🔒 Data Protection

Privacy Policy

We are committed to protecting your personal data. This policy explains exactly what we collect, how we use it, and how you can exercise your rights.

Effective Date: 1 April 2025 ·  Compliant with: GDPR · India DPDP Act 2023 · IT Act 2000

1. Data Controller

The data controller responsible for your personal data is 7Star Medtech Private Limited and Automize Media Labs Private Limited, operating the Claux platform. For all data-related enquiries, please contact our Data Protection Officer at clauxagent@gmail.com.

2. Data We Collect

We collect the following categories of personal and business data:

Account & Identity Data

Full name, email address, phone number, business name, GST number (if provided), and billing address, collected when you register for an account or subscribe to a plan.

Website & Digital Asset Credentials

Google Search Console access tokens, Google Business Profile OAuth tokens, website URL, and CMS credentials, provided by you to enable AI agent execution. These are stored encrypted at rest using AES-256 and transmitted exclusively over TLS 1.3.

Usage & Analytics Data

Pages visited within the Claux dashboard, feature interactions, session duration, IP address, browser type, and device identifiers, collected automatically via server logs and analytics tools for the purpose of platform improvement and security.

Payment Data

Transaction references and subscription status. Card details and UPI credentials are processed exclusively by Razorpay (PCI-DSS Level 1 certified). Claux does not store any payment instrument information on its servers.

Communications Data

Emails, support tickets, and messages you send to Claux, retained to resolve queries and improve service quality.

3. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contract performance: Processing necessary to provide the subscribed Services to you.
  • Legitimate interests: Platform security, fraud prevention, analytics, and service improvement.
  • Legal obligation: Compliance with Indian tax law, the DPDP Act 2023, and applicable regulations.
  • Consent: For marketing communications; you may withdraw consent at any time by unsubscribing.

4. How We Use Your Data

  • To provision, maintain, and improve the Claux Platform and AI agent services;
  • To authenticate your account and prevent unauthorised access;
  • To process subscription payments and issue invoices;
  • To send service notifications, billing reminders, and product updates;
  • To respond to support queries and grievance submissions;
  • To comply with applicable legal and regulatory obligations;
  • To conduct internal analytics and business intelligence solely to improve platform performance.

5. Data Encryption and Security

Claux employs industry-leading technical and organisational measures to protect your personal data:

  • Encryption at rest: All sensitive data (credentials, tokens, and personal identifiers) is encrypted at rest using AES-256.
  • Encryption in transit: All data transmitted between your browser, our servers, and third-party APIs is protected using TLS 1.3.
  • Access control: Access to production systems and personal data is restricted to authorised personnel on a strict need-to-know basis, enforced through role-based access control (RBAC) and multi-factor authentication (MFA).
  • Vulnerability management: We conduct periodic security audits, dependency scanning, and penetration testing of the Platform.
  • Breach notification: In the event of a personal data breach, we will notify affected users and the relevant supervisory authority (where required) within seventy-two (72) hours of becoming aware of the breach, in accordance with GDPR Article 33 and the DPDP Act 2023.

6. We Do Not Sell Your Data

Explicit Non-Sale Declaration

Claux does not sell, rent, trade, or otherwise transfer your personal data to any third party for commercial purposes. Your data is yours. We monetise by providing you with excellent software services — not by commoditising your personal information.

7. Data Sharing with Third Parties

We share data only with trusted processors strictly necessary to deliver the Services:

  • Supabase (Supabase Inc.): Database hosting for account and configuration data, hosted in regions with adequate data protection standards.
  • Razorpay (Razorpay Software Pvt Ltd): Payment processing. PCI-DSS compliant.
  • Google LLC: Integration APIs (Search Console, Analytics, GBP). Data shared as directed by you for service delivery only.
  • Vercel Inc.: Platform hosting and CDN delivery.
  • OpenAI / Anthropic: AI model APIs used by Claux agents. Prompts may include your website content but not your personal account identifiers.

All third-party processors are bound by appropriate data processing agreements (DPAs). No data is shared with any entity for independent marketing or profiling purposes.

8. Data Retention

We retain your personal data for as long as your account is active or as necessary to provide the Services. Upon cancellation:

  • Account data is retained for ninety (90) days to facilitate account reactivation if requested.
  • After ninety days, personal identifiers are permanently deleted or anonymised.
  • Financial records (invoices, transaction references) are retained for seven (7) years as required under Indian accounting and tax law.
  • AI-generated content published to your properties remains under your control and is not retained by Claux post-termination.

9. Cookies and Tracking Technologies

Claux uses strictly necessary cookies to maintain session state and authenticate users. We do not use third-party advertising cookies or cross-site tracking technologies. Analytics cookies used are first-party and serve solely to improve platform performance.

You may disable cookies through your browser settings; however, doing so may impair your ability to access authenticated areas of the Platform.

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Right of Access

Request a copy of the personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete data.

Right to Erasure

Request deletion of your data ("right to be forgotten") subject to legal retention obligations.

Right to Portability

Receive your data in a structured, machine-readable format.

Right to Restriction

Request that processing of your data be restricted in certain circumstances.

Right to Object

Object to processing based on legitimate interests or for direct marketing purposes.

To exercise any of these rights, submit a written request to clauxagent@gmail.com. We will respond within thirty (30) days. If you are dissatisfied with our response, you have the right to lodge a complaint with the applicable supervisory authority.

11. International Transfers

Claux operates primarily from India and processes data using cloud infrastructure hosted within India and in regions with adequate data protection standards (EU Standard Contractual Clauses or equivalent). Where data is transferred internationally, we ensure appropriate safeguards are in place consistent with applicable law.

12. Children's Privacy

The Claux Platform is intended solely for business use by individuals aged eighteen (18) years or older. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us immediately and we will delete such information.

13. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated to registered users via email at least fifteen (15) days before the updated policy takes effect. The effective date at the top of this document will always reflect the date of the most recent revision.

14. Contact & Data Protection Officer

Data Protection Officer — Claux

7Star Medtech Private Limited & Automize Media Labs Private Limited

Mumbai, Maharashtra, India

Email: clauxagent@gmail.com

For data subject requests, please include "Data Request" in your email subject line.