EU / EEA Privacy & Data Protection

GDPR Notice

This page highlights key GDPR information for XyroHub. For expanded details, see Privacy Policy.

Effective date: 2026-02-11 • Last updated: 2026-02-11

1) Controller details

  • Brand: XyroHub
  • Website: https://xyrohub.club/
  • Legal entity: XyroHub
  • Address: 5-5-5 Kanda, Chiyoda-ku, Tokyo 101-0047, Japan
  • Privacy email: [email protected]
  • Business ID / Tax ID: 6234567890123

2) Data we collect

  • Contact data (name, email, optional phone) via forms/email.
  • Consultation context you choose to share (goals, constraints, timeline).
  • Technical data (IP, device/browser, timestamps, basic security logs).
  • Cookie preferences and limited performance data (if enabled).

3) Purposes

  • Respond to inquiries and provide information about coaching/consultations.
  • Schedule sessions and deliver requested services.
  • Protect the website and users (security, abuse prevention).
  • Improve performance and usability where permitted.
  • Comply with legal obligations and handle disputes.

4) Lawful bases (Art. 6)

  • Consent — optional cookies; optional marketing where applicable.
  • Contract — steps prior to engagement; session delivery.
  • Legitimate interests — security, operational integrity, minimal analytics where allowed.
  • Legal obligation — recordkeeping and compliance.

5) Sharing & processors

We may use vendors for hosting, email, and security. We share only what is necessary for operations.

We use hosting, email delivery, and security processors. Data shared is limited to what is necessary and safeguards are used for transfers outside the EEA/UK when required.

6) International transfers

If data is processed outside the EEA/UK, we apply safeguards where required (e.g., SCCs) and minimize transfers.

7) Retention

  • Inquiries: retained to respond and follow up, then archived or deleted.
  • Engagement records: retained for the engagement period and a reasonable period thereafter.
  • Security logs: retained for a limited period to investigate incidents.
Retention is limited to what is necessary: inquiries and engagement records are typically retained for up to 3 years; security logs for a shorter period unless required for investigation.

8) Your rights

  • Access, rectification, erasure
  • Restriction, objection
  • Data portability (where applicable)
  • Withdraw consent at any time (for consent-based processing)

9) Cookies & opt-out

Cookie controls are available via our cookie UI (loaded after scroll). We avoid Google scripts. For opt-out options, see Opt-out.

10) Contact for requests

Send GDPR requests from the email address associated with your inquiry where possible.

For GDPR requests contact: [email protected] or postal address 5-5-5 Kanda, Chiyoda-ku, Tokyo 101-0047, Japan.
Quick links
Privacy Policy Terms Opt-out Contact

Keep vendor lists and retention periods in sync with your real operations.