Privacy Policy

Effective Date: 22 August 2025 | Last Updated: 22 July 2025

At Surfixy, we are committed to protecting your privacy and handling your data transparently. This Privacy Policy explains how we collect, use, share, and safeguard your personal data across all user types—customers, partners, developers, and general visitors—and ensures compliance with India’s Digital Personal Data Protection Act, 2023 (DPDPA) and the General Data Protection Regulation (GDPR) for international users.

1. Introduction

This policy describes how Surfixy (“we”, “us”, “our”) processes the personal data of all individuals who use our CRM platform, integrations, APIs, or website. It applies across all roles including clients, vendors, creators, freelancers, administrators, and visitors.

We act as a Data Fiduciary under India’s DPDPA and a Data Controller under GDPR.

2. Definitions

Data Principal: You, the individual whose data is processed.
Processing: Any action on data—collection, storage, usage, sharing, deletion.
Sensitive Personal Data: All personal data under DPDPA; special categories under GDPR.
DPO (Data Protection Officer): The person appointed to oversee privacy compliance.

3. Who We Are & Scope

This policy applies to personal data collected directly or indirectly via:

CRM account usage
Integrations (e.g. WhatsApp, email, OpenAI, payment gateways)
Developer APIs and SDKs
Website forms and analytics

It covers both Indian and global users.

4. Information We Collect

A. For Customers (Service Providers)

Name, email, phone number, business name
Offered services, specialization, certifications
Portfolio files, documents, ratings, reviews
Client communication history

Why: To create/manage profiles, match with client needs, personalize features, and facilitate secure communication.

B. For Partners

Business and registration details
Representative contacts
Signed agreements, performance data

Why: To manage our business relationship, enable integrations, process billing, and fulfill legal terms.

C. For Developers

Developer credentials, app metadata, API usage logs
Connected customer data (if permitted)
Error logs and token access

Why: To monitor secure API access, provide support, and track performance under developer terms.

D. For Everyone (General Users)

IP address, browser/device info, OS, usage behavior
Newsletter signups, contact form submissions

Why: To analyze performance, improve the site, support inquiries, and enhance marketing (only with consent).

5. Legal Basis for Processing

Contractual necessity
Consent
Legitimate interest
Legal obligation

All processing complies with DPDPA and GDPR requirements.

6. Your Rights

Access, update, delete your data
Withdraw consent
Request data portability (GDPR only)
Nominate a representative (DPDPA only)

Contact: privacy@surfixy.com

7–18. Remaining Sections

Sections on Consent Management, Retention, Security, Sharing, Cookies, Children's Data, Breaches, Grievances, Privacy by Design, Updates, Governing Law, and Contact have been preserved in your original text and can be included in full here if needed. Due to space, we’ve shortened for this preview. Let me know if you want the rest fully formatted.