Privacy Policy

1. Information We Collect

We collect information you provide directly when creating an account: business name, contact name, email address, phone number, GSTIN, and billing address. When you use our APIs, we collect technical data including API call logs, IP addresses, request timestamps, user-agent strings, and message metadata (sender, recipient, channel, status, timestamp). We do not store message content beyond the delivery window (typically 72 hours) unless you explicitly enable message archiving. We also collect usage analytics through cookies and similar technologies when you use our dashboard.

2. How We Use Your Data

We use your data to: (a) provide and maintain the Pixabits platform and APIs; (b) process message delivery across all channels (SMS, WhatsApp, Voice, RCS, Email); (c) generate delivery reports and analytics visible in your dashboard; (d) process billing, invoicing, and credit management; (e) ensure DLT/TRAI regulatory compliance for Indian messaging; (f) detect and prevent fraud, abuse, and security threats; (g) communicate service updates, maintenance notices, and critical alerts; (h) improve platform performance and develop new features based on aggregate usage patterns. We never sell your data or use recipient contact information for our own marketing purposes.

3. Data Sharing & Third Parties

We share data with third parties only as necessary to provide the Service: (a) telecom carriers and aggregators for message delivery; (b) Meta (for WhatsApp Business API); (c) payment processors (Razorpay) for billing; (d) cloud infrastructure providers (AWS Mumbai region) for hosting; (e) DLT platforms as required by TRAI regulations. All third-party data processors are bound by data processing agreements that require equivalent security measures. We may also disclose data when required by law, court order, or government regulation, or to protect the rights and safety of Pixabits, our users, or the public.

4. Data Retention

Account information is retained for as long as your account is active plus 3 years after termination (for legal and tax compliance). API call logs and delivery reports are retained for 12 months in active storage and archived for an additional 24 months. Message content is retained for a maximum of 72 hours for delivery retry purposes, then permanently deleted unless you have enabled the optional message archiving feature. Billing records are retained for 8 years as required by Indian tax law. You may request deletion of your personal data at any time, subject to our legal retention obligations.

5. Security Measures

We implement industry-standard security measures to protect your data: (a) all data in transit is encrypted using TLS 1.3; (b) all data at rest is encrypted using AES-256; (c) API keys are hashed and never stored in plaintext; (d) infrastructure is hosted in SOC 2 Type II certified data centers in India (AWS Mumbai ap-south-1); (e) we conduct regular penetration testing and vulnerability assessments; (f) access to production systems requires multi-factor authentication and is logged; (g) we maintain a 24/7 security operations center for threat monitoring. Despite these measures, no system is 100% secure, and we cannot guarantee absolute data security.

6. Cookie Policy

Our dashboard and marketing website use cookies and similar technologies. Essential cookies are required for authentication and session management and cannot be disabled. Analytics cookies (Google Analytics) help us understand usage patterns and are loaded only with your consent. We do not use advertising or tracking cookies. You can manage cookie preferences through your browser settings or our cookie consent banner. Disabling essential cookies may prevent you from using certain features of the dashboard.

7. Your Rights

Under applicable data protection laws (including GDPR for EU data subjects and the Digital Personal Data Protection Act 2023 for Indian residents), you have the right to: (a) access the personal data we hold about you; (b) correct inaccurate or incomplete data; (c) request deletion of your data (subject to legal retention requirements); (d) restrict or object to certain processing activities; (e) receive your data in a portable, machine-readable format; (f) withdraw consent at any time for consent-based processing; (g) lodge a complaint with a supervisory authority. To exercise any of these rights, contact our Data Protection Officer at the address below.

8. Contact the Data Protection Officer

For any privacy-related inquiries, data access requests, or complaints, please contact our Data Protection Officer: Email: dpo@pixabits.in. Postal address: Biocipher Technologies, Data Protection Officer, New Delhi, India. We aim to respond to all privacy requests within 30 days. If you are not satisfied with our response, you may contact the relevant data protection authority in your jurisdiction.

Privacy concerns or data requests?