PRIVACY POLICY

Version: 3.0 Effective Date: 24 June 2026 Last Updated: 24 June 2026

SRAGVEE TECHNOLOGIES PRIVATE LIMITED ("COMPANY", "WE", "US" OR "OUR") IS COMMITTED TO PROTECTING THE PRIVACY AND SECURITY OF PERSONAL DATA PROCESSED THROUGH ITS WEBSITES LOCATED AT [https://www.lignx.com], THE LIGNX APPLICATION, AND ANY RELATED PRODUCTS, SOFTWARE, SERVICES AND PLATFORMS OPERATED BY THE COMPANY (COLLECTIVELY, THE "PLATFORM").

THIS PRIVACY POLICY ("POLICY") DESCRIBES HOW WE COLLECT, USE, STORE, DISCLOSE, TRANSFER AND OTHERWISE PROCESS PERSONAL DATA IN CONNECTION WITH THE PLATFORM AND THE SERVICES. THIS POLICY IS PUBLISHED IN ACCORDANCE WITH APPLICABLE LAWS, INCLUDING THE INFORMATION TECHNOLOGY ACT, 2000, THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023, THE DIGITAL PERSONAL DATA PROTECTION RULES, 2025 AND OTHER APPLICABLE DATA PROTECTION, PRIVACY AND INFORMATION SECURITY LAWS, EACH AS AMENDED FROM TIME TO TIME (COLLECTIVELY, "APPLICABLE DATA PROTECTION LAWS").

CAPITALISED TERMS NOT DEFINED IN THIS POLICY SHALL HAVE THE MEANINGS ASSIGNED TO THEM IN THE TERMS OF USE AVAILABLE AT [https://www.lignx.com/terms-of-service.html] ("TERMS"). THIS POLICY FORMS AN INTEGRAL PART OF THE TERMS. TO THE EXTENT THIS POLICY SPECIFICALLY ADDRESSES THE PROCESSING OF PERSONAL DATA, THIS POLICY SHALL PREVAIL IN RELATION TO SUCH MATTERS.

BY ACCESSING OR USING THE PLATFORM OR SERVICES, SUBMITTING PERSONAL DATA TO US, OR OTHERWISE INTERACTING WITH US, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS POLICY.

  1. APPLICABILITY OF THIS POLICY

    1. Scope

This Policy applies to the Personal Data processed by the Company in connection with:

(a) Users' access to and use of the Platform;

(b) the provision of the Services;

(c) communications between Users and the Company;

(d) marketing, promotional and business development activities undertaken by the Company; and

(e) any other interactions through which Personal Data is collected by the Company.

This Policy applies to Personal Data relating to Users, Authorised Users, prospective customers, website visitors and other individuals whose Personal Data is processed by the Company. For the purposes of this Policy, "Personal Data" shall have the meaning ascribed to it under the Digital Personal Data Protection Act, 2023 and means any data about an individual who is identifiable by or in relation to such data.

  1. Processing Location

The Company primarily processes and stores Personal Data in India. Where required for the provision of the Services, operation of the Platform, engagement of service providers or other legitimate business purposes, Personal Data may be processed in other jurisdictions in accordance with Applicable Data Protection Laws and this Policy.

  1. PRIVACY STATEMENT

    1. Processing of Personal Data

The Company is committed to protecting and processing Personal Data in accordance with Applicable Data Protection Laws.

Depending on the nature of the Personal Data and the relevant processing activity, the Company may act either as a Data Fiduciary or as a Data Processor. Where the Company collects and processes Personal Data for its own purposes, including operation of the Platform, account administration, customer relationship management, billing, security, support, marketing, legal compliance and other legitimate business purposes, the Company acts as a Data Fiduciary. Where a User or Subscriber (as defined in the Terms) uploads, submits, stores or otherwise makes available Personal Data through the Platform and the Company processes such Personal Data for the purposes of rendering Services solely on behalf of and in accordance with the instructions of the User / Subscriber, the Company acts as a Data Processor and the relevant User / Subscriber acts as the Data Fiduciary.

The Company may collect Personal Data directly from you, through your use of the Platform, from your organisation, from Users or Subscribers or Authorised Users, or from third-party service providers or from other lawful sources.

  1. Choice to Provide Personal Data

You may choose not to provide certain Personal Data or, where permitted under Applicable Data Protection Laws, withdraw any consent previously provided to us. However, if certain Personal Data is not provided, or if consent is withdrawn, the Company may be unable to provide all or part of the Services, enable access to certain features of the Platform, respond to requests, fulfil contractual obligations or otherwise provide the functionality requested by you.

Any withdrawal of consent shall not affect the lawfulness of processing undertaken prior to such withdrawal and shall remain subject to any legal, regulatory or contractual retention obligations applicable to the Company.

