Privacy Policy

Zenvrix Technologies Pvt. Ltd. ("Zenvrix", "we", "us", or "our") operates the Zenvrix admission automation platform at zenvrix.com and app.zenvrix.com ("the Platform"). This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our Platform.

By accessing or using the Platform, you agree to the collection and use of information in accordance with this policy. We are committed to protecting personal information and your right to privacy in compliance with the Information Technology Act, 2000, the IT (Amendment) Act, 2008, and where applicable, the General Data Protection Regulation (GDPR).

We collect the following categories of information:

**Information you provide directly:** - Institution registration details (name, email, phone number, institution name, address) - User account information (name, email address, job role) - Student inquiry data entered by your team (name, email, phone, course interest) - Communication content entered into the Platform

**Information collected automatically:** - Log data (IP address, browser type, pages visited, time stamps) - Device information (hardware model, operating system, unique device identifiers) - Usage data (features used, actions taken, session duration) - Cookies and similar tracking technologies

**Information from third parties:** - WhatsApp Business API: Message content and delivery metadata - Google Calendar: Event data when connected for session booking - Payment processors: Transaction confirmation (we do not store card details)

We use the information we collect to:

- Provide, operate, and maintain the Zenvrix Platform - Process and manage student inquiries on behalf of institutions - Train and improve our AI models (using anonymized and aggregated data only) - Send transactional communications (account setup, billing, security alerts) - Send product update emails and newsletters (with your consent; you may opt out at any time) - Analyze usage patterns to improve product features and performance - Comply with legal obligations and enforce our Terms of Service - Prevent fraud and ensure platform security

**Legal bases for processing (GDPR):** Contract performance, legitimate interests, legal obligation, and consent where applicable.

We do not sell your personal data. We may share information in the following circumstances:

**Service providers:** We engage third-party vendors who process data on our behalf under strict data processing agreements, including: - Cloud hosting (AWS, Mumbai region for Indian data) - Analytics (PostHog anonymized usage data) - Payment processing (Razorpay) - Customer communication tools

**WhatsApp Business API:** Message data is processed by Meta under their API terms. We do not share student data with Meta beyond what is necessary for message delivery.

**Legal requirements:** We may disclose information if required by law, court order, or governmental authority.

**Business transfers:** In the event of a merger, acquisition, or sale of assets, user data may be transferred. We will notify affected users via email.

**Storage location:** All data for Indian institutions is stored on AWS servers located in Mumbai, India (ap-south-1 region). Enterprise customers may request data residency options.

**Security measures:** - All data in transit is encrypted using TLS 1.3 - All data at rest is encrypted using AES-256 - We implement role-based access controls and multi-factor authentication - Regular third-party security audits and penetration testing - SOC 2 Type II certified infrastructure

**Retention:** Institution account data is retained for the duration of your subscription plus 90 days. Student inquiry data (entered by your team) is owned by your institution and deleted upon written request.

Subject to applicable law, you have the following rights:

- **Access:** Request a copy of the personal data we hold about you - **Correction:** Request correction of inaccurate or incomplete data - **Deletion:** Request deletion of your personal data (subject to legal obligations) - **Portability:** Request your data in a machine-readable format - **Opt-out:** Unsubscribe from marketing emails at any time (link in every email) - **Withdraw consent:** Where processing is based on consent, you may withdraw it at any time

To exercise these rights, email us at **info@zenvrix.com**. We respond to all requests within 30 days.

We use cookies and similar tracking technologies for authentication, analytics, and platform functionality. See our Cookie Policy for detailed information on what cookies we set and how to manage them.

Essential cookies (login session, security) cannot be disabled as they are required for the Platform to function. Analytics cookies can be disabled in your browser or via our cookie consent banner.

The Zenvrix Platform is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we learn that we have collected personal information from a minor, we will delete it immediately.

Student inquiry data may sometimes relate to minors applying for school admissions. This data is processed on behalf of the educational institution as the data controller. Institutions are responsible for ensuring appropriate consents are obtained from parents/guardians.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email to the registered account email address and by displaying a notice on the Platform for 30 days before the changes take effect.

The current version's effective date is shown at the top of this page. Continued use of the Platform after the effective date constitutes acceptance of the updated policy.

For privacy-related inquiries, to exercise your rights, or to report a concern:

**Data Controller:** Zenvrix Technologies Pvt. Ltd. Koramangala, Bangalore, Karnataka 560034, India

**Privacy Officer:** Priya Nair (Co-founder & CTO) **Email:** info@zenvrix.com **Response time:** Within 30 days

For GDPR-related requests from European users, please mark your email with "GDPR Request" in the subject line.