Privacy Policy

SaaS Platform — platform.gyanmatrix.com

Effective Date: Mar 04, 2026  |  Last Updated: Mar 04, 2026

Table of Contents

  1. 1. Introduction
  2. 2. Data Controller vs. Data Processor
  3. 3. Information We Collect
  4. 4. How We Use Your Information
  5. 5. AI and Machine Learning Data Usage
  6. 6. Data Security
  7. 7. Subprocessors
  8. 8. International Data Transfers
  9. 9. Data Retention
  10. 10. Data Deletion Upon Termination
  11. 11. Your Rights
  12. 12. Data Breach Notification
  13. 13. Compliance Positioning
  14. 14. Changes to This Policy
  15. 15. Contact Us

GyanMatrix Technologies Pvt Ltd

1. Introduction

This Privacy Policy governs the collection, use, storage, and disclosure of personal and business data processed through the GyanMatrix AI Platform (“Platform”), accessible at https://platform.gyanmatrix.com/. It applies to all registered users and client organisations (“Clients”) that access the Platform under a subscription agreement.

GyanMatrix Technologies Pvt Ltd (“GyanMatrix”, “we”, “us”, or “our”) takes data privacy seriously and operates in a manner consistent with applicable data protection regulations, including principles aligned with the General Data Protection Regulation (GDPR) and India’s Digital Personal Data Protection Act (DPDPA), 2023.

2. Data Controller vs. Data Processor

2.1 GyanMatrix as Data Controller

For data collected in connection with account creation, billing, and platform administration, GyanMatrix acts as the data controller and determines the purpose and means of processing.

2.2 GyanMatrix as Data Processor

For data uploaded, submitted, or otherwise provided by Clients while using the Platform (“Client Data”), GyanMatrix acts solely as a data processor. The Client remains the data controller and is responsible for ensuring a lawful basis for processing that data. GyanMatrix processes Client Data only in accordance with the Client’s instructions and the applicable subscription agreement.

3. Information We Collect

3.1 Account & Registration Data

  • Full name, work email address, and phone number
  • Organisation name, industry, and billing address
  • Job title and role within the organisation
  • Username, password (hashed), and authentication credentials
  • Subscription and billing information (processed via third-party payment providers)

3.2 Client-Uploaded Data

Clients may upload, submit, or integrate business data into the Platform as part of their use of AI, analytics, automation, or data processing features. This data may include operational datasets, documents, reports, and API payloads. GyanMatrix processes this data solely to provide the subscribed services.

3.3 Usage & Technical Data

  • Login times, session durations, and feature usage patterns
  • API call logs, error logs, and audit trails
  • IP addresses, browser type, and device information
  • Platform performance metrics and diagnostic data

4. How We Use Your Information

4.1 Platform Administration

  • Provisioning and managing user accounts
  • Processing subscription and billing transactions
  • Providing technical support and responding to service requests
  • Sending system notifications, security alerts, and service updates

4.2 Service Delivery

  • Processing Client Data through AI, ML, and data engineering workflows as configured by the Client
  • Enabling role-based access controls and permission management
  • Facilitating integrations with third-party systems via APIs

4.3 Security & Compliance

  • Monitoring for unauthorised access, fraud, and security threats
  • Maintaining audit logs for compliance and accountability
  • Responding to legal obligations and regulatory requests

4.4 Platform Improvement

GyanMatrix may use aggregated and anonymised usage data — from which no individual or Client can be identified — to improve Platform performance, develop new features, and conduct internal research. Client Data is never used for this purpose without explicit consent.

5. AI and Machine Learning Data Usage

GyanMatrix is committed to transparency in how data is used in AI and ML workflows. We confirm the following:

  • Customer Data submitted to the Platform is NOT used to train public AI models or shared AI foundation models.
  • Any ML model training performed on Client Data occurs solely within the Client’s own environment or with explicit written consent from the Client.
  • GyanMatrix does not aggregate Client Data across organisations for model training or benchmark purposes.

This commitment applies to all AI features within the Platform unless otherwise specified and agreed in writing.

