1. Introduction

Buzytech IT Solutions Pvt. Ltd. ("Company," "we," "us," or "our"), the developer and operator of FoxSuite.ai (the "Platform"), is committed to protecting the privacy and security of the personal data entrusted to us by our users, clients, and business partners. This Privacy Policy explains how we collect, use, process, disclose, store, and protect information in connection with your use of the FoxSuite.ai platform and all its associated products and services.

FoxSuite.ai is an integrated business software platform designed exclusively for business-to-business (B2B) use, serving small and medium-sized businesses (SMBs), startups, and enterprise clients. The Platform is not directed at consumers or individuals acting in a personal capacity, and is not intended for use by persons under the age of 18.

This Privacy Policy applies to all products under the FoxSuite.ai umbrella, including: Fox Sites, Fox Meetings, Fox AI NoteTaker, Fox Forms, Fox CRM, Fox Tracking (including AI-powered attendance and video analytics), Fox Bookings, Fox AI Agents, and Fox Desk.

By accessing or using the Platform, you acknowledge that you have read, understood, and agree to the collection and use of information as described in this Privacy Policy. If you do not agree, please discontinue use of the Platform immediately.

2. Who We Are — Data Controller Identity

For the purposes of applicable data protection laws — including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), India's Digital Personal Data Protection Act 2023 (DPDP Act), and other relevant regulations — the data controller is:

Legal Entity: Buzytech IT Solutions Pvt. Ltd.
Platform: FoxSuite.ai
Privacy Contact: hello@foxsuite.ai
Address: B123, 12th Floor, Block B, ATS Bouquet, Sector 132, Noida, Uttar Pradesh, India - 201304

Where FoxSuite.ai processes personal data on behalf of a business client (e.g., data entered into Fox CRM by a client's team), we act as a data processor and the client acts as the data controller. In such cases, the client's own privacy policy and data governance obligations apply to their end-customers.

3. Key Definitions

For the purposes of this Policy, the following terms shall have the meanings set out below:

"Personal Data" / "Personal Information" means any information that identifies or can reasonably be used to identify a natural person, directly or indirectly.
"Platform" means the FoxSuite.ai software-as-a-service platform and all its products, modules, APIs, and associated services operated by Buzytech IT Solutions Pvt. Ltd.
"User" means any employee, contractor, representative, or authorized agent of a business entity that has registered for or uses the Platform.
"Client" / "Customer" means the business entity (company, firm, organization) that subscribes to and pays for access to the Platform.
"Processing" means any operation or set of operations performed on Personal Data, including collection, recording, organization, storage, retrieval, use, disclosure, or deletion.
"Biometric Data" means personal data resulting from specific technical processing relating to the physical, physiological, or behavioral characteristics of a natural person, such as facial recognition data generated via Fox Tracking's AI Attendance module.
"Sensitive Personal Data" means personal data that, by its nature, is particularly sensitive and warrants heightened protection — including biometric data, health information, and financial information.
"Sub-Processor" means a third-party service provider engaged by us to process Personal Data on our behalf and under our instruction.
"Beta" means the current Phase 1.0 pre-general-availability release of the Platform, subject to active development and change.

4. Information We Collect

4.1 Information You Provide Directly

When you register for FoxSuite.ai or use its products, you provide us with information that may include:

Business account registration data: company name, business email address, phone number, designation, and billing address.
Profile information: name, profile photo, and role within your organization.
Billing and payment information: credit/debit card details, billing address, and payment method — processed and stored securely by our third-party payment processors (e.g., Stripe, Razorpay). We do not store full card numbers on our servers.
Communications: messages, support tickets, feedback, survey responses, and other content you submit to us.
Fox Forms data: any information collected through forms created and deployed by our clients using the Fox Forms product. The nature of this data depends on the fields defined by the client.
Fox Bookings data: appointment details, attendee information, and scheduling preferences.
Fox CRM data: customer names, email addresses, phone numbers, company details, deal information, notes, and interaction history. All personally identifiable information (PII) stored in Fox CRM is encrypted at rest using industry-standard encryption.

4.2 Information Collected Automatically

When you use the Platform, we automatically collect certain technical and usage information:

Log data: IP address, browser type and version, operating system, referring URLs, pages visited, and timestamps.
Device information: device type, unique device identifiers, and mobile network information.
Usage data: features accessed, time spent on modules, click-stream data, and interaction patterns with the Platform.
Location data (approximate): derived from IP address for security and analytics purposes. Fox Tracking may collect more precise location data when integrated with Google services, subject to your consent.
Cookies and tracking technologies: as detailed in Section 8 of this Policy.

