XESTO Privacy Policy

Effective date: July 31, 2020

Welcome to Xesto ("Xesto," "we," "us" or "our"), a foot sizing and shoe recommendation service.

This Privacy Policy explains how we, the shoe brands we work with (“Customers”), and the consumer who use Xesto (“Consumers”) (both together referred to as “users“, “you” or “your”) collect, use, share and protect information in relation to our mobile applications, web sites, and any software or software integrations provided on or in connection with Xesto services (collectively, the "Service").

By using our Service you understand and agree that we are providing a platform for capturing images of Consumers’ feet, from which we derive 3D models and dimensional measurements (“Consumer Measure Data”) in order to provide measure data and match recommendations ("Consumer Match Data") from information provided by Customers through the Service about specific shoe models (“Product Data”), and to share Measure and Match Data with you, subject to the permissions granted by Consumers.

This Policy applies to all users who access the Service. In providing the Service, we collect information provided directly by Customers and information about Consumers captured indirectly through the Xesto app, and from Consumers directly through a consumer web portal. We, Customers and Consumers are bound by the terms and permissions granted by Customers and Consumers under this Privacy Policy.

Information we collect directly from Customers about specific company, user, product and other information is shared only with that Customer and never shared other Customers or with third parties outside Xesto (or the group of companies of which Xesto is a part) without consent of that Customer, except as noted in this Policy.

Information we collect directly and indirectly from Consumers is shared with Customers only with permission from each user and never shared with third parties outside Xesto (or the group of companies of which Xesto is a part) without consent of that Consumer, except as noted in this Policy.  

Customers may see or use Consumer information that is made available through the Service, on a limited basis and subject to permissions granted by individual Consumers, consistent with the terms and conditions of our Terms of Use and this Privacy Policy.


We collect the following types of information:

Information Customers provide us directly about their company and staff:

· Information provided by the Customer (e.g., company name, address, store locations, usernames, passwords, etc).

· Information captured through the Xesto app (“App Data”) (e.g., salesperson, store location, time, etc)

· Communications between Xesto and the Customer. For example, we may send them Service-related emails (e.g., account verification, training information, changes/updates to features of the Service, technical and security notices). Note that Customers may not opt out of Service-related e-mails.

Information Customers provide us directly about products and customers:

· Information about Customers’ products (“Product Data”) (e.g., images, models, sizes, cost, price, inventory quantity and location, etc)

· Results of physical shoe fit tests (“Fit Data”) performed by us and/or Customers matching Consumers to Customer products.

· Information about Customers’ existing customers from eCommerce and other records.

Information Consumers provide us directly and indirectly through the Service:

· Consumer Profile Data acquired through the Service (e.g., name, phone number, email address, etc).

· Consumer Measure Data (including fit preferences, photos, 3D renderings of feet and measurements derived from them) captured through the Service and through other means. Xesto uses the Camera API to capture photos using the front RGB camera and the TrueDepth API to obtain depth maps and RGB frames (from the front-facing TrueDepth camera) that are used to create 3D models of consumer feet. The RGB and depth images of your feet are gathered from your device, only after receiving your additional consent. The images will be recorded by the TrueDepth camera (TrueDepth is a trademark of Apple Inc.). Xesto will use the information we collect to make recommendations through our services for you, including providing dimension information and size recommendations. We also use the information to ensure our services are working as intended, such as tracking outages or troubleshooting issues that you report to us.

· Consumer Match Data derived from relating specific Consumer Data to specific Product Data.

Information Consumers provide us directly:

· Additional Consumer Profile Data (e.g., passwords, permissions, demographic details, etc) captured through the XESTO consumer web portal.

Information we collect automatically:

Analytics, Cookies and Log File information:

· We use third party analytics tools to help us measure traffic and usage trends of the Service. The information collected, which includes device and user interaction data, helps us improve the Service. The analytics information collected is aggregated and not traced back to particular users.

· When you are using the Service, we may use cookies and similar technologies such as local storage to collect information about your account and use of the Service.

· Log file information is automatically reported by devices used with the Service when users access the Service. When using the Service, we log errors and other non-user sensitive information in order to improve the Service. Log information may include device and locality information.

