Privacy Policy

Last updated: 25 May 2026

Sphyx Digital Private Limited(“Sphyx”, “we”, “us”) takes your privacy seriously. This policy describes what we collect, why we collect it, what we do with it, and your rights.

1. Information we collect

• Contact details you submit via our intake forms (name, email, phone, company).
• Project information you share when describing your needs.
• Payment information — collected and processed entirely by our payment partners (see section 4). We do not store full card numbers or bank credentials on our servers.
• Billing information — legal name, billing address, GSTIN (if applicable), invoice history.
• Technical data — IP address, browser type, pages visited — via standard server logs and (where consented) analytics tools.
• OAuth tokens (Meta, LinkedIn, Google) when you connect a platform to one of our managed-service tools. Stored encrypted, never sold, never used outside the service you connected them for.

2. How we use it

• To respond to your enquiry and deliver services you've engaged us for.
• To process payments, issue invoices, and handle refunds.
• To improve our website and services.
• To comply with legal obligations (tax records, GST filings, statutory record-keeping).
• To send service updates, billing notifications, and (with opt-in) occasional product news.

3. Sharing & sub-processors

We do not sell personal data. We share only with vetted sub-processors required to deliver our services, under contractual confidentiality:

• Payment processors — Razorpay (India), Stripe (international).
• Hosting infrastructure — cPanel hosting provider, Cloudflare.
• Communications — Meta WhatsApp Business Platform, email service providers.
• Analytics — Google Analytics (if consented).

4. Payment processing

Payments on sphyx.in are processed by Razorpay and/or Stripe. Card details, UPI handles, net-banking credentials, and similar payment instruments are submitted directly to the payment processor over a PCI-DSS-compliant connection. We receive only the transaction status, payment ID, last 4 digits of the card (if applicable), and the cardholder name — all stored encrypted.

Razorpay's privacy policy: razorpay.com/privacy
Stripe's privacy policy: stripe.com/in/privacy

5. Retention

We retain personal data for the duration of your engagement plus the period required for legal compliance (typically 8 years for financial records under Indian tax law). You may request earlier deletion of non-mandatory data at any time by emailing info@sphyx.in.

6. Security

We use HTTPS everywhere, encrypt sensitive fields at rest, run access logs, restrict admin access, and rotate credentials on a schedule. Despite reasonable precautions, no online service can guarantee absolute security — please use a strong unique password for any account you create with us.

7. Your rights (DPDP Act 2023)

Under applicable Indian law you have the right to access, correct, and delete your personal data, to withdraw consent, and to nominate a representative. Contact us at info@sphyx.in to exercise any of these rights.

8. Cookies

We use essential cookies for site functionality. Analytics cookies are loaded only with your consent (via the cookie banner where displayed).

9. Children's data

Our services are for businesses, not individuals under 18. We do not knowingly collect data from children. If we learn we have collected such data, we delete it immediately.

10. Updates to this policy

We may update this policy. Material changes will be notified by email to active customers or via a banner on the site.

11. Grievance Officer

Per the DPDP Act 2023, grievances may be addressed to:
Grievance Officer — Aatmik, Founder, Sphyx Digital Private Limited
Email: info@sphyx.in