Information we process

• Account identity from OAuth sign-in, such as email, name, and provider subject.
• Access-request details you submit, such as email, name, organization, and intended use case.
• API key records, usage counters, and rate-limit state for authenticated access.
• Requests sent to MCP tools, including search queries and public URLs queued for ingestion.
• Public-source text and metadata from podcasts, videos, interviews, feeds, newsletters, and webpages.

How content is handled

Audio is temporary in the ingestion pipeline. Source adapters download audio to process transcription, then the temporary audio file is deleted before the content record is stored. XData stores searchable text, source URLs, metadata, retrieval chunks, and embeddings.

Processors

XData may use infrastructure, authentication, transcription, enrichment, and embedding providers such as Render, WorkOS, AssemblyAI, and OpenRouter to operate the service.

Retention and access

Account and usage records are retained while access is active or as needed for security and abuse prevention. Public-source corpus records are retained to serve search and citation workflows unless removed for operational, legal, or product reasons.

Access-request records are used to prioritize onboarding, source coverage, and product follow-up. Submitting a request does not create an account or grant access.

Contact

For privacy, access, or removal questions, use the XData support page.