Privacy Policy

We collect information you provide directly when you contact us, request a quote, or use our client portal: - Contact information: Name, email address, phone number, company name - Account information: For client portal users, we store your login email and profile details - Project data: Information about your project requirements, files, and communications - Usage data: Pages visited, time spent, and interactions with our website (anonymised via analytics) - Payment data: We do not store card details — all payments are processed by Dodo Payments or Razorpay

We use collected information to: - Respond to your enquiries and provide requested services - Manage your client account and project communications - Send project updates, invoices, and renewal reminders - Improve our website and services based on usage patterns - Send marketing communications (only with your consent, and you can unsubscribe at any time) - Comply with legal obligations

We do not sell your personal data. We share data only with: - Service providers: Brevo (email), Dodo Payments (billing), AWS/Cloudflare R2 (file storage), OpenAI (AI features — anonymised data only) - Legal compliance: When required by law or to protect our rights - Business transfers: In the event of a merger or acquisition, with appropriate notice

Our website uses essential cookies for functionality and optional analytics cookies (Google Analytics / Plausible) to understand how visitors use our site. You can disable analytics cookies via your browser settings or a cookie consent manager. Essential cookies cannot be disabled without affecting site functionality.

We implement industry-standard security measures: - HTTPS encryption for all data transmission - PostgreSQL database with encrypted connections - JWT-based authentication with short-lived tokens - Brevo/SIB email with DKIM/SPF to prevent spoofing - Regular security audits and dependency updates No system is 100% secure. Please use a strong, unique password for your client account.

We retain your data for as long as needed to provide our services: - Client accounts: Retained for the duration of the relationship + 3 years - Project files: Retained for 2 years post-project completion unless you request earlier deletion - Invoice records: Retained for 7 years as required by Indian tax law (GST) - Marketing data: Retained until you unsubscribe or request deletion

Under applicable data protection law, you have the right to: - Access the personal data we hold about you - Correct inaccurate data - Delete your data (where not required for legal/contractual reasons) - Port your data to another provider - Withdraw consent for marketing communications at any time To exercise these rights, email: sales@xigmapro.com

For privacy-related queries, data requests, or to report a concern: - Email: sales@xigmapro.com - Postal: Xigmapro Technologies, Kolkata, West Bengal, India — 700001 We aim to respond to all privacy requests within 30 days.