PricingLog in

Privacy Policy

Last Updated: March 28, 2025

Welcome to Xabi! When you use Xabi – an AI scheduling assistant developed by The Micro Company AB – you trust us with your personal information. We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR). This Privacy Policy explains what data we collect, how we use, store, and share it, and your rights regarding your information. We’ve tried to write it in clear, user-friendly language.

By using Xabi, you agree to the practices described in this policy. If you have any questions or concerns, please contact us at hello@offwork.ai.

Who We Are

Xabi is a product of The Micro Company AB, located at De Geersgatan 10, 11529 Stockholm, Sweden. For the purposes of data protection law, The Micro Company AB is the “data controller” of your personal data processed through Xabi. You can reach us with privacy questions at hello@offwork.ai.

What Data We Collect

When you use Xabi (for example, when you connect it to your calendar and email accounts via a third-party authorization like OAuth2), we collect certain information to provide and improve our scheduling services. This includes:

We do not collect any more data than necessary to fulfill the scheduling tasks. In particular, we do not use your data (including data from third-party services such as Google Workspace APIs) to scan for unrelated information, and we do not collect sensitive personal data from your accounts beyond what is described above. If you choose not to connect a particular third-party service (for example, a calendar or email account), Xabi will not access any data from that service.

How We Use Your Data

We use the collected information to operate, provide, and improve the Xabi scheduling service. Specifically, we use your data for the following purposes:

  1. Providing the Scheduling Service: The primary use of your data is to schedule meetings on your behalf. Xabi reads your connected calendar to find free times and checks your emails for meeting requests or relevant information. We then propose meeting times, create calendar events, and send emails via your email account to invite participants, all according to your instructions. For example, if you ask Xabi to set up a meeting, it will find a suitable time on your calendar and email all participants to confirm the appointment.

  2. Managing Your Calendar and Emails: Xabi will add or update events in your connected calendar with your consent (for instance, placing a meeting that’s been scheduled). It will also draft or send emails via your connected email account to communicate with meeting participants (such as sending invitations, confirmations, or rescheduling notices). All such actions are only done in line with your requests and permissions.

  3. Communication with You: We may use your contact information (like your email address) to send you service-related communications. This could include confirmations that a meeting was scheduled, notifications if Xabi needs clarification, or alerts about any issues (for example, if Xabi cannot access your calendar or email service). We may also respond to you if you reach out to our support team. We will not send you marketing emails unrelated to Xabi unless you have explicitly opted in to such communications.

  4. Improving and Developing Xabi: We analyze usage logs and other non-sensitive data to understand how Xabi is being used. This helps us troubleshoot problems, refine our scheduling algorithms, and develop new features. For example, knowing that many users schedule meetings of certain durations might help us improve default suggestions. Wherever possible, we use aggregated or anonymized data for analytics to protect your privacy.

  5. Customer Support: If you contact us for help or feedback, we will use any information you provide (which might include parts of your scheduling data or email content, if relevant) to assist you. Our support team may access your account information or recent scheduling requests to troubleshoot the issue you reported, but they will only access the minimum data needed to help you.

  6. Security and Abuse Prevention: We may process data (such as usage patterns or log-in IP addresses) to monitor for suspicious activities, prevent abuse of Xabi, and keep your account secure. This could include detecting spam scheduling requests or unauthorized access attempts. These measures protect both your data and the integrity of our service.

  7. Legal Compliance: In certain cases, we may need to use or preserve your data to comply with legal obligations – for example, fulfilling lawful requests from authorities or retaining certain information as required by law (such as for tax or audit purposes).

We will not use your personal data for purposes unrelated to the services we offer unless we obtain your consent. In particular, we do not use your data for advertising purposes, and we do not sell your data to third parties. Your information is used solely to serve you and improve your Xabi experience.

Disclosure: Xabi’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

AI/ML and Third-Party Services

Xabi works with third-party services (such as calendar and email providers, or other productivity tools) to perform its scheduling tasks. When you choose to integrate these services with Xabi, we access and use data from those services strictly to carry out your requests (for example, reading your calendar events or sending an email invite on your behalf). All integration with third-party services is done with your knowledge and permission, using secure APIs or authorization protocols. We do not access any third-party account data unless you have connected that account to Xabi and authorized us to do so.

Any data exchanged between Xabi and an integrated third-party service is transferred securely (for instance, via OAuth2 and encrypted communication channels). The third-party service (for example, your calendar or email provider) will process that information as part of delivering their service to you — such as storing an event on your calendar or sending an email message from your account. These providers handle your data according to their own privacy policies and agreements with you, but Xabi only initiates exchanges as necessary for scheduling. We do not grant any third-party service any rights to use your information beyond what is needed to fulfill the integration. In other words, the external service is not an independent recipient of your data for their own purposes; Xabi simply acts as an intermediary on your behalf within the permissions you have given. If in the future you connect Xabi with additional services (for example, another calendar platform or a video conferencing tool), we will apply the same principles: we will only access or share data with those services with your explicit consent and only as needed to provide the functionality you expect.

