Privacy Policy

1. Introduction

Zynoviq Solutions Private Limited ("Zynoviq," "we," "us," or "our") is an enterprise artificial intelligence company headquartered in Chennai, Tamil Nadu, India. We develop and operate ProfitGuard, HalluGuard, VanRakshak, SupportGuard, LLFI, and associated SAP plugin integrations (collectively, the "Services").

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website at zynoviq.com, interact with our sales or support teams, or use our Services. It applies to all individuals whose personal data we process, including website visitors, prospective customers, active subscribers, and former customers.

We are committed to compliance with the EU General Data Protection Regulation (GDPR), India's Digital Personal Data Protection Act 2023 (DPDPA 2023), and all other applicable data protection legislation. Where our Services are deployed on-premise or within your private cloud, customer business data remains entirely under your control and is not covered by this policy.

2. Information We Collect

We collect the following categories of personal data:

Personal Data You Provide

• Full name, business email address, phone number, and job title when you create an account or request a demo
• Company name, industry, company size, and billing address during subscription onboarding
• Billing and payment information, including credit card or bank details (processed exclusively by PCI-DSS-compliant third-party payment processors; we do not store raw card numbers)
• Communications you send to us, including support tickets, emails, and chat transcripts
• Feedback, survey responses, and feature requests submitted through our platform

Usage Data

• Feature adoption metrics, login frequency, session duration, and navigation paths (collected in aggregate, never linked to individual end users)
• Error logs and crash reports generated during platform usage
• API call volumes and latency metrics for performance monitoring

Technical Data

• IP address, browser type and version, operating system, and device identifiers
• Referring URL, pages visited, time spent on pages, and access timestamps
• Authentication tokens and session identifiers (encrypted and ephemeral)

3. Legal Basis for Processing

Under GDPR Article 6, we rely on the following legal bases for processing your personal data:

• Contractual Necessity (Art. 6(1)(b)): Processing required to perform our obligations under your subscription agreement, including account provisioning, billing, and technical support
• Legitimate Interest (Art. 6(1)(f)): Processing for platform security, fraud prevention, product improvement based on aggregated analytics, and direct marketing to existing customers (with opt-out)
• Consent (Art. 6(1)(a)): Processing for optional analytics cookies, marketing communications to prospects, and participation in beta programs. You may withdraw consent at any time without affecting the lawfulness of prior processing
• Legal Obligation (Art. 6(1)(c)): Processing required to comply with tax regulations, financial reporting obligations, anti-money laundering laws, and lawful data preservation requests

Under the DPDPA 2023, we process personal data based on your consent or for "certain legitimate uses" as defined in Section 7 of the Act, including performance of a contract and compliance with Indian law.

4. How We Use Your Information

We use the personal data we collect for the following specific purposes:

• Provisioning, configuring, and maintaining your account and subscription
• Processing payments, generating invoices, and managing billing cycles
• Providing technical support, resolving incidents, and responding to service requests
• Sending transactional communications such as subscription confirmations, renewal notices, and security alerts
• Analyzing aggregated usage patterns to improve platform performance, reliability, and user experience
• Detecting, investigating, and preventing fraudulent activity, unauthorized access, and security threats
• Conducting internal research and development to enhance our AI models and product features (using anonymized data only)
• Sending marketing communications about new features, product updates, and industry insights (with opt-out available in every communication)
• Complying with applicable laws, regulations, and legal processes
• Enforcing our Terms of Service and protecting our legal rights

5. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data. We may share your information only in the following circumstances:

• Service Providers: Trusted vendors who assist with payment processing, email delivery, cloud infrastructure, and analytics, each bound by Data Processing Agreements (DPAs) that restrict their use of your data to the services they provide to us
• Professional Advisors: Legal counsel, auditors, and consultants engaged under strict confidentiality obligations
• Law Enforcement: Government authorities when required by law, regulation, court order, or governmental request, and only to the extent legally mandated
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your data may be transferred to the successor entity, subject to the same privacy protections described herein
• With Your Consent: For any purpose not described above, we will obtain your explicit consent before sharing your data

6. International Data Transfers

Zynoviq is headquartered in India, and your data may be processed in jurisdictions outside your country of residence. When we transfer personal data internationally, we implement the following safeguards:

