Updated: 10 June 2020.


Exto, Inc. is committed to safeguarding your privacy. 

This policy describes the order of collecting, processing and using any personal data, obtained by Exto, Inc. from users of our website located at https://exto.io/ (“Site”) and our Applications (“Applications” and, separately, “Application”). 

The Site and the Applications are operated by Exto, Inc., which is located at the address: United States, 500 N Michigan Avenue, 600 60611 Chicago, IL (“Exto, Inc.”, “we”, “us”). Applications are available on e-commerce platforms, and access is provided to the Customers either directly from their respective accounts on such e-commerce platforms or through the Site, which could redirect the user to such e-commerce platforms. 

This policy applies to all visitors of the Site and (or) users of any of the Applications. By visiting the Site and (or) installation of any of the Applications or providing us with your Personal Data through the Site or any of the Applications you accept the provisions, stated herein. 

Please, familiarize with the present Privacy Policy, so that to clarify the order of the use of your personal data by Exto, Inc.


Personal data, collected through the Site and (or) any of the Applications, is controlled by Exto, Inc., regardless of your location or place of residence. 

Exto, Inc. is liable for any violation of privacy or data security requirements, committed in relation to any user of the Site and (or) an Application.  

Contract details of the responsible organization are specified in Section 11 of this Privacy Policy.


Exto, Inc. may storage and collect the following data of the users of the Site or an Application:

Personal Data

We collect your Personal Data, in case you provided such information, while interacting with the Site or the subscribed Application (for example, by subscribing for email correspondence, directing the requests), including:

  • Name and surname of the user;
  • Password;
  • Contract information of the company: company name, email address, telephone number, address.

Non-identifiable (Anonymous) Data

While using the Site and (or) an Application, you transmit to Exto, Inc. user-specific data and web-tracking data (cookies, web beacons, pixel tags, etc.). This information may also include:

  • addresses of previously / further visited websites;
  • type of browser and other device information (operation system, hardware version, device settings, file and software names and types, device identifiers, language, etc.);
  • visited pages and sections of the Site, clicked links on the Site, etc.

Your Internet Protocol (IP) address, as well as your current geographic location, may also be collected. Although this data could potentially be used to identify a certain person, we in no way relate this data to any user’s personal data.  

Such data is collected automatically from your browser, so that to ensure efficient operation of the Site and (or) an Application. This data is not used by Exto, Inc. to identify the user. 

Provisions, related specifically to cookies, are reflected in Section 7 of the present Privacy Policy.


You accept the terms of this Privacy Policy and consent collection, processing and use of your data by Exto, Inc. in accordance with this Privacy Policy. You can withdraw your consent at any time by stopping to use the Site or deleting the used Application(s) from your account(s) on the respective e-commerce platform.

We may retain your personal data for a limited time after you have stopped using the Site or deleted the used Application(s) from your account(s), if such retention is reasonably necessary to comply with our legal obligations, meet regulatory or law enforcement requirements or execute this Privacy Policy or Terms & Conditions. 

Exto, Inc. collects, processes and uses data for the following internal purposes:

  • providing our products and services;
  • improving our products and services, updating and administering the Site and our Applications;
  • identifying the users in the Site and our Applications;
  • supporting, developing and testing the Site and our Applications;
  • sending communications, related to the use of the Site or our Applications, including advertising materials, special offers, promotional letters and administrative e-mail notifications, such as security or support messages;
  • measuring and analyzing audience traffic;
  • for any other purposes, disclosed to you at the time we collect your information or pursuant to your consent.


The following rights of the users are ensured under the GDPR and other personal data protection legislation. You could exercise any of these rights in relation to any data collected, processed and used by Exto, Inc.

Right of information

You are entitled to request from us any information on the types of data we process (collect, use): reasons of its processing (collection, use), legal basis for such processing (collection, use), term of storage of your data, conditions for sharing the data with third persons and entities, order of the exercise and protection of your rights in this regard.

Right of access 

You are entitled to request that Exto, Inc. provides you with information about processing (collection, use) of your personal data, including the copy of such data. 

Right to data portability

You have the right to receive personal data, that you have provided to us, in a structured, common and machine-readable format and transfer this data to another person without hindrance. 

Right of Rectification 

You have the right to obtain the rectification of inaccurate personal data, which concerns you, from Exto, Inc. and complete the incomplete personal data. 

