Privacy Policy

Provixaa ("we", "us") respects your privacy. This Privacy Policy explains how we collect, use, store, and share personal and business information when you use the Provixaa platform (the "Service").

Contact: admin@bmc360.io.

Account information: name, email, company name, website URL (signup), role, authentication identifiers, and signup acceptance records (terms/privacy version and timestamp).

Service data: clients, programs, projects, sprint baselines, financial and resource fields, leakage and risk registers, invoices, configuration, usage logs, and support communications.

Team and access data: email invites, per-project role assignments, and role-sheet permissions you configure.

AI interactions: prompts, responses, conversation threads, and Aria menu intent metadata when you use in-product AI features — used to deliver the feature, restore history, and prevent abuse.

Marketing and onboarding: demo booking requests, onboarding email activity, and unsubscribe preferences when you interact with those flows.

Technical data: IP address, browser/device type, session metadata, and security logs collected automatically.

Provide, secure, and maintain the Service; authenticate users; enforce multi-tenant isolation.

Process analytics, dashboards, leakage indicators, and AI features based on your data.

Communicate about the account, security, billing, and product updates.

Improve reliability and fix defects using aggregated or de-identified usage where possible.

Comply with law and protect rights, safety, and integrity of the Service.

We process data to perform our contract with you, for legitimate interests in operating and improving the Service (balanced against your rights), and where required for legal obligations. Where consent is required (for example, certain marketing), we will ask separately.

We use infrastructure and service providers (such as cloud hosting, database, authentication, email, and AI API providers) who process data on our instructions under appropriate agreements.

AI features that use model-assisted synthesis send scoped project context only when required; most Aria answers are computed from your data inside Provixaa.

We do not sell your personal information.

We may disclose information if required by law, to protect rights and safety, or in connection with a merger or acquisition subject to confidentiality obligations.

We retain account and Service data while your account is active and as needed to provide the Service, resolve disputes, and meet legal obligations.

After account closure, we delete or anonymize data within a reasonable period unless law requires longer retention.

We implement reasonable technical and organizational measures designed to protect data. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

For tenant isolation, access control, encryption, AI handling, and enterprise review options, see our Security FAQ.

Depending on your location, you may have rights to access, correct, delete, restrict, or port personal data, and to object to certain processing.

To exercise rights, contact us at the email above. We may verify your identity before responding. You may also lodge a complaint with your local data protection authority where applicable (including under India's Digital Personal Data Protection Act, 2023, and the EU/UK GDPR if relevant to you).

Data may be processed in countries other than where you are located. Where required, we use appropriate safeguards for cross-border transfers.

The Service is intended for business users and is not directed to children under 16. We do not knowingly collect children's personal data.

We may update this Privacy Policy by posting a new version with an updated date. Material changes will be communicated as appropriate.