Device identifiers:

·   When you use a mobile device like a tablet or phone to access the Service, we may access, collect, monitor, store on the device, and/or remotely store one or more "device identifiers." Device identifiers are small data files or similar data structures stored on or associated with a mobile device, which uniquely identify a mobile device. A device identifier may be data stored in connection with the device hardware, data stored in connection with the device's operating system or other software, or data sent to the device by XESTO.

· A device identifier may deliver information to us or to a third party partner about how users use the Service and may help us derive and provide reports. Some features of the Service may not function properly if use or availability of device identifiers is impaired or disabled.


· Metadata is collected, usually in association with the process of capturing and rendering images of Consumers’ feet. This data may include the device information, the user information and/or location information.


In addition to some of the specific uses of information we describe in this Privacy Policy, we may use information that we receive to:

· Help Customers and Consumers efficiently access information after signing in.

· Remember information so Customers and Consumers will not have to re-enter it during a visit or the next time visiting the Service

· Provide, improve, test, and monitor the effectiveness of our Service

· Develop and test new products and features

· Monitor metrics such as total number of customers and demographic patterns

· Diagnose or fix technology problems

· Automatically update the Xesto application on devices

Our Website, Application(s), and/or Services are not intended for children under 13 years of age (or age equivalent in the relevant jurisdiction).  No one under the age of 13 may provide any information to or on our Website, Application and/or Services.  We do not knowingly collect Personal Data or Personal Information from children under 13. If you are younger than 16 years and wish to use Xesto’s products and services, please send us an e-mail to [email protected] in order for us to obtain parental consent. If we learn that we have collected or received Personal Data or Personal Information from a child under 16 without verification of parental consent, we will delete that information promptly.


Parties with whom we may share information Customers provide us directly:

· We will not rent or sell information provided to us directly from Customers, including Product or Fit Data, to other Customers or to third parties outside XESTO (or the group of companies of which XESTO is a part) without Customer consent, except as noted in this Policy.

Parties with whom we may share Consumer Data:

· Consumer information provided indirectly through the Service (e.g., Consumer Profile, Measure and Match Data), and information provided directly by Consumers (e.g., Additional Consumer profile data, user-name and passwords, etc) will be shared with Customers only with specific permissions granted by each Consumer, either verbally to the Customer through the XESTO app, or through the Consumer web portal.

· Consumers are able, through the Consumer web portal, to alter or revoke permission to share all or some of their information with one or more Customers at any time.  

· Consumer Profile, Measure and Match Data shared with Customers, subject to permissions granted by Consumers, may be used by Customers to provide future match recommendations and for promotional communications only to the Consumer who provided it.

· Consumer Profile, Measure and Match Data, subject to permissions granted by Consumers, may be used by us for promotional communications with the Consumer.

· Customer and Consumer information may be shared through data transfers and API links with third party applications (e.g., ERP, CRM, eComm, etc), with who Customers have contracted services, subject to permissions granted by Consumers.

· If information posted to the Service by Customers or Consumers is removed, copies may remain in the Service, or if other users or third parties using the Service have copied or saved that information.

Parties with whom we may share information we collect automatically:

· We may share Customer and/or Consumer information (including but not limited to, information from analytics, cookies, log files, device identifiers and metadata) with businesses that are legally part of the same group of companies that Xesto is part of, or that become part of that group ("Affiliates"). Affiliates may use this information to help provide, understand, and improve the Service (including by providing analytics) and Affiliates' own services (including by providing Customers and Consumers with better and more relevant experiences). But these Affiliates will honour the terms of our privacy Policies and Terms of Use.

· We also may share Customer and Consumer information as well as information from tools like cookies, log files, and device identifiers and metadata, with third-party organizations that help us provide the Service ("Service Providers"). Our Service Providers will be given access to User information as is reasonably necessary to provide the Service under reasonable confidentiality terms.

· We may remove parts of data that can identify individual users and share anonymous data with other parties. We may also combine user information with other information in a way that it is no longer associated with specific users and share that aggregated information.

What happens in the event of a change of control:

· If we sell or otherwise transfer part or the whole of Xesto or our assets to another organization (e.g., in the course of a transaction like a merger, acquisition, bankruptcy, dissolution, liquidation), the information we have collected from Customers directly (such as Product Data and Fit Data), Consumer information we have collected directly and indirectly (such as Consumer Profile, Measure and Match Data) and any other information collected through the Service may be among the items sold or transferred. The buyer or transferee will have to honour the commitments we have made in our Terms of Service and Privacy Policies.

