VizibleLegal

Vizible Legal

Privacy Policy

Effective: 7 May 2026Version 1.0-draft

How we collect, use, share and protect personal data, with DPDP, GDPR and CCPA disclosures.

FYNBIT TECH PRIVATE LIMITED ("FYNBIT") operates the Vizible platform at vizible.in. This Privacy Policy explains how we collect, use, disclose, transfer, retain and protect personal data and discloses the rights available to you under India's Digital Personal Data Protection Act, 2023 ("DPDP Act"), the EU/UK General Data Protection Regulation ("GDPR") and the California Consumer Privacy Act/CPRA ("CCPA").

1. Roles

When we provide the Platform to a Tenant (the organisation that signs up), the Tenant is the data controller (GDPR) or data fiduciary (DPDP Act) in respect of the personal data of its Tenant Users and End-Customers; FYNBIT acts as a processor/data processor on the Tenant's instructions. When we collect data directly from individuals (for example when you visit our marketing site or contact us), FYNBIT is the controller/data fiduciary.

2. Categories of personal data we process

2.1 Tenant administrator and employee data

  • Identity: name, email address, phone number, profile photo.
  • Account: hashed password, MFA secrets, login timestamps, IP address, device/browser metadata.
  • Workplace: department, designation, reporting hierarchy, expertise tags.
  • Workspace activity: tasks created, meetings attended, projects, deals, performance reviews and end-of-day reports submitted.
  • EAMS optional monitoring (only when the Tenant enables it on devices it controls): screenshots, USB-device events, application activity events.

2.2 End-customer data routed through Tenant Workspaces

  • Contact: name, email, phone, billing/shipping address, GSTIN, PAN.
  • Commercial: orders, line items, invoices, coupons, subscriptions, refunds.
  • Communications: chat messages, ticket content, Telegram and WhatsApp messages, transactional SMS via MSG91, email content sent through the Platform.
  • Behavioural: support history, opt-in/opt-out preferences for marketing.

2.3 Financial data

Card numbers and full payment-instrument details are never stored by FYNBIT. Payments are tokenised by our gateways (Razorpay and Fynbit Wallet). We retain only gateway order/payment IDs, the amount, currency, status and metadata required for reconciliation, refunds and statutory tax records.

2.4 Credentials Vault

Some Workspaces use the in-product credentials vault to store API keys, integration secrets and similar sensitive material. Vault contents are encrypted at rest and accessible only to Tenant Users you grant access to. FYNBIT staff do not access vault contents except for narrowly scoped support requests with your consent or under legal compulsion.

2.5 Sensitive categories

FYNBIT does not knowingly request or process special-category data under the GDPR (health, biometrics, religion, political views, etc.), nor sensitive personal data of children. Tenants undertake not to upload such data without their own lawful basis and our prior written agreement.

3. How we use personal data

  • Provide, maintain and improve the Platform and its features.
  • Authenticate users, prevent fraud and abuse, secure the Platform.
  • Send transactional emails, SMS, WhatsApp and in-app notifications.
  • Process payments, issue invoices, manage refunds.
  • Provide customer support and respond to enquiries.
  • Comply with legal obligations including tax, accounting and law-enforcement requests.
  • With your consent, send platform-level updates and product communications.

4. Legal bases

4.1 Under the GDPR (Art. 6)

  • Contract — to deliver the Services you have signed up for.
  • Legal obligation — for tax, accounting, anti-fraud and law-enforcement requirements.
  • Legitimate interests — to secure the Platform, prevent abuse and improve the product (balanced against your rights).
  • Consent — for marketing communications and optional features such as cookies that are not strictly necessary; you may withdraw consent at any time.

4.2 Under the DPDP Act, 2023

We process personal data either with your consent (for purposes for which the law requires consent) or for a "legitimate use" under §7 of the DPDP Act (including service performance, employer-employee processing, compliance with law, and prevention of fraud).

4.3 Under the CCPA

We process personal information only for the "business purposes" described above and do not "sell" or "share" (as those terms are defined under the CCPA) personal information for cross-context behavioural advertising.

