Who We Are
Prometrix is an AI Agent Marketplace for digital marketing, operated by Prometrix Technologies Private Limited, a company incorporated under the Companies Act 2013, with its registered office in New Delhi, India.
For the purposes of India's Digital Personal Data Protection Act 2023 (DPDP Act), Prometrix is the Data Fiduciary — the entity that determines the purpose and means of processing your personal data.
This Privacy Policy applies to all users of our website (prometrix.ai), our AI agent platform, our APIs, and any related services. By using Prometrix, you acknowledge that you have read and understood this policy.
Data Fiduciary: Prometrix Technologies Pvt. Ltd., New Delhi, India · Privacy Contact: privacy@prometrix.ai
Data We Collect
We only collect data that is necessary to provide our services. Here is a clear breakdown of what we collect and when.
2.1 Data You Provide Directly
- Account information: Name, work email address, phone number, company name, and job title when you register.
- Billing information: Payment method details, billing address, and GST/PAN number (processed by our payment provider — we do not store raw card data).
- Communications: Messages you send us via contact forms, email, or support tickets.
- Profile preferences: Your notification settings, agent configuration preferences, and dashboard customisations.
2.2 Data Collected Automatically
- Usage data: Pages visited, features used, time spent, clicks, and navigation patterns within the platform.
- Device and technical data: IP address, browser type and version, operating system, device identifiers, and screen resolution.
- Log data: API request logs, error logs, and agent activity logs — used for debugging and security monitoring.
- Cookies and similar technologies: Session cookies, preference cookies, and analytics cookies. See Section 9 for full details.
2.3 Data from Connected Platforms
When you connect third-party marketing platforms (Google Analytics, Google Search Console, Meta Ads, LinkedIn, and others) to your Prometrix agents, we receive data that you authorise via OAuth. This may include:
- Campaign performance metrics, ad spend, impressions, and click data.
- Website traffic, keyword rankings, and audience demographics.
- Social media post performance and engagement metrics.
- Business profile data (e.g. Google Business Profile listing information).
Important: We only access the specific scopes you explicitly authorise during the OAuth connection flow. We never access data beyond what is required for the agent you are activating.
2.4 Data We Do Not Collect
- We do not collect sensitive personal data such as biometric data, health data, financial account credentials, or government ID numbers.
- We do not collect data from children under 18 years of age.
- We do not purchase or receive personal data from data brokers or third-party data aggregators.
How We Use Your Data
We use your data only for the purposes listed below. We do not use it for any undisclosed purpose.
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Providing and operating the Prometrix platform | Account data, usage data, platform integration data | Contract performance |
| Processing payments and managing subscriptions | Billing information, account data | Contract performance |
| Generating AI agent recommendations and reports | Connected platform data, usage patterns | Contract performance / Consent |
| Sending transactional emails (receipts, alerts, onboarding) | Email address, account data | Contract performance |
| Sending product updates and marketing communications | Email address, name | Consent (opt-in only) |
| Security, fraud prevention, and abuse detection | Log data, IP address, device data | Legitimate interest |
| Platform analytics and product improvement | Aggregated, anonymised usage data | Legitimate interest |
| Legal and regulatory compliance | As required by applicable law | Legal obligation |
We never use your business's marketing data to train our AI models without your explicit written consent. Your campaign data, keyword rankings, and ad performance belong to you.
Legal Basis for Processing
Under the Digital Personal Data Protection Act 2023 (DPDP Act), we process your personal data on one or more of the following lawful grounds:
- Consent: You have given free, specific, informed, and unambiguous consent for a specific purpose — for example, subscribing to our newsletter or connecting a third-party platform.
- Contract: Processing is necessary to perform the contract with you — for example, creating your account, operating your agents, and processing your subscription payment.
- Legal Obligation: Processing is required to comply with a legal obligation — for example, maintaining financial records as required by Indian tax law.
- Legitimate Interests: Processing is necessary for our legitimate interests — for example, detecting fraud, securing our platform, and understanding aggregate usage patterns — provided such interests are not overridden by your rights.
Where we rely on consent, you have the right to withdraw it at any time by contacting us at privacy@prometrix.ai. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
Sharing & Third Parties
We do not sell, rent, or trade your personal data. We share it only in the limited circumstances described below.
5.1 Service Providers
We work with carefully vetted service providers who process data on our behalf under strict data processing agreements. These include:
- Cloud infrastructure: Amazon Web Services (AWS), exclusively on the ap-south-1 (Mumbai) region.
- Payment processing: Razorpay — a PCI-DSS compliant payment gateway. We do not receive or store raw card numbers.
- Email delivery: Transactional email service providers for sending account notifications and alerts.
- Analytics: Privacy-friendly, aggregated analytics tools to understand product usage. No individual user tracking is shared externally.
5.2 Legal Requirements
We may disclose your data if required to do so by law, court order, or a request from a competent authority under Indian law — including the DPDP Act, the IT Act 2000, or an applicable regulatory requirement. We will notify you of such requests where legally permissible.
5.3 Business Transfers
In the event of a merger, acquisition, or sale of all or a portion of our assets, your data may be transferred as part of that transaction. We will provide notice and ensure the successor entity honours this Privacy Policy.
