How we handle your data.

1.Overview

Vaultrix Technologies Private Limited ("Vaultrix", "we", "us") operates Vaultrix.ai — a transaction coordination platform for capital market transactions including IPOs, M&A deals, and PE/VC transactions.

This Privacy Policy explains how we collect, use, store, and protect personal data when you use our platform. We are committed to compliance with India's Digital Personal Data Protection Act 2023 (DPDPA).

Deal documents such as DRHP Word files sit in Microsoft OneDrive and are worked on through Vaultrix's Microsoft 365 integration—not as casual file uploads stored on Vaultrix's own computers. Vaultrix separately holds accounts, permissions, deal-room comments (including full comment text), activity history, and coordination records—typically on Amazon Web Services in Mumbai for our standard Indian deployment. Optional AI features may send short excerpts to outside AI suppliers; Section 9 summarises that.

2.What we collect

Account data

• Name, email address, and professional role (e.g., "Lead ECM, Morgan Stanley")
• Firm name and party type (BRLM, Legal Counsel, Auditors, Company, Registrar)
• Microsoft 365 account identity when you sign in with Microsoft

Usage and activity data

• Actions taken within the platform — section sign-offs, workstream updates, compliance submissions, announcements sent and acknowledged
• Timestamps of actions recorded in our permanent activity history
• IP address and general browser information captured when you sign in (where we log it)
• Deal-room comments: comment text, which section they relate to, author identity, resolution status, and timestamps (saved in Vaultrix and synced with Word where you use that option)

Communication data

• Content of announcements sent within the platform
• To-do items and comments you create
• Outlook Sync: email subject lines and timestamps for deal-related emails you choose to sync (not email body content)

What we do not collect

• Master copies of DRHP or Word files as ordinary uploads on Vaultrix-operated servers—we keep working files in Microsoft OneDrive (see Overview), not as ad hoc document storage on our own machines
• Financial data, bank account details, or payment card information
• Unrelated consumer browsing profiles outside what you voluntarily sync (such as Outlook subject rules you configure) or submit through the product

3.How we use your data

We use collected data for the following purposes only:

• Providing the service: Authenticating your account, displaying your deal rooms, enabling coordination between parties
• Audit trail: Keeping a dated activity history for accountability (routine product use does not rewrite past entries)
• Notifications: Sending you alerts about actions requiring your attention in your deal rooms
• Security: Detecting unauthorised access and monitoring for suspicious activity
• Reliability: Operational diagnostics and error monitoring needed to run and secure the service
• Support: Responding to your requests and resolving issues

4.What we do not do

We do not sell, rent, share, or monetise your personal data in any way. Vaultrix.ai is ad-free. We do not use your personal data to train Vaultrix-owned models. Third-party AI providers you use through the product (see Section 9) have their own terms on how they handle requests. We do not share individual user data with any third party except as required by law or as described in Section 9.

5.Data storage and security

Vaultrix-held information. Our usual Indian setup stores Vaultrix databases and services on Amazon Web Services in Mumbai. If you have a dedicated arrangement, location may differ—your order or data-processing agreement confirms what applies.

Microsoft 365 content. Word files and PDFs produced in the workflow are stored in Microsoft-operated cloud storage(OneDrive under the Microsoft 365 setup used for Vaultrix). Where Microsoft keeps those files follows Microsoft's policies and your Microsoft settings—not necessarily the same geography as Vaultrix systems.

Outside AI suppliers. When you turn on AI-assisted features, short excerpts needed to answer questions may be processed by external AI services we configure for your environment. That processing may occur outside India depending on the supplier and your contract.

Data is encrypted at rest with strong, standard encryption where our hosting provides it, and in transit using encrypted web connections (HTTPS). Access to live systems is limited to authorised staff; sensitive access uses multi-factor authentication.

6.Your rights under DPDPA 2023

Under India's Digital Personal Data Protection Act 2023, you have the following rights:

• Right to access: Request a copy of all personal data we hold about you
• Right to correction: Request correction of inaccurate personal data
• Right to erasure: Request deletion of your personal data, subject to legal retention obligations (the audit trail may need to be retained)
• Right to grievance redress: Lodge a complaint with us if you believe your data has been mishandled
• Right to nominate: Nominate another person to exercise your rights in the event of death or incapacity

To exercise any of these rights, contact us at admin@vaultrix.ai. We will respond within 30 days.

7.Data retention

We retain personal data for as long as your account is active and, as a matter of policy for regulated transaction workflows, for up to seven years thereafter where capital-markets record-keeping norms apply—subject to your contract and applicable law.

Audit-trail entries are treated as long-lived records for investigations and dispute resolution; deletion may be limited where regulation requires retention. Access can often be restricted even when deletion is not possible.

You may request deletion or restriction of other personal data by contacting admin@vaultrix.ai.

8.Cookies and tracking

The Vaultrix workspace uses cookies and browser storage so Microsoft sign-in works reliably and so you stay signed in securely. We may also save simple layout preferences on your device.

• Sign-in: Session details from Vaultrix and Microsoft when you log in with Microsoft.
• Preferences: Small choices such as sidebar layout stored locally when the product saves them for you.

The public marketing site at vaultrix.ai uses only what is needed for basic browsing and contact forms—we do not load advertising trackers or third-party marketing analytics pixels.

9.Third-party services

Vaultrix integrates with the following third-party services. Each is used only for the stated purpose:

• Microsoft 365:OneDrive storage for working documents, Word in the browser where used, and Outlook connections you approve. Microsoft's terms govern material held in Microsoft's cloud.
• Amazon Web Services:Hosting for Vaultrix-held data and services (Mumbai in our standard Indian deployment). AWS's data-processing terms apply.
• Outside AI services: Optional assistants or document tools may send prompts and short excerpts to suppliers we configure; their terms govern that traffic.
• Transactional email: When you use forms on vaultrix.ai, messages may be delivered through our email provider (for example Resend) using the addresses you submit.

Who may use AI inside the workspace follows role permissions; administrators can turn AI off for roles where policy requires it.

10.Contact and grievance officer

For any privacy-related queries, data requests, or complaints:

• Emailadmin@vaultrix.ai
• CompanyVaultrix Technologies Private Limited
• AddressPune, Maharashtra, India
• Response timeWithin 30 days of receipt

We take privacy complaints seriously. If you are not satisfied with our response, you may lodge a complaint with the Data Protection Board of India once it is constituted under the DPDPA 2023.