Privacy Policy

CapitalxAI

Last Updated: May 16, 2025

At ResourcePlan Solution Private Limited, protecting your personal data is our priority. When you use the CapitalxAI platform (the "Platform") as a client, user, or prospect (the "User"), we may collect and process personal data as part of managing our contractual and business relationship.

This Privacy Policy explains how we process your personal data in compliance with applicable data protection laws, including Regulation (EU) 2016/679 (GDPR), India's Digital Personal Data Protection Act, 2023, and relevant U.S. federal and state privacy laws, including the California Consumer Privacy Act (CCPA), where applicable (together, the "Applicable Regulations").

1. Who is the data controller?

The data controller is:

ResourcePlan Solution Private Limited
45-46, Shiv Marg, Guru Jhambeshwar Nagar A,
Block E, Vaishali Nagar,
Jaipur, Rajasthan 302021, India

ResourcePlan Solution Private Limited acts as the data controller when you browse or use the CapitalxAI Platform or hold an account on the Platform.

2. What personal data do we collect?

"Personal data" means any information relating to an identified or identifiable individual.

Depending on how you interact with CapitalxAI, we may collect:

Identification data (e.g. full name, email address)
Professional data (e.g. company name, role, industry, company size, website, logo)
Account and order data (subscription details, invoices, transaction history)
Login and technical data (IP address, logs, device identifiers)
Third-party authentication data (name and email when signing in via Google, Microsoft, etc.; we never receive passwords)
Browsing and usage data (pages viewed, actions taken, date/time, browser type, operating system, user ID)
Location data (approximate location based on IP address)
Customer-support communications (emails, call recordings or metadata where applicable)
Economic and financial data (billing details, payment method information; credit-card data is processed and stored only by our payment providers, and CVV codes are never stored by us)
Outreach-related data where legally permitted (e.g. investor names, roles, public contact details sourced from public or licensed databases)
Any information you voluntarily provide through forms, demos, or contact requests

Where certain data are mandatory, this will be indicated at the point of collection.

3. Google User Data

To comply with the Google API Services User Data Policy and Google APIs Terms of Service, this section describes how CapitalxAI accesses, uses, stores, and shares Google user data.

Data Accessed

CapitalxAI accesses only the following Google user data, after the user provides explicit consent:

Basic Google account information, including name and email address

CapitalxAI does not access Gmail content, Google Drive files, Calendar data, or any other Google services.

How We Use Google User Data

CapitalxAI uses Google user data exclusively for the following purposes:

Login and account creation using Google Sign-In
User authentication and account management
Improving user experience and overall app functionality

Google user data is not used for advertising, not sold, and not used for profiling outside the core functionality of the app.

Data Storage and Retention

Google user data is stored securely using industry-standard security measures. Data is retained only for as long as necessary to maintain the user's account or until the user deletes their account or revokes access.

Data Sharing

CapitalxAI does not sell, rent, or share Google user data with third parties, except when required by law or to comply with legal obligations.

User Control

Users can revoke CapitalxAI's access to their Google account at any time through their Google Account security settings. Users may also request deletion of their data by contacting support@capitalxai.com.

4. Legal basis, purposes, and retention periods

The table below summarizes how we process your data, the legal basis, and how long we retain it:

Purpose	Legal Basis	Retention Period
Provide access to the Platform and user accounts	Contract performance / pre-contractual measures	For the lifetime of the account (logs retained for 10 weeks). Inactive accounts deleted after 2 years if not reactivated; archived up to 5 years for legal evidence
Subscription management, invoicing, and customer relationship management	Contract performance	Duration of the business relationship; archived 5 years (transactions) or 10 years (contracts)
Service improvement, analytics, and AI model optimization (including support calls)	Legitimate interest	Call recordings: 6 months; analysis data: 1 year; other related data: 6 months
Collect feedback, reviews, and product opinions	Legitimate interest	2 years from publication
Build and manage customer and prospect databases	Legitimate interest	Customers: duration of relationship; prospects: 3 years from last contact
Marketing communications and newsletters	Legitimate interest (customer loyalty and marketing)	3 years from last contact
Business outreach and communications	Legitimate interest (subject to opt-out mechanisms and applicable laws)	3 years from last contact
Respond to information or demo requests	Legitimate interest	3 years from last contact
Compliance with legal and regulatory obligations	Legal obligation	Invoices: 10 years; contracts: 10 years; non-bank transactions: 5 years
Audience measurement, analytics, and cookie-based optimization	Consent	25 months
Handling data-subject rights requests	Legitimate interest	Proof of identity retained only for verification and deleted immediately after

5. Recipients of your data

Your personal data may be shared with:

Authorized internal staff on a strict need-to-know basis
Trusted processors and service providers, including:
- Cloud hosting and infrastructure providers
- AI and analytics service providers
- Email, CRM, and customer-support tools
- Secure payment and invoicing providers
- Cookie and consent management tools
Public or private authorities where legally required

All processors act under contractual obligations consistent with Applicable Regulations.

6. International transfers of personal data

CapitalxAI data is hosted on AWS servers located in the United States and the European Union.

Where personal data is transferred outside the EU or India, we implement appropriate safeguards, including:

Transfers to jurisdictions recognized as providing adequate protection (GDPR Art. 45)
Standard Contractual Clauses (GDPR Art. 46)
Binding Corporate Rules or approved certifications
Other lawful mechanisms permitted under GDPR Chapter V

7. Your rights over your personal data

Subject to Applicable Regulations, you may exercise the following rights:

Right to be informed
Right of access
Right to rectification
Right to restriction of processing
Right to erasure ("right to be forgotten")
Right to data portability
Right to object to processing
Right to withdraw consent at any time (without affecting prior lawful processing)
Right to lodge a complaint with a competent supervisory authority
Right to define post-mortem instructions (where applicable by law)

To exercise your rights, contact us using the details in Section 9. We may request proof of identity solely for verification purposes.

8. Cookies

CapitalxAI uses cookies and similar technologies to ensure proper functionality, analyze usage, and improve the Platform.

For more information, please refer to our Cookies Policy.

9. Contact information for privacy matters

For any questions or requests regarding this Privacy Policy or your personal data:

Email: info@capitalxai.com

Address:
45-46, Shiv Marg, Guru Jhambeshwar Nagar A,
Block E, Vaishali Nagar,
Jaipur, Rajasthan 302021, India

10. Modifications

We may update this Privacy Policy at any time to reflect regulatory, legal, editorial, or technical changes. The updated version will apply from its effective date.

We encourage you to review this page periodically. Material changes will be communicated where required by law.