Privacy Policy

Last updated: September 9, 2025

Compliant with Digital Personal Data Protection Act, 2023 and Indian Privacy Laws

Purpose of the Privacy Policy

BrixSoft Technologies PVT LTD, doing business as Brixi.ai ("Company", "we", or "us"), provides tools and services to help clients ("Clients" or "Customers") manage leads ("Services"). We respect your privacy and this policy explains how we collect, use, and share information from (1) Clients and their authorized third parties, and (2) visitors to our website ("Visitors").

We may update this Privacy Policy periodically. Any changes will be posted on our website, and we encourage you to review it regularly. Material changes will be communicated via email or prominent notice on our platform at least 30 days before taking effect.

Compliance Statement: This Privacy Policy is designed to comply with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

1. Information We Collect

We may ask you for details such as your name, company, title, email, phone number, or other contact information. The data we collect falls into two categories:

Data Categories

  • Anonymous Information – Data that does not identify you personally (e.g., browser type, operating system, usage statistics). We use this to analyze trends, improve our services, and maintain security.
  • Personally Identifiable Information (PII) – Data such as your name, email, phone number, billing details, or account credentials. This may also include business information uploaded into our Service.

Specific Data Types Collected

Account Information

  • Full name and designation
  • Email address (primary and secondary)
  • Phone number (including country code)
  • Company name and industry
  • Billing address and GST details
  • Password and security preferences

Technical Information

  • IP address and geographic location
  • Device type, browser, and operating system
  • Session duration and activity logs
  • Cookies and tracking identifiers
  • API usage patterns and integration data
  • Error logs and performance metrics

Lead Integration Data

For LinkedIn and Meta (Facebook) lead synchronization services, we may collect and process:

  • LinkedIn Lead Data: Lead contact information, company details, campaign source, form responses, and LinkedIn profile identifiers as authorized through LinkedIn Lead Gen Forms
  • Meta Lead Data: Lead information from Facebook/Instagram ads, including contact details, form responses, ad campaign identifiers, and interaction timestamps
  • Integration Credentials: OAuth tokens, API keys, and authentication data necessary for secure integration with third-party platforms
  • Synchronization Logs: Data transfer records, sync status, error logs, and integration performance metrics

Data Sources

  • Direct Input: Information you provide when creating accounts, using services, or contacting support
  • Automated Collection: Technical data gathered through cookies, analytics, and system logs
  • Third-Party Integrations: Data received from LinkedIn, Meta, and other authorized platforms
  • Customer Uploads: Business data, lead lists, and content uploaded to our platform

2. How do we Use Your Information?

We use personal information to provide and improve our Services, communicate with Clients, process transactions, and as otherwise described below. All processing is based on lawful grounds under the DPDP Act 2023.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Consent: Where you have provided explicit consent for specific processing activities
  • Contract Performance: To fulfill our contractual obligations and provide requested services
  • Legitimate Interest: For business operations, fraud prevention, and service improvement
  • Legal Compliance: To meet regulatory requirements and legal obligations

General Use

We may use your information to provide the Services, contact you about account activities, updates, or product offerings, and respond to enquiries. You may opt out of communications at any time, though this may result in account closure. Customer Data is processed only as instructed by Customers and as required by law.

Purposes

a) Service Delivery

  • Provide, operate, maintain, and improve our Services
  • Communicate with you, including service announcements and security alerts
  • Process subscriptions and payments
  • Understand your needs and personalize your experience
  • Provide customer support and respond to requests
  • Facilitate lead synchronization from LinkedIn and Meta platforms
  • Generate analytics and reporting dashboards
  • Maintain system security and prevent unauthorized access

b) Research & Development

We may analyze data to improve our Services and develop new offerings. Personal information may be de-identified and used in aggregate for lawful business purposes. This includes improving our AI algorithms, enhancing integration capabilities, and developing new features based on usage patterns.

c) Marketing

  • Send direct marketing communications (with opt-out option)
  • Work with advertising and social media partners for interest-based ads using cookies and similar technologies
  • Offer products or services that may be of interest
  • Conduct market research and customer satisfaction surveys
  • Organize webinars, events, and product demonstrations

d) Compliance & Protection

  • Protect rights, privacy, safety, and property
  • Audit compliance with legal and contractual obligations
  • Enforce Terms of Service
  • Prevent fraud, cyberattacks, and illegal activity
  • Comply with legal requests and processes
  • Maintain audit trails and transaction records
  • Conduct due diligence and risk assessments

e) With Your Consent

In certain cases, we may ask for your explicit consent to use or share your information, such as posting testimonials or endorsements, participating in case studies, or accessing additional third-party integrations beyond our standard offerings.

