Legal
GDPR Compliance
Zenvrix is committed to protecting the personal data of all users, including those in the European Economic Area (EEA). This page explains our approach to GDPR compliance.
Our Commitment
Although Zenvrix is primarily built for Indian educational institutions, we process personal data of some individuals who may reside in the EEA. We are fully committed to compliance with the General Data Protection Regulation (EU) 2016/679 and apply GDPR principles as a baseline for all our data processing activities globally.
Our Role as Data Processor
When Zenvrix processes student inquiry data on behalf of an educational institution, we act as a Data Processor and the institution acts as the Data Controller.
As a Data Processor, we:
- Only process data according to the institution's instructions
- Maintain appropriate technical and organizational security measures
- Assist the Data Controller in fulfilling data subject requests
- Delete or return data upon termination of the service agreement
- Maintain records of all processing activities
- Notify the Data Controller within 72 hours of becoming aware of a data breach
For data about our own customers (institution admins and team members), we act as the Data Controller.
Lawful Bases for Processing
Contract performance
Processing account and billing data to provide the service you have subscribed to.
Legitimate interests
Product analytics to improve our platform, security monitoring, and fraud prevention.
Legal obligation
Retaining certain business records as required by Indian tax and company law.
Consent
Marketing emails and optional analytics tracking. Consent can be withdrawn at any time.
Your Rights Under GDPR
Right to Access
Request a copy of all personal data we hold about you and how we process it. Response within 30 days.
Right to Rectification
Request correction of inaccurate or incomplete personal data. We act within 7 business days.
Right to Erasure
Request deletion of your personal data where there is no compelling reason for its continued processing.
Right to Restrict Processing
Request that we limit how we use your data while a dispute is being resolved.
Right to Data Portability
Receive your data in a structured, machine-readable format (CSV/JSON) for transfer to another service.
Right to Object
Object to processing based on legitimate interests or direct marketing purposes.
Right to Withdraw Consent
Where processing is based on consent, withdraw it at any time without affecting past processing.
Right to Lodge a Complaint
Complain to your national data protection authority if you believe we have misused your data.
To exercise any of these rights, email info@zenvrix.com with "GDPR Request" in the subject line. We respond within 30 days and may request identity verification before fulfilling your request.
Data Transfers Outside India/EEA
Your data is primarily stored in AWS Mumbai (India) or AWS Frankfurt (EU) based on your region. When we transfer data to sub-processors outside these regions (e.g., PostHog for analytics), we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Only engaging sub-processors that are GDPR compliant
- Data processing agreements with all sub-processors
Technical & Organizational Measures
Data Breach Notification
In the event of a personal data breach that is likely to result in a high risk to individuals, we will notify affected Data Controllers within 72 hours of becoming aware, and directly notify affected individuals as required under GDPR Article 34. For Indian data subjects, we follow CERT-In notification guidelines.
Data Protection Officer
While we are not required to appoint a formal DPO under GDPR, our Co-founder & CTO handles all data protection matters:
Priya Nair Co-founder & CTO
Email: info@zenvrix.com
Zenvrix Technologies Pvt. Ltd., Koramangala, Bangalore 560034, India