Legal · Last updated 2026-05-06
Privacy Policy
This Privacy Policy explains how ZionX Technologies Private Limited("ZionX", "we", "us") collects, uses, discloses, and safeguards personal data when you visit our website, contact us, or otherwise interact with our services. We treat compliance with the Indian Digital Personal Data Protection Act, 2023 ("DPDP Act") and the EU/UK General Data Protection Regulation ("GDPR") as the baseline.
1. Data we collect
We collect the minimum personal data required to operate this site and respond to enquiries:
- Contact form data: name, work email, company, company size, service interests, message content, and consent confirmation.
- Newsletter signups: email address and the timestamp of double-opt-in confirmation.
- Booking enquiries: any data you provide directly to our scheduling provider (Cal.com) when you book a strategy call.
- Technical data: IP address, browser user-agent, referring URL, and device characteristics, captured for security and aggregate analytics only.
- Cookies and similar technologies: see our Cookie Policy. Non-essential cookies are loaded only after you grant consent.
2. Purposes and legal bases
- Responding to enquiries: on the basis of your consent and our legitimate interest in handling business communications you initiate.
- Service delivery: on the basis of contract performance once you become a client.
- Newsletter: on the basis of explicit, double-opt-in consent.
- Security and abuse prevention: on the basis of our legitimate interest in protecting the site and our users.
- Analytics: on the basis of consent. Disabled until you accept the cookie banner.
3. Data retention
- Contact form leads: retained up to 24 months unless the enquiry converts to an active engagement, in which case contractual retention applies.
- Analytics data: retained up to 14 months in aggregated form.
- Newsletter subscribers: retained until you unsubscribe.
4. Sharing and processors
We use the following third-party processors. Each is bound by a Data Processing Agreement (DPA):
- Vercel— hosting and CDN.
- Resend— transactional email delivery.
- Upstash— rate limiting (stores hashed IP for a rolling one-hour window).
- Cloudflare— bot protection (Turnstile) and CDN edges.
- Cal.com— scheduling, when you choose to book a call.
- PostHog— product analytics (consent-gated).
- Google Workspace— business email infrastructure.
We do not sell personal data, and we do not transfer it for marketing purposes outside this list.
5. Your rights
Subject to applicable law (DPDP Act, GDPR, and others), you have the right to:
- Access the personal data we hold about you;
- Request correction of inaccurate data;
- Request erasure of your data, subject to legal retention duties;
- Withdraw consent at any time;
- Object to processing or request restriction;
- Lodge a grievance through our Grievance Officer (see below) or with a competent data protection authority.
6. Grievance Officer (DPDP Act)
For any data-protection grievance, please write to our Grievance Officer. We acknowledge grievances within 48 hours and respond substantively within 30 days, in line with the DPDP Act and IT Rules 2021.
See the dedicated Grievance Officer page for current name, email address, and escalation pathways.
7. International transfers
Some processors operate in jurisdictions outside India and the European Union. Where transfers occur, we rely on Standard Contractual Clauses or equivalent safeguards.
8. Security
We apply industry-standard technical and organisational measures including TLS in transit, encrypted storage, least-privilege access controls, server-side rate limiting, and bot protection. No system is perfectly secure; we will notify affected users of any incident in line with applicable law.
9. Changes to this policy
We may revise this policy from time to time. Material changes will be announced on this page; the "Last updated" date above reflects the most recent revision.
10. Contact
Compliance enquiries: info@zionxtechno.com. General enquiries: info@zionxtechno.com.