3. Data Security

Storage of Personal Information

We operate secure data networks protected by industry-standard firewalls and password protection systems. Data transfers are secured using AES-256 encryption to protect against interception or tampering. Our security and privacy policies are regularly reviewed and enhanced as needed, with access limited to specially authorized individuals. However, no security system is impenetrable, and we cannot guarantee complete protection against unauthorized access, theft, or alteration of information.

Security Framework

Technical Safeguards

  • End-to-end encryption for data in transit and at rest
  • Multi-factor authentication (MFA) for account access
  • Regular security audits and vulnerability assessments
  • Automated backup systems with encrypted storage
  • Intrusion detection and prevention systems
  • SSL/TLS certificates for secure web communications

Administrative Controls

  • Role-based access control with principle of least privilege
  • Regular employee training on data protection practices
  • Background verification for personnel handling personal data
  • Incident response procedures and breach notification protocols
  • Data processing agreements with all service providers
  • Annual security and privacy policy reviews

Data Localization and Cross-Border Transfers

In compliance with Indian data protection laws, we primarily store and process personal data within India. For LinkedIn and Meta integrations, certain data may be transferred to servers outside India as required for the functioning of these third-party services. Such transfers are conducted with appropriate safeguards including Standard Contractual Clauses and ensuring adequate levels of data protection.

Third-Party Hosting, Serving, and Storage

From time to time, we may engage third-party providers for hosting, storage, and telecommunications services, which may include the storage of personal information. While we carefully select such vendors and ensure they comply with applicable data protection standards, we are not responsible or liable for negligent or unlawful acts or omissions by these third parties. All third-party providers are bound by comprehensive data processing agreements.

Data Breach Response

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant authorities within 72 hours as required under Indian law. Affected individuals will be informed without undue delay if the breach is likely to result in high risk to their personal data.

4. Data Retention

We retain personal information only for as long as it is necessary to provide Services or as required under applicable laws. Our approach to data retention includes:

Retention Periods

  • Active Accounts: Data is kept while your account is active to enable full use of our Services.
  • Account Closure: Upon termination or deletion of your account, we remove your personal data unless retention is required by law or for legitimate business purposes.
  • Legal & Regulatory Compliance: Certain records may be retained to meet statutory, tax, audit, or dispute resolution requirements under Indian law.
  • Backups & Archives: Information may remain in secure backups for a limited period before being permanently deleted.
  • Customer Data: Any business or customer information uploaded into our Services is retained in line with Customer's instructions and applicable agreements.

Specific Retention Schedules

  • Account Information: Retained during active subscription plus 7 years after account closure for tax and audit purposes
  • Transaction Records: 7 years from transaction date as per Indian accounting standards
  • Communication Records: 3 years from last interaction for customer service purposes
  • Technical Logs: 1 year for security and performance monitoring
  • Marketing Data: Until consent is withdrawn or 3 years of inactivity
  • Integration Data: Synchronized with source platform retention policies or customer instructions

Once retention periods expire, data is securely deleted or anonymized using industry-standard practices including cryptographic erasure and multi-pass overwriting techniques.

5. Data Sharing

Service Providers

We may engage third-party partners, vendors, and service providers in India or abroad to support the operation of our applications and Services. This may include hosting providers, authentication providers, analytics services, email and communication platforms, and other technology or support services. These providers are only permitted to process your Personally Identifiable Information (PII) for the purposes of delivering services on our behalf and are bound by confidentiality and data protection obligations.

