Privacy Policy

This Privacy Policy describes the practices of EXL Inc. (“EXL”, “we” or “us”) regarding our collection, use, and disclosure of information (including Personal Information, defined below) through our website at and the related software and services provided there (collectively, the “Service”).

Applicability of this Privacy Policy.

Please note that this Privacy Policy only applies to the Services. We process Personal Information (defined below) lawfully pursuant to one of three bases: where we have your consent (such as where you opt-in to marketing communications), where we have a legitimate interest in doing so (such as providing you with customer support), where necessary for performing a contract with you (such as our Terms of Service, to which you agree as a condition of using the Services), or where we have a legal obligation (such as where a court order compels us). This Privacy Policy does not apply to any website, offering, product or service of any third party, even if it links to our Site or incorporates the Service – please refer to the applicable privacy policies before deciding to provide any information to third parties.

A Note to Users Outside the United States.

We are based in the United States. The Services are controlled and operated by us from the United States and are not intended to subject us to the laws or jurisdiction of any state, country or territory other than that of the United States. Your Personal Information may be stored and processed in any country where we have facilities or in which we engage service providers, and by using the Services you consent to the transfer of information to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information. If you are in the European Union and would like additional information on how we legitimize transfers of personal data outside the European Union, the European Economic Area, and Switzerland, please see the “International Transfers” section, below.

Information We Collect.

We collect information from visitors to our website (“Visitors”) and from users of our Services (“Users”). We collect the following categories of information:

  • Information that can be used to identify or contact an individual (“Personal Information”), such as name and email address. We only collect Personal Information from Visitors and Users when they give it directly to us – for example, by registering for an account or by signing up for our newsletter or other communications.
  • Information collected automatically as a result of a Visitors or Users use of the Site or the Services (“Log Information”), such as IP addresses, browser type, Internet service provider, platform type, device type, operating system, date and time stamp of access, and other similar information. Log Information does not by itself include Personal Information, and we do not associate Log Information with Personal Information in order to identify specific individuals through the Log Information we collect. Some Log Information is collected by third parties, and some Log Information is collected through a variety of tracking technologies, including cookies (see “See Third Party Analytics and Tracking Technologies”, below).

How We Use Information.

We use the information we collect for the following purposes:

  • To provide the Services, using both Personal Information and Log Information.
  • To administer User accounts. We use Personal Information in order to associate specific accounts with Users and to provide them the Service, to respond to requests or inquiries, to provide support or technical assistance, and to facilitate payments.
  • To improve the Services. We use Log Information to improve our existing and develop new services and offerings and to customize existing and future product offerings to the wants and needs of our Users.
  • To provide you with promotional and marketing communications. We use Personal Information to send you information about our products and services, as well as updates about our business, where you opt-in to such communications. To opt-out, please see the “Managing Your Information” section, below.
  • To derive market insights. We use Log Information to analyze the market and conduct business analyses, and for other research purposes.
  • To secure our services and systems. We use Log Information to secure our systems by identifying potential threats and vulnerabilities, and to otherwise protect the information we collect.
  • For any legitimate business purpose, provided that the information is aggregated and anonymized.

How We Share Information.

We share or disclose information only in the following cases:

  • Upon direct request from a Visitor or User, or otherwise where specific consent was given.
  • With vendors we engage to provide aspects of the Services, such as data storage and hosting, payment processing,
  • With vendors to help us collect and use Log Information.
  • As necessary to comply with applicable law, including governmental requests, law enforcement requests, and otherwise to protect the rights, privacy, safety, or property of you, us, or others.
  • As necessary in the event of a proposed or actual reorganization, merger, sale, joint venture, assignment, transfer, financing, or other disposition of all or any portion of our business, assets, or stock.
  • With others for any legitimate business purpose, provided the information is aggregated and anonymized.

Third Party Service Providers.

