Privacy Policy
We believe you should always know what data we collect, why we collect it, and how you can make informed decisions about what you share with us.
This Privacy Policy (“Policy”) applies to Shivicx Technologies Private Limited (“Shivicx”, “we”, “us”, or “our”), a company incorporated under the laws of India. It governs how we collect, use, store, and protect personal data in connection with our website at shivicx.com and our products and services (collectively, the “Services”).
We may update this Policy at any time. If you are a Customer or User, we will notify you of material changes by email or via an in-app notification. Please read such notices carefully. If you do not agree with this Policy, we advise you not to use our website or Services.
Your personal data relationship with Shivicx varies based on how you interact with us. You may be:
- Visitor — someone browsing shivicx.com
- Customer — a person or entity that has subscribed to one of our Services
- User — an employee, agent, or representative of a Customer who uses the Services
The type of data we collect and the purposes for which we use it differ depending on your role, and this Policy details those variations.
1. What Data We Collect
The data we collect depends on your relationship with us:
| Role | Data Collected | How & Why We Use It |
|---|---|---|
| Visitor | Location; browsing behaviour (pages visited, time spent); device details (model, OS); cookies and web beacon data; name and email if voluntarily submitted. | To analyse and improve website interactions. If you give consent, to send newsletters and marketing communications about our Services. |
| Customer | Name and email of the representative who signs up; payment information (processed via our payment provider — we do not store card data). | To register your account and facilitate provision of the Services. To enable payments. If you give consent, to send updates and marketing communications. |
| User | Name, email; product usage behaviour; device details; cookies and web beacon data; documents and data submitted to the Services. | To provide and improve the Services. To send transactional emails regarding updates or issues. We do not use Customer or User data to train external AI models or for purposes beyond the agreed scope. |
We do not collect any Special Categories of Personal Data (such as health, racial or ethnic origin, political opinions, biometric data, or sexual orientation). If you are a Customer or User, you agree not to submit such data to the Services under any circumstances.
2. Artificial Intelligence & Automated Processing
Shivicx uses artificial intelligence to power its Services. All AI-driven data processing is performed with a strong commitment to safeguarding privacy:
- We do not use Customer or User data to train external AI models or for any purpose beyond the agreed scope of our Services.
- Any personal data processed by our AI systems is handled in compliance with applicable data protection laws, including the DPDP Act 2023 and EU GDPR where relevant.
- We implement strict access controls, encryption, and regular audits to prevent unauthorized access to or misuse of your information.
- We anonymize and aggregate data wherever possible to protect individual identities.
Where anonymized or aggregated data is not being used to render Services to you, we shall explicitly seek your consent before using it for any other purpose. You may withdraw such consent at any time by contacting our Grievance Officer (Section 11).
3. Legal Basis for Processing
The legal grounds on which we process Personal Data are as follows:
| Category | Legal Basis |
|---|---|
| Visitor Data | Consent; Legitimate Interest |
| Account Registration Data | Performance of a Contract; Compliance with applicable laws; Legitimate Interest |
| Service Usage Data | Performance of a Contract; Legitimate Interest |
| Marketing Communications | Consent; Legitimate Interest |
If you believe we have used your personal data in violation of the above, you may lodge a complaint with your local supervisory authority.
4. Cookies & Tracking Technologies
We use cookies and similar tracking technologies (web beacons, pixel tags) on our website to enhance your browsing experience, analyse traffic, and personalise content. The categories of cookies we use are:
- Functional / Preferences — remember your settings and preferences.
- Analytics & Performance — help us understand how visitors use the site.
- Marketing & Targeting — used to deliver relevant advertisements.
- Social Networking — enable sharing content on social platforms.
You can manage or opt out of non-essential cookies at any time via our Cookie Policy or the cookie preferences panel on our website.
5. Transfer of Information
To facilitate our operations, we may transfer and store the data we collect to our database servers. Our primary infrastructure is hosted on AWS Mumbai (ap-south-1). Your rights and protections will not be diluted by any such transfer.
In the ordinary course of business, we may engage third-party service providers to assist with certain components of our Services (such as cloud infrastructure and edge network services). We only share the minimum data necessary and ensure all such providers are bound by equivalent data protection obligations.
Where transfers are made to entities not situated in countries deemed adequate by the European Commission or other relevant authorities, we enter into appropriate Data Processing Addendums and Standard Contractual Clauses with those parties. For more details, see our Data Processing Addendum.
