Privacy Policy

1. Introduction

Vyndarix ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our fraud detection and risk management platform, or engage with our services.

As a provider of enterprise fraud detection and risk intelligence solutions, we understand the critical importance of data privacy and security. We process data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant regulations.

2. Information We Collect

2.1 Information You Provide

• Contact Information: Name, email address, phone number, company name, job title when you request a demo, contact us, or create an account.
• Account Information: Login credentials, authentication data, and account preferences.
• Communication Data: Information contained in correspondence with us, including support requests and feedback.
• Business Information: Company size, industry, and business requirements shared during sales or onboarding processes.

2.2 Information Collected Automatically

• Device Information: IP address, browser type, operating system, device identifiers.
• Usage Data: Pages visited, features used, time spent on platform, clickstream data.
• Log Data: Server logs, error reports, and diagnostic information.
• Cookies and Tracking: Information collected through cookies and similar technologies (see our Cookie Policy).

2.3 Data Processed on Behalf of Clients

As a data processor, we process transaction data, behavioral data, and other information provided by our enterprise clients for fraud detection and risk analysis purposes. This processing is governed by our data processing agreements with clients and is subject to strict confidentiality and security measures.

3. How We Use Your Information

We use collected information for the following purposes:

• Service Delivery: Providing, maintaining, and improving our fraud detection and risk management services.
• Communication: Responding to inquiries, providing customer support, and sending service-related notifications.
• Security: Protecting against unauthorized access, fraud, and other security threats to our platform and users.
• Analytics: Understanding usage patterns to improve our services and user experience.
• Compliance: Meeting legal obligations, regulatory requirements, and enforcing our terms of service.
• Marketing: With your consent, sending information about products, services, and industry insights.
• Research: Developing new features, conducting research, and improving our machine learning models (using anonymized/aggregated data only).

4. Legal Basis for Processing (GDPR)

For individuals in the European Economic Area (EEA), we process personal data based on:

• Contract Performance: Processing necessary to fulfill our contractual obligations.
• Legitimate Interests: Processing for our legitimate business interests, such as improving services and preventing fraud.
• Legal Obligations: Processing required to comply with applicable laws.
• Consent: Processing based on your explicit consent, which can be withdrawn at any time.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

• Service Providers: Third-party vendors who assist in operating our platform (hosting, analytics, customer support), bound by confidentiality agreements.
• Business Partners: With your consent, partners offering complementary services.
• Legal Requirements: When required by law, court order, or government request.
• Business Transfers: In connection with mergers, acquisitions, or asset sales, with appropriate safeguards.
• Protection of Rights: To protect our rights, privacy, safety, or property, and that of our users.

6. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law. Retention periods vary based on:

• Type of data and purpose of processing
• Contractual obligations with clients
• Legal and regulatory requirements
• Statute of limitations for potential claims

Client transaction data processed for fraud detection is retained according to individual client agreements and applicable financial regulations.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

7.1 GDPR Rights (EEA Residents)

• Access: Request a copy of your personal data.
• Rectification: Correct inaccurate or incomplete data.
• Erasure: Request deletion of your data ("right to be forgotten").
• Restriction: Limit how we process your data.
• Portability: Receive your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests.
• Withdraw Consent: Withdraw previously given consent.

7.2 CCPA Rights (California Residents)

• Know: Request information about data collection and sharing practices.
• Delete: Request deletion of your personal information.
• Opt-Out: Opt out of the sale of personal information (we do not sell personal data).
• Non-Discrimination: Exercise rights without discriminatory treatment.

To exercise your rights, please contact us at privacy@vyndarix.com. We will respond within the timeframes required by applicable law.

8. International Data Transfers

We may transfer personal data to countries outside your jurisdiction. When transferring data internationally, we implement appropriate safeguards including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements with appropriate security measures
• Compliance with applicable data transfer mechanisms

9. Data Security

We implement comprehensive technical and organizational security measures to protect your data, including:

• Encryption of data in transit (TLS 1.3) and at rest (AES-256)
• Multi-factor authentication and role-based access controls
• Regular security assessments and penetration testing
• SOC 2 Type II certified infrastructure
• 24/7 security monitoring and incident response
• Employee security training and background checks

For more details, see our Security page.

10. Children's Privacy

Our services are designed for business use and are not directed at individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected personal data from a child, we will take steps to delete that information promptly.

11. Third-Party Links

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated policy on our website with a new "Last Updated" date. For significant changes, we may provide additional notice via email or platform notification.