Astrexa Simplix launching soon
Early Access
Astrexa logo
Legal

Privacy Policy

This policy describes how M&J Astrexa Private Limited collects, uses, and protects your personal data when you interact with our website, products, and services.

Effective date: June 25, 2026·Jurisdiction: India (IT Act 2000, DPDP Act 2023)·privacy@astrexa.com

M&J Astrexa Private Limited (“Astrexa”, “we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy applies to all individuals who visit our website (astrexa.com), use our products and services (including Astrexa Simplix), engage with us as a client, or apply for a position through our careers portal. By using our services, you agree to the practices described in this policy.

Information We Collect

We collect information in the following ways:

Information you provide directly

  • Account registration details: name, business name, email address, phone number, country
  • Service enquiry data submitted through our “Get Started” or contact forms
  • Job applications, including CVs, cover letters, and professional history
  • Early Access programme applications for Astrexa Simplix
  • Communications you initiate with us by email, phone, or support channels

Information collected automatically

  • IP address, browser type, operating system, and device identifiers
  • Pages visited, time spent on pages, and navigation paths (via analytics)
  • Session cookies and authentication tokens (HTTP-only, not accessible to scripts)
  • Referring URLs and search terms that led you to our site

Information from third parties

  • Business registration and identity verification data from authorised data providers
  • Payment processing records from our payment partners (we do not store card data)

How We Use Your Information

We use the information we collect to:

  • Create and manage your client account and deliver the services you have requested
  • Send transactional communications including OTP verification codes, account activation emails, project updates, and invoices
  • Process and evaluate job applications and early access programme submissions
  • Respond to your enquiries, support requests, and complaints
  • Improve our website, products, and service quality through aggregated analytics
  • Ensure the security of our systems and prevent fraud or unauthorised access
  • Meet our legal and regulatory obligations under applicable law
  • Send marketing communications where you have given explicit consent (you may withdraw consent at any time)

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

Sharing & Disclosure

We may share your personal information with:

  • Service providers acting as data processors on our behalf, including email delivery (Hostinger), cloud hosting providers, and analytics platforms — all bound by confidentiality agreements
  • Professional advisors including lawyers, auditors, and accountants under strict confidentiality
  • Regulatory authorities where required by law, regulation, or a valid legal process such as a court order or government request
  • Successors in the event of a merger, acquisition, or sale of business assets — you will be notified of any such change and your rights protected

We require all third parties to maintain appropriate security measures and to use your data only for the purposes we specify.

Data Retention

  • Client account data is retained for the duration of the business relationship and for 7 years thereafter to meet statutory requirements
  • Job application data is retained for 12 months after a final decision, unless you consent to longer retention for future opportunities
  • Early Access registration data is retained until the programme concludes or you request deletion
  • Website analytics data is retained in aggregated, anonymised form for up to 24 months
  • Authentication session tokens expire after 7 days of inactivity and are permanently deleted

We review data regularly and delete or anonymise data when it is no longer required for the purposes for which it was collected.

Security

We implement industry-standard technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit using TLS 1.2 or higher
  • HTTP-only session cookies to prevent client-side script access
  • Bcrypt hashing for all stored passwords — we never store passwords in plain text
  • OTP-based email verification for account creation and sensitive actions
  • Access controls limiting data access to authorised personnel on a need-to-know basis
  • Secure file storage for sensitive documents (e.g. CVs) outside publicly accessible directories
  • Regular security assessments and vulnerability testing

No method of transmission or storage is 100% secure. If you become aware of any security vulnerability or incident, please report it immediately to privacy@astrexa.com.

Your Rights

Subject to applicable law, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate or incomplete data
  • Erasure — request deletion of your personal data where we no longer have a lawful basis to retain it
  • Restriction — request that we limit processing of your data in certain circumstances
  • Data portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interests or for direct marketing
  • Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior lawful processing

To exercise any of these rights, email privacy@astrexa.com. We will respond within 30 days. We may need to verify your identity before processing your request.

Cookies & Tracking

We use the following categories of cookies:

  • Strictly necessary cookies — required for authentication and secure session management. These cannot be disabled.
  • Analytics cookies — used to understand how visitors interact with our site in aggregate, to improve performance and content. These are set only with your consent.

We do not use advertising or cross-site tracking cookies. You may manage your cookie preferences through your browser settings. Disabling strictly necessary cookies will prevent you from accessing authenticated areas of the site.

International Transfers

Astrexa is headquartered in India. If you access our services from outside India, your data may be transferred to and processed in India. Where we transfer data internationally (for example, to cloud infrastructure providers), we ensure that appropriate safeguards are in place, including contractual clauses consistent with applicable data protection law.

Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected personal data from a minor, please contact us immediately at privacy@astrexa.com and we will delete the data promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top of this page and, where appropriate, notify you by email or by a prominent notice on our website. Your continued use of our services after any such changes constitutes your acceptance of the revised policy.

We encourage you to review this policy periodically to stay informed about how we protect your information.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please contact our Data Privacy team:

M&J Astrexa Private Limited

Bangalore, Karnataka, India

Email: privacy@astrexa.com

Legal enquiries: legal@astrexa.com

If you are not satisfied with our response, you have the right to lodge a complaint with the appropriate data protection authority in your jurisdiction.

We use cookies

We use essential cookies to keep our site secure and functional. With your consent, we also use analytics and functional cookies to improve your experience. Cookie Policy