6. Compelled Disclosure
In addition to the purposes set out in this Policy, we may disclose data we have collected if required:
- Under applicable law or to respond to a legal process, such as a search warrant, court order, or subpoena.
- To protect our safety, your safety, or the safety of others, or in the legitimate interest of any party in the context of national security, law enforcement, or criminal investigation.
- If required in connection with legal proceedings brought against Shivicx, its officers, employees, affiliates, customers, or vendors.
- To establish, exercise, protect, defend, and enforce our legal rights.
7. Security of Your Personal Information
We implement industry-standard technical and organizational measures to protect your data from unauthorized access, use, loss, destruction, or disclosure. Sensitive data is encrypted using industry-standard techniques including TLS 1.3, RSA, and AES-256. We adhere to the ISO/IEC 27001:2022 and ISO/IEC 27701:2019 standards for information security and privacy management.
| Access Control | Access to personal data is granted only to authorized personnel on a need-to-know basis; access is logged and monitored. |
| Data Encryption | Sensitive personal data is encrypted both in transit (TLS 1.3) and at rest (AES-256). |
| Network Security | Secure network architecture including firewalls and intrusion detection to prevent unauthorized access. |
| Regular Audits | Regular security audits and assessments to identify vulnerabilities and ensure compliance with security policies. |
| Incident Management | Established protocols for managing and responding to security incidents, including data breaches. |
| Employee Training | Regular training for employees to ensure awareness of and compliance with our security policies. |
| Third-Party Compliance | Third-party service providers who handle personal data on our behalf are contractually required to adhere to equivalent security standards. |
| Business Continuity | Tested business continuity plans to ensure availability of critical information in the event of a disruption. |
8. Retention of Personal Information
We will store personal data we collect from you for as long as it is necessary to facilitate your use of the Services and for ancillary legitimate and essential business purposes — including improving our Services, addressing technical issues, and dealing with disputes.
We may need to retain your personal data even if you request deletion, if it is needed to comply with our legal obligations, resolve disputes, or enforce our agreements.
If you are a Customer: after you terminate your usage of a Service, we will, unless legally prohibited, delete all data provided or collected by you from our servers within 30 days of termination.
9. Your Rights as a Data Subject
Subject to applicable Data Protection Laws, you have the following rights with respect to your personal data:
Right to be Informed
You have the right to be informed about how your personal data is collected and used — which is the purpose of this Policy.
Right of Access
You have the right to request access to the personal data Shivicx holds about you, including the ability to review and verify its accuracy.
Right to Rectification
You have the right to request that we amend or update your personal data if it is inaccurate or incomplete.
Right to Erasure
You have the right to request that we delete your personal data.
Right to Restrict Processing
You have the right to request that we temporarily or permanently stop processing all or some of your personal data.
Right to Object
You have the right to object to our processing of your personal data under certain circumstances, including an absolute right to object to processing for direct marketing.
Right to Data Portability
You have the right to request a copy of your personal data in a structured, machine-readable format and to transfer it to another service.
Right Not to be Subject to Automated Decision-Making
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects.
To exercise any of the above rights, please contact our Grievance Officer (Section 11).
10. Your Rights under IT (SPDI) Rules, 2011
Shivicx adheres to the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. Under these Rules, you have the following rights:
| Right to be Informed and Give Consent | Before Shivicx collects any of your personal data, we will clearly explain what information we need, why we need it, and how we will use it. We will only collect your personal data with your explicit consent. |
| Right to Access Your Data | You have the right to request access to the personal information Shivicx holds about you, including the ability to review and verify its accuracy and completeness. |
| Right to Correct Mistakes | If you find any errors or missing information in your data held by Shivicx, you have the right to request corrections. We will take reasonable steps to update your information promptly. |
| Right to Withdraw Consent | You can withdraw your consent for Shivicx to process your sensitive personal data at any time by contacting our Grievance Officer. Once you withdraw consent, we will stop processing your data for the originally agreed purpose, unless a legal obligation requires continued processing. |
11. Grievance Officer
If you have any concerns, complaints, or feedback pertaining to this Policy, or if you would like to exercise any of your data subject rights, please contact our Grievance Officer:
Shivicx Technologies Private Limited
Grievance Officer — Adarsh Negi
We will respond to your request within 30 days of receipt, in accordance with the DPDP Act 2023 and applicable law.
12. Related Policies
This Policy should be read in conjunction with:
- Cookie Policy — details on how we use cookies and tracking technologies
- Data Processing Addendum (DPA) — binding obligations for Customers whose data we process as a Processor