1. INTRODUCTION

Aixclerate ("Company," "we," "us," "our," or "Aixclerate") is committed to protecting the privacy and security of personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our website (aixclerate.com), services, and AI agent platform (collectively, the "Service").

This Privacy Policy is compliant with:

• Digital Personal Data Protection (DPDP) Act, 2023 (India)
• Information Technology Act, 2000 (India)
• General Data Protection Regulation (GDPR) (EU)
• California Consumer Privacy Act (CCPA) (USA)

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Service.

2. DEFINITIONS

Data Controller

Aixclerate Pvt Ltd acts as a Data Controller when:

• You visit our website
• You request information about our services
• We process your personal data for marketing or sales purposes

Data Processor

Aixclerate Pvt Ltd acts as a Data Processor when:

• You are a customer using our AI agent services
• We process personal data on your behalf as per your instructions
• Your customers' data is processed through our agents (e.g., customer inquiry data, lead information, conversation transcripts)

3. INFORMATION WE COLLECT

3.1 Information You Provide Directly

When You Visit Our Website:

• Contact Information: Name, email address, phone number, company name
• Message Content: Any inquiries, comments, or messages sent through contact forms
• Usage Data: IP address, browser type, device type, pages visited, time spent

When You Use Our Service:

• Account Information: Company name, billing address, subscription details, payment information
• Service Configuration: Business processes you want to automate, agent instructions, knowledge base documents
• Performance Metrics: Data about agent interactions, success rates, user feedback
• Communication Records: Email exchanges, chat logs, support tickets

When Your Business Uses Our Agents:

• Customer Data: Names, phone numbers, email addresses, conversation transcripts
• Interaction Data: Messages sent/received, call recordings, sentiment analysis, engagement metrics
• Business Data: Product information, pricing, inventory data shared with agents

3.2 Information Collected Automatically

Website Analytics: Cookies, tracking data, device information

Service Usage Data: API logs, system monitoring, user behavior

3.3 Information from Third Parties

• Payment Processors: Stripe, Razorpay provide transaction confirmations
• Third-Party Integrations: Salesforce, Zoho, HubSpot may provide customer data (with your permission)
• SMS/Voice Providers: Twilio, ElevenLabs provide API usage logs

3A. GOOGLE API SERVICES

Google User Data

Aixclerate's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

How We Access Google Data

If you choose to connect your Google account to Aixclerate services, we may access:

• Gmail: To send automated emails from your AI agents on your behalf (with your explicit consent)
• Google Calendar: To schedule appointments and book meetings through our AI agents
• Google Contacts: To sync customer contact information for our CRM integration
• Google Drive: To access knowledge base documents you provide for agent training

Limited Use of Google Data

We strictly limit our use of Google user data to:

• Providing and improving the specific features you have requested
• Security purposes (detecting and preventing fraud or abuse)
• Complying with applicable laws

We do NOT:

• Transfer Google user data to third parties (except as necessary to provide our services)
• Use Google data for serving advertisements
• Allow humans to read Google user data without explicit consent (except for security, compliance, or with your permission)
• Use Google data for training AI models (your data remains private)

Revoking Access

You can revoke Aixclerate's access to your Google account at any time by visiting Google Account Permissions.

3B. WHATSAPP BUSINESS API

WhatsApp Business Integration

Aixclerate uses WhatsApp Business API (provided by Meta Platforms, Inc.) to enable businesses to communicate with their customers through WhatsApp. When you use our WhatsApp agent services:

Data Processed Through WhatsApp

• Customer Phone Numbers: Phone numbers of customers who message your WhatsApp Business account
• Message Content: Text messages, media files (images, videos, documents) sent and received
• Conversation Metadata: Message timestamps, delivery status, read receipts
• Profile Information: Customer's WhatsApp profile name and photo (if shared)

How WhatsApp Data is Used

• To deliver automated responses and AI agent conversations on your behalf
• To route customer inquiries to appropriate AI agents or human support
• To store conversation history for quality assurance and training
• To generate analytics and performance reports

Meta's Privacy Policy

WhatsApp messages are subject to Meta's WhatsApp Business Policy and WhatsApp Privacy Policy. Meta (WhatsApp's parent company) provides end-to-end encryption for messages.

Your Rights Regarding WhatsApp Data

• Request deletion of conversation history with your WhatsApp Business account
• Opt-out of receiving WhatsApp messages from businesses using Aixclerate
• Block or report WhatsApp Business accounts
• Contact us to exercise data subject rights (Section 12)

3C. AI-POWERED SERVICES & AUTOMATED DECISION-MAKING

How We Use Artificial Intelligence

Aixclerate's core service uses advanced AI and machine learning models to power intelligent agents. Our AI agents can:

• Engage in natural language conversations with customers
• Understand customer intent and context
• Provide automated responses based on your knowledge base
• Qualify leads and gather information
• Schedule appointments and book meetings
• Route inquiries to appropriate departments or human agents

AI Models We Use

We use industry-leading AI providers to power our agents:

