Privacy Policy

This Privacy Policy describes how Vaixus Technologies ("Company", "we", "us", "our"), a technical consulting entity based in Tiruppur, Tamil Nadu, India, collects, uses, stores, and protects information obtained in connection with the delivery of B2B email deliverability and DNS remediation services.

This Policy applies to all Clients, prospective clients, and website visitors who interact with Vaixus Technologies. By engaging our services or providing us with access to your infrastructure, you acknowledge the data handling practices described in this Policy.

In the course of delivering our services, Vaixus Technologies may access and process the following categories of technical infrastructure data:

• DNS Records: SPF, DKIM, DMARC, MX, PTR, and TXT records associated with Client domains and subdomains. This data is publicly accessible via DNS lookup tools and is not considered confidential by its nature, though we treat it as proprietary to the Client's configuration.
• ESP API Configurations: Settings, domain configurations, and DKIM key data within Email Service Provider dashboards (e.g., HubSpot, SendGrid, Lemlist, Apollo, Outreach) as provided by the Client for the purpose of vendor alignment.
• Google Postmaster Data: Domain reputation scores, spam rate metrics, and authentication compliance data as presented within Google Postmaster Tools for domains registered by the Client.
• DMARC Aggregate Reports (rua): XML aggregate reports delivered to designated reporting inboxes, which contain sending volume data, authentication pass/fail rates, and IP address ranges. These reports do not contain email content.
• Sending IP Addresses: IP ranges used by the Client's sending infrastructure, as identified through SPF record analysis and DMARC report parsing.

We do not access, index, read, archive, or process the content of any email messages. Our access is strictly limited to routing metadata, DNS records, and authentication configuration data.

This section is provided with explicit clarity due to the sensitive nature of corporate email infrastructure.

Vaixus Technologies does not, under any circumstances:

• Read, access, or store the body, subject, or headers of any individual email messages sent or received by the Client's organization.
• Access email inboxes, outboxes, or sent folders through IMAP, POP3, SMTP, or any mail access protocol.
• Access employee or corporate communications, internal messaging platforms, or collaboration tools.
• Intercept, proxy, or inspect email traffic in transit.
• Access personally identifiable information (PII) of the Client's customers, contacts, or email recipients beyond IP address ranges reflected in DMARC aggregate reports.
• Connect to, query, or access the Client's CRM, sales platform, or marketing database contents.

Our access to third-party ESP platforms (such as HubSpot, SendGrid, or Apollo) is limited to domain configuration, DKIM key management, and DNS verification settings only. We do not access contact lists, email sequences, campaign content, or recipient data within these platforms.

In addition to infrastructure data, we collect the following information from Clients and prospective clients:

• Business Contact Information: Name, job title, company name, business email address, and company website, as provided during inquiry or onboarding.
• Communication Records: Email correspondence between the Client and Vaixus Technologies related to service delivery, support, and project management.
• Payment Information: Invoicing details (company name, billing address) as required for financial records. Payment card data is processed exclusively through Paddle and is not stored by Vaixus Technologies.

When you visit the Vaixus Technologies website (vaixus.tech), we may collect standard server log data including IP address, browser type, referring URL, and pages visited. This data is used solely for website performance analysis and security monitoring. We do not use cross-site tracking, behavioral advertising cookies, or third-party analytics platforms that profile individual users.

All data collected is used exclusively for the following purposes:

• Delivery of contracted DNS audit and remediation services.
• Communication and project coordination with the Client.
• Generation of technical audit reports and deliverables for the Client.
• Invoicing and financial record-keeping as required by Indian tax law.
• Improvement of our internal audit methodologies (using anonymized, non-identifying technical patterns only).

We do not use Client data for marketing purposes, do not sell data to third parties, and do not use Client infrastructure data to train machine learning models.

Access Credentials: Any domain registrar credentials, ESP login details, or API keys provided by the Client are actively used only during the engagement period. Upon project completion or Client request, all credentials are permanently deleted from Company systems within five (5) business days.

Audit Deliverables: Technical reports and audit documentation are retained for twelve (12) months following project completion to support post-delivery queries and warranty obligations, after which they are permanently deleted unless the Client requests earlier deletion.

Business Records: Invoice records and business correspondence may be retained for up to seven (7) years as required by Indian financial regulations.

To request deletion of your data, contact us at soorya@vaixus.tech. We will confirm deletion within ten (10) business days.

Vaixus Technologies implements appropriate technical and organizational measures to protect Client data from unauthorized access, disclosure, alteration, or destruction. These measures include:

• Encrypted storage of all Client credentials and sensitive configuration data.
• Access to Client credentials restricted to the engineer(s) directly assigned to the engagement.
• Secure deletion protocols for credential data upon engagement completion.
• No transmission of Client credentials via unencrypted channels (e.g., plain-text email).

While we implement industry-standard security practices, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security and will notify affected Clients promptly in the event of a confirmed data breach.

Vaixus Technologies does not sell, rent, or share Client data with third parties, except:

• Service Delivery: In rare cases where a specialized sub-contractor is engaged (with the Client's written consent), only the minimum required data will be shared under a confidentiality agreement.
• Legal Compliance: If required to disclose information by applicable law, court order, or governmental authority, we will notify the Client to the extent permitted by law before complying.
• Payment Processing: Paddle processes payment data under their own privacy policy. Vaixus Technologies does not receive or store payment card details.

Subject to applicable law, Clients have the right to:

• Request access to the personal and infrastructure data we hold about them.
• Request correction of inaccurate data.
• Request deletion of their data (subject to our retention obligations under Indian law).
• Object to or restrict certain types of data processing.
• Withdraw consent for any processing activity that relies on consent.

To exercise any of these rights, contact us at soorya@vaixus.tech.

This Privacy Policy is governed by the laws of India, including the Digital Personal Data Protection Act, 2023 (DPDPA) and applicable IT regulations. For Clients in the European Economic Area (EEA) or United Kingdom (UK), we also aim to comply with GDPR principles where applicable to our processing activities involving EU/UK data subjects.

For privacy-related inquiries, data access requests, or concerns, contact:

Vaixus Technologies
Tiruppur, Tamil Nadu, India
Email: soorya@vaixus.tech