Skip to Content

Our Privacy Policy

Last updated: 29 June 2025

Thank you for choosing Xpand Matrix (“we,” “our,” or “us”). We respect your privacy and are committed to protecting the personal information you share with us when you visit xpandmatrix.com, interact with us on WhatsApp, social media, or engage any of our services (collectively, the “Services”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information, and what choices and rights you have.

1. Scope

This Policy applies to information we collect:

  • Online via our website, landing pages, social channels, and email.
  • Offline when you call, WhatsApp, or meet us.
  • Through the course of delivering our services (e.g., Odoo ERP implementation, bookkeeping, data migration, hosting).

2. The Information We Collect

CategoryExamplesSource
Identification & Contact DataName, business name, postal address, email, phone/WhatsApp numberYou
Business & Financial DataChart of accounts, invoices, bank statements, transaction files (during bookkeeping or migration projects)You or your authorized systems (e.g., QuickBooks, Odoo)
Technical & Usage DataIP address, browser type, device identifiers, pages visited, session duration, cookiesAutomatic via cookies & analytics
Marketing PreferencesNewsletter opt‑ins, cookie consent, ad‑contact permissionsYou
Support & CommunicationsChat transcripts, emails, support tickets, recordings (where legal)You

We do not knowingly collect data from children under 13. If you become aware that a child has provided us personal data, please contact us.

3. How We Use Your Information

We process personal data to:

  1. Provide and maintain the Services
    • Set up Odoo instances, migrate data, reconcile accounts, host servers, and deliver reports.
  2. Communicate with you
    • Quotes, onboarding emails, project updates, invoices, and support responses.
  3. Improve and secure our Services
    • Analytics, error logging, vulnerability monitoring.
  4. Market our offerings
    • With your consent, send newsletters, case studies, and promotional offers.
  5. Comply with legal obligations
    • Tax records, contractual requirements, anti‑fraud, or requests from competent authorities.

4. Legal Bases (for EEA/UK visitors)

When required by the GDPR, we rely on:

  • Contractual necessity – to deliver the service you requested.
  • Legitimate interests – to improve security, prevent fraud, or market similar offerings.
  • Consent – for optional marketing emails or non‑essential cookies.
  • Legal obligation – where regulations require record‑keeping.

5. Cookies & Tracking Technologies

We use first‑party and third‑party cookies (e.g., Google Analytics) to:

  • Remember your preferences
  • Measure site performance
  • Improve content relevance

You can reject non‑essential cookies via our cookie banner or your browser settings.

6. Disclosure of Information

We never sell your data. We only share it with:

  • Authorized employees and contractors under confidentiality agreements.
  • Sub‑processors needed to run our infrastructure (e.g., cloud hosts, email providers, analytics tools).
  • Professional advisers (lawyers, accountants) bound by confidentiality.
  • Authorities when required by law or to protect rights, property, or safety.

A current list of sub‑processors is available on request.

7. International Transfers

Our main servers are located in Germany (Contabo) and the United States. If you access us from outside these regions, your data may be transferred, processed, and stored in those countries. We use appropriate safeguards (e.g., Standard Contractual Clauses, encryption) for such transfers.

8. Data Retention

  • Prospect data: up to 24 months from last interaction.
  • Client project data: minimum 7 years (to meet accounting and tax obligations) unless you request earlier deletion where permitted.
  • Server backups: rolling 30‑day retention unless longer is contractually required.

9. Your Rights

Depending on your location, you may have the right to:

  • Access or obtain a copy of your personal data.
  • Correct inaccuracies.
  • Delete or anonymize data no longer necessary.
  • Restrict or object to processing.
  • Port data to another provider.
  • Withdraw consent at any time (for marketing or optional cookies).

To exercise any of these rights, email info info@xpandmatrix.com or WhatsApp +92 321 2344882. We reply within 15 days.

10. Data Security

We employ industry‑standard safeguards:

  • TLS/SSL encryption for data in transit
  • Encrypted backups and password‑vault practices
  • Server firewalls, malware scanning, and patch management
  • Role‑based access controls; principle of least privilege
  • NDA‑bound staff and mandatory security training

Despite our measures, no system is 100 % secure; we therefore encourage you to adopt strong security practices on your side.

11. Third‑Party Links & Integrations

Our website may link to external sites (e.g., Odoo, QuickBooks, WhatsApp). We are not responsible for their privacy practices. Review their policies before providing personal data.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in law or our practices. We will:

  • Post the revised version and update the “Last updated” date.
  • Notify you via email or banner if changes are material.

13. Contact Us

Questions, concerns, or complaints?

Email: info@xpandmatrix.com

WhatsApp: +92 321 2344882


By using our Services, you acknowledge you have read and understood this Privacy Policy.