Privacy Policy
Last Updated: July 16, 2026
XTT Ltd. Co. ("XTT", "we", "us", "our") operates a secure, cloud-routed transit network and IT consultancy. We respect the privacy of our website visitors, consulting clients, and users who route traffic through our Points of Presence (PoPs).
This Privacy Policy explains what information we collect, how we use it, and our strict policies regarding transit traffic data.
1. Network Transit Traffic: No-Logs Policy
XTT operates a high-performance VPN transit network (including our Residential SD-WAN and Rural Connectivity Tunnels).
- No Traffic Logging: We do not inspect, record, log, or cache the contents of the payload traffic routing through our tunnels. We do not track the websites you visit, the data you transfer, or your application payloads.
- Session Metadata: To manage billing, quality of service, and prevent abuse, we collect minimal session metadata:
- Bandwidth Consumption: Total megabytes transferred (inbound/outbound) for bandwidth caps.
- Connection Timestamp: Start and end time of a CPE tunnel session.
- CPE Device Status: Latency, connection stability, and packet loss metrics to ensure SLA compliance.
- Metadata Retention: Session metadata is anonymized and deleted after ninety (90) days, unless required for dispute resolution or billing audits.
2. Information We Collect on Our Website & Billing Portal
When you visit our website, sign a contract, or open a support ticket, we collect the following:
- Contact Information: Name, company name, physical address (for hardware shipments and Georgia sales tax compliance), email address, and phone number.
- Billing Details: Payment tokens, transaction history, and business registration numbers. Payment details are processed directly by PCI-compliant third-party gateways (e.g., Stripe) and are never stored on XTT's network servers.
- Support Logs: Communication histories, configuration settings, and tickets filed through our NOC.
3. Data Sharing & Third-Party Vendors
We do not sell, lease, or distribute your personal or network data to third parties. We share information only with vendors required to deliver our service:
- Network Abuse Incidents: If upstream network providers flag abuse (such as port scanning or DDoS attacks originating from a client IP address), we may share logs with them to resolve the incident, as outlined in our Acceptable Use Policy (AUP).
- Legal Compliance: We will disclose information only when legally required by a federal, state, or municipal court order, subpoena, or warrant.
4. Contact Information
If you have questions about our network privacy standards, please contact our privacy compliance team:
Email: privacy@goxtt.com
Office: Atlanta, GA.