Privacy Policy

Xari Crud

Last updated: March 2026

1. Introduction

Your privacy is fundamental to us. This Privacy Policy explains what information we collect, how we use it, and what rights you have over your personal data when using Xari Crud, a dynamic CRUD mobile client that connects to XAF Web API backends.

2. Information We Collect

Information provided by the user

• Server URL: The XAF Web API server address you configure to connect to. It is stored securely on the device using Secure Storage.
• Authentication credentials: Username and password you provide to authenticate with the XAF server. These credentials are sent to the backend to obtain a JWT token and are not permanently stored on the device.
• Authentication token (JWT): The token obtained from the server is stored in the device's Secure Storage to maintain your active session.

Information generated by usage

• App preferences: Settings such as visual theme and entity visibility. Stored locally on the device only.

Information we do NOT collect

• Device location.
• Photos, media files, or contacts.
• Device identifiers.
• Usage data, analytics, or metrics.

3. Data Storage

Local Storage

• The server URL and JWT token are stored in the device's Secure Storage, protected by the operating system's security measures.
• App preferences (theme, entity visibility) are stored locally on the device.
• Xari Crud does not maintain a local database of server records. Data is queried in real time from the XAF backend.

Cloud Storage

• Xari Crud does not use its own cloud services.
• All data communication occurs exclusively between the app and the XAF Web API server configured by the user.
• The storage and processing of business data is the responsibility of the XAF server and its administrator.

4. Third-Party Communication

Xari Crud does not send data to third-party services. Specifically:

• It does not use Firebase or any Google Cloud service.
• It does not include analytics or crash reporting SDKs.
• It does not contain advertising or ad SDKs.
• DevExpress MAUI UI controls run exclusively on the client side and do not transmit data to DevExpress.

The only external communication is with the XAF Web API server you configure, and it is carried out exclusively over encrypted HTTPS connections.

5. Data Security

We implement the following security measures:

• Encryption in transit via HTTPS/TLS for all communication with the XAF server.
• Device Secure Storage for credentials and tokens.
• Passwords are not permanently stored; only the JWT token is kept on the device.
• The JWT token has a limited validity period defined by the XAF server.

Important: The security of business data depends on the configuration of the XAF server you connect to. Make sure you only connect to trusted servers with valid SSL certificates.

6. Data Retention

• JWT token: Retained until you log out, the token expires, or you uninstall the app.
• Server URL: Retained until you change it or uninstall the app.
• Preferences: Retained until you modify them or uninstall the app.

7. Data Deletion

You can delete your data at any time:

• Logging out removes the JWT token from Secure Storage.
• Uninstalling the app removes all local data (server URL, token, preferences).

Note: Data stored on the XAF server is managed by the server administrator and is outside the scope of this application.

8. Children's Privacy

Xari Crud is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that we have collected data from a child under 13, we will delete that information immediately.

9. Your Rights

Under applicable data protection laws (GDPR, CCPA, etc.), you have the right to:

• Request information about what data the app stores.
• Delete your local data (by logging out or uninstalling).
• Object to processing for certain purposes.

Since Xari Crud stores data exclusively on your device and not on its own servers, you have full control over your data at all times.

To exercise these rights or make inquiries, contact us at hveitia86@gmail.com

10. International Data Transfers

Xari Crud does not transfer data to its own servers. Communication occurs solely with the XAF server configured by the user. The location and jurisdiction of said server is the responsibility of the user and the server administrator.

11. Cookies and Tracking Technologies

Xari Crud does not use cookies, tracking technologies, device identifiers, or analytics tools of any kind.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• A notification within the app.
• Updating the "Last updated" date on this document.

Continued use of the app after changes constitutes your acceptance of the new policy.

13. Contact

If you have questions about this Privacy Policy, you can contact us at hveitia86@gmail.com