Categories of Recipients

Technology Partners

  • Cloud hosting and infrastructure providers
  • LinkedIn and Meta for lead generation integration
  • Authentication and security service providers
  • Analytics and monitoring tools
  • Communication and email service platforms
  • Payment processors and billing systems

Business Partners

  • Channel partners and resellers (with consent)
  • Professional services firms (legal, audit, consulting)
  • Marketing and advertising partners
  • Customer support and help desk providers
  • Integration platform providers
  • Data backup and disaster recovery services

Aggregate Statistics

We may share non-identifiable, aggregate information (such as usage patterns, demographics, or overall statistics) with partners, advertisers, or other third parties. This data does not identify any individual and is used to understand and improve our Services. Aggregated data may include industry benchmarks, feature adoption rates, and anonymized performance metrics.

Legal Compliance

We may disclose personal information when required to do so under applicable Indian laws, including in response to lawful requests, summons, court orders, or government directives. We may also disclose information where necessary to protect the rights, property, or safety of our company, our users, or the public; to investigate fraud or illegal activity; or to enforce our terms and policies. Such disclosures will be limited to what is reasonably necessary and will be documented where legally permissible.

Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, personal information may be transferred as part of the business transaction. We will provide notice of such transfer and any choices you may have regarding your personal information. The acquiring entity will be bound by the commitments made in this Privacy Policy.

6. Your Rights

Under the Digital Personal Data Protection Act, 2023, and other applicable Indian laws, you have the following rights regarding your personal data:

Primary Rights

  • Right to Access: Request access to your personal information and details about how it's processed
  • Right to Correction: Request correction of inaccurate or incomplete information
  • Right to Erasure: Request deletion of your personal information (subject to legal requirements)
  • Right to Object: Object to processing of your personal information for specific purposes
  • Right to Data Portability: Request transfer of your data in a structured, machine-readable format

Additional Rights

  • Right to Withdraw Consent: Withdraw consent for processing at any time
  • Right to Grievance Redressal: File complaints with our Data Protection Officer
  • Right to Nominate: Nominate another person to exercise your rights in case of death or incapacity
  • Right to Information: Receive clear information about data processing activities
  • Right to Restrict Processing: Request limitation of processing in certain circumstances

How to Exercise Your Rights

To exercise any of these rights, please contact us using the information provided in the "Contact Us" section. We will respond to your request within 30 days of receipt.

  • Submit requests through your account dashboard or email
  • Provide sufficient identification for verification purposes
  • Specify the exact nature of your request
  • Allow reasonable time for processing (typically 30 days)

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyze usage patterns, and provide personalized content. This section explains our use of these technologies.

Types of Cookies We Use

Essential Cookies

  • Authentication and session management
  • Security and fraud prevention
  • Basic functionality and navigation
  • Load balancing and system performance

Optional Cookies

  • Analytics and usage statistics
  • Personalization and preferences
  • Marketing and advertising
  • Social media integration

Managing Your Cookie Preferences

You can manage cookie preferences through your browser settings or our cookie consent banner. Note that disabling certain cookies may affect website functionality. Essential cookies cannot be disabled as they are necessary for basic site operation.

8. Children's Privacy

Our Services are not intended for children under the age of 18 years. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

Parental Rights and Responsibilities

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately using the contact information provided below. We will investigate and take appropriate action in accordance with applicable laws.

  • Request access to any personal information we may have collected from your child
  • Request correction or deletion of your child's personal information
  • Refuse to permit further collection or use of your child's information
  • Receive notification of data breaches affecting your child's information

Important: By using our services, you confirm that you are at least 18 years of age or have obtained proper parental/guardian consent as required by applicable laws.

Special Considerations for Business Users

Our platform is designed for business and professional use. Organizations using our services must ensure they comply with applicable age restrictions and obtain necessary permissions before allowing minors to access lead data or business information through our platform.

9. International Transfers

While we primarily process and store data within India, certain aspects of our Services, particularly integrations with LinkedIn and Meta platforms, may require data transfers to countries outside India.