5. How we share personal data

We share personal data only with: (a) sub-processors listed at /legal/sub-processors who provide infrastructure, payment, communications, AI and analytics services on our behalf; (b) the Tenant whose Workspace contains the data; (c) law-enforcement, regulators or courts where compelled by valid legal process; (d) professional advisers under confidentiality; and (e) acquirers in the event of a merger, acquisition or sale of substantially all our assets, subject to equivalent privacy commitments.

We do not sell personal data and we do not share it with advertising networks for cross-context behavioural advertising.

6. International data transfers

Personal data is primarily processed in our hosting region in Mumbai, India. Some sub-processors may process data outside India (for example Google Firebase, Telegram and Meta for WhatsApp). For transfers of EU/UK personal data, we rely on the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or other approved transfer mechanisms. For transfers outside India under the DPDP Act, we comply with §16 (the Central Government's notified country list) once notified.

7. Your rights

7.1 GDPR / UK GDPR rights

  • Access — obtain confirmation of processing and a copy of your personal data.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — request deletion in defined circumstances.
  • Restriction — limit processing in defined circumstances.
  • Portability — receive structured, commonly used data and transmit it to another controller.
  • Object — to processing based on legitimate interests or for direct marketing.
  • Automated decision-making — not be subject to solely automated decisions with legal or similarly significant effects.
  • Lodge a complaint — with your supervisory authority.

7.2 DPDP Act rights (Data Principals)

  • Right to access information about processing.
  • Right to correction and erasure.
  • Right of grievance redressal — see our Grievance Redressal page.
  • Right to nominate another individual to exercise rights in case of incapacity or death.

7.3 CCPA rights

  • Right to know what personal information we collect, use and disclose.
  • Right to delete personal information, subject to exceptions.
  • Right to correct inaccurate personal information.
  • Right to opt out of sale or sharing — note: we do not sell or share for cross-context advertising.
  • Right to limit use of sensitive personal information.
  • Right to non-discrimination for exercising any CCPA right.

7.4 How to exercise rights

If you are an End-Customer of a Tenant, please contact that Tenant directly — they control your data and we will support them in fulfilling your request. If you are a Tenant or interacting with FYNBIT directly, email privacy@vizible.in. We will verify your identity and respond within thirty (30) days (or as required by applicable law).

8. Retention

We retain personal data only as long as necessary for the purposes described in this Policy, or as required by law. The schedule is published at /legal/data-retention. When data is no longer needed it is deleted or anonymised; backups are purged on the rolling cycle described in the retention schedule.

9. Security

We maintain technical and organisational measures including encryption in transit, hashed passwords with bcrypt, role-based access controls, multi-factor authentication, audit logging, environment isolation and regular security review. Full details at /legal/security.

10. Cookies

Our use of cookies is described at /legal/cookies. The Platform currently uses only strictly necessary and limited functional cookies; if we introduce analytics or advertising cookies we will obtain prior consent through a banner.

11. Children

The Platform is not directed to children under the age of eighteen and we do not knowingly collect personal data from them. If you believe a child has provided us personal data, please contact privacy@vizible.in and we will delete it.

12. Changes to this Policy

We may update this Policy from time to time. The current version is identified by the effective date at the top of this page. Material changes will be notified by email or in-app banner at least fifteen (15) days before they take effect.

13. How to contact us

Data Protection Officer: [TO BE FILLED — may be same as Grievance Officer] dpo@vizible.in

Grievance Officer (India IT Rules 2021): [TO BE FILLED], Grievance Officer grievance@vizible.in

General privacy enquiries: privacy@vizible.in

Postal: FYNBIT TECH PRIVATE LIMITED, The Capital, F5 Realtors Office No.224, 2nd Floor, Hadapsar, Pune - 411013, Maharashtra, India.

Questions about this policy? Email legal@vizible.in.

FYNBIT TECH PRIVATE LIMITED — operator of the Vizible platform at vizible.in.