Privacy Policy

Welcome to Paxoona ("we," "our," or "us"). This Privacy Policy explains how we collect, use, store, protect, and share information about you when you visit or interact with our website at https://paxoona.com (the "Website") and the services, features, and content we offer (collectively, the "Services").

We are a Portfolio / Agency based in Kolkata, West Bengal, India, and this policy applies to all visitors, users, and clients who engage with our Website or contact us directly.

By accessing or using our Website, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of the Website immediately.

For the purposes of this Privacy Policy, the following definitions apply:

• Personal Data: Any information that relates to an identified or identifiable natural person, including but not limited to names, email addresses, IP addresses, or device identifiers.
• Processing: Any operation performed on personal data, including collection, storage, use, modification, transmission, or deletion.
• Data Controller: The entity (Paxoona) that determines the purposes and means of processing personal data.
• Data Processor: A third party that processes personal data on behalf of the Data Controller.
• Cookies: Small text files placed on your device by websites to store information about your session, preferences, or tracking data.
• Consent: A freely given, specific, informed, and unambiguous indication of the data subject's agreement to the processing of their personal data.
• Third Party: Any entity other than the user and Paxoona that may be involved in providing services connected with the Website.
• GDPR: The General Data Protection Regulation (EU) 2016/679.
• CCPA: The California Consumer Privacy Act of 2018.
• IT Act: The Information Technology Act, 2000 (India) and the Information Technology (Amendment) Act, 2008.
• DPDP Act: The Digital Personal Data Protection Act, 2023 (India).

We collect different types of information depending on how you interact with our Website. The categories below detail what may be collected:

A. Information You Provide Directly

• Contact Information: Your name, email address, phone number, and any message content when you submit our contact form or reach out to us.
• Newsletter/Email Subscription: Your email address and any preferences when you subscribe to our email communications.
• Comment Data: Your name, email address, website URL (if provided), and the content of comments you post in our comments sections.
• Business Enquiry Details: Project briefs, budget information, company name, and role, when you submit a client enquiry.

B. Information Collected Automatically

• IP Address: Your Internet Protocol address, which may indicate your approximate geographic location.
• Device & Browser Data: Browser type and version, operating system, screen resolution, device type (mobile, desktop, tablet), and browser language.
• Usage Data: Pages visited, time spent on pages, clicks, scroll depth, referring URLs, exit pages, and navigation paths within the Website.
• Session Data: Session duration, time of visit, and frequency of visits.
• Cookie Identifiers: Unique identifiers stored via cookies or similar technologies for analytics and personalisation.

C. Information from Third-Party Tools

• Google Analytics Data: Aggregated behavioural and demographic data processed via Google Analytics (see Section 8).
• Email Platform Data: Open rates, click rates, unsubscribe events, and delivery status from our newsletter platform.
• AI Tool Interaction Data: Inputs or queries submitted to any AI-powered tools or features on our Website (see Section 13).

We collect information through a variety of means, as described below:

• Directly from You: When you fill out our contact form, subscribe to our newsletter, post a comment, or send us an email.
• Automatically via Technology: Through cookies, web beacons, pixel tags, and JavaScript tracking scripts embedded in our Website pages.
• Through Third-Party Services: Tools such as Google Analytics, Google Tag Manager, and our email marketing platform may collect data independently and share aggregated or anonymised reports with us.
• From Your Browser: Standard HTTP request headers sent automatically by your browser when you access any web page.
• Through AI Tools: If you interact with any AI-powered feature on our site, the content of your interaction may be temporarily processed by third-party AI service providers.

We collect and process your personal data only for specific, legitimate purposes:

• To Respond to Enquiries: To reply to messages submitted through our contact form or via email, and to provide project quotations or consultations.
• To Send Email Communications: To send newsletters, updates, and promotional content to subscribers who have opted in.
• To Analyse Website Performance: To understand how visitors navigate our site, identify popular content, and improve the user experience.
• To Manage Comments: To display, moderate, and manage user comments on the Website.
• To Ensure Website Security: To detect and prevent fraudulent activity, spam, and security threats.
• To Comply with Legal Obligations: To fulfill duties under applicable Indian, EU, or other international data protection laws.
• To Improve Our Services: To analyse trends in Website usage and make data-driven improvements to our portfolio and agency services.
• For AI Tool Functionality: To process inputs you provide to any AI-powered features to generate relevant responses or outputs.