Importantly, we do not use any of your personal data, including data from third-party services such as Google Workspace APIs, to develop or improve any artificial intelligence (AI) or machine learning (ML) models. This means that the content of your emails, calendar events, and other personal information is never used to train or enhance our algorithms beyond. Any AI or ML capabilities in Xabi are developed through other means (such as using non-personal or aggregated data and testing) and are not fueled by your personal data. Your data is only used to perform the scheduling tasks you ask of Xabi, and not to improve or train the underlying technology itself.

Legal Bases (GDPR)

Under the GDPR, we must have a valid legal basis to process your personal data. Depending on the situation, Xabi relies on the following legal bases:

We will always make sure we have a valid legal reason to use your personal data and will document these bases. If you have questions about the legal basis for any specific processing of your data, please contact us.

How We Share Your Data

We understand that your personal data is important, and we are not in the business of selling it. We do not sell your personal information to anyone. We only share your data in a few specific situations, and always with appropriate safeguards:

Other than the situations above, we will not share your information with third parties. To reiterate, we never sell user data. If you have questions about any specific sharing scenario, feel free to contact us.

Data Retention

We keep your personal data only for as long as necessary to fulfill the purposes for which we collected it, including providing the Xabi service or as required by applicable laws. Here’s how our data retention works:

After the applicable retention period is over, we will securely erase or anonymize your personal data. We have processes in place to ensure data is deleted properly from active systems and from backups. If for any reason there is a delay in deletion, we will ensure your data remains protected until it is removed.

Security

We take the security of your data seriously and implement a range of measures to protect it. While no method of transmission over the internet or electronic storage is 100% secure, we work hard to safeguard your information from unauthorized access, disclosure, or alteration. Our security practices include:

Remember that you also play a role in keeping your data secure. Keep your account credentials (for your calendar, email, and other integrated services) safe and do not share them. Always revoke Xabi’s access to your accounts if you suspect any unauthorized activity. If you have any concerns about the security of your data with Xabi, please contact us immediately.

International Data Transfers

The Micro Company AB is based in Sweden, and whenever possible we strive to store and process your data within the European Union. However, the nature of Xabi’s service (and the global infrastructure of the internet and our service providers) means that your data may be transferred to and processed in countries outside of your own country or outside the European Economic Area (EEA). In particular:

In all cases of international data transfers, we take steps to ensure that your data remains protected according to GDPR standards:

You can contact us for more information about the safeguards we have in place for international data transfers. Despite any transfers, your rights and protections as described in this Privacy Policy remain in effect.

Your Rights

As a user of Xabi, and in accordance with the GDPR (and equivalent data protection laws where applicable), you have several rights regarding your personal data. We are committed to honoring these rights. Below is a summary of your key data protection rights:

To exercise any of your rights, please contact us at hello@offwork.ai. We may need to verify your identity before fulfilling certain requests (to ensure we do not disclose your data to someone else). We will respond to your requests as soon as possible, and no later than one month from receiving your request, unless the request is particularly complex (in which case we might extend the response deadline by up to two further months, but we will inform you if that is the case).

Children’s Privacy

Xabi is not intended for children under the age of 13. We do not knowingly allow or target our services to anyone under 13, and we do not knowingly collect personal data from children under 13. If you are under 13, you should not use Xabi or provide any information to us.

If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete such information promptly. If you are a parent or guardian and you believe that a child under 13 has provided us with personal data, please contact us at hello@offwork.ai so we can investigate and delete the data. (Note: In certain jurisdictions, including some in the EU, the age threshold for consent may be higher than 13 (for example, 16). We do not knowingly offer our service to anyone under the applicable age of consent in those regions either.)

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will revise the “Last Updated” date at the top of this policy. If the changes are significant, we will provide a more prominent notice — for example, by emailing you at the email address associated with your account or by displaying a notice within the Xabi app or on our website.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of Xabi after any update to this Privacy Policy will signify your acceptance of the changes, to the extent permitted by law.

Contact Us

Your privacy is important to us. If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please do not hesitate to contact us:

The Micro Company AB (Xabi Support Team)
De Geersgatan 10
11529 Stockholm, Sweden
Email: hello@offwork.ai

We will be happy to answer your questions or address any issues you may have. Thank you for trusting Xabi with your scheduling needs – we’re committed to keeping that trust by safeguarding your privacy every step of the way.