4.3 Information from Fox Meetings and Fox AI NoteTaker

Fox Meetings facilitates virtual meetings and video conferences. Fox AI NoteTaker provides AI-powered transcription, summarization, and note-taking capabilities during meetings.

IMPORTANT NOTICE ON AUDIO AND VIDEO PROCESSING

We do not store any raw audio recordings or video recordings of your meetings on our servers or databases. Audio and video streams are processed in real-time exclusively through authorized third-party AI application programming interfaces (APIs). These third-party providers process the audio/video data under their own privacy policies and our data processing agreements with them. Transcripts and AI-generated summaries (not raw media files) may be stored within your FoxSuite.ai account for your reference. Participants in meetings processed through Fox AI NoteTaker should be notified and should consent to AI-powered transcription as required under applicable law.

4.4 Biometric Data — Fox Tracking (AI Attendance & Video Analytics)

Fox Tracking includes advanced attendance management and video analytics features powered by facial recognition technology. This module uses AWS Rekognition, a cloud-based computer vision service provided by Amazon Web Services, to perform face detection and recognition for attendance marking and workforce analytics purposes.

IMPORTANT BIOMETRIC DATA NOTICE

The collection, processing, and use of biometric data (including facial recognition data) is subject to heightened legal protections in multiple jurisdictions, including the Illinois Biometric Information Privacy Act (BIPA), the GDPR (as "special category data"), and India's DPDP Act.

When you deploy the Fox Tracking Biometric Attendance module:

Explicit written consent must be obtained from each individual whose biometric data is captured, prior to enrollment. Our platform provides consent management tooling for this purpose.
Facial images and biometric templates are transmitted to and processed by AWS Rekognition under our data processing agreement with Amazon Web Services. Facial templates generated by AWS Rekognition may be stored by AWS subject to their data retention terms.
Clients deploying this feature are responsible for ensuring they have a lawful basis and the necessary consents to process biometric data in their respective jurisdictions, and for providing required notices to their employees and visitors.
Biometric data must not be used for purposes other than attendance management and video analytics as configured by the Client.
Clients must maintain a publicly accessible biometric data retention policy and destruction schedule in compliance with applicable local laws.

Buzytech IT Solutions Pvt. Ltd. acts as a data processor for biometric data collected via Fox Tracking. The Client is the data controller and bears primary responsibility for lawful processing.

4.5 Information from Third-Party Integrations

When you connect FoxSuite.ai with third-party services (such as Google Calendar, Microsoft Outlook, Slack, Zoom, Zapier, HubSpot, or others), we may receive data from those services as authorized by you. The scope of data received depends on the permissions you grant during the integration setup.

5. How We Use Your Information

We use the information we collect for the following purposes:

5.1 To Provide and Operate the Platform

Creating and managing user accounts and organizational workspaces.
Delivering the features and functionalities of all FoxSuite.ai products.
Processing payments and managing subscription billing.
Facilitating AI-powered features including meeting transcription, note-taking, CRM automation, and AI agent workflows.
Storing and organizing data entered by users across all Platform modules.

5.2 To Improve and Develop the Platform

Analyzing usage patterns and feature engagement to improve product design and performance (Beta Phase 1.0 feedback is especially important to us).
Conducting internal research and analytics to understand how our products serve our customers' needs.
Identifying and resolving technical issues, bugs, and vulnerabilities.
Training and refining internal AI models and workflows, using aggregated and/or anonymized data where possible.

5.3 To Communicate with You

Sending transactional communications including account confirmations, payment receipts, and service alerts.
Providing customer support and responding to inquiries.
Sending product updates, feature announcements, and release notes relevant to your subscription.
Sending marketing communications (subject to your opt-in consent where required by law).

5.4 For Security and Compliance

Detecting, preventing, and responding to fraud, unauthorized access, and other security threats.
Verifying user identity and enforcing access controls.
Complying with applicable legal obligations, court orders, and regulatory requirements.
Enforcing our Terms of Use and other Platform policies.

5.5 For Analytics and Business Intelligence

Using Google Analytics, Hotjar, and Microsoft Clarity to understand platform usage, user behavior flows, and performance metrics. These tools may collect data through cookies, session recordings, and heatmaps. See Section 8 for details.

