This Privacy Policy explains how Xencia Technologies Pvt Ltd (“we”, “us”, “our”) collects, uses, discloses, stores, and protects personal data when you visit or interact with our website (https://xencia.com) or use our services. It applies to all personal data collected in digital form from individuals (“Data Principals”) in India and other jurisdictions, in accordance with the Digital Personal Data Protection Act, 2023 and DPDP Rules, 2025.

• Personal Data: Any information related to an identifiable natural person, processed electronically.
• Data Principal: The individual to whom the personal data relates.
• Data Fiduciary: An entity that determines the purpose and means of processing personal data.
• Consent: A free, informed, specific, and revocable indication of willingness to allow processing of personal data.

We may collect:

• Identity Data: Name, organization, job title.
• Contact Data: Email, phone number
• Usage Data: IP address, browser type, cookies.
• Service Data: Information required for delivering our services

We only collect personal data that is necessary for a clear and lawful purpose.

We process personal data based on:

• Your Consent (prior and informed)
• Legitimate Business Purposes
• Legal Compliance Requirements under the DPDP Act and Rules
• Performance of Services you request

Consent is obtained using clear, plain language notices and affirmative action (e.g., clicking an opt-in). You may withdraw consent at any time.

Before collecting personal data, we will provide you with a notice that includes:

• What data is collected
• The specific purpose(s)
• How it will be used
• Retention period
• Your rights, and
• Contact information to exercise your rights.

Consent is collected separately for non-essential data (e.g., marketing).

We use personal data for:

• Providing and improving services
• Responding to inquiries
• Billing and service fulfilment
• Security, analytics, and legal compliance

We do not use personal data for purposes unrelated to what was disclosed at the time of collection without obtaining additional consent.

Personal data is retained only as long as required to fulfil the stated purpose or comply with legal obligations. Specific retention periods will be documented and disclosed in notices.

Under DPDP, you have the right to

• Access your personal data
• Correct or update inaccurate data
• Erase or restrict processing under applicable conditions
• Withdraw consent anytime
• Nominate a representative to exercise these rights on your behalf Responses will be provided within 90 days of a valid request.

We do not knowingly collect or process personal data of individuals under 18 years without verifiable parental or guardian consent. Appropriate identity verification tools will be used where applicable.

Our Cookie Policy explains how cookies and similar technologies are used. Consent is obtained through clear cookie banners for non-essential tracking. You have the option to manage and withdraw cookie preferences.

We implement reasonable security safeguards, including

• Encryption where appropriat
• Access control
• Regular monitoring and risk assessment to prevent unauthorized access, misuse, or loss.

In the event of a personal data breach, we will

• Notify the Data Protection Board of India as required
• Inform affected Data Principals promptly in plain language, including steps taken and support offered.

Personal data may be transferred outside India only if

• Required safeguards are in place, and
• Transfers comply with conditions specified by the Central Government under the DPDP Rules.

For data privacy questions, complaints, or requests

We will acknowledge and address grievances within statutory timelines.

We may update this policy from time to time to reflect legal updates or service changes. Updated versions will be published on the Site with clear revision dates.