XOCOA logo XOCOA
Try the Sommelier AI
Collection Manifesto Partner Access Try the Sommelier AI

Legal

Privacy Policy

Effective date: May 4, 2025

Overview

XOCOA ("we", "us", "our") operates the AI chocolate sommelier and catalogue platform at xocoa.co. This policy explains what data we collect, why we collect it, and the rights available to you under the GDPR and applicable privacy law.

1. Information We Collect

When you use XOCOA we may process:

  • Chat messages — text you send to the sommelier to generate recommendations.
  • Session identifier — a randomly generated ID for the duration of your session, not linked to any account or persistent identity.
  • Preference data — flavour preferences, dietary needs, and budget signals you share during the conversation.
  • Technical metadata — browser type, language, and approximate timezone, collected automatically to ensure the service functions correctly.

We do not collect your name, email address, or payment information through the sommelier interface.

2. How We Use Your Information

We use data solely to:

  • Generate personalised chocolate recommendations grounded in our product catalogue.
  • Maintain conversation context within a single session.
  • Improve the quality and accuracy of the sommelier over time (aggregated, non-identifiable analysis only).

We do not sell, rent, or share your personal data with third parties for marketing purposes. We do not build persistent user profiles or use your data for behavioural advertising.

3. Data Retention

Conversation data is ephemeral. Session state is held in memory for the duration of your visit and is not persisted to a long-term database. When your session ends the conversation data is discarded. No persistent user accounts exist.

4. Cookies

XOCOA uses only functional session cookies necessary for the service to operate. We do not use tracking cookies, analytics cookies, or advertising cookies. No consent banner is required because we do not process cookies beyond what is strictly necessary.

5. Third-Party AI Providers

Your chat messages are processed by large-language model inference providers (which may include Azure OpenAI, Groq, or Google Gemini) solely to generate responses. These providers act as data processors under our instructions. Under their API terms of service, your data is not used to train their models.

  • Microsoft Azure — azure.microsoft.com/en-us/support/legal/
  • Groq — groq.com/privacy
  • Google — policies.google.com/privacy

6. Your Rights (GDPR)

If you are in the European Economic Area you have the right to:

  • Access — request a copy of personal data we hold about you.
  • Erasure — request deletion of your personal data.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests.
  • Complaint — lodge a complaint with your local data protection authority.

Because session data is not persisted, most rights are satisfied automatically at session end. For any request contact us at hello@xocoa.co.

7. Changes to This Policy

We may update this policy as our service evolves. Material changes will be reflected in an updated effective date. Continued use of XOCOA after a change constitutes acceptance of the revised policy.

8. Contact

Questions about this policy? Reach us at hello@xocoa.co.