6. Data Security

6.1 Technical Safeguards

  • Encryption in transit: All data transmitted between users and the Platform uses TLS 1.2 or higher
  • Encryption at rest: Stored data is encrypted using industry-standard algorithms (AES-256 or equivalent)
  • Vulnerability management: Regular security assessments and patching of known vulnerabilities
  • Intrusion detection and monitoring systems

6.2 Access Controls

  • Role-based access control (RBAC) ensuring users access only data relevant to their role
  • Multi-factor authentication (MFA) support for all administrator accounts
  • Privileged access management for internal GyanMatrix personnel
  • Audit logging of all access events and administrative actions

6.3 Organisational Measures

  • Data protection training for all personnel with access to Client Data
  • Confidentiality obligations for all employees and contractors
  • Incident response plan with defined response timelines

GyanMatrix operates with security practices aligned to industry standards. We do not currently hold SOC 2 Type II certification; any such certification claims will be updated in this Policy when achieved.

7. Subprocessors

GyanMatrix may engage third-party subprocessors to support the delivery of the Platform. All subprocessors are subject to contractual data protection obligations consistent with applicable law. Categories of subprocessors include:

  • Cloud infrastructure and hosting providers (e.g., AWS, Azure, GCP — as applicable)
  • Identity and authentication service providers
  • Payment processing providers
  • Customer support and ticketing tools
  • Monitoring and logging services

A current list of subprocessors is available upon request by contacting we@gyanmatrix.com.

8. International Data Transfers

Client Data may be processed in India and in jurisdictions where our subprocessors operate. Where data is transferred outside the originating jurisdiction — including from the EEA or UK — we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) or rely on the subprocessor’s compliance with applicable cross-border transfer mechanisms.

9. Data Retention

9.1 Account Data

Account data is retained for the duration of the active subscription and for up to 12 months after termination, unless a shorter period is required by law or requested by the Client.

9.2 Client Data

Upon termination or expiry of the subscription:

  • GyanMatrix will retain Client Data for a minimum of 30 days following termination to allow the Client to export data.
  • After the export window, Client Data will be securely deleted or anonymised unless the Client requests earlier deletion or continued retention under a separate agreement.
  • GyanMatrix may retain minimal metadata for audit and legal compliance purposes.

10. Data Deletion Upon Termination

Clients may request secure deletion of their data at any time. Upon receipt of a written deletion request:

  • GyanMatrix will confirm receipt within 5 business days
  • Deletion will be executed within 30 days of confirmation
  • A certificate of deletion will be provided upon request

Deletion requests can be submitted to we@gyanmatrix.com.

11. Your Rights

As a data subject or on behalf of your organisation, you may exercise the following rights:

  • Access — request a copy of personal data we hold about you
  • Rectification — correct inaccurate or outdated information
  • Erasure — request deletion of your personal data
  • Restriction — limit how we process your data in certain circumstances
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interests

To exercise these rights, contact we@gyanmatrix.com. We will respond within 30 days.

12. Data Breach Notification

In the event of a personal data breach that poses a risk to the rights and freedoms of individuals, GyanMatrix will notify affected Clients without undue delay and, where required by applicable law, will notify the relevant supervisory authority within 72 hours of becoming aware of the breach.

13. Compliance Positioning

GyanMatrix’s data handling practices are designed to align with the following frameworks:

  • General Data Protection Regulation (GDPR) — for Clients and data subjects in the EEA and UK
  • India’s Digital Personal Data Protection Act (DPDPA), 2023
  • SOC 2-aligned security practices (Type II certification not yet achieved)

GyanMatrix does not represent that it is fully certified under all frameworks listed unless explicitly stated in a separate compliance statement.

14. Changes to This Policy

GyanMatrix may update this Privacy Policy to reflect changes in our practices or applicable law. Clients will be notified of material changes via email or in-platform notification at least 30 days prior to the changes taking effect.

15. Contact Us

For questions, concerns, or data subject requests, please contact:

GyanMatrix Technologies Pvt Ltd
Address: #591 & 592, 3rd Floor, 15th Main Road, 22nd Cross Road, 3rd Sector, HSR Layout Bangalore, Karnataka-560102
Data Protection Contact: we@gyanmatrix.com
Support: we@gyanmatrix.com