Right to restriction of processing

You have the right to obtain restriction of processing from Exto, Inc. in cases, established by applicable legislation. In particular, such cases include, but not limited to, the following situations:

  • If your personal data, collected by Exto, Inc., is inaccurate for a period, enabling Exto, Inc. to verify the accuracy of the personal data;
  • Processing of data is unlawful and you opposed the erasure of your personal data and chose to request the restriction of its use instead;
  • Exto, Inc. no longer needs your personal data for the purposes of processing, but you need it for the establishment, exercise or defense of legal claims.

Right to Erasure (‘Right to Be Forgotten’)

We will immediately erase your personal data, if such data is no longer necessary for the purposes for which it was collected, or if you revoke your consent, or if it was unlawfully processed, and in other cases, established by law.  

Please note, however, that applicable laws may provide for a retention period, within which we are allowed to store data, for example, to comply with our legal obligations, meet regulatory requirements, resolve disputes, prevent fraud, enforce our Terms & Conditions. This data may only be deleted after time specified by law.

Notification Obligation 

If you have the right to rectify, delete or restrict the processing of your personal data by us, we are obliged to notify all recipients, to whom your personal data was disclosed, of this correction or deletion of the data or restriction of its processing, unless this proves to be impossible or involves a disproportionate effort.


We may need to disclose the user’s data, when required by law of the United States or other jurisdictions, or if we have a good faith belief that disclosure is reasonably necessary (a) in connection with any legal investigation or proceeding; (b) to comply with relevant laws or respond to subpoenas or warrants; (c) to protect or defend the rights or property of Exto, Inc., its affiliates or its users; and/or (d) to investigate or assist in preventing any violation or potential violation of the law, this Privacy Policy or our Terms & Conditions.

We will take measures to inform users about legal demands for their personal data, when appropriate and possible at our discretion, unless prohibited by law or court order. 

Exto, Inc. could transfer and disclose the user’s data to the companies that are its Affiliates (our parent company, subsidiaries, joint ventures, or other companies under common control of Exto, Inc.) so that the Affiliates could use the data for support, development and testing of the Site and the Applications. In any event, any such Affiliates are obliged to use the received data consistently with this Privacy Policy. 

User’s data could be transferred to another person as the result of the event of the change of control, including any merger, financing, acquisition or dissolution transaction, sale, transfer of all or a portion of our business or assets, as well as of the event of insolvency or bankruptcy. In any event, such another person shall act consistently with this Privacy Policy.

Exto, Inc. could employ third party companies and individuals to facilitate our products and services provision, including maintenance and development of the Site and the Applications and other related actions (e.g., analysis, audit, and marketing). Such third party companies or individuals will be granted only limited access to the user’s data, which is reasonably necessary for performing the assignments from Exto, Inc. Such third party companies or individuals are also obliged to act consistently with this Privacy Policy and not to use the data for other purposes.

The user’s data could be transferred to other countries in case such transfer is executed in accordance with the present Section 6.


A cookie is a small file that a website sends to your computer’s hard drive, while you are viewing the Site or the subscribed Application. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

In case you consent to the use of cookies, these files will assist in analyzing web-traffic. You can also choose to decline cookies. If you earlier consented to cookies, you can still further modify your browser settings to decline cookies if you prefer, but this may limit the use of the Site for you. 

By the use of cookies, the Site and the Application could customize its operations to your needs, preferences and interests by gathering and memorizing corresponding information.

Exto, Inc. uses traffic log cookies to identify, which pages were viewed by the users. This helps us to analyze data about the Site traffic and improve it to meet the users’ needs. We only use this information for statistical analysis purposes and then the data is removed from the system. 

The table below lists the cookies we collect and what information they store.

