Privacy Policy

Xooa Inc. Registered office address: Xooa Inc, 1644 Platte St Suite 400, Denver, CO 80202, United States.

This policy describes our approach to your personal data. This privacy policy will be reviewed, and may be revised, from time to time. You may wish to revisit it regularly. This Policy becomes active on the 12th November 2018, in line with the new General Data Protection Regulation (GDPR)


Cookies are small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymised tracking data to third party applications like Google Analytics which we use to gather statistical data to help us report on growth of our organisation followers to our funders.

We use two different types of cookies of our site:

Cookies which contain no personal identification - mandatory

Some cookies are needed to allow our websites to function correctly, improve performance and provide security to our sites. Without the installation of these cookies, our sites may either not run at all, or give very poor performance. Therefore these cookies are installed automatically on your computer. We cannot turn these cookies off, as they provide basic site functionality and security. To do so will prevent access to our service. We use:

Cookies which may contain personal identification - we ask you to either accept or decline

Other cookies may contain trace bits of personal information, such as your preferred language, to give you a better user experience, or record the number of site visits, the navigation paths, and number of visitors to each page. We use Google Analytics for this purpose. They help us to understand your interests, and provide us with statistical data which we can use in our funder reports. If you log into any of our sites, either with a private login, or by using a Social Media login, then cookies will be installed.

We have installed the GDPR compliant solutions provided by Google Analytics, so that you data is anonymised.

We ask, on your first visit following our implementation of the new GDPR regulations, that you either consent to having cookies that may contain personally identifying information installed, or else decline the installation of these cookies. Of course, in order for us to know either way what your preferences are, we need to set a cookie! This is a conundrum - but we believe it is the only way to comply with the new GDPR regulations. This cookie is only stored on your computer. We do not keep any record of your decision. If you delete the cookie data, or if you arrive at our site from another computer or browser, you will be asked again to accept or decline our cookies.


We use Fullstory to analyze activity on this website in order to provide a better service. They use cookies and other technologies to track information about visitors to this website. Use and access to any personal information collected by them is governed by Fullstory's privacy policy at this link. You can opt-out to the creation of a user profile, Fullstory's storing of data about your usage of our site and Fullstory's use of tracking cookies on other websites by following this opt-out link.


We use Smartlook to analyze activity on this website in order to provide a better service. They use cookies and other technologies to track information about visitors to this website. Use and access to any personal information collected by them is governed by Smartlook's privacy policy at this link. You can opt-out to the creation of a user profile, Smartlook's storing of data about your usage of our site and Smartlook's use of tracking cookies on other websites by following this opt-out link.

If you do not make a choice

If you choose to neither Accept or Decline cookies when our cookie banner displays, and continue to browse the site, our default behaviour will be to install cookies, as we have given you an opportunity to act before cookies are set on a first visit to a site. This is considered by us to be Soft Opt-in consent.

How to manually change your cookie preferences

If you wish to change your cookie preferences after the initial GDPR consent request has been completed, you will need to do this manually in your browser settings by either enabling or disabling the cookies. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers.

Supporter information

If you have joined our network, we will use the information you have given us to try to connect you with the right parts of our network.

If you have signed up as a community member, thank you for doing so, we appreciate your support. As a community member you will be able to be more involved in our activities. We will use information you supply us to help you to be more involved. We may use your contact details to get in touch as part of that involvement.


If you make donations to our organisation via PayPal, please be aware that PayPal passes your name and email address to us. We need this information for our Finance system and in case we need to respond to a query. We will not use it for anything else.

Public data and publishing

If you are uploading datasets for one of our surveys or to one of our database services, we request that you check the data and ensure full anonymisation, so that we remain GDPR compliant. We do not wish to restrict a user's ability to provide datasets for public use, so please upload data responsibly. If in any doubt, please contact us via the contact page.

Author identification

When posting a comment on one of our blogs, a name and email address may be required. You do not have to select your real name or use your regular email address. Your email address will not be published. If you decide to comment, link, or pingback to a post, you must keep this in mind. If you are concerned, you may wish to get a free email account or attempt to use a remail service.

Page edits, comments, trackbacks, and pingbacks and other activity on our websites may be identified by your IP address, though we have now implemented Google Analytics GDPR solutions, which strips out the last two numbers from the IP address in order to become anonymous.

If you are concerned about attempts to match your IP address to your identity, you may wish to use an anonymous browsing service or attempt some means to obfuscate your real IP address. If so, you might like to try Tor, an anonymous browsing service. Please see Tor for more details:


When you authenticate via one our supported social login provider you have given us your email address through general correspondence, or have signed up to receive our newsletters, or have joined one of our mailing lists, you agree to allow us to send email to that address in order to deliver our services to you. In practice this will usually involve emails about service down-time or important changes to services to which you subscribe. Some emails such as those subscribed to mailing lists will receive more traffic as an integral part of the service.

In addition to necessary e-emails, we will also occasionally use the email to contact you for our own purposes. For example we might want to tell you about new services we are offering or we might be seeking volunteers for one of our many activities. We will only do so sparingly. We understand how annoying it can be to receive large quantities of unsolicited mail. We will do our best to ensure that anything we do send to you will be relevant and unobtrusive.

You can unsubscribe from our newsletters at any time by clicking on the unsubscribe link at the bottom of every newsletter.

Server Logging & Google Analytics

Any time you visit a page on the internet, you send quite a bit of information to the server. The web servers that host this site maintain access logs with the information that you send. This information is used to provide site statistics and to get an idea of popular pages and what sites link here. We do not intend to use these logs to identify legitimate users. The data logged may be used by us to solve technical problems with the site and, in cases of abuse of this site, to investigate the abuse. We use Google Analytics to gather data from cookies to analyse our website traffic in order to provide better services and to set benchmarks for how we are doing in meeting Open Knowledge International goals. We have now implemented Google Analytics GDPR recommendations in order to ensure that we meet GDPR compliance. The main change is that we can no longer see the full IP number of a visitor, and so we cannot tell which country the visitor is likely to come from.

Data release policy

Our policy is only to release the data we collect in the following circumstances:

No selling of information

We will not sell information collected via this site, such as your email address, to third parties.

Information security

We aim to make our sites secure, and that any data you do provide, such as login information, is kept securely. Unfortunately we cannot guarantee this, though will notify you (if we have the information to do so) should there be any breach of security, as per GDPR guidelines.

Data subject request

You have the right to request information from us about data we may hold on you. There rights are enshrined in the GDPR regulation. In order for us to ensure we are providing this information to the correct individual, we will need to verify that we are releasing this information to the correct natural person, and not someone trying to steal your identity. Therefore we ask that you help us to resolve your identity as quickly as possible. Failure to provide sufficient verification details (i.e. you might need to tell us your IP number in order for us to find a match and confirm your identity) may delay our ability to provide this information within the 30 days required of the GDPR Regulation. If you would like to submit a Data Subject request please email admin [at]

Right to be forgotten

Also enshrined in GDPR law is your right to be forgotten. There is another conundrum here, as we need to keep a record of anyone who has asked to be forgotten, so that we can provide proof to the ICO that we are compliant. This is the hardest part of GDPR, as it is almost impossible to remove one person details from a backup we may have of data, for instance. However, we will be keeping ourselves up-to-date with industry fixes and changes, and will do our very best to ensure you can be forgotten. Of course, your right to be forgotten will need to reviewed against the organisations need to keep information on you to satisfy other regulatory bodies.

If you wish to act on this section of the law, please send an email to admin [at] with the Subject matter GDPR - Right to be forgotten.