• Standard Contractual Clauses (SCCs): For transfers from the EU/EEA, we execute SCCs approved by the European Commission (Decision 2021/914) with all relevant sub-processors
• Adequacy Decisions: Where applicable, we rely on European Commission adequacy decisions for transfers to countries deemed to provide an adequate level of data protection
• DPDPA 2023 Compliance: For transfers of Indian personal data, we comply with the cross-border transfer provisions of the DPDPA 2023 and any restrictions notified by the Central Government of India
• On-Premise Deployment: Enterprise customers may choose on-premise or private cloud deployment, ensuring data never leaves their jurisdiction

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this policy, subject to the following specific retention periods:

• Account Data: Retained for the duration of your active subscription plus 90 days following account closure, after which it is permanently deleted
• Billing and Financial Records: Retained for 7 years in accordance with tax and financial reporting regulations
• Support Communications: Retained for 3 years from the date of resolution to support ongoing service quality and dispute resolution
• Server and Access Logs: Retained for 12 months, then automatically purged
• Marketing Consent Records: Retained for the duration of consent plus 2 years for compliance audit purposes
• Analytics Data: Aggregated and anonymized within 30 days of collection; anonymized data may be retained indefinitely

8. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

Rights Under GDPR (EU/EEA Residents)

• Right of Access (Art. 15): Request a copy of the personal data we hold about you
• Right to Rectification (Art. 16): Request correction of inaccurate or incomplete personal data
• Right to Erasure (Art. 17): Request deletion of your personal data where there is no compelling reason for continued processing
• Right to Data Portability (Art. 20): Receive your personal data in a structured, commonly used, machine-readable format
• Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes
• Right to Restriction (Art. 18): Request that we restrict processing of your data in certain circumstances
• Right to Withdraw Consent (Art. 7(3)): Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing
• Right to Lodge a Complaint (Art. 77): File a complaint with your local supervisory authority

Rights Under DPDPA 2023 (Indian Residents)

• Right to access a summary of your personal data and the processing activities performed
• Right to correction and erasure of personal data
• Right to nominate another individual to exercise your rights in the event of your death or incapacity
• Right to grievance redressal by contacting our Data Protection Officer

To exercise any of these rights, please contact our Data Protection Officer at privacy@zynoviq.com. We will respond to all requests within 30 days, or within the timeframe required by applicable law.

9. Children's Privacy

Our Services are designed for enterprise business use and are not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16 years of age. If we become aware that we have inadvertently collected such data, we will take prompt steps to delete it. If you believe a child under 16 has provided personal data to us, please contact us at privacy@zynoviq.com.

10. Cookies and Tracking Technologies

We use cookies and similar technologies on our website to provide essential functionality, analyze traffic, and remember your preferences. We do not use advertising or behavioral tracking cookies. For full details on the cookies we use, their purposes, and how to manage your preferences, please see our Cookie Policy.

11. Security

We implement comprehensive technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• AES-256 encryption for data at rest and TLS 1.3 for data in transit
• SOC 2 Type II certification with annual independent audits
• Quarterly penetration testing by independent security firms
• Role-based access controls (RBAC) with least-privilege principles
• Continuous vulnerability scanning and patch management (critical CVEs patched within 24 hours)
• Employee security training and background checks for all personnel with access to personal data

For more information about our security practices, visit our Security page.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by posting a prominent notice on our website, sending an email to the address associated with your account, and updating the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Your continued use of the Services after any changes constitutes acceptance of the updated policy.

13. Contact

For privacy-related inquiries, data access requests, or complaints, please contact our Data Protection Officer:

Data Protection Officer
Zynoviq Solutions Private Limited
Chennai, Tamil Nadu, India
Email: privacy@zynoviq.com

We aim to respond to all inquiries within 5 business days and to resolve formal data subject requests within 30 days.

14. Supervisory Authority

If you are located in the EU/EEA and believe that our processing of your personal data infringes upon your rights under the GDPR, you have the right to lodge a complaint with your local supervisory authority. A list of EU data protection authorities is available at edpb.europa.eu.

If you are located in India and wish to file a grievance under the DPDPA 2023, you may contact the Data Protection Board of India once established, or reach out to our Data Protection Officer as a first point of contact. We are committed to resolving all grievances in a timely and fair manner.