COOKIE nameCOOKIE Description
APISIDThe cookie works by uniquely identifying your browser and device
SSIDThe cookie carries out information about how the end user uses the website and any advertising that the end user may have seen before visiting the said website
SIDCCThe cookie carries out information about how the end user uses the website and any advertising that the end user may have seen before visiting the said website
SIDThe cookie to be used as for session state management
SAPISIDThe cookie works by uniquely identifying your browser and device
HSIDThe cookie is used to build a profile of the website visitor’s interests and show relevant ads on other sites
IDEThe cookie carries out information about how the end user uses the website and any advertising that the end user may have seen before visiting the said website
1P_JARThe cookie carries out information about how the end user uses the website and any advertising that the end user may have seen before visiting the said website
NIDThe cookie is used by Google to build a profile of the website visitor’s interests and show the relevant ads on other sites
SEARCH_SAMESITEThe cookie is used to declare which context to be used
spinThe cookie is being used by Facebook
wdThe cookie stores the browser window dimensions and is used by Facebook to optimize the rendering of the page
xsThe cookie is being used by Facebook contains multiple pieces of information about the session
c_userThe cookie contains the user ID of the currently logged in user
atrThe cookie is to identify the web browser being used to connect to Facebook
YSCThe cookie is set by YouTube to track views of embedded videos
actThe cookie contains a Unix timestamp value
sbThe cookie is being used by Facebook
presenceThe cookie is used to contain the user’s chat state.
viewed_cookie_policyThe cookie controls whether you have read our cookie policy
PREFThe cookie works by uniquely identifying your browser and device
DVThe cookie is used to collect information about how visitors use our site
cookielawinfo-checkbox-necessaryThe cookie keeps track of which cookies you approved
wam_assigned_rolesThe cookie keeps track of the user’s role. Not used if you are a normal web user
wp-settings-timeThe cookie is used to customize the user’s view. Not used if you are a normal web user
LOGIN_INFOThe cookie is used to play YouTube videos embedded on the website
VISITOR_INFO1_LIVEThe cookie is set by YouTube to keep track of user preferences in order to give you the best resolution of the video
cookielawinfo-checkbox-non-necessaryThe cookie that keeps track of which cookies you approved
_gat_UAThe cookie is used to throttle requests
_gidThe cookie is used to identify unique users
wordpress_logged_in_{ID}The cookie indicates when you are logged in, and who you are, for most interface use. Not used if you are a normal web user
_gaThe cookie is used to identify unique users


Exto, Inc. is committed to ensuring that your information is secure. We have implemented security safeguards to protect the personal data that you provide in accordance with industry standards. 

In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online through the Site and the Applications:

  1. Our company practices security assessments of the internet-facing systems;
  2. We provide our users with the information about our program updates with a thorough description of the products that were either included or excluded from the program;
  3. We have 24/7 support where you could report about functionality and vulnerabilities;
  4. We also regularly monitor our system for possible vulnerabilities and attacks, and we use a tier-one secured-access data centre to protect any data you store on our servers;
  5. In our Terms & Conditions a separate paragraph describes our reimbursement/payment policy;
  6. Authentication of API requests for data exchange between the Site and the Application on the one side and the admin backend on the other side is provided through JSON Web Tokens, which are protected by HS256 digital signature algorithm;
  7. We employ two-factor authentication (2FA) in the form of a security code in addition to a password in our systems, which contain customer data;
  8. We do not collect any vulnerable information on our servers. Only the developers have the access to the servers, while the support team has the access to clients app admin via client permit only;
  9. Our data access permissions and user privileges concerning internal systems with customer data are reviewed regularly.

We kindly draw your attention to the fact, that we cannot absolutely ensure or warrant the security of any information that you transmit to us. In particular, emails are not encrypted, and we advise you to take special care in deciding on the data you send to Exto, Inc. via email. It is also your responsibility to protect the security of your login and password information.


We are not liable for the actions and content of other websites, applications and services that refer to our Site and any of our Applications. 

If you follow any link while using our Site and (or) Application, please, take into account that this Privacy Policy is not applicable to other sources and entities, except for those, described in Section 6. 


This Privacy Policy may be updated from time to time at our own discretion. We will notify you of any changes to our Privacy Policy by posting the new Privacy Policy at the address: https://exto.io/privacy-policy-cookie-restriction-mode/. We will also change the “Last Updated” date, which is reflected above. 

If you object to any changes, you may uninstall the used Application(s) through the account(s) on the respective e-commerce platform(s).


If you have any questions, concerns or complaints about our Privacy Policy or our data collection or processing practices, or if you want to report any suspected security violations to us, please, contact us at the following:

Phone: +1 (312) 879-9696

Email: support@exto.io

United States, 500 N Michigan Avenue, 600

60611 Chicago, IL

We will reply to your request and, if necessary, take steps to ensure our practices are consistent with our obligations and this Privacy Policy. If you are still not satisfied with the manner we collect, process or use your data and you suppose it is implemented inconsistently with applicable data protection legislation, you have the right to submit a complaint with a data protection authority.