Legal
How XR Agency collects, uses, and protects information for clients, partners, and visitors across the regions we operate in. Last updated: July 2026.
XR Agency ("XR Agency," "we," "us," or "our") provides ecosystem growth, developer relations, media, and institutional strategy services to Web3 protocols, foundations, and institutions. We operate across the United States, the European Union, Africa, and India, and this policy explains how we handle personal data in each of those regions.
We collect information you provide directly, such as your name, email address, company, and project details when you book a call, submit a brief, or contact us. We also collect limited technical information automatically, such as browser type, device information, and pages visited, to help us understand how our site is used.
We use the information we collect to respond to enquiries, schedule calls, deliver our services, send relevant updates about engagements you've requested, and improve our website and communications. We do not sell personal data to third parties.
European Union (GDPR): where the General Data Protection Regulation applies, our legal basis for processing is your consent, our legitimate interest in responding to your enquiry, or the necessity of processing to perform a contract with you.
United States: we process data in line with applicable state privacy laws, and residents of states with consumer privacy statutes may have rights to access, correct, or delete their personal information.
Africa: for visitors and clients in jurisdictions with data protection frameworks such as Nigeria's Data Protection Act or South Africa's POPIA, we apply equivalent safeguards regarding consent, purpose limitation, and data security.
India: we process personal data in accordance with the Digital Personal Data Protection Act, including honoring requests related to access and withdrawal of consent.
Our website may use essential cookies required for basic functionality. We do not use invasive tracking or advertising cookies. You can control cookies through your browser settings at any time.
We only share personal data with service providers who help us operate our business (such as scheduling, email, or hosting providers), and only to the extent necessary for them to perform those services. We require these providers to protect your data and use it solely for the purposes we specify.
We retain personal data only as long as necessary to fulfil the purposes described in this policy, or as required by law, after which it is securely deleted or anonymized.
Depending on your location, you may have the right to access, correct, delete, or restrict the use of your personal data, and to object to certain processing or request a copy of your data in a portable format. To exercise any of these rights, contact us using the details below.
As a distributed team, information may be processed in countries outside your own. Where required, we rely on appropriate safeguards to protect data transferred internationally.
We use reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, or misuse.
Our services are intended for businesses and professionals. We do not knowingly collect personal data from children.
We may update this policy from time to time. Material changes will be reflected by updating the "last updated" date at the top of this page.
If you have questions about this policy or wish to exercise your data rights, contact us at info@xragency.org.