Privacy Policy

This policy is aligned with:

GDPR (EU)
Digital Personal Data Protection Act, 2023 (India – DPDP Act)

Last Updated: 1-March-2026

1. Introduction

GFX Enterprise (“GFX,” “we,” “us,” or “our”) is committed to protecting personal data and ensuring transparency in how data is collected, processed, stored, and secured.

This Privacy Policy explains how we process personal data in accordance with:

The General Data Protection Regulation (EU) 2016/679 (“GDPR”)
The Digital Personal Data Protection Act, 2023 (India) (“DPDP Act”)
Other applicable global data protection laws

This policy applies to enterprise customers, business partners, website visitors, and authorized users of our services.

2. Scope of Data Processing

GFX Enterprise provides AI-native commerce infrastructure, including:

AI Core systems
Conversational commerce systems
Agentic intelligence systems
Private cloud enterprise deployments

In providing these services, GFX may process:

Customer account information
Business contact information
Product and catalog data
End-user interaction data
Transactional data
Usage analytics

GFX processes data either:

As a Data Controller (for website and account data), or
As a Data Processor (on behalf of enterprise customers).

3. Categories of Personal Data

Depending on the context, we may collect and process:

A. Business & Contact Information

Name
Business email
Phone number
Company name
Role / designation

B. Account & Authentication Data

Login credentials
Role-based access data
Security logs

C. Transaction & Interaction Data

Purchase history
Order details
Chat and conversation logs
Customer support interactions

D. Technical Data

IP address
Device information
Browser type
Usage metrics

We do not knowingly collect sensitive personal data unless explicitly required and contractually agreed.

4. Legal Basis for Processing (GDPR)

Under GDPR, we rely on one or more of the following legal bases:

Contractual necessity (Article 6(1)(b))
Legitimate interests (Article 6(1)(f))
Legal obligation (Article 6(1)(c))
Explicit consent (Article 6(1)(a)), where applicable

Where consent is required, it may be withdrawn at any time.

5. Purpose of Processing

We process personal data to:

Deliver and maintain GFX Enterprise services
Provide AI-powered engagement and commerce systems
Ensure security and access control
Improve system performance
Provide customer support
Comply with legal obligations

We do not sell personal data.

6. Data Processing Under DPDP Act (India)

In compliance with the Digital Personal Data Protection Act, 2023:

Personal data is processed only for lawful purposes.
Processing is limited to what is necessary and proportionate.
Data principals (individuals) retain rights over their personal data.
Reasonable security safeguards are implemented.

Where required, consent is obtained through clear notice and affirmative action.

7. Data Subject Rights (GDPR & DPDP)

Individuals may have the right to:

Access their personal data
Correct inaccurate data
Request erasure (“right to be forgotten”)
Restrict or object to processing
Data portability (GDPR)
Withdraw consent
Lodge a complaint with a supervisory authority

Under India’s DPDP Act, individuals have the right to:

Seek information about processing
Correct and update personal data
Nominate another person to exercise rights
File grievances with the Data Protection Board of India

Requests may be submitted to privacy@gfx.enterprises

8. Data Retention

We retain personal data only for as long as necessary to:

Fulfill contractual obligations
Comply with legal requirements
Resolve disputes
Enforce agreements

Retention periods vary depending on the nature of the data and legal obligations.

9. Data Security

GFX Enterprise implements enterprise-grade security controls, including:

Private cloud infrastructure
Encryption in transit and at rest
Role-based access control (RBAC)
Multi-factor authentication
Audit logging
Infrastructure isolation

We take reasonable technical and organizational measures to prevent unauthorized access, disclosure, alteration, or destruction of personal data.

10. Cross-Border Data Transfers

Where personal data is transferred outside the EU or India:

Appropriate safeguards are implemented.
Standard Contractual Clauses (SCCs) may be used where required.
Transfers comply with applicable regulatory requirements.

Enterprise customers may request details of transfer mechanisms.

11. AI Systems & Automated Processing

GFX Enterprise uses AI systems to:

Assist in conversational engagement
Recommend products
Analyze behavioral signals
Support commerce workflows

AI outputs are probabilistic and subject to human oversight.
We do not make solely automated decisions with legal or similarly significant effects without appropriate safeguards.

12. Cookies & Tracking

Our website may use cookies and similar technologies to:

Maintain session functionality
Improve performance
Analyze usage patterns

Users may manage cookie preferences through browser settings.

13. Third-Party Processors

We may engage trusted third-party vendors for:

Cloud infrastructure
Payment processing
Security monitoring

All processors are contractually obligated to comply with applicable data protection laws.

14. Children's Data

GFX Enterprise services are not intended for children under 18.
We do not knowingly collect data from minors.

15. Grievance & Data Protection Officer

For GDPR or DPDP-related inquiries, contact:

privacy@gfx.enterprises

Operating address: C 112, 2nd Cross Rd, East of NGEF Layout, Kasturinagar, Bengaluru, KA - 560043, CIN: U74999KA2022PTC157867, GSTIN: 29AAACG5787G1Z3

If required, a designated Data Protection Officer (DPO) or grievance officer may be contacted through the above channel.

16. Updates to This Policy

We may update this Privacy Policy periodically to reflect regulatory or operational changes. Updates will be published with a revised effective date.