  1. COLLECTION OF PERSONAL DATA

    1. Sources of Personal Data

The Company may collect Personal Data:

(a) directly from you when you register for, access or use the Platform or Services;

(b) when you request a demonstration, submit enquiries, communicate with us, participate in surveys, events, promotions or marketing activities, or otherwise interact with the Company;

(c) from your organisation, including where a Subscriber creates or administers accounts for Authorised Users;

(d) from third-party service providers, integration partners or publicly available sources where permitted by applicable law; and

(e) automatically through your use of the Platform and Services.

  1. Categories of Personal Data

Depending on your interaction with the Platform and Services, the Company may collect the following categories of Personal Data:

(a) identity and profile information, including name, designation, employer or organisation name and profile details;

(b) contact information, including email address, telephone number and business address;

(c) account and authentication information, including usernames, login credentials and account preferences;

(d) billing and transaction information, including invoicing details, subscription information and payment-related records;

(e) communications and correspondence, including enquiries, support requests, feedback, survey responses and other communications with the Company;

(f) Platform usage information, including feature usage, activity logs, interactions with the Platform and Services, and user preferences; and

(g) any other Personal Data voluntarily submitted to the Company in connection with the Platform or Services.

  1. Technical and Usage Information

When you access or use the Platform, the Company may automatically collect certain technical and usage information, including: (a) IP address; (b) device identifiers; (c) browser type and version; (d) operating system information; (e) network and connection information; (f) access logs, usage patterns, performance metrics and similar operational data; (g) referring URLs and navigation information; (h) technical, diagnostic and usage information relating to the use of the Platform, including device information; and (h) other diagnostic, log and usage information relating to the operation, security and performance of the Platform. The Company may collect such information directly or through analytics providers, hosting providers, cloud service providers and other authorised service providers acting on its behalf.

Such information may be used to operate, secure, maintain, support, analyse and improve the Platform and Services, and to investigate security incidents, technical issues or suspected misuse. Where location-related information is collected through the Platform or Application, such information shall be limited to the extent necessary for the relevant functionality, security, analytics or localisation purposes and shall remain subject to the permissions and settings available on the User's device.

  1. Customer Data

Where a User uploads, submits, stores or otherwise makes available Personal Data relating to its employees, contractors, representatives or other individuals through the Platform ("Customer Data"), such Customer Data shall be processed in accordance with the Terms, this Policy, applicable SaaS Agreement, the instructions of the relevant User and Applicable Data Protection Laws.

The User is responsible for ensuring that it has all necessary rights, permissions, notices and lawful grounds required to provide such Customer Data to the Company for processing through the Platform.

  1. USE OF PERSONAL DATA

    1. Purposes of Processing

The Company may collect, use, store, disclose and otherwise process Personal Data for the following purposes:

(a) providing, operating, maintaining, administering and improving the Platform and Services;

(b) creating, managing and securing User accounts and administering subscriptions;

(c) performing the Company's obligations under the applicable Agreements, Package, Order Form or other agreement with a User;

(d) processing transactions, invoices, subscription payments and related records;

(e) providing customer support, responding to enquiries, requests, feedback and complaints, and communicating with Users regarding the Platform and Services;

(f) monitoring, analysing and improving the performance, functionality, security and user experience of the Platform;

(g) detecting, investigating, preventing and responding to fraud, security incidents, unauthorised access, technical issues and other harmful or unlawful activities;

(h) sending service-related communications, including administrative notices, technical updates, security alerts, renewal reminders and changes to the Platform, Services, Terms or this Privacy Policy;

(i) complying with applicable laws, legal processes, regulatory requirements, governmental requests and enforcement obligations;

(j) conducting internal business operations, audits, reporting, analytics, research, product development and service improvement activities;

(k) generating aggregated, statistical and usage-based insights relating to the Platform and Services, provided that such information does not identify any individual; and

(l) such other purposes as may be disclosed at the time the relevant Personal Data is collected or otherwise permitted under Applicable Data Protection Laws.

  1. Aggregated and De-Identified Information

The Company may aggregate, anonymise or de-identify Personal Data and other information so that it can no longer reasonably identify an individual. The Company may use, analyse, disclose, share and otherwise process such aggregated, anonymised or de-identified information for any lawful business purpose, including analytics, benchmarking, research, product development, service improvement, statistical reporting, operational optimisation and marketing.

  1. Marketing Communications

Where permitted under Applicable Data Protection Laws, the Company may send Users information relating to the Platform, Services, events, updates, promotions, products and offerings that may be of interest to them. Users may opt out of receiving marketing communications at any time by following the unsubscribe instructions provided in such communications or by contacting the Company.

  1. COOKIES AND SIMILAR TECHNOLOGIES

    1. Cookies and Similar Technologies

The Company may use cookies, web beacons, pixels, software development kits, local storage technologies and similar technologies to operate, secure, maintain and improve the Platform and Services. These technologies may be used to: (a) authenticate Users; (b) maintain session information and preferences; (c) analyse Platform performance and usage patterns; (d) improve functionality and user experience; (e) detect security incidents and prevent fraud; and (f) measure the effectiveness of communications and marketing activities. Users may manage cookie preferences through browser settings or any cookie management tools made available on the Platform. Certain cookies may be necessary for the operation of the Platform and disabling them may affect Platform functionality.

  1. Analytics

The Company may use internal analytics tools and third-party analytics providers to understand how the Platform and Services are used, improve functionality, monitor performance and enhance user experience. Such analytics may involve the collection of technical and usage information described in this Privacy Policy.

  1. DISCLOSURE OF PERSONAL DATA

    1. Disclosure of Personal Data

The Company may disclose Personal Data only where reasonably necessary for the purposes described in this Privacy Policy, including to:

(a) affiliates and group entities;

(b) cloud hosting providers, infrastructure providers and technology service providers;

(c) payment processors, financial institutions and billing service providers;

(d) professional advisers, auditors, insurers and consultants;

(e) customer support, analytics, security and operational service providers;

(f) regulatory authorities, governmental authorities, law enforcement agencies, courts or other competent authorities where required by applicable law; and

(g) any successor entity, purchaser, investor or acquirer in connection with a merger, acquisition, restructuring, financing transaction, sale of assets or similar corporate transaction.

The Company requires third-party recipients to process Personal Data in accordance with applicable contractual, confidentiality and security obligations.

  1. Legal Compliance

The Company may disclose Personal Data where necessary to: (a) comply with applicable law, legal process or regulatory requirements; (b) protect the rights, property, safety or security of the Company, its Users or third parties; (c) investigate, prevent or respond to fraud, security incidents or unlawful activities; or (d) establish, exercise or defend legal claims.

  1. YOUR RIGHTS

    1. Rights of Data Principals

Subject to Applicable Data Protection Laws, Data Principals shall have the right to: (a) obtain information regarding the Personal Data processed by the Company; (b) request correction, completion or updating of inaccurate Personal Data; (c) request erasure of Personal Data, subject to legal, contractual and regulatory retention obligations; (d) withdraw consent previously provided to the Company; (e) nominate another individual to exercise rights on their behalf in accordance with Applicable Data Protection Laws; and (f) seek grievance redressal in accordance with Applicable Data Protection Laws.

  1. Exercise of Rights

Requests relating to Personal Data may be submitted to the Grievance Officer using the contact details specified in the Terms. The Company may request reasonable information to verify the identity and authority of the person submitting a request before taking action.

  1. Withdrawal of Consent

Where Personal Data is processed on the basis of consent, the relevant Data Principal may withdraw such consent in accordance with Applicable Data Protection Laws. Withdrawal of consent shall not affect the lawfulness of processing undertaken before such withdrawal and may affect the Company's ability to provide certain Services or functionalities.

  1. SECURITY

    1. Security Measures

The Company maintains reasonable technical, organisational, administrative and physical safeguards designed to protect Personal Data against unauthorised access, disclosure, alteration, loss, misuse or destruction. Access to Personal Data is restricted to authorised personnel, service providers and contractors who have a legitimate business need to access such information and who are subject to appropriate confidentiality obligations.

  1. User Responsibilities

Users are responsible for maintaining the confidentiality and security of their account credentials and for promptly notifying the Company of any actual or suspected unauthorised access to their accounts.

  1. Security Incidents

In the event of a Personal Data breach requiring notification under Applicable Data Protection Laws, the Company shall take such actions as may be required under applicable law.

  1. THIRD-PARTY SERVICES

The Platform may contain links to, integrations with, or enable access to third-party websites, applications, products or services. The Company does not control and is not responsible for the privacy practices, security practices, content or availability of such third-party services. Users should review the applicable privacy policies and terms of such third parties before interacting with them.

  1. RETENTION OF PERSONAL DATA

The Company retains Personal Data only for as long as reasonably necessary to fulfil the purposes described in the Terms, this Privacy Policy, comply with legal, regulatory, contractual and operational requirements, resolve disputes, enforce agreements or otherwise as permitted or required under Applicable Data Protection Laws. Upon expiry of the applicable retention period, the Company may securely delete, anonymise or de-identify Personal Data in accordance with its internal retention practices and Applicable Data Protection Laws.

  1. CHANGES TO THIS PRIVACY POLICY

The Company may modify or update this Privacy Policy from time to time. Any updated version shall be made available on the Platform and shall become effective from the date specified in the updated Privacy Policy. Users are encouraged to review this Privacy Policy periodically to remain informed about the Company's privacy practices.

  1. GRIEVANCE REDRESSAL

For any questions, concerns, requests or complaints relating to this Privacy Policy or the processing of Personal Data, Users may contact the Grievance Officer using the contact details specified in the Terms.

  1. GOVERNING LAW

This Privacy Policy shall be governed by and construed in accordance with the laws of India. Subject to any dispute resolution mechanism set out in the Terms or the applicable SaaS Agreement, the courts at Bangalore, Karnataka shall have exclusive jurisdiction over disputes arising out of or relating to this Privacy Policy.