Where applicable under the GDPR or India's DPDP Act 2023, we rely on the following legal bases for processing your personal data:

• Consent (Article 6(1)(a) GDPR / DPDP): You have given clear consent for us to process your data for a specific purpose — for example, subscribing to our newsletter or accepting cookies.
• Legitimate Interests (Article 6(1)(f) GDPR): We have a legitimate interest in understanding how our Website is used and in improving our services, provided this does not override your rights and freedoms.
• Contractual Necessity (Article 6(1)(b) GDPR): Processing your contact information to respond to your service enquiry is necessary to take steps prior to entering a contract.
• Legal Obligation (Article 6(1)(c) GDPR): We may be required to process data to comply with a legal obligation under Indian law or other applicable regulations.

For users in California (USA), our processing is governed additionally by the CCPA. See Section 16 for your specific rights under CCPA.

Our Website uses cookies and similar tracking technologies to enhance your browsing experience, analyse site traffic, and understand user behaviour.

What Are Cookies?

Cookies are small text files stored on your device (computer, tablet, or mobile) by your web browser when you visit a website. They allow the website to remember your actions and preferences over time.

Types of Cookies We Use

• Strictly Necessary Cookies: Essential for the Website to function correctly. These cannot be disabled as they do not collect personal information.
• Analytics Cookies: Set by Google Analytics to collect anonymous data about how users interact with our Website (e.g., pages visited, session duration).
• Preference Cookies: Remember your settings and preferences to enhance your experience on return visits.
• Marketing/Tracking Cookies: Used by third-party tools to understand campaign performance, if applicable.

Managing Cookies

You can control or delete cookies through your browser settings. Most browsers allow you to block or delete cookies; however, disabling certain cookies may affect your ability to use some features of our Website. You can also opt out of Google Analytics cookies using the Google Analytics Opt-Out Browser Add-On.

We use analytics tools to understand Website traffic, user behaviour, and content performance. This data is used solely to improve our Website and services.

Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC ("Google"). Google Analytics uses cookies to help us analyse how users use the Website. The information generated by the cookie about your use of the Website (including your IP address) will be transmitted to and stored by Google on servers in the United States.

We have enabled IP anonymisation in Google Analytics, meaning Google will truncate your IP address before storing it. Google will use this information to evaluate your use of the Website, compile reports on Website activity, and provide other services relating to Website activity and internet usage.

Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google.

For more information on how Google processes data, please refer to Google's Privacy Policy at https://policies.google.com/privacy.

Google Tag Manager

We may use Google Tag Manager to manage tracking tags on our Website. Google Tag Manager itself does not collect personal data but facilitates the firing of other tags which may collect data.

Our Website may use various Google services. Each service is governed by Google's own privacy policies and terms:

Google Analytics

As described in Section 8, we use Google Analytics for website usage analysis. Data is anonymised before processing.

Google Fonts

Our Website may load fonts from Google Fonts, which causes your browser to make a request to Google's servers. This may result in your IP address being processed by Google. Where possible, we self-host fonts to minimise this.

reCAPTCHA

We may use Google reCAPTCHA on forms to protect against spam and automated abuse. reCAPTCHA collects hardware and software information, such as device and application data, and sends it to Google for analysis. This data collection is necessary to provide the anti-spam service. Your use of reCAPTCHA is subject to Google's Privacy Policy and Terms of Use.

YouTube Embeds

Our Website may embed YouTube videos. When you interact with an embedded YouTube video, YouTube (owned by Google) may collect data including your IP address and cookie data. We use YouTube's privacy-enhanced embed mode where possible to limit data collection prior to playback.

We offer visitors the opportunity to subscribe to our newsletter or email list. By subscribing, you consent to receiving periodic emails from Paxoona regarding our services, projects, industry insights, and updates.

What We Collect

• Your email address (required)
• Your name (if provided)
• Subscription date and source
• Email engagement data: open rates, click-through rates, bounce status, and unsubscribe events

How We Use It

• To send you newsletters, service updates, and relevant content
• To segment our email list for more relevant communications
• To monitor delivery performance and compliance

Opting Out

Every marketing email we send contains a clear and functional Unsubscribe link. You may unsubscribe at any time, and your data will be removed from our active mailing list within a reasonable timeframe (typically within 10 business days). We may retain your email address on a suppression list to ensure we do not inadvertently re-add you.

Third-Party Email Platform

We use a third-party email service provider to manage and send our newsletters. This provider may process your email address and engagement data on our behalf as a data processor, subject to a data processing agreement. We do not sell or share your email data with unrelated third parties for their own marketing purposes.

Our Website includes one or more contact forms that allow you to reach out to us for project enquiries, general questions, or collaboration requests.

Data Collected via Contact Forms

• Full name
• Email address
• Phone number (if provided)
• Subject and message body
• Any additional information you voluntarily include in your message
• Timestamp and IP address (for spam prevention)

How We Use This Data

• To respond to your enquiry in a timely and relevant manner
• To maintain a record of client or prospective client communications
• To improve our services based on the nature of enquiries received

We do not use contact form submissions for unsolicited marketing purposes unless you have separately opted into our newsletter. Contact form data is stored securely and not shared with third parties except where required for communication or legal purposes.

Certain pages on our Website may allow visitors to post comments. When you submit a comment, we collect the following information:

• Your name (display name as provided)
• Email address (not publicly displayed)
• Website URL (optional)
• Comment content
• IP address and browser user agent (for spam detection)
• Timestamp of submission

Comment Moderation

All comments are subject to moderation before publication. We reserve the right to remove comments that are abusive, spammy, defamatory, or otherwise violate our community standards. We use spam detection tools (such as Akismet, if applicable) that may transmit your comment data to their servers for analysis.

Gravatar

If you use a Gravatar-linked email address, your profile image may be fetched from the Gravatar service. Gravatar's privacy policy applies to that data.

Paxoona may use or integrate artificial intelligence (AI) tools and automated systems in connection with our Website or our service delivery. This section explains how AI is used and what it means for your data.

AI Features on the Website

Where our Website incorporates AI-powered features (such as chatbots, automated response tools, recommendation engines, or content generation assistants), any inputs, queries, or text you submit through such features may be processed by third-party AI service providers (such as OpenAI, Anthropic, Google Gemini, or similar) on our behalf.

Data Handling

• Inputs submitted to AI tools may be transmitted to third-party AI API providers for processing.
• We do not intentionally collect sensitive personal data through AI tools.
• Conversations may be logged for quality assurance, moderation, or debugging purposes and are subject to the data retention practices described in Section 14.
• AI-generated outputs are produced automatically and should not be treated as professional legal, financial, or medical advice.

Internal Use of AI

Our team may also use AI tools internally (for drafting content, generating designs, or analysing data). In such cases, we take care not to input personally identifiable information from clients or users into third-party AI systems without appropriate safeguards.

We store personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law.

Retention Periods

• Contact Form Submissions: Retained for up to 2 years from the date of last interaction, unless the enquiry leads to a business relationship in which case records may be retained for up to 7 years for legal and accounting purposes.
• Newsletter Subscriber Data: Retained while you are an active subscriber. If you unsubscribe, your email is retained on a suppression list for compliance purposes.
• Comment Data: Retained indefinitely unless a deletion request is made and actioned.
• Analytics Data: Google Analytics data is retained per your Google Analytics account settings (typically 14 or 26 months).
• Log Files: Server access logs are typically retained for 30–90 days for security monitoring.

Storage Location

Data may be stored on servers located in India or internationally, depending on the tools and hosting providers we use. Where data is transferred outside India, we ensure adequate safeguards are in place (see Section 17).

Deletion

When data is no longer required, we delete or anonymise it securely. You may also request deletion of your personal data at any time (see Section 16).

We take the security of your personal data seriously and implement a range of technical and organisational measures to protect it from unauthorised access, disclosure, alteration, or destruction.

Measures We Implement

• SSL/TLS encryption for all data transmitted between your browser and our Website (HTTPS)
• Regular software updates and security patches for Website infrastructure
• Access controls limiting who within our team can access personal data
• Use of reputable, security-certified third-party service providers
• Periodic security reviews and vulnerability assessments
• Spam and bot protection via reCAPTCHA or similar tools on forms

Depending on your location, you may have various rights regarding your personal data. We are committed to upholding these rights in accordance with applicable law.

GDPR Rights (EU/EEA Residents)

If you are located in the European Union or European Economic Area, you have the rights listed above under the General Data Protection Regulation (GDPR). You also have the right to lodge a complaint with your local data protection supervisory authority.

CCPA Rights (California Residents)

If you are a California resident, you have the right to know what personal information is collected, the right to delete personal information, the right to opt-out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising your rights.

Rights Under India's DPDP Act 2023

Under the Digital Personal Data Protection Act, 2023 (India), you have the right to access information about your personal data, the right to correction and erasure, the right to grievance redressal, and the right to nominate another individual to exercise rights on your behalf in case of death or incapacity.

How to Exercise Your Rights

To exercise any of the rights above, please contact us at inquiry@paxoona.com with the subject line "Data Rights Request". We will respond within 30 days. We may require verification of your identity before processing certain requests.

Paxoona is based in India. However, some of the third-party tools and service providers we use may store or process your data in other countries, including the United States and European Union member states.

When personal data is transferred internationally, we take steps to ensure that adequate levels of protection are in place, including:

• Using service providers who are certified under recognised frameworks (e.g., EU-US Data Privacy Framework)
• Relying on Standard Contractual Clauses (SCCs) approved by the European Commission where applicable
• Ensuring third-party processors agree to data protection obligations consistent with this policy

By using our Website, you acknowledge that your data may be transferred to and processed in countries outside your country of residence, which may have different data protection laws than your jurisdiction.

Our Website is not directed at children under the age of 13 (or under 16 in certain EU jurisdictions), and we do not knowingly collect personal data from minors.

If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us immediately at inquiry@paxoona.com. We will take prompt steps to delete such information from our records.

If we become aware that we have collected personal data from a child under the applicable age threshold without verified parental consent, we will delete that data without undue delay.

Our Website may use, integrate with, or depend on third-party services. These services have their own privacy policies, and Paxoona is not responsible for their practices.

Current Third-Party Services We May Use

• Google Analytics: Website traffic analysis — Google Privacy Policy
• Google Tag Manager: Tag and script management
• Email Marketing Platform: Newsletter delivery (provider disclosed upon request)
• Web Hosting Provider: Server infrastructure for hosting the Website
• AI API Providers: For AI-powered features (e.g., OpenAI, Anthropic, or similar)
• Spam Detection Services: For comment moderation (e.g., Akismet)
• Font Services: Google Fonts or self-hosted alternatives

We review third-party integrations periodically and enter into data processing agreements where required by law.

Pages on our Website may include embedded content from external sources, such as videos, maps, social posts, or iframes from third-party platforms.

Embedded content from other websites behaves in the exact same way as if you had visited those websites directly. These third-party websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction if you have an account and are logged in to that website.

Examples of Embedded Content

• YouTube: Video embeds may result in Google/YouTube data collection
• Google Maps: Interactive maps may trigger Google data processing
• Portfolio Showcase Platforms: Project previews or client case study links

We aim to use privacy-enhanced embed modes where available (e.g., YouTube's privacy-enhanced mode: youtube-nocookie.com) to minimise data sharing before user interaction.

Our Website may contain links to our social media profiles or pages, including but not limited to LinkedIn, Instagram, Behance, Dribbble, Twitter/X, Facebook, or similar platforms.

Clicking on social media icons or links will redirect you to those platforms. Any data you share with those platforms, or any data those platforms collect about your visit from our Website, is governed by their respective privacy policies and is outside our control.

We do not embed active social media "share" buttons that transmit data to social networks without your interaction. Where such buttons exist, they are loaded only upon your explicit click or consent.

Our Website may contain links to third-party websites, blogs, resources, or partner pages. These links are provided for your convenience and informational purposes only.

Paxoona has no control over the content, privacy practices, or data handling of external websites. The inclusion of any link does not imply endorsement of the linked website by Paxoona. We strongly encourage you to review the privacy policy of every external website you visit.

We are not responsible for any data collection, loss, or harm arising from your use of third-party websites accessed through links on our Website.

While we take extensive steps to protect your data, users also have responsibilities when interacting with our Website:

• Do not submit false, misleading, or third-party personal information through our forms.
• Do not upload or transmit content that contains personal data of other individuals without their explicit consent.
• Do not attempt to circumvent, hack, or interfere with the security of our Website or data systems.
• Do not post comments that contain personally identifiable information of others without consent.
• Ensure that any information you provide to us is accurate and up to date.
• Promptly notify us if you suspect unauthorised use of your data or any security breach related to your interactions with our Website.

In the unlikely event of a personal data breach — meaning a security incident leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data — we will act promptly in accordance with our obligations under applicable law.

Our Response Process

1. Detection and Containment: We will identify and contain the breach as quickly as possible, preventing further unauthorised access.
2. Assessment: We will assess the nature, scope, and potential impact of the breach on affected individuals.
3. Notification to Authorities: Where required by law (e.g., within 72 hours under GDPR, or as per the DPDP Act 2023), we will notify the relevant data protection authority.
4. Notification to Affected Users: If the breach is likely to result in a high risk to your rights and freedoms, we will notify you directly without undue delay through email or a prominent notice on our Website.
5. Remediation: We will take steps to prevent recurrence, including patching vulnerabilities and reviewing security practices.

If you suspect a data breach or have received suspicious communications purportedly from Paxoona, please contact us immediately at inquiry@paxoona.com.

In the event that Paxoona undergoes a business restructuring, merger, acquisition, sale of assets, or similar transaction, your personal data may be transferred as part of the transaction to the acquiring entity or successor organisation.

In such circumstances, we will:

• Take reasonable steps to ensure the new entity honours the commitments made in this Privacy Policy.
• Notify you via email or a prominent notice on our Website before your personal data becomes subject to a materially different privacy policy.
• Provide you with the opportunity to opt out of the transfer where legally required.

You acknowledge that such transfers may occur and that any acquirer of Paxoona may continue to use your personal data as set forth in this policy.

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, legal obligations, or operational needs. All changes will become effective upon publication of the revised policy on this page.

How We Notify You

• Minor Changes: We will update the "Effective Date" at the top of this policy.
• Material Changes: We will notify active newsletter subscribers by email and/or display a prominent notice on the Website.

We encourage you to review this Privacy Policy periodically. Your continued use of our Website after any changes constitutes your acceptance of the updated policy. If you do not agree with the revised policy, you should stop using our Website and contact us to request deletion of your data.

This Privacy Policy is governed by and shall be construed in accordance with the laws of India, including the Information Technology Act, 2000 (and its amendments), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023.

Any dispute arising out of or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts located in Kolkata, West Bengal, India.

For users located in the European Union or European Economic Area, nothing in this clause limits your right to bring a complaint before your local data protection supervisory authority. For California residents, nothing herein limits rights conferred under the CCPA.

If you have any questions, concerns, requests, or complaints regarding this Privacy Policy or how we handle your personal data, please do not hesitate to contact us:

We aim to respond to all data-related requests within 30 calendar days. For complex requests, we may extend this period by a further 60 days and will notify you accordingly.

If you are unsatisfied with our response to your complaint, and you are located in the European Union, you have the right to lodge a complaint with your national data protection supervisory authority.