Privacy Policy
Effective Date: June 3, 2026
Maclawran LLC ("XCHK," "we," "us," or "our") operates the XCHK identity verification platform accessible at https://in.xchk.io and its related services. This Privacy Policy explains how we collect, use, disclose, and retain personal data when you use our services.
1. Who We Are
Maclawran LLC
1433 Flagler Ave
Key West, FL 33040
United States
Contact: legal@xchk.io
Data Protection Officer: sean@maclawran.ca
2. Scope and Our Role
This Privacy Policy applies when you visit xchk.io, create or manage an XCHK account, undergo a verification session, use the XCHK helpdesk, or integrate XCHK with third-party platforms such as Zendesk.
Our role depends on context:
- Account holders (organizations using XCHK): XCHK acts as a Controller, deciding how account data is processed for service delivery, billing, and support.
- Verification subjects (individuals being verified): XCHK acts as a Processor on behalf of the account holder who requested the verification.
3. Categories of Personal Data We Process
- Identifiers and contact data: Name, email address, phone number.
- Account data: Organization name, billing information, account credentials, API usage records.
- Verification data: Email addresses, phone numbers, ticket or case identifiers from integrated platforms.
- Session data: Screenshots and video stills captured during live verification sessions.
- Location data: GPS coordinates from the subject's mobile device (when permission is granted) and IP-derived geolocation.
- Device, network, and technical data: IP address, browser type, operating system, device type, browser language, timezone settings, ISP, ASN, connection type, and VPN/proxy detection results.
- Facial images: Captured during verification sessions to allow the verifying party to confirm the same person is present across transactions. We do not currently derive facial geometry templates or biometric identifiers from these images.
- Communications data: Support requests, email correspondence, and operational logs.
- Integration data: Ticket identifiers, subdomain information, and metadata from integrated platforms such as Zendesk.
4. How We Use Personal Data
- To provide verification services: Creating and managing verification sessions, capturing session data, and delivering results to the requesting organization.
- To communicate: Sending SMS verification links to candidates, account notifications, and support responses.
- To secure the platform: Detecting and preventing fraud, abuse, and unauthorized access.
- To improve our services: Analyzing anonymized usage patterns and operational metrics.
- To comply with legal obligations: Maintaining records, responding to lawful requests, and enforcing our Terms of Service.
- For billing and account management: Processing payments and maintaining account records.
5. Legal Bases for Processing
Where applicable data protection laws apply (including GDPR), we rely on:
- Performance of a contract: Processing necessary to provide the services you requested.
- Legitimate interests: Securing our platform, preventing fraud, maintaining service integrity.
- Consent: Where required for specific activities, such as GPS location access on mobile devices.
- Legal obligation: Where required by applicable law, regulation, or lawful request from authorities.
6. How We Disclose Personal Data
We may disclose personal data to the XCHK account holder who requested the verification, and to service providers who assist in operating our platform.
Sub-processors:
- MongoDB — Primary data storage
- Firebase (Google) — Authentication and real-time communication
- PeerJS — WebRTC video streaming
- AWS SES (Amazon) — Transactional email
- MaxMind — IP geolocation
- ipapi.is — IP enrichment (ISP, ASN, VPN/proxy detection)
- Mapbox — Reverse geocoding of GPS coordinates
- VoIP.ms — SMS delivery for verification links
- Stripe — Payment processing
We may also disclose data to professional advisers, public authorities when required by law, and successors in the event of a merger or acquisition.
We do not sell personal data. We do not share personal data with third parties for their own marketing purposes.
7. International Data Transfers
XCHK operates servers in the United States. When personal data is transferred from jurisdictions with transfer restrictions, we rely on appropriate safeguards including Standard Contractual Clauses where applicable.
8. Data Retention
We retain personal data for as long as reasonably necessary:
- Verification session data: One (1) year after the session completes, unless a longer period is agreed with the account holder.
- Account data: Duration of the account relationship plus any legal retention period.
- Billing records: Per applicable tax and accounting requirements.
9. Your Rights
Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, or port your data, or to object to processing. If you are a verification subject, please direct requests to the organization that requested your verification.
To exercise your rights, contact us at legal@xchk.io or sean@maclawran.ca.
10. Cookies and Similar Technologies
We use cookies for authentication (session cookies), analytics (Google Analytics), and functionality (preferences). You can control cookies through your browser settings.
11. Security
We implement technical and organizational measures to protect personal data, including TLS/HTTPS encryption, access controls, and regular security reviews. No method of transmission over the internet is 100% secure.
12. Children
XCHK is not directed to individuals under 18. We do not knowingly collect data from children.
13. California Privacy Rights
California residents may have additional rights under the CCPA/CPRA, including the right to know what personal information we collect, the right to delete, and the right to opt out of the sale of personal information. XCHK does not sell personal information. Contact legal@xchk.io to exercise these rights.
14. Changes to This Privacy Policy
We may update this policy from time to time. Account holders will be notified of material changes. The Effective Date indicates when it was last revised.
15. Contact
