Privacy Policy

Plain-English summary of what we collect, why, and how we protect it. We've kept it short on purpose — long policies hide things.

The 30-second summary

We are Glixy Labs Pvt Ltd, an AI infrastructure company based in Mumbai, India. We collect the minimum personal data needed to run our services: contact details, billing info, and usage telemetry. We never sell your data, never train our models on it, and never share it with third parties for marketing. Customer workloads — including any data you process on Glixy infrastructure — remain yours. We are merely the operator of the compute.

Who we are

The data controller for this policy is Glixy Labs Pvt Ltd, registered at BKC, Mumbai 400051, India. Our Data Protection Officer can be reached at privacy@glixy.com. For India's DPDP Act, we operate as the data fiduciary; for GDPR, we operate as the controller for our marketing site and as a processor for customer workloads.

What we collect

Information you give us directly

• Account info: name, work email, company, role, phone (optional).
• Lead form submissions: any data you type into our contact form, including service interest, budget range, and project description.
• Billing info: billing address, GSTIN, PAN, payment-method details (handled by Razorpay/Stripe — we never see full card numbers).
• Support correspondence: emails, Slack messages, ticket content.

Information we collect automatically

• Usage telemetry: which pages you view on our site, which API endpoints your account calls, when, and from which IP. Used for performance optimization and security.
• Cookies: a single first-party session cookie to keep you signed in. We do not use third-party tracking cookies. We use Plausible (privacy-respecting analytics) which does not set cookies.
• Cluster metrics: GPU utilization, memory pressure, network throughput aggregated at the cluster level. Used to bill, alert, and improve scheduling.

What we do NOT collect

We do not inspect, read, copy, or train on the data you process inside your Glixy cluster — your model weights, your prompts, your fine-tuning datasets, your customer records. Those belong to you and only you. Our access to your cluster requires explicit, time-bound, audited admin grant from a human on your team (or, for fully-managed plans, the runbook you signed off on).

Why we collect it

Each piece of data has a specific lawful purpose:

• To deliver the service — provisioning, billing, account access, status alerts. Legal basis: contract performance.
• To improve the service — debugging incidents, capacity planning, feature usage analytics. Legal basis: legitimate interest.
• To stay secure — fraud detection, abuse prevention, audit logs. Legal basis: legitimate interest + legal obligation.
• To send you updates — onboarding, billing reminders, security advisories. You can unsubscribe from non-essential emails any time. Legal basis: contract / consent.

Who we share it with

We use a small number of subprocessors to run the business. Each is bound by a Data Processing Agreement and audited annually.

• Razorpay / Stripe — payment processing.
• SendGrid — transactional email (invoices, password resets