6. Legal Bases for Processing Personal Data (GDPR / UK GDPR)

For users in the European Union (EU) and United Kingdom (UK), we process personal data only where we have a lawful basis to do so. The legal bases we rely on include:

Contractual Necessity (Article 6(1)(b) GDPR): Processing necessary to perform our contract with you — i.e., to deliver the FoxSuite.ai services you have subscribed to.
Legitimate Interests (Article 6(1)(f) GDPR): Processing necessary for our legitimate business interests, such as fraud prevention, improving our Platform, and direct marketing to existing clients, provided these interests are not overridden by your rights and interests.
Legal Obligation (Article 6(1)(c) GDPR): Processing necessary to comply with our legal obligations (e.g., tax, accounting, regulatory requirements).
Consent (Article 6(1)(a) GDPR): Where we rely on your consent — for example, for marketing communications or biometric data processing — you have the right to withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
Special Category Data (Article 9 GDPR): For biometric data processed via Fox Tracking, we rely on your explicit consent (Article 9(2)(a)) or employment/contractual necessity (Article 9(2)(b)) as applicable. Clients must ensure the appropriate legal basis is in place.

7. Data Sharing and Third-Party Service Providers

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes. We may share your data with third parties only in the following circumstances:

7.1 Authorized Sub-Processors

We engage carefully vetted third-party service providers (sub-processors) to assist in delivering the Platform. These providers process data strictly under our instructions and are bound by data processing agreements. Our key sub-processors include:

Artificial Intelligence Services: We use large language models and AI APIs — including those provided by OpenAI, Anthropic, and Google — to power AI features across Fox AI Agents, Fox AI NoteTaker, Fox Meetings, and other AI-enabled modules. Data submitted to these AI services is processed under our agreements with each provider and their applicable terms. We recommend that users avoid submitting highly sensitive personal data through AI-powered features where not necessary.
Video Analytics and Facial Recognition: AWS Rekognition (Amazon Web Services) is used to provide AI-powered attendance and facial recognition capabilities within Fox Tracking.
Meeting and Audio/Video Processing: We use authorized third-party API providers to process meeting audio and video streams in real time for transcription and analysis. Raw audio and video are not stored by us. The identity of specific sub-processors used for this functionality may change as we evolve the platform; updated lists are available upon request at hello@foxsuite.ai.
Payment Processing: We use third-party payment processors (such as Stripe and/or Razorpay) to process subscription payments. Your financial data is handled directly by these processors and is not stored on our servers.
Analytics Providers: Google LLC (Google Analytics), Hotjar Ltd., and Microsoft (Microsoft Clarity) provide website and product analytics services. See Section 8 for more detail.
Cloud Infrastructure: Our Platform is hosted on cloud infrastructure provided by reputable providers operating under appropriate security certifications.
Customer Support Tools: Third-party helpdesk and communication tools may process your support inquiry data on our behalf.

7.2 Business Clients (Data Controller Relationships)

When FoxSuite.ai is used by a business client to manage their own customers' data (e.g., through Fox CRM or Fox Forms), the client is the data controller for that end-customer data, and we act as their data processor. Clients are responsible for ensuring they have a lawful basis for sharing their customers' data with us.

7.3 Legal Requirements and Safety

We may disclose your information when required to do so by law, legal process, or regulatory authority, or when we believe in good faith that disclosure is necessary to protect our rights, prevent fraud, enforce our agreements, or protect the safety of our users or the public.

7.4 Business Transfers

In the event of a merger, acquisition, sale of assets, or similar corporate transaction, your information may be transferred to the successor entity, subject to the same privacy protections described in this Policy. We will notify you via email and/or prominent in-app notice if a material change in data control occurs.

8. Cookies and Tracking Technologies

8.1 What We Use

FoxSuite.ai uses cookies and similar tracking technologies (including pixels, local storage, and session identifiers) to operate the Platform, understand user behavior, and improve user experience. The analytics tools we currently deploy include:

Google Analytics (Google LLC): Used to measure website and platform traffic, user session behavior, geographic distribution of users, and feature engagement. Google Analytics uses cookies to collect this data and may transfer it to Google's servers in the United States.
Hotjar (Hotjar Ltd.): Used to generate heatmaps, session recordings, and user behavior flow analyses. Hotjar may capture mouse movements, clicks, and form interactions on our Platform.
Microsoft Clarity (Microsoft Corporation): Used to capture session replays and behavioral analytics to understand usability and performance. Microsoft Clarity may collect data about how users interact with the Platform.

