Global Privacy Policy

1. Introduction & Scope

Welcome to ZIGZEX IT SERVICES PRIVATE LIMITED ("we," "us," or "our"). As a multi-vertical conglomerate engineering digital solutions for the modern enterprise, we process data across a diverse range of sectors globally.

This Global Privacy Policy applies to our entire ecosystem, outlining how we collect, use, process, and safeguard your data across our four primary operational divisions: Enterprise Software Development, Aerospace Research, Digital Commerce, and the Zigzex Academy Operating System.

We are committed to the principle of "Privacy by Design," meaning data protection is embedded into the core architecture of every product, AI model, and drone framework we deploy, rather than added as an afterthought.

2. Software Development & Enterprise ERPs

When your organization utilizes our custom web/mobile applications, SaaS subscription platforms, or Data Analytics & Business Intelligence tools, ZIGZEX generally acts as a Data Processor on behalf of your organization (the Data Controller).

Data Collection & Usage

• Corporate Identity & Authentication: We collect admin roles, secure credentials, OAuth tokens, and organizational structural data to enforce strict Role-Based Access Control (RBAC).
• Operational Telemetry: We collect anonymized dashboard usage metrics, API call frequencies, error logs, and load-balancing telemetry to guarantee our 99.99% uptime SLAs and system health.
• AI & Machine Learning Analytics: Data processed by our Predictive Analytics and Workflow Engines is ring-fenced per tenant. Client data is never used to train our global, cross-tenant AI models without explicit, written opt-in consent.
• Third-Party Integrations: Data passing through integrations (e.g., Salesforce, SAP, Slack) via our API layers is subject to TLS 1.3 encryption and is not retained beyond standard cache lifecycles.

Data Ownership: You retain complete ownership of all data ingested into our ERP and SaaS systems.

3. Aerospace Research & UAV Operations

Our Aerospace division develops autonomous Unmanned Aerial Vehicles (UAVs) for industrial inspection, precision agriculture, smart surveillance, and delivery research. Because drones operate in physical environments, unique privacy considerations apply.

Aerial Data & Ambient Privacy

• Geospatial & Sensor Data: High-resolution aerial mapping, LiDAR, thermal imaging, and RTK GPS coordinates are securely stored, encrypted, and isolated to the specific client mission.
• Ambient Visual Data & Anonymization: Drones operating in public or semi-public spaces may inadvertently capture images of bystanders or vehicles. Our autonomous systems utilize Edge AI processing to dynamically blur human faces and license plates in real-time before data is transmitted to the cloud.
• Telemetry & Flight Logs: Flight paths, drone health metrics, battery usage, and sensor logs are retained by ZIGZEX for safety compliance, anomaly detection, and predictive maintenance modeling.

4. Digital Commerce Ecosystem

Our Digital Commerce division powers high-traffic, multi-vendor architectures, including Premium Fashion Marketplaces and Farmer-to-Consumer Organic ecosystems.

Marketplace Data Processing

• Vendor & Consumer Profiling: We collect profile details, browsing habits, wishlists, and purchasing history. This data powers our AI Product Discovery engines, dynamic pricing algorithms, and personalized style/product recommendations.
• Financial Vaults & Tokenization: Payment processing, vendor escrow services, and subscription billing are handled via secure, PCI-DSS compliant integrations (such as Stripe or Razorpay). ZIGZEX does not store raw credit card numbers. All payment data is tokenized.
• Supply Chain & Logistics Sync: For our Organic division, cold-chain logistics data, IoT temperature sensors, and freshness tracking APIs process location and transit times to ensure product quality from farm to doorstep.
• Retail Media Networks: Vendor advertising data (CPC bids, ad performance) is aggregated to provide internal analytics dashboards.

5. Zigzex Academy OS

The Zigzex Academy is a comprehensive Smart School Operating System connecting parents, teachers, and administrators. Protecting the privacy of minors is our highest priority in this division.

Educational Data Protection

• Student Records: Academic performance, attendance trends, medical emergency info, and behavioral analytics are strictly confidential. Access is governed by rigid, role-based visibility rules.
• Minor Privacy Compliance: We engineer our educational platforms in alignment with strict privacy standards (such as FERPA in the US and equivalent global mandates). We categorically do not sell, rent, or use student data for targeted marketing or advertising purposes under any circumstances.
• Communication Logs: Parent-teacher-admin communication within the platform is encrypted and logged solely for institutional record-keeping and dispute resolution.
• Data Lifecycle: Upon a student's graduation or transfer, their data is archived or purged in accordance with the contracting educational institution's specific retention policies.

6. Infrastructure & DevOps Security

Across all verticals, ZIGZEX employs a Cybersecurity-First approach to cloud infrastructure and deployment.

• Encryption Standards: AES-256 encryption is applied to all data at rest across our databases. TLS 1.3 is enforced for all data in transit across our networks and APIs.
• Zero-Trust Architecture: We operate on a "never trust, always verify" model. This includes continuous verification of internal users and devices, strict RBAC, and mandatory Multi-Factor Authentication (MFA) for administrative access.
• Disaster Recovery: We utilize automated, cross-region cloud backups to ensure stringent Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO).
• Data Residency & Sovereignty: Client data is hosted in specific geographic cloud environments (e.g., AWS/GCP regions in Mumbai, Frankfurt, or US-East) according to the client's jurisdictional requirements to ensure GDPR, CCPA, and local data protection compliance.
• Audits: Our infrastructure undergoes regular automated vulnerability scanning and annual third-party penetration testing.

7. Cookies & Tracking Technologies

We use cookies, web beacons, and similar tracking technologies across our web platforms and SaaS dashboards to optimize user experience and system performance.

• Strictly Necessary Cookies: Essential for the platform to function (e.g., maintaining your login session, load balancing). Cannot be disabled.
• Performance & Analytics Cookies: Allow us to count visits and traffic sources to measure and improve platform performance.
• Functional Cookies: Enable the platform to provide enhanced functionality and personalization (e.g., remembering your UI language or dark-mode preference).

You can manage your cookie preferences through your browser settings or via the cookie consent banner presented upon your first visit to our platforms.

8. User Rights & Data Protection

Depending on your geographic location (e.g., EU under GDPR, California under CCPA), you possess specific rights regarding your personal data:

• Right to Access: Request copies of your personal data.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data ("Right to be Forgotten"), subject to legal and contractual constraints.
• Right to Restrict Processing: Request a halt on processing your data under certain conditions.
• Right to Data Portability: Request transfer of the data we have collected to another organization, or directly to you.
• Right to Object: Object to our processing of your personal data, particularly regarding automated decision-making and profiling.

We commit to responding to all legitimate data rights requests within 30 days of receipt.

9. Contact Information

For questions regarding this policy, to exercise your data rights, or to report a security vulnerability, please contact our Data Protection Officer at: