FFyxo Connect
Features Pricing Terms Log in
← Back to home

Privacy Policy

Last updated: 2 July 2026

This Privacy Policy explains how Fyxo Spaces Private Limited ("Fyxo", "we", "us", or "our"), the operator of the Fyxo Connect platform (the "Platform"), collects, uses, discloses, and protects information. It is issued in accordance with India's Digital Personal Data Protection Act, 2023 ("DPDP Act") and the requirements of the platforms we integrate with, including Meta Platforms, Inc.

By accessing or using the Platform, you agree to this Policy. If you do not agree, please do not use the Platform.

1. Who this Policy applies to

The Platform is business software. There are two groups of people whose data is involved:

  • Clients — the businesses (and their team members) who sign up for and use Fyxo Connect. For their account data, we act as a Data Fiduciary.
  • End Customers — the customers of our Clients who message our Clients on WhatsApp or Instagram. For this data, we act only as a Data Processor on behalf of our Clients, who remain the Data Fiduciary and are responsible for the lawful basis (including consent) for contacting their customers.

2. Information we collect

2.1 Information Clients give us

  • Account information: name, email address, business name, industry, and password (stored only as a secure cryptographic hash).
  • Business profile: details a Client enters about their business — description, products, hours, FAQs, and policies — used to power replies and automations.
  • Billing information: plan selection and payment records. Card, UPI, and bank details are handled directly by our payment processor (Razorpay) and are not stored on our servers.

2.2 Information we process on a Client's behalf

  • Connected account credentials: access tokens for the Client's own WhatsApp Business Account and Instagram professional account, which the Client authorises through Meta's official login. These tokens are encrypted at rest.
  • Conversation data: messages, comments, and contact details (such as a phone number or Instagram username) exchanged between the Client and their End Customers, delivered to us by Meta via webhooks so we can display and automate them for the Client.
  • Contact lists: customer contacts the Client adds or imports, along with the Client's recorded evidence that those contacts opted in.

2.3 Information collected automatically

  • Technical data: IP address, browser type, device information, and log data, used for security, fraud prevention, and reliability.
  • Usage data: how the Platform is used, to improve the service.

3. Platform Data from Meta

We use data obtained from Meta ("Platform Data") only to provide the service to the Client who owns the connected account. Specifically, Platform Data is used to:

  • receive incoming WhatsApp and Instagram messages and comments and display them to the Client;
  • send the Client's replies, automated responses, and pre-approved template messages through Meta's official APIs;
  • let the Client schedule and publish content to their own Instagram account; and
  • show the Client analytics about their own account.

We do not: sell Platform Data; share it with data brokers; use it for advertising or ad targeting; use it to build profiles for purposes unrelated to the service; or use Platform Data to train machine-learning or AI models. Each Client can access only the data of their own connected accounts.

4. How we use information

  • To provide, operate, and maintain the Platform.
  • To authenticate users and secure accounts.
  • To process payments and manage subscriptions and message credits.
  • To provide customer support and respond to enquiries.
  • To detect, prevent, and address fraud, abuse, and security issues.
  • To comply with legal obligations.

5. AI features

Where a Client enables AI features, the relevant message text and the Client's own business information may be sent to a third-party AI provider (such as OpenAI, Google, or Anthropic) solely to generate a reply or caption for that Client. We use business/enterprise API endpoints and do not permit these providers to use the content to train their models. Clients choose whether to enable AI features.

6. How we share information

We do not sell personal data. We share information only with:

RecipientPurpose
Meta Platforms, Inc.Sending and receiving messages via the WhatsApp Cloud API and Instagram Graph API
RazorpayProcessing subscription and top-up payments
AI providers (OpenAI, Google, Anthropic)Generating AI replies/captions, only when a Client enables them
Cloud hosting & infrastructure providersRunning the Platform securely
Legal / regulatory authoritiesWhere required by law

These providers are bound by their own obligations to protect data and may process it only for the purposes above.

7. International transfers

Some of our service providers (for example, certain AI providers) may process data on servers located outside India. Where this happens, we take steps to ensure the data remains protected consistent with this Policy and applicable law.

8. Data retention and deletion

We retain personal data only for as long as necessary to provide the service and to meet legal, accounting, or reporting requirements. A Client may delete individual contacts or their entire account, and may request deletion of the data we hold on their behalf. When a Client account is deleted, the associated data is deleted or irreversibly anonymised within a reasonable period, except where retention is required by law. End Customers who wish to have their data deleted should contact the Client (the business) they messaged; we will assist that Client in fulfilling such requests.

9. Security

We implement technical and organisational measures appropriate to the risk, including encryption of sensitive credentials at rest, encrypted connections (HTTPS), strict per-Client data isolation, hashed passwords, access controls, and audit logging. No method of transmission or storage is completely secure, but we work continually to protect your information.

10. Your rights under the DPDP Act

Subject to applicable law, you have the right to:

  • access a summary of the personal data we process about you;
  • request correction, completion, or updating of your data;
  • request erasure of your data;
  • nominate another person to exercise your rights in the event of death or incapacity; and
  • raise a grievance with us (see Section 14).

To exercise these rights, contact us at ceo@fyxo.ai. Clients can also exercise many of these controls directly within the Platform.

11. Client responsibilities

Clients are responsible for obtaining valid consent from their End Customers before messaging them, for complying with the WhatsApp Business Messaging Policy, the Instagram Platform Policy, and applicable laws, and for the content they send. The Platform provides tools to record opt-in evidence and honour opt-outs, but the lawful basis for contacting End Customers rests with the Client.

12. Cookies

We use only essential cookies and similar technologies necessary to keep you signed in and to keep the Platform secure and functional. We do not use advertising or cross-site tracking cookies.

13. Children

The Platform is intended for businesses and is not directed to individuals under the age of 18. We do not knowingly collect personal data from children.

14. Grievance Officer & contact

In accordance with the DPDP Act, you may contact our Grievance Officer for any questions, concerns, or complaints about this Policy or how we handle personal data:

Grievance Officer
Fyxo Spaces Private Limited
Email: ceo@fyxo.ai
General enquiries: ceo@fyxo.ai

15. Changes to this Policy

We may update this Policy from time to time. When we do, we will revise the "Last updated" date above and, where appropriate, notify Clients. Continued use of the Platform after changes take effect constitutes acceptance of the updated Policy.

Read our Terms of Service →

© 2026 Fyxo Spaces Private Limited. All rights reserved. Home · Terms