Cross-Border Data Transfers

  • LinkedIn Integration: Data may be transferred to LinkedIn's servers in the United States and other countries where LinkedIn operates
  • Meta Integration: Lead data from Facebook/Instagram may be processed on Meta's global infrastructure
  • Cloud Services: Our infrastructure partners may store backup data in secure facilities outside India
  • Support Services: Customer support communications may be routed through international service providers
  • Payment Processing: Transaction data may be processed by international payment gateways
  • Analytics Services: Usage data may be processed by international analytics providers

Countries of Data Processing

Primary Processing Locations

  • India: Primary data storage and processing
  • United States: LinkedIn, Meta, and cloud services
  • European Union: Backup and disaster recovery
  • Singapore: Asia-Pacific data processing hub

Service-Specific Locations

  • Customer Support: India, Philippines
  • Email Services: United States, Ireland
  • CDN Services: Global network of servers
  • Monitoring Tools: United States, Germany

Safeguards for International Transfers

  • Standard Contractual Clauses (SCCs): Legally binding agreements with international service providers
  • Adequacy Decisions: Reliance on Government of India adequacy decisions where applicable
  • Binding Corporate Rules: Internal data protection rules for multinational service providers
  • Encryption and Security: End-to-end encryption during transit and storage
  • Compliance Audits: Regular assessments of international partners' data protection practices
  • Data Minimization: Transfer only necessary data for specific purposes
  • Access Controls: Strict limitations on who can access transferred data

Data Localization Compliance

In accordance with Indian data protection laws and RBI guidelines, we maintain copies of critical personal and financial data within India. Sensitive personal data such as passwords, financial information, and health data (where applicable) are primarily stored and processed within Indian borders.

Your Rights Regarding International Transfers

  • Right to be informed about international transfers affecting your data
  • Right to object to transfers in certain circumstances
  • Right to request details about safeguards in place
  • Right to file complaints with relevant supervisory authorities

We ensure that all international transfers comply with applicable Indian data protection laws and provide adequate protection for your personal information. We regularly review and update our transfer mechanisms to maintain the highest standards of data protection.

10. Contact Us

If you have any questions about this Privacy Policy, need assistance with exercising your rights, or wish to file a complaint, please contact us using the information below:

General Enquiries

Email: privacy@brixi.ai

Business Hours: Monday-Friday, 9:00 AM - 6:00 PM (IST)

Response Time: Within 48 hours for general enquiries

Data Protection Officer

Email: dpo@brixi.ai

Role: Data Protection and Compliance

Languages: English, Hindi

Response Time: Within 30 days for rights requests

Emergency Contact

Security Incidents & Data Breaches: If you suspect a security incident or data breach, please contact us immediately at security@brixi.ai

What to Include in Your Request

Required Information

  • Your full name and contact information
  • Account details or identifiers (if applicable)
  • Clear description of your request or concern
  • Preferred method of response
  • Any relevant supporting documentation
  • Proof of identity for data access requests

Types of Requests

  • Data access and portability requests
  • Correction of inaccurate information
  • Data deletion and account closure
  • Consent withdrawal
  • Marketing opt-out requests
  • Privacy policy questions and complaints

Regulatory Authorities

Data Protection Board of India: Once operational, you may contact the Data Protection Board of India for complaints related to data protection violations.

Current Oversight: Ministry of Electronics and Information Technology (MeitY), Government of India provides current regulatory oversight for data protection matters.

Cyber Crime: For cyber security incidents, you may also contact the Indian Cyber Crime Coordination Centre (I4C) at cybercrime.gov.in

Alternative Dispute Resolution

If you are not satisfied with our response to your privacy concerns, we encourage you to first contact our Data Protection Officer for escalation. We are committed to resolving privacy disputes through good-faith dialogue and may engage in alternative dispute resolution mechanisms before formal regulatory proceedings.

11. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We encourage you to review this policy periodically to stay informed about how we protect your information.

Material Changes

  • Changes to data collection practices
  • New purposes for data processing
  • Additional third-party data sharing
  • Changes to retention periods
  • Modifications to user rights
  • New international data transfers

Non-Material Changes

  • Contact information updates
  • Clarifications and formatting
  • Additional explanatory content
  • Spelling and grammar corrections
  • Organizational restructuring
  • Enhanced transparency measures

Your Consent and Continued Use

Active Consent Required: For material changes that significantly affect your privacy rights, we may require explicit consent before the changes take effect.

Implied Consent: By continuing to use our Services after changes become effective, you agree to the updated Privacy Policy.

Right to Discontinue: If you disagree with changes, you may discontinue use and request deletion of your account at any time.