Privacy Policy

Xcel Software utilizes cookies to personalize and enhance the User’s navigation experience and ensure the secure functionality of our services. By using our platform, the User acknowledges and consents to our cookie practices:

• Security Standards: All cookies are transmitted exclusively via HTTPS encryption. We implement strict security flags, including HttpOnly (to prevent script access), Secure (to ensure encrypted transmission), and SameSite attributes to protect against cross-site request forgery.
• Data Minimization: We adhere to a "minimal data" policy. Cookies are used only for essential session management and performance optimization; we do not store sensitive personal or financial information within cookies.
• Expiration & Control: We utilize both session cookies (which expire when you close your browser) and persistent cookies (which have a strict Max-Age expiration). Users may manage or disable cookies via their browser settings, though this may impact certain software functionalities.
• Integrity Protection: Xcel Software monitors for and defends against "cookie poisoning" and session hijacking through automated server-side validation and frequent security patches.

Privacy Policy Effective Date: May 2025

Xcel Software is committed to protecting the privacy, confidentiality, and security of your personal and business data. This Privacy Policy explains how we collect, use, store, and safeguard your information when you use our software and services.

1. Data Collection We collect only the information necessary to provide and improve our services, categorized as follows:

• Account Information: Name, email, company details, and billing information.
• System Usage Data: Metadata related to your interaction with our tools.
• Client Financial Data: Data contained within Sage 100 Contractor, Odoo, or other ERP systems that you provide access to for support, migration, or analysis purposes.

2. Use of Data and Purpose Limitation Your data is used solely for:

• Delivering, maintaining, and improving our software and services.
• Providing technical support and responding to specific inquiries.
• Strict Limitation: Client Financial Data is accessed only to fulfill specific service requests and is never used for independent research, benchmarking, or marketing purposes.

3. Zero-Sale Policy Xcel Software does not sell, rent, or trade your personal information or your business’s financial data to any third party. We do not monetize your data in any form.

4. Data Safeguarding and Security Measures Xcel Software employs industry-standard security practices, including:

• AES-256 Encryption for data at rest and TLS/SSL for data in transit.
• Logical Isolation: Ensuring that each client’s financial data environment is isolated from other clients.
• Multi-Factor Authentication (MFA): Required for all Xcel Software staff accessing support environments.
• Anti-Malice Guarantee: We do not utilize any "backdoors" or unauthorized access methods.

5. Data Access, Retention, and Sovereignty

• Location: All data is processed and stored on secured servers located within the United States.
• Retention: We retain data only for as long as necessary to provide services. Upon termination of service and completion of the data exit process, Xcel Software will securely purge your data from our active support systems upon request.

6. Third-Party Services Where integrations with third-party services are offered, we ensure these partners meet high security and privacy standards. Xcel Software is not responsible for the privacy practices of third-party platforms once data leaves our controlled environment.

7. Your Responsibilities While we take strong measures to secure your data, you are responsible for safeguarding your own account credentials and ensuring your internal team follows secure system-use practices.