8.2 Types of Cookies

Strictly Necessary Cookies: Required for the Platform to function. These cannot be disabled.
Performance / Analytics Cookies: Help us understand how the Platform is used and where improvements can be made. Can be disabled via cookie settings.
Functional Cookies: Enable enhanced functionality such as remembering preferences and language settings.
Targeting / Advertising Cookies: If deployed in the future, these would be used to deliver relevant advertising. We will update this Policy and obtain consent before deploying any such cookies.

8.3 Cookie Management

You can manage your cookie preferences through your browser settings. Most browsers allow you to refuse or delete cookies. However, disabling certain cookies may impair the functionality of the Platform. Our Platform includes a cookie consent banner that allows you to accept or reject non-essential cookies.

For EU/UK users, we obtain consent before deploying non-essential cookies, in accordance with the ePrivacy Directive and GDPR.

9. International Data Transfers

FoxSuite.ai is operated from India and serves clients in India, the United States, the European Union, the United Arab Emirates, and Singapore. As a result, your data may be transferred to and processed in countries outside your home jurisdiction.

When transferring personal data from the EU/EEA to countries not recognized as providing an adequate level of data protection, we rely on appropriate safeguards, including:

Standard Contractual Clauses (SCCs) as approved by the European Commission.
Data Processing Agreements (DPAs) with sub-processors that include binding data protection obligations.
Adequacy decisions where applicable.

When transferring personal data from India, we comply with India's Digital Personal Data Protection Act 2023 (DPDP Act) and any cross-border transfer restrictions applicable thereunder, including restrictions on the transfer of data to countries or territories as notified by the Indian Government.

Our AI sub-processors (OpenAI, Anthropic, Google) and cloud infrastructure providers are primarily based in the United States. Data transferred to these providers is subject to their own privacy policies and our contractual agreements, which include data protection obligations. Users of the Platform should be aware that AI inputs may be transmitted to US-based AI infrastructure.

10. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements. Our data retention guidelines are:

Active Account Data: Retained for the duration of the active subscription and account relationship.
Post-Deletion Retention: Upon account deletion or subscription cancellation, we retain data for a period of 90 (ninety) days before permanent deletion. This grace period exists to allow data recovery in the event of accidental deletion, to fulfill any outstanding contractual obligations, and to comply with applicable legal requirements.
Media and Processed Content: Data stored in our media and content modules (including transcripts generated by Fox AI NoteTaker and reports from Fox Tracking) is retained for the same 90-day post-deletion period.
Biometric Data: Facial recognition templates processed via AWS Rekognition are subject to AWS's own data retention policies and our data processing agreement. Clients should establish their own biometric data retention and destruction schedules as required by local laws.
Financial and Billing Records: Retained for a minimum of 7 (seven) years as required by Indian tax and accounting regulations, and for such longer periods as may be required by applicable laws in other jurisdictions.
Legal Hold: Where data is subject to a legal hold, litigation, investigation, or regulatory proceeding, we may retain it for longer than standard retention periods.

Upon expiry of the retention period, data is permanently deleted or anonymized using technically sound methods. Anonymized/aggregated data that cannot reasonably be re-identified may be retained indefinitely for analytical and statistical purposes.

11. Data Security

We implement a comprehensive set of technical, organizational, and administrative security measures designed to protect your personal data from unauthorized access, disclosure, alteration, or destruction. Key measures include:

Encryption at Rest: Personally identifiable information (PII) stored in Fox CRM and other sensitive data stores is encrypted at rest using AES-256 or equivalent industry-standard encryption.
Encryption in Transit: All data transmitted between your browser/app and our servers is protected by TLS 1.2 or higher (HTTPS).
Access Controls: Role-based access controls (RBAC) limit data access to authorized personnel on a need-to-know basis. Multi-factor authentication (MFA) is available and recommended for all accounts.
Security Monitoring: We employ logging, monitoring, and alerting tools to detect and respond to security incidents.
Vulnerability Management: We conduct regular security assessments and act promptly on identified vulnerabilities. As a Beta platform, security is an ongoing priority.
Third-Party Security: Our sub-processors are contractually required to maintain appropriate security standards commensurate with the sensitivity of data they process.

IMPORTANT

While we take data security seriously and implement industry-standard safeguards, no system is entirely immune from security risks. We cannot guarantee absolute security. In the event of a personal data breach, we will notify affected parties and relevant authorities within the timeframes required by applicable law (e.g., 72 hours under GDPR; as prescribed under India's DPDP Act).