We use third-party service providers to help us provide portions of the Coding Rooms services and give support. Examples of these third parties include public cloud storage vendors, carriers, our payment processor, and our service provider for managing customer support tickets. They only receive data needed to provide their services to us. We have agreements with our service providers that say they cannot use any of this data for their own purposes or for the purposes of another third party. We prohibit our service providers from selling data they receive from us or receive on our behalf. We require service providers to use data only in order to perform the services we have hired them to do (unless otherwise required by law). For example, we may use a company to help us provide customer support. The information they may receive as part of providing that support cannot be used by them for anything else. Below is the list of the vendors we currently use:

Prior to engaging any third party vendors, Coding Rooms evaluates their security and privacy posture.

  • Stripe (For payment processing)
  • Intercom (User support and live chat)
  • HotJar (Analytics)
  • Google (Analytics, user info syncing, code storage)
  • Netlify (Serving of content)
  • Rollbar (Exception logging)
  • Amazon Web Services (Hosting, networking)

How We Secure Information.

We implement appropriate technical and organizational measures to protect the information we collect and store. Unfortunately, no security measures are 100% foolproof, and as such no network or system (including ours) can be guaranteed to be 100% secure against destruction, loss, alteration, unauthorized disclosure of, or access to information we collect and store. If you believe your information may not be secure for any reason, please contact us immediately at

Managing Your Information.

You have many choices to access information we collect about you and about how we use or disclose that information. This section details many of those choices, including how you can exercise rights you may with respect to your information (including Personal Information), how you can opt out of collection and use of certain types of information for certain purposes (such as marketing), and how you can use your browser or third-party tools to disable certain collection methods (such as cookies or tracking technologies).

You may access, correct, amend or delete information by accessing it within your account. If you are unable to do so, or if you’re a Visitor who would like to exercise your right to access Personal Information we may have about you, or if you have any other questions about Personal Information we have collected about you, please contact us at

If you would prefer not to accept cookies or otherwise wish to disable our use of tracking technologies, most browsers and mobile devices allow you to change your settings so as to notify you when you receive cookies or other tracking technologies are being used, and to choose whether or not to accept/allow it. Most browsers also allow you to disable or delete existing cookies or to automatically reject future cookies. Please note that our Services do not respond to Do Not Track (DNT) signals.

Certain tracking technologies we use are related to advertising networks, and through those technologies the advertising networks may collect certain Log Information from you. No Personal Information is shared with these advertising networks, but please note that the information we share with those advertising networks might be combined with other information about you that those networks may have collected from other sources. To learn more about advertising networks and how to opt out of sharing information with them, please click here and here. If you’re in the EU, you can find additional information about your choices with respect to advertising networks and online behavioral advertising by clicking here.

If you have any questions about how we or our third-party service providers use cookies or other tracking technologies that aren’t answered in this Privacy Policy, please contact us at

International Users.

Residents of the European Union (EU), United Kingdom, Lichtenstein, Norway, Iceland or Switzerland. If you reside in the European Union (EU), United Kingdom, Lichtenstein, Norway, Iceland or Switzerland, you may have legal rights with respect to your personal data, including those set forth under the EU’s General Data Protection Regulation (GDPR). GDPR requires that we have a “basis” for processing your data. We process your personal data (i) with your consent (where applicable), (ii) to perform a contract with a customer, and (iii) for other legitimate interests and business purposes.

Information from Children.

Our Site and Service are not directed to children under the age of 13 and we do not knowingly collect Personal Information from children under the age of 13, unless we have received consent as detailed in Section “Ability to Accept Terms” of our “Terms of Services”. If we learn that we have collected Personal Information of an unauthorized child under the age 13, we will take reasonable steps to delete such information from our files as soon as is practicable. Please contact us at if you believe we have any information from or about an unauthorized child under the age of 13.

Changes to Privacy Policy

Any information that we collect is subject to the Privacy Policy in effect at the time such information is collected. We may, however, revise the Privacy Policy from time to time. If a revision is material, as determined solely by us, we will notify you at the email address you have provided to us and by posting the amended policy here. The current version will always be posted to our Privacy Policy page.

If you have any questions about this Privacy Policy, please contact us at