Privacy Policy

RxSynapse ("we", "our", or "us") provides AI-powered solutions for the BFSI sector, including RxFlow (real-time trading intelligence) and RxCommunication (conversational AI platform). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

By using any RxSynapse service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

1. Information We Collect

1.1 Account Information

• Contact Information: Name, email address, phone number
• Account Credentials: Username, password (encrypted), authentication tokens
• Profile Information: User preferences, settings, and customization options
• Company Information: For business accounts, company name, role, and organizational details

1.2 Usage Data

• Service Usage: Features accessed, frequency of use, session duration
• Interaction Data: Queries, searches, filters, and preferences within our platforms
• Performance Metrics: Response times, error logs, and system diagnostics
• Communication Data: Messages sent through our platforms (for RxCommunication users)

1.3 Technical Information

• Device Information: Device type, operating system, browser type and version
• IP Address: For security, fraud prevention, and service delivery
• Log Data: Access times, pages viewed, actions taken
• Cookies and Tracking: Session cookies, analytics cookies, preference cookies

1.4 Payment Information

• Billing Details: Payment method, billing address, transaction history
• Payment Processor Data: Processed securely through third-party payment gateway (Razorpay)
• Tax Information: GST numbers and tax compliance data for Indian regulations
• Invoice Data: Purchase history, subscription details, payment receipts

1.5 Integration Data

• Third-Party Integrations: Data from integrated services (Telegram, communication platforms)
• API Usage: API calls, integration logs, and third-party service interactions
• Notification Preferences: Delivery channels (email, SMS, push, Telegram)

2. How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: Provide, operate, and maintain our AI-powered BFSI solutions
• Authentication & Security: Verify user identity, prevent fraud, and protect accounts
• Personalization: Customize user experience based on preferences and usage patterns
• Communication: Send service updates, notifications, alerts, and support messages
• Analytics & Improvement: Analyze usage patterns to improve features and performance
• Payment Processing: Handle subscriptions, billing, and financial transactions
• Compliance: Meet legal obligations including GST, tax reporting, and regulatory requirements
• Customer Support: Respond to inquiries, troubleshoot issues, and provide assistance
• Research & Development: Develop new features and enhance existing services

3. Third-Party Services

We integrate with the following third-party services to provide our platforms:

3.1 Authentication Services

• Firebase Authentication (Google): User authentication and identity management
• Data Shared: Email, phone number, authentication tokens
• Privacy Policy: Firebase Privacy Policy

3.2 Payment Processing

• Razorpay: Payment gateway for credit/debit cards, UPI, net banking, and wallets
• Data Shared: Payment amount, billing information, transaction details
• Note: Payment processor handles sensitive financial data securely; we do not store complete card numbers
• Privacy Policy: Razorpay Privacy Policy

3.3 Communication Platforms

• Telegram Bot API: Real-time notifications and bot interactions
• Email Services: Transactional emails and notifications
• SMS Providers: SMS notifications and alerts (when applicable)
• Data Shared: User identifiers, message content, delivery preferences

3.4 Analytics & Monitoring

• Google Analytics 4: Website and application analytics
• Data Shared: Page views, user interactions, general location, device information
• Opt-Out: Use browser settings or Google Analytics Opt-out Add-on
• Privacy Policy: Google Privacy Policy

3.5 Cloud Infrastructure

• Hosting Providers: Secure cloud infrastructure for data storage and processing
• Database Services: PostgreSQL with SSL/TLS encryption
• CDN Services: Content delivery for improved performance

4. Data Storage and Security

4.1 Data Storage

• Primary Storage: Secure cloud-based databases with encryption at rest
• Backup Systems: Regular automated backups with encryption
• Geographic Location: Data stored in secure, compliant data centers
• Redundancy: Multiple copies to ensure availability and disaster recovery

4.2 Security Measures

• Encryption: All data transmitted over HTTPS/TLS; sensitive data encrypted at rest
• Authentication: Secure JWT tokens, password hashing (bcrypt), multi-factor authentication options
• Access Control: Role-based access control (RBAC), principle of least privilege
• Monitoring: 24/7 security monitoring, intrusion detection, audit logging
• API Security: Rate limiting, CORS protection, input validation
• Regular Updates: Security patches, vulnerability assessments, penetration testing

4.3 Data Retention

• Account Data: Retained while account is active and for 90 days after deletion request
• Payment Records: Retained for 7 years to comply with Indian tax and accounting laws
• Usage Logs: Retained for 12-24 months for analytics and security purposes
• Communication Data: Retained per service-specific requirements and user preferences
• Analytics Data: Retained per Google Analytics settings (default: 14 months)

5. Your Rights and Choices

5.1 Access and Portability

• Request access to your personal data
• Obtain a copy of your data in portable format (JSON, CSV)
• View and download your account information, usage history, and preferences

5.2 Correction and Updates

• Update your account information at any time through profile settings
• Correct inaccurate or incomplete personal data
• Modify communication preferences and notification settings

5.3 Deletion and Account Closure

• Request deletion of your account and personal data
• Deletion is processed within 30 days (payment records retained for legal compliance)
• Some anonymized data may be retained for analytics and improvement purposes
• Deletion is permanent and cannot be reversed

5.4 Marketing Communications

• Opt out of marketing emails via unsubscribe links
• Manage notification preferences in account settings
• Transactional messages (receipts, security alerts) cannot be disabled

5.5 Analytics Opt-Out

• Use browser Do Not Track (DNT) settings
• Install Google Analytics Opt-out Browser Add-on
• Use privacy-focused browsers or extensions
• Disable cookies in browser settings (may affect functionality)

6. Data Sharing and Disclosure

We do not sell your personal information. We may share data only in the following circumstances:

• Service Providers: Trusted third parties who assist in operating our services (as listed in Section 3)
• Legal Compliance: When required by law, court order, subpoena, or government regulation
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets
• Protection of Rights: To protect rights, property, safety of RxSynapse, our users, or the public
• Consent: With your explicit consent for specific purposes
• Aggregated Data: Non-identifying aggregated or anonymized data for analytics and reporting

7. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us immediately.

8. International Users

RxSynapse primarily serves the Indian market and operates in compliance with Indian data protection laws. If you access our services from outside India, you acknowledge that your data may be transferred to, stored, and processed in India. We ensure appropriate safeguards are in place for international data transfers.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

• Essential Cookies: Required for authentication, security, and core functionality
• Preference Cookies: Remember your settings, language, and customization choices
• Analytics Cookies: Understand how you use our services to improve performance
• Session Tokens: JWT tokens for authenticated API requests
• Local Storage: Store preferences and authentication data in your browser

You can control cookies through your browser settings. Disabling certain cookies may limit functionality.

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. The "Last Updated" date at the top indicates when the policy was last revised.

For material changes, we will notify you via:

• Email notification to your registered email address
• In-app notification or alert
• Prominent notice on our website or services
• Telegram notification (if applicable)

Your continued use of RxSynapse services after changes are posted constitutes acceptance of the updated policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

• Company: RxSynapse
• Email: contact@rxsynapse.com
• Website: https://rxsynapse.com

12. Legal Framework and Compliance

This Privacy Policy is governed by the laws of India. We comply with:

• Information Technology Act, 2000 and its amendments
• Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
• Digital Personal Data Protection Act, 2023 (when fully implemented)
• GST Regulations for payment processing and tax compliance
• SEBI Regulations (applicable to financial services)
• RBI Guidelines (applicable to BFSI operations)