12. Your Data Rights

Depending on your location and the applicable data protection law, you may have the following rights with respect to your personal data. You can exercise these rights by contacting us at hello@foxsuite.ai.

12.1 India DPDPA 2023 Compliance

Right to Access Information (Section 11): Full explanation of what you can request: summary of data held, categories, purposes, legal basis, and identity of every third party your data was shared with. Includes response timelines, verification process, and grounds for partial decline.
Right to Correction, Completion & Updating (Section 12a): Separately defines all three sub-rights — correction (wrong data), completion (incomplete data), updating (outdated data) — with real examples like CRM fields, account profiles. Covers downstream notification to processors who received the old data.
Right to Erasure (Section 12b): Lists all five specific circumstances that trigger the right, explains the 90-day post-deletion window, covers downstream deletion obligations, and enumerates exact legal exceptions (Income Tax Act, Companies Act 7-year retention, ongoing legal proceedings, fraud prevention).
Right to Grievance Redressal (Section 13): 4-step escalation ladder: Submit → 48hr Acknowledgement → 30-day Resolution → Data Protection Board of India. Describes the Board's powers including penalties up to INR 250 Crore.
Right to Nominate (Section 14): Covers who can be nominated, how to submit a nomination, nominee's scope of authority, revocation, and identity verification process.
Quick Reference Table: A formatted table mapping all 5 rights to: email address, response time, and exact subject line to use — ready for users to act on immediately.
Escalation to the Data Protection Board of India: Full description of the Board's adjudicatory powers, complaint process, and penalty authority — with a note to update once the Board's portal is live.

12.2 Rights Under GDPR (EU/UK Users)

Right of Access: Request a copy of the personal data we hold about you.
Right to Rectification: Request correction of inaccurate or incomplete personal data.
Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data, subject to certain legal exceptions.
Right to Restriction of Processing: Request that we limit how we use your data in certain circumstances.
Right to Data Portability: Receive a copy of your data in a structured, machine-readable format.
Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
Rights in Automated Decision-Making: Not be subject to solely automated decisions that produce significant legal effects, except where permitted by law.
Right to Lodge a Complaint: Lodge a complaint with your local data protection supervisory authority (e.g., your EU Member State's DPA or the UK ICO).

12.3 Rights Under CCPA (California Users)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

Right to Know: The categories and specific pieces of personal information collected about you, the purposes of collection, and the categories of third parties with whom it is shared.
Right to Delete: Request deletion of personal information we have collected, subject to exceptions.
Right to Correct: Request correction of inaccurate personal information.
Right to Opt-Out of Sale or Sharing: We do not sell or share personal information for cross-context behavioral advertising. If this changes, we will provide a "Do Not Sell or Share My Personal Information" mechanism.
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To submit a CCPA request, contact us at hello@foxsuite.ai with the subject line "CCPA Rights Request." We will respond within 45 days of receipt.

12.4 Rights Under India's DPDP Act 2023

Indian Data Principals (individuals whose personal data is processed) have the following rights under the Digital Personal Data Protection Act 2023:

Right to Access Information: Access a summary of personal data being processed and the identities of data fiduciaries with whom data is shared.
Right to Correction and Erasure: Request correction, completion, updating, or erasure of personal data where no legal obligation requires retention.
Right to Grievance Redressal: Lodge a complaint with us; if not resolved to your satisfaction, escalate to the Data Protection Board of India.
Right to Nominate: Nominate another individual to exercise your rights in the event of death or incapacity.

13. Children's Privacy

FoxSuite.ai is a business-to-business (B2B) platform intended exclusively for use by companies and their authorized business users. The Platform is not directed at, and we do not knowingly collect personal data from, individuals under the age of 18. If we become aware that personal data of a minor has been submitted to the Platform without appropriate consent, we will take steps to delete such information promptly. If you believe we have inadvertently collected information from a minor, please notify us immediately at hello@foxsuite.ai.

14. Changes to This Privacy Policy

As FoxSuite.ai is a Beta platform actively evolving through Version 1.0 and beyond, this Privacy Policy will be updated periodically to reflect changes in our products, legal obligations, and data practices. When we make material changes, we will:

Update the "Last Updated" date at the top of this document.
Notify registered users via email to the address on their account.
Display a prominent in-app notification for a reasonable period following the update.

Your continued use of the Platform following notification of changes constitutes your acceptance of the updated Privacy Policy. If you do not agree to the changes, you must discontinue use of the Platform.