Privacy Policy

Last Updated: March 8, 2025

1. Introduction

At Odento Infolabs Pvt Ltd ("ComplyX," "we," "us," or "our"), we respect your privacy and are committed to protecting it. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our ComplyX compliance management platform, which includes our website, mobile applications, and related services (collectively, the "Services").

Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the Services. By accessing or using our Services, you consent to the collection, use, and sharing of your information as outlined in this Privacy Policy.

2. Information We Collect

We collect several types of information from and about users of our Services, including:

2.1 Personal Information

Personal information is information that identifies you as an individual. We collect the following types of personal information:

  • Account Information: When you register for an account, we collect your name, email address, phone number, job title, and company details.
  • Profile Information: Information you provide in your user profile, such as your photograph, professional qualifications (for professionals), and professional experience.
  • Identity Verification: For compliance professionals, we may collect additional verification information such as professional registration numbers, identification documents, and qualifications.
  • Payment Information: When you subscribe to our paid services, we collect billing information and payment details through our payment processors.
  • Communication Data: Records and copies of your correspondence with us, including email addresses and phone numbers used to contact us.
  • Authentication Information: If you choose to use third-party authentication providers like Google Authentication, we collect information provided by these services.

2.2 Non-Personal Information

We also collect non-personal information, which is data that does not identify you as an individual. This includes:

  • Device Information: Information about your device, including IP address, device type, operating system, browser type, and other technical information.
  • Usage Data: Information about how you use our Services, including pages visited, features used, actions taken, time spent on our Services, and other interaction data.
  • Location Data: General location information derived from your IP address.
  • Cookies and Similar Technologies: Information collected through cookies, web beacons, and similar technologies as described in our Cookie Policy.
  • Aggregated Data: Statistical or demographic data for any purpose that does not directly identify you.

3. How We Collect Your Information

We collect information from you in several ways:

  • Direct Interactions: Information you provide when you create an account, fill out forms, correspond with us, or use our Services.
  • Automated Technologies: As you navigate through our Services, we may use cookies and similar technologies to collect certain information about your equipment, browsing actions, and patterns.
  • Third-Party Sources: We may receive information about you from third-party partners, such as authentication providers, payment processors, and other service providers.

3.1 Authentication Services

ComplyX uses Google Authentication for user authentication. When you choose to sign in using Google Authentication, we collect:

  • Your Google account email address
  • Your Google profile name
  • Your Google profile picture (if available)
  • A unique identifier associated with your Google account

Google may provide additional information subject to your Google account privacy settings. We use this information only for authentication purposes and to create and manage your ComplyX account.

3.2 Payment Processing

For payment processing, we use Razorpay, a third-party payment processor. When you make payments through our Services, Razorpay collects payment information directly from you. We do not store your full payment card details on our servers. Razorpay's collection and use of your payment information is governed by their privacy policy.

We receive limited information from Razorpay to confirm successful transactions, including:

  • Transaction ID
  • Transaction status
  • Transaction amount
  • Last four digits of the payment card (if applicable)
  • Billing address information

4. How We Use Your Information

We use the information we collect about you for various purposes, including:

  • Providing and Improving Our Services: To operate, maintain, and enhance the functionality of our Services.
  • User Authentication and Account Management: To create and manage your account, authenticate your identity, and provide you with access to our Services.
  • Processing Transactions: To process payments and fulfill subscriptions.
  • Connecting Users: To connect companies with compliance professionals based on their requirements and expertise.
  • Communications: To communicate with you about our Services, respond to inquiries, and provide customer support.
  • Service Notifications: To send you technical notices, updates, security alerts, and support and administrative messages.
  • Marketing and Promotions: With your consent, to send you marketing communications about our products, services, and features that may interest you.
  • Analytics and Research: To analyze usage patterns, conduct research, and improve our Services.
  • Compliance and Legal Requirements: To comply with applicable laws, regulations, and legal processes.
  • Security and Fraud Prevention: To detect, prevent, and address technical issues, security breaches, fraudulent activity, or violations of our Terms of Service.

5. Disclosure of Your Information

We may disclose your information in the following circumstances:

  • Service Providers: We share information with third-party vendors, consultants, and service providers who perform services on our behalf, such as hosting providers, payment processors, customer support services, analytics providers, and email delivery services.
  • Platform Users: As the primary function of our platform is to connect companies with compliance professionals, we share certain profile information between users as necessary for the operation of our Services.
  • Business Transfers: If we are involved in a merger, acquisition, financing, or sale of all or a portion of our business or assets, your information may be transferred as part of that transaction.
  • Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).
  • Protection of Rights: We may disclose your information to protect and defend the rights, property, or safety of ComplyX, our users, or others.
  • With Your Consent: We may disclose your information with your consent or at your direction.

We do not sell, rent, or lease your personal information to third parties for their marketing purposes without your explicit consent.

6. Third-Party Integrations

Our Services integrate with various third-party services to provide enhanced functionality. These third-party integrations may collect information from you or about your use of our Services.

6.1 Google Cloud Platform

ComplyX uses Google Cloud Platform for hosting and infrastructure services. Data stored on Google Cloud is subject to Google's security practices and privacy policies. Google Cloud's infrastructure meets various security standards and certifications, including ISO 27001, SOC 2/3, and PCI DSS.

6.2 Google Authentication

As described above, we use Google Authentication for user authentication. This integration is subject to Google's Privacy Policy and Terms of Service.

6.3 Razorpay

For payment processing, we use Razorpay, which collects and processes payment information according to its own privacy policy and security standards. Razorpay is PCI DSS Level 1 compliant, ensuring that your payment information is handled securely.