• OpenAI (GPT-4, GPT-4o, GPT-3.5): Conversational AI and natural language understanding
• Anthropic (Claude): Advanced reasoning and context-aware responses
• Groq: High-performance AI inference
• ElevenLabs: Voice synthesis for phone-based AI agents

Automated Decision-Making

Our AI agents make automated decisions such as:

• Lead Qualification: Determining whether a customer meets your business criteria
• Routing Decisions: Directing conversations to specific agents or departments
• Response Selection: Choosing appropriate replies based on customer queries
• Intent Classification: Understanding what customers are asking for

Important: Our AI agents do NOT make high-stakes automated decisions such as:

• Final credit or loan approval decisions
• Employment decisions (hiring, firing, promotion)
• Legal determinations
• Medical diagnoses or treatment recommendations

Your Rights (GDPR & DPDP Act 2023)

Under GDPR Article 22 and DPDP Act 2023, you have the right to:

• Human Intervention: Request human review of automated decisions
• Explanation: Understand how AI reached a specific decision
• Contest: Challenge automated decisions that affect you
• Opt-Out: Request to interact with human agents instead of AI

AI Limitations & Accuracy

4. HOW WE USE YOUR INFORMATION

4.1 For Website Visitors & Prospective Customers

• Respond to inquiries and provide information about our services
• Send marketing emails, webinar invitations, product updates (with your consent)
• Improve website functionality and user experience
• Conduct analytics to understand traffic patterns
• Detect and prevent fraud

4.2 For Customers Using Our Service

• Provision and maintain AI agent services
• Process transactions and billing
• Provide customer support and troubleshooting
• Monitor service performance and security
• Train and improve our agents and algorithms
• Generate performance reports and analytics for you

4.3 For Data of Your Business Customers

We process your customers' personal data only as instructed by you as data controller:

• Execute your requested AI agent interactions (answer inquiries, qualify leads, book appointments)
• Provide you reporting on agent performance
• Maintain conversation logs for quality assurance (you can delete anytime)

4.4 Aggregated & Anonymized Data Usage

To improve our AI agents and service quality, we may anonymize conversation patterns, aggregate success metrics, and train new agents on anonymized interactions.

Your Control: You can opt out of anonymized training data usage in your account settings.

5. LEGAL BASIS FOR PROCESSING (DPDP ACT 2023)

We process personal data only on legitimate legal basis:

Data Fiduciary Responsibility

As a SaaS provider handling personal data, Aixclerate is classified as a Data Fiduciary under DPDP Act 2023 and implements: Data Protection by Design principles, encryption and access controls, employee training on data handling, regular security audits, and incident response procedures.

6. DATA RETENTION

Note: Backup copies may be retained for 30 additional days for disaster recovery.

7. DATA SHARING & DISCLOSURE

7.1 We DO Share Data With Subprocessors

We use third-party services as Data Processors (with Data Processing Agreement):

Communications & Voice:

• Twilio (USA): SMS, WhatsApp Business API provider - Data: Phone numbers, message content
• ElevenLabs (USA): Voice synthesis and recognition - Data: Voice recordings, transcripts
• OpenAI/Anthropic/Groq (USA): AI models - Data: Conversation context (anonymized)

Infrastructure & Data Storage:

• Amazon Web Services (USA): Cloud hosting - Data: All encrypted data at rest
• MongoDB (USA): Database provider - Data: Encrypted databases

Payment Processing:

• Stripe (USA): Payment processing - Data: Name, email, billing address
• Razorpay (India): Payment processing - Data: Name, email, billing address

7.2 We DO NOT Share Data With

• Third-party marketing or advertising networks
• Data brokers or unauthorized intermediaries
• Competitors or unrelated businesses

7.3 Data Disclosure When Required

We may disclose personal data when required by law, to protect legal rights, prevent fraud, in business transfers (merger, acquisition), or when you explicitly authorize disclosure.

8. CROSS-BORDER DATA TRANSFER

For Users in India

DPDP Act Requirement: Personal data of Indian residents must be stored in India.

Our Compliance: Customer data and business user data is stored on AWS India (Mumbai region). We do NOT transfer your data to US/EU servers. Limited exceptions for subprocessor data transfer only with explicit written consent.

For Users in EU (GDPR Compliance)

Data stored in EU region (Frankfurt) by default. Standard Contractual Clauses (SCCs) in place for any US transfers. Explicit consent required for transfer outside EU.

For Users in USA (CCPA Compliance)

Data stored in US region. Transparency provided on all data uses. Consumer rights honored (deletion, access, opt-out).

9. DATA SECURITY

Encryption

• In Transit: TLS 1.3 encryption for all data transfers
• At Rest: AES-256 encryption for databases and file storage
• Keys: Encryption keys stored in AWS Key Management Service (KMS)

Access Control

• Role-Based Access Control (RBAC)
• Multi-Factor Authentication (MFA) for all admin accounts
• Audit Logs: All data access is logged and monitored
• VPN Access required for internal access

Infrastructure Security

• Firewalls & WAF (Web Application Firewall)
• DDoS Protection via Cloudflare
• Weekly automated vulnerability scanning
• Quarterly third-party penetration testing
• Compliance Certifications: ISO 27001 (in progress), SOC 2 (planned 2026)

Data Breach Response

In case of data breach, we will: Assess breach severity, notify you within 24 hours (as per DPDP Act), notify affected individuals within 72 hours if required, notify Data Protection Board of India within 72 hours if serious, provide forensic analysis and remediation plan.