What we never do: We never sell your data to advertisers, data brokers, or marketing platforms. We never allow third parties to use your data for their own advertising purposes.
Data Retention
We retain your personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law.
- Active account data: Retained for the duration of your active subscription plus 90 days after termination to allow account recovery.
- Billing and financial records: Retained for 7 years in compliance with Indian financial regulations.
- Platform integration data: Retained while your account is active. Deleted within 30 days of disconnecting an integration.
- Support communications: Retained for 3 years for quality assurance and dispute resolution.
- Log data: Retained for 90 days for security and debugging purposes, then automatically purged.
- Marketing consent records: Retained for 3 years from the date of consent, or until withdrawal.
Upon account deletion, we will erase or anonymise your personal data within 30 days, except where we are required to retain it by law.
Security
We implement industry-standard technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction.
- Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3.
- Encryption at rest: All data stored in our databases and object storage is encrypted using AES-256.
- OAuth token security: Third-party platform access tokens are stored in an encrypted token vault with per-tenant isolation. Tokens are never logged in plaintext.
- Access controls: Strict role-based access control (RBAC). Our engineering team accesses production data only under a formal access request procedure with audit logging.
- Penetration testing: We conduct regular security assessments and vulnerability scans.
- Incident response: In the event of a personal data breach, we will notify affected users and the relevant authority (the Data Protection Board of India) within the timelines prescribed by the DPDP Act.
If you discover a security vulnerability, please report it responsibly to security@prometrix.ai. We acknowledge all valid reports within 48 hours.
Your Rights
Under the DPDP Act 2023, you have the following rights over your personal data. You can exercise any of these rights by contacting privacy@prometrix.ai. We will respond within 30 days.
Right to Access
Request a summary of the personal data we hold about you and the purposes for which it is being processed.
Right to Correction
Request correction of any inaccurate or incomplete personal data we hold about you.
Right to Erasure
Request deletion of your personal data where it is no longer necessary for the purpose it was collected, subject to legal retention obligations.
Right to Withdraw Consent
Withdraw consent for any processing based on consent at any time, without affecting prior processing.
Right to Grievance Redressal
Raise a complaint with our Data Protection Officer if you believe your rights have not been respected.
Right to Escalate
Lodge a complaint with the Data Protection Board of India if your grievance is not resolved to your satisfaction.
To exercise any right, email privacy@prometrix.ai with the subject line "Data Rights Request." We may ask you to verify your identity before fulfilling the request.
Cookies
We use cookies and similar tracking technologies on our website and platform. Here is a breakdown of what we use and why.
| Cookie Type | Purpose | Can be disabled? |
|---|---|---|
| Strictly Necessary | Session management, authentication, CSRF protection, load balancing | No — required for the platform to function |
| Functional / Preference | Remembering your language, timezone, dashboard layout, and display preferences | Yes — via cookie settings |
| Analytics | Understanding how users navigate the platform to improve product experience (aggregated, not linked to individual identity) | Yes — via cookie settings |
| Marketing | Measuring the effectiveness of our marketing campaigns on external platforms | Yes — requires opt-in consent |
You can manage cookie preferences at any time via the cookie settings panel accessible in the platform footer. Note that disabling functional or analytics cookies may affect your experience.
Platform Integrations
Prometrix connects to third-party marketing platforms via OAuth 2.0 on your behalf. Each integration is governed both by this Privacy Policy and by the respective platform's own privacy policy. By connecting a platform, you acknowledge and agree to that platform's terms.
- Google (GA4, Search Console, Business Profile, YouTube): Google Privacy Policy
- Meta (Facebook Ads, Instagram): Meta Privacy Policy
- LinkedIn: LinkedIn Privacy Policy
- Twitter / X: X Privacy Policy
- Shopify: Shopify Privacy Policy
- HubSpot: HubSpot Privacy Policy
You can disconnect any platform integration at any time from your Prometrix dashboard. Upon disconnection, we will delete the associated access tokens and cease processing data from that platform within 30 days.
Data from connected platforms is used exclusively to power your Prometrix agents. It is never used to build profiles for advertising, shared with other Prometrix customers, or used to improve AI models without your explicit consent.
Children
Prometrix is designed for business use by adults. Our services are not directed at, and we do not knowingly collect personal data from, individuals under 18 years of age.
If you believe that a minor has provided us with personal data, please contact us immediately at privacy@prometrix.ai and we will take steps to delete that data as quickly as possible.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page.
- Send an email notification to all registered users at least 14 days before the changes take effect.
- For significant changes, display a prominent notice within the platform dashboard.
Your continued use of Prometrix after a policy update constitutes your acceptance of the revised terms. If you do not accept the changes, you may close your account by contacting us before the effective date.
All previous versions of this policy are archived and available upon request.
Contact Us
If you have any questions, concerns, or requests relating to this Privacy Policy or the handling of your personal data, please contact our Privacy team:
Prometrix Technologies Private Limited
New Delhi, India
📧 privacy@prometrix.ai — Privacy & data rights enquiries
📧 security@prometrix.ai — Security vulnerability disclosures
📧 legal@prometrix.ai — Legal notices & regulatory requests
We aim to respond to all privacy-related enquiries within 30 calendar days. If you are not satisfied with our response, you have the right to escalate your complaint to the Data Protection Board of India, established under the DPDP Act 2023.