We encourage you to review the privacy policies of these third-party services for more information about how they collect, use, and share your information.

7. Your Data Rights and Choices

We respect your right to control your data. You have the following rights regarding your personal information:

7.1 Access and Update

You can access and update your account information at any time by logging into your account and editing your profile. If you need assistance in accessing or updating your information, please contact us at support@complyx.app.

7.2 Data Portability

You have the right to request a copy of the personal information we hold about you in a structured, machine-readable format. To request your data, please contact us at privacy@complyx.app.

7.3 Deletion and Restriction

You have the right to request the deletion of your personal information. You can delete your account and associated data by:

  1. Logging into your account and navigating to Account Settings
  2. Selecting the "Delete Account" option
  3. Following the confirmation process to permanently delete your account

Alternatively, you can request deletion by contacting us at privacy@complyx.app. Please note that we may retain certain information as required by law or for legitimate business purposes, such as record keeping, dispute resolution, and enforcement of our agreements.

7.4 Marketing Communications

You can opt out of receiving marketing communications from us by clicking on the "unsubscribe" link in any marketing email we send you, or by contacting us at support@complyx.app. Please note that even if you opt out of marketing communications, we will still send you service-related communications, such as those about your account or ongoing business relations.

7.5 Cookies and Tracking Technologies

Most web browsers are set to accept cookies by default. You can adjust your browser settings to reject cookies or to alert you when cookies are being sent. Please note that some parts of our Services may not function properly if you disable cookies.

8. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, disclosure, alteration, or destruction. Our security measures include:

  • Data Encryption: We use industry-standard encryption protocols (SSL/TLS) to protect data in transit and at rest.
  • Access Controls: We implement strict access controls and authentication mechanisms to limit access to your data.
  • Regular Security Assessments: We conduct regular security assessments and vulnerability testing of our systems.
  • Employee Training: Our employees receive privacy and security training and are bound by confidentiality obligations.
  • Secure Infrastructure: Our services are hosted on Google Cloud Platform, which maintains robust security certifications and compliance standards.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security. You are responsible for maintaining the secrecy of your unique password and account information.

8.1 Security Standards and Compliance

ComplyX maintains compliance with various security standards and regulations, including:

  • ISO 27001: Our information security management system follows ISO 27001 principles.
  • GDPR: We comply with the General Data Protection Regulation for users in the European Economic Area.
  • Data Protection Act, 2019 (Indian Law): We adhere to Indian data protection requirements.
  • PCI DSS: Our payment processing complies with the Payment Card Industry Data Security Standard through our payment processor, Razorpay.

8.2 Data Breach Notification

In the event of a data breach that compromises your personal information, we will notify you and the relevant regulatory authorities as required by applicable law. The notification will include information about the breach, the data affected, and steps you can take to mitigate potential harm.

9. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including to provide you with our Services, comply with legal obligations, resolve disputes, and enforce our agreements.

The criteria used to determine our retention periods include:

  • The length of time you have an account with us
  • Our legal obligations under applicable law
  • Statute of limitations for potential legal claims
  • Guidelines from relevant regulatory authorities

After you delete your account, most of your personal information will be deleted within 30 days. However, we may retain certain information in anonymized or aggregated form for analytical purposes or as required by law.

10. Children's Privacy

Our Services are not intended for children under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18 without verification of parental consent, we will take steps to remove that information from our servers.

11. International Data Transfers

ComplyX strictly adheres to data residency requirements and operates primarily in India. We do not transfer, sell, or process your personal information outside of compliant regions. All our data processing activities comply with local regulations regarding data storage and processing.

Our infrastructure is designed to ensure that your data remains within the geographic boundaries required by applicable laws. When you use our Services, your information is processed and stored in data centers located in compliance with relevant data protection regulations.

We have implemented technical and organizational measures to ensure that any processing of your personal data is conducted in accordance with the applicable data protection laws of your jurisdiction. This includes careful selection of service providers who can meet our strict data residency requirements.

For users in regions with specific data residency requirements, we maintain appropriate regional infrastructure to comply with these regulations. This ensures your data stays within the required geographic boundaries while still allowing you to fully access and use our Services.

12. Changes to Our Privacy Policy

We may update our Privacy Policy from time to time. If we make material changes, we will notify you by posting the new Privacy Policy on this page and, where appropriate, sending you an email notification.

We encourage you to review this Privacy Policy periodically for any changes. The date the Privacy Policy was last revised is identified at the top of the page.

13. Contact Information

If you have any questions, concerns, or feedback about this Privacy Policy or our privacy practices, please contact us at:

Odento Infolabs Pvt Ltd
WeWork Seawoods Grand Central,
10th Floor Tower 1, Sec-40, Seawoods, Nerul,
Navi Mumbai, Maharashtra, India-400706

Email:
Privacy Inquiries: privacy@complyx.app
General Support: support@complyx.app

Phone: +91-1234567890

14. Additional Information for Specific Jurisdictions

14.1 Information for Users in India

For users in India, we comply with applicable Indian data protection laws. The Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, govern the collection and use of personal information in India.

If you are located in India, you have the right to file a complaint with the relevant authorities regarding any violation of your privacy rights.

14.2 Information for Users in the European Economic Area (EEA)

If you are located in the EEA, you have certain rights under the General Data Protection Regulation (GDPR), including the right to object to processing, the right to data portability, and the right to lodge a complaint with a supervisory authority.

The legal basis for our processing of your personal information includes:

  • Performance of a contract when we provide you with our Services
  • Our legitimate interests, which do not override your fundamental rights and freedoms
  • Compliance with legal obligations
  • Your consent, where applicable