10. YOUR RIGHTS UNDER DPDP ACT 2023

As per Digital Personal Data Protection Act 2023, you have the following rights:

To exercise these rights: Submit request via privacy@aixclerate.com

11. GDPR COMPLIANCE (for EU Users)

If you are located in the EU or your business operates in EU, we comply with GDPR:

Your Additional Rights

• Right to object to processing
• Right to restrict processing
• Right to automated decision-making appeal
• Right to lodge complaint with your EU supervisory authority

Data Processing Agreement (DPA)

Customers receive DPA compliant with GDPR Article 28. Data sub-processor list provided. Data Protection Impact Assessment (DPIA) available upon request. EU data stored in AWS Frankfurt region by default.

12. CALIFORNIA PRIVACY ACT (CCPA) COMPLIANCE

If you are a California resident:

Your Rights Under CCPA

• Right to know what data is collected
• Right to access your personal data
• Right to delete personal data
• Right to opt-out of "sale" of personal data
• Right to non-discrimination for exercising rights

Our Compliance

We do not "sell" personal data to third parties. Clear disclosure of data practices in this policy. Request fulfillment within 30 days. Contact: privacy@aixclerate.com

13. COOKIES & TRACKING TECHNOLOGIES

Cookies are small files stored on your browser that remember your preferences and activity.

Types of Cookies We Use

Your Cookie Control

• Disable: Browser settings → Privacy → Manage cookies
• Clear: Clear cookies manually anytime
• Third-Party: Use opt-out tools at optout.aboutads.info

We honor browser Do Not Track (DNT) signals where possible.

14. MARKETING & COMMUNICATIONS

Email Subscriptions

• We send product updates, webinars, and occasional promotions
• Frequency: 1-2 emails per week
• Unsubscribe: Click "Unsubscribe" link in every email
• Instant: Honor opt-out within 24 hours

Marketing Consent

We obtain explicit consent before email marketing. Consent captured via checkbox on website forms, email opt-in confirmation, and account settings consent.

Third-Party Marketing

We do NOT share your email with third-party marketers. We do NOT enable retargeting on third-party sites without permission.

15. CHILDREN'S PRIVACY

Aixclerate is not intended for children under 18 years old. We do not knowingly collect personal data from children.

If you are under 18: Do not use this service or provide information to us.

If Parent/Guardian: Notify us immediately at privacy@aixclerate.com if your child has provided information.

16. POLICY UPDATES

Changes to This Policy

We may update this Privacy Policy as laws change, our practices change, or we introduce new services.

Your Notification

• Major changes: Email notification to registered email address
• Minor changes: Updated on this page with revised date

Review this policy periodically for updates. Continued use of our Service after updates means you accept the new policy.

17. CONTACT US

Privacy Questions or Requests

For data protection inquiries related to GDPR, please contact our Data Protection Officer at: dpo@aixclerate.com

Response Time:

• Standard requests: 30 days
• Urgent requests: 48 hours
• Legal/law enforcement: As required by law

Grievances

• Email: grievance@aixclerate.com
• Data Protection Officer: dpo@aixclerate.com

Data Protection Board of India

If you have concerns we cannot resolve:
Data Protection Board of India (DPBI)
Website: dpb.gov.in

18. ADDITIONAL NOTICES

India-Specific Notice (DPDP Act)

As an Indian data fiduciary, Aixclerate commits to: Processing data only for stated purposes, implementing security safeguards against unauthorized use, respecting individuals' data rights, maintaining transparency in data handling, providing grievance redressal mechanism, and cooperating with Data Protection Board of India.

Limitation of Liability

While we implement reasonable security measures, no system is 100% secure. Aixclerate is not liable for: Security breaches resulting from unauthorized third-party access, data loss due to customer negligence or account sharing, or misuse of personal data by customers.

19. DEFINITIONS

• Personal Data: Information that identifies or can identify an individual
• Data Subject: Individual whose personal data is processed
• Data Controller: Entity determining purpose and means of data processing (typically you, our customer)
• Data Processor: Entity processing data on controller's behalf (Aixclerate, when using our services)
• Subprocessor: Third-party processor engaged by the processor
• Processing: Any operation on data (collection, storage, analysis, deletion)
• Data Breach: Unauthorized or unlawful processing resulting in loss of data

20. ACKNOWLEDGMENT

By using Aixclerate services, you acknowledge:

• ✓ You have read and understood this Privacy Policy
• ✓ You consent to data processing as described
• ✓ You understand your rights under DPDP Act 2023
• ✓ You agree to our Terms of Service