Effective date: 2026-05-29
Privacy Policy
This policy explains how data responsibilities are divided across the XlangAI website, server store, and mobile client in the user-chosen server model.
Overview
The XlangAI website provides product information, download information, public server store listings, and related notices. The mobile client is still offered as a client with a user-chosen server: before use, you configure and connect to a server endpoint you choose, which may be self-hosted or operated by an organization or third party.
1. Who processes product data
Accounts, conversations, voice and text, membership, and usage data are collected, stored, and processed by the server instance you connect to in the client and by that instance's operator. Policies, security measures, retention, and pricing may vary by instance. Review that operator's privacy notice before connecting. As the website operator and client publisher, we do not host or access that product data unless you separately contact us for support and provide information.
2. Data the website may process
When you visit the website, we may process basic access logs, browser language, visited paths, error logs, and preference cookies used for language routing. If a server operator submits or publishes server information in the server store, names, addresses, regions, summaries, status, and public statistics may be displayed on the website. If you contact us, the contact details and issue description you provide are used only for response and support.
3. On-device client storage
The client may store on your device saved server URLs, the active server, UI language, and login tokens scoped to the current server. On supported devices, speech-recognition assets may be cached locally; audio may be transcribed on-device before text is sent to your configured server.
4. Network communication
The client sends requests to the server base URL you provide, such as sign-in, chat, voice upload, or avatar upload. The website itself does not receive those client product requests. Use trusted instances and networks. Plain HTTP or untrusted TLS may increase transmission risk, which you and the instance operator are responsible for assessing.
5. Sign-in and stores
Sign-in credentials (phone, password, or SMS codes) are sent to your configured server for authentication, not to a separate cloud operated by us for core features. The iOS client is a one-time paid download on the App Store; after purchase you may use the client indefinitely and receive future updates. The app offers no subscriptions, consumable purchases, or other digital goods. Google Play billing is reserved for a future release and is not yet available.
6. Your controls
You can change servers, remove saved endpoints, or sign out in the app. Changing servers requires signing in again; data on the previous instance is not automatically migrated. To delete or correct account and content data on a server instance, contact that instance's operator. To update public server store information on the website, the server operator should use the applicable submission channel.
7. Updates
We may update this Privacy Policy. Material changes may be communicated on the website, in the app, or via release notes. Continued use of the website or client means you have read the updated policy.