes, and maintain accurate contribution records.
  • Marketing records: Retained until you unsubscribe or request deletion, subject to suppression-list requirements so we do not contact you again after opting out.
  • Contact and service records: Retained as needed to respond to enquiries, provide services, comply with accounting/legal obligations, and resolve disputes.

14. Your Privacy Rights

Depending on your jurisdiction, you may have rights to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate or incomplete data.
  • Request deletion of personal data, subject to legal, security, moderation, and abuse-prevention limits.
  • Request restriction of processing.
  • Object to processing based on legitimate interests.
  • Withdraw consent for marketing emails or non-essential cookies.
  • Request a portable copy of certain data.
  • Lodge a complaint with your local data protection authority where applicable.

To exercise your rights, contact privacy@xealbrax.com. We may need to verify your identity before completing a request.

15. Marketing Communications

Marketing emails are optional. The marketing checkbox during signup must not be pre-selected. If you opt in, we may send occasional emails about XealBrax updates, tools, services, community updates, and promotional offers.

You can unsubscribe at any time by using the unsubscribe link in the email or contacting us. Unsubscribing from marketing emails does not stop essential service emails, login-related messages, account notices, moderation messages, or security communications.

16. Cookies and Tracking Technologies

We use essential cookies to run the website, maintain login sessions, remember cookie choices, protect forms, and support security. With consent, we may use analytics and marketing cookies to understand site usage and improve our services.

You can manage cookies through your browser settings and, where available, through our cookie consent banner. See our Cookie Policy for more details.

17. Security

We use reasonable technical and organisational measures to protect personal data, including SSL/TLS encryption, access controls, account verification, form protection, limited admin access, and retention controls. However, no system is completely secure.

You are responsible for protecting your Telegram account, email account, devices, and one-time codes.

18. Children’s Privacy

The Services and private community are intended for people who are 18 years of age or older. We do not knowingly allow people under 18 to create community accounts. If we learn that a minor has provided personal data, we may delete the account and related data where legally required.

19. Third-Party Websites and Platforms

The Services may link to third-party platforms such as Telegram, Instagram, TikTok, X, LinkedIn, YouTube, Google, Calendly, Brevo, Hostinger, and other tools. Their privacy practices are governed by their own policies. XealBrax is not responsible for how third-party platforms process your data when you use them directly.

20. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The “Effective Date” above will show when the policy was last updated. Significant changes may be communicated through the website, email, member portal, or other appropriate channels.

21. Contact Us

If you have questions, concerns, or requests about this Privacy Policy or your personal data, contact:

Email: privacy@xealbrax.com
Address: Lagos, Nigeria