Responding to legal requests and preventing harm:

· We may access, preserve and share your information in response to a legal request (like a search warrant, court order or subpoena) if we have a good-faith belief that the law requires us to do so. This may include responding to legal requests from jurisdictions outside of the Canada and/or the United States where we have a good-faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction, and is consistent with internationally recognized standards. We may also access, preserve and share information when we have a good-faith belief it is necessary to: detect, prevent and address fraud and other illegal activity; to protect ourselves, you and others, including as part of investigations; and to prevent death or imminent bodily harm. Information we receive about Customers or Consumers may be accessed, processed and retained for an extended period of time when it is the subject of a legal request or obligation, governmental investigation, or investigations concerning possible violations of our terms or policies, or otherwise to prevent harm.


Storage and Processing:

· Information collected through the Service may be stored and processed in Canada and/or the United States or any other country in which Xesto, its Affiliates or Service Providers maintain facilities.

· Xesto, its Affiliates, or Service Providers may transfer information that we collect about you, including personal information across borders and from the your country or jurisdiction to other countries or jurisdictions around the world. For users located in the European Union or other regions with laws governing data collection and use that may differ from Canadian law, please note that we may transfer information, including personal information, to a country and jurisdiction that does not have the same data protection laws as your jurisdiction.

· By registering for and using the Service you consent to the transfer of information to Canada and/or the United States or to any other country in which Xesto, its Affiliates or Service Providers maintain facilities and the use and disclosure of information about you as described in this Privacy Policy.

· We use commercially reasonable safeguards to help keep the information collected through the Service secure and take reasonable steps (such as requesting a unique password) to verify your identity before granting you access to your account. However, Xesto cannot ensure the security of any information you transmit to Xesto or guarantee that information on the Service may not be accessed, disclosed, altered, or destroyed.

· Please do your part to help us. You are responsible for maintaining the secrecy of your unique password and account information, and for controlling access to emails between you and Xesto, at all times. Your privacy settings may also be affected by changes to the social media services you connect to Xesto and post to their services. We are not responsible for the functionality, privacy, or security measures of any other organization.


Your account information and profile/privacy settings:

· Update your account at any time by logging in and changing your profile settings and/or permissions.

· Unsubscribe from email communications from us by clicking on the "unsubscribe link" provided in such communications. As noted above, you may not opt out of Service-related communications (e.g., account verification, purchase and billing confirmations and reminders, changes/updates to features of the Service, technical and security notices).

How long we keep your information:

·     Following termination or deactivation of an account, Xesto, its Affiliates, or its Service Providers may retain information (including Customer and Consumer profile information) for a commercially reasonable time for backup, archival, and/or audit purposes. Information Customers have provided directly (e.g., Product and Fit Data) will be deleted from the Service.
· At any time, Customers may remove or delete from the Service information provided directly (e.g., Product and Fit Data).

· Similarly, at any time, Consumers may remove or delete from the Service information provided directly (e.g., Profile Data).


Xesto does not knowingly collect or solicit any consumer information from anyone under the age of 13 or knowingly allow such persons to register for the Service without parental consent. In the event that we learn that we have collected personal information from a child under age 13 without parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us.


We are not responsible for the practices employed by any websites or services linked to or from our Service, including the information or content contained within them and our Privacy Policy does not apply to those third-party websites or services. Your browsing and interaction on any third-party website or service are subject to that third party's own rules and policies. In addition, you agree that we are not responsible and do not have control over any third parties that you authorize to access your information. If you are using a third-party website or service and you allow them to access your information you do so at your own risk.


In order to provide Xesto users with 3D models and measurements of their feet; and personalized size and style recommendations of footwear, we collect the following identifiable information from each user:

· Photographs of feet, which are acquired through the scanning process.

· First and last name

· Email address

· Product preferences (colours, styles, product types, brands)

· Purchase history We treat all user data with the utmost sense of security and respect.

Please contact us with any data related questions or requests to have your personally identifiable information permanently removed from our systems.


If you have any questions about this Privacy Policy or the Service, please contact us at admin@xesto.co.


Xesto may modify or update this Privacy Policy from time to time, so please review it periodically. We may provide you additional forms of notice of modifications or updates as appropriate under the circumstances. Your continued use of Xesto or the Service after any modification to this Privacy Policy will constitute your acceptance of such modification.