Privacy Policy

1. Introduction

VENZX ("we," "our," or "us") operates the VENZX AI communication platform and API available at venzx.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services. Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service immediately.

2. Information We Collect

2.1 Account Information

When you register for an account, we collect your email address, name (if provided), and a hashed password. This information is required to create and manage your account.

2.2 API Request Data

When you submit requests to our API (typically the text or tool-call payload of an AI agent that you want inspected), the payload is processed in-memory by our policy engine and, for certain checks (semantic hallucination grounding, prompt compression), forwarded to a large-language-model provider for evaluation — see Section 4 for the list of providers. We do not use your API inputs or outputs to train, fine-tune, or improve our own models. Request payloads are processed in-memory and are not persistently stored in our request logs beyond the metadata described in Section 2.3.

2.3 Usage and Log Data

We retain metadata about API calls — including timestamps, endpoint called, HTTP status code, response latency, and credit cost — for up to 90 days for billing verification, debugging, and abuse detection. We do not log the content of your API inputs or outputs in our persistent request logs.

2.4 Billing and Payment Information

Payments are processed by a trusted third-party checkout provider. We do not store your full payment card details. We retain billing records (amount, date, credit quantity, transaction ID) as required for financial and legal compliance.

2.5 Technical and Device Data

We automatically collect IP address, browser type, operating system, and referring URL when you access our web application. This data is used for security monitoring, fraud detection, and aggregate analytics.

2.6 Cookies and Session Data

We use essential session cookies to authenticate you and maintain your logged-in state. We do not use third-party advertising or tracking cookies. You can disable cookies in your browser settings, but doing so will prevent you from logging in to the platform.

3. How We Use Your Information

• To provide, operate, and maintain the VENZX platform and API
• To process transactions and manage your credit balance
• To send transactional communications (credit low alerts, billing receipts, security notices)
• To enforce our Terms of Service and detect and prevent abuse or fraud
• To comply with legal obligations
• To generate aggregate, anonymized usage insights to improve service reliability and performance

We do not sell your personal data, use it for advertising, or share it with data brokers.

4. Data Sharing and Sub-Processors

We engage the following sub-processors to deliver the Service. Each operates under a data-processing agreement and processes data only on our instructions:

• Google Cloud (Cloud Run, asia-south2 region) — application hosting + serverless compute
• MongoDB Atlas — primary database
• Redis (managed) — rate-limit counters, session state, ephemeral cache
• Cloudflare — CDN, edge security, Turnstile bot challenge on signup
• Google (Google Identity Services) — "Sign in with Google" (only when you choose this auth method)
• LemonSqueezy — payment processing for credit purchases; payment card data is handled by LemonSqueezy under their privacy policy and never touches our servers
• OpenAI and/or DeepSeek — LLM provider for the semantic hallucination check and prompt compression. Payloads sent are only those required to perform the check, and these providers have committed not to train on API data under their respective data-processing terms
• Sentry — application error monitoring (only when SENTRY_DSN is configured by the operator)
• Transactional email provider (Postmark / Resend / SendGrid / AWS SES, depending on configuration) — verification and password-reset emails

We also disclose information in the following limited circumstances:

• Legal requirements — we may disclose data if required by law, court order, or government authority, or to protect the rights, property, or safety of VENZX, our users, or the public.
• Business transfers — in the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. You will be notified prior to such transfer.

5. Data Retention

We retain your account information for as long as your account is active. API usage metadata is retained for 90 days. Upon account deletion, your personal account data is removed within 30 days, except where retention is required for legal, financial, or fraud-prevention obligations.

You may request deletion of your account and associated data by emailing us at the address below.

6. Security

We implement industry-standard security measures including TLS encryption in transit, encrypted storage at rest, API key hashing, and access controls. However, no method of transmission over the internet is completely secure. You are responsible for maintaining the confidentiality of your API keys and account credentials.

7. Your Rights (Data Principal Rights)

Under the Digital Personal Data Protection Act, 2023 (India) and the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, you have the following rights regarding your personal data:

• Access — request a summary of personal data we hold about you and the purposes for which it has been processed
• Correction and Updating — request correction or updating of inaccurate or incomplete personal data
• Erasure — request erasure of personal data that is no longer necessary for the purpose it was collected, subject to legal retention obligations
• Portability — request your data in a machine-readable format via our account export feature
• Grievance Redressal — file a complaint with our Grievance Officer (see Section 9) for any violation of your data rights. You also have the right to escalate to the Data Protection Board of India once established under the DPDP Act, 2023.
• Withdrawal of Consent — withdraw consent for processing where consent is the legal basis; note that withdrawal may limit your ability to use the Service
• Nomination — nominate another individual to exercise your rights in the event of death or incapacity, as provided under the DPDP Act, 2023

We do not sell your personal data and you will not face any discriminatory treatment for exercising any of the rights listed above.

To exercise any of these rights, contact us at the address in Section 11 or file a grievance with our Grievance Officer.

8. Data Transfers and Cross-Border Processing

VENZX is operated from India. To deliver the Service, your personal data may be transferred to, stored, and processed in countries outside India — including the United States and the European Union — by our third-party service providers (such as Vercel, AWS, MongoDB Atlas, and other service providers).

We ensure that all such cross-border transfers are carried out under appropriate safeguards and in compliance with applicable Indian law, including the Digital Personal Data Protection Act, 2023, as notified by the Government of India. By using the Service and providing your personal data, you consent to such transfers for the purposes described in this policy.

9. Children's Privacy

Under the Digital Personal Data Protection Act, 2023, a "child" means an individual under the age of 18 years. The Service is not directed to or intended for children. By creating an account you confirm that you are at least 18 years old. We do not knowingly collect personal data from children. If you become aware that a child has provided us personal data, please contact our Grievance Officer (Section 10) and we will delete it. Where the Service is used by a business, the business — not VENZX — remains responsible for any end-users of that business's downstream application, including any minors.

10. Grievance Officer

In compliance with the Information Technology Act, 2000, the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the Digital Personal Data Protection Act, 2023, we have designated a Grievance Officer to address any concerns or complaints regarding the processing of your personal data:

Legal entity: [REPLACE: e.g. "VENZX Private Limited"]
Grievance Officer: [REPLACE: officer's name]
Email: grievance@venzx.com
Registered office: [REPLACE: full street address incl. city, state, PIN, India]
Response Time: Acknowledgement within 24 hours; resolution within 15 days of receipt.

If you are not satisfied with the resolution provided by our Grievance Officer, you may escalate your complaint to the Data Protection Board of India once it is constituted under the DPDP Act, 2023.

11. Legal Basis for Processing (India)

We process your personal data on the following legal bases under the Digital Personal Data Protection Act, 2023:

• Consent — you have given us consent for specific processing (e.g., account creation, communications preferences)
• Contractual necessity — processing is necessary to provide the Service you have contracted for, including credit management, API access, and billing
• Legal obligation — processing is required to comply with applicable Indian law, including tax, financial record-keeping, and law enforcement requirements
• Legitimate uses — processing for fraud prevention, security monitoring, and aggregate analytics as permitted under applicable law

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated "Last updated" date and, for significant changes, by email to your registered address. Your continued use of the Service after changes become effective constitutes your acceptance of the revised policy.

13. Contact

For privacy inquiries, data requests, or concerns, contact us at:
Email: privacy@venzx.com
Grievance Email: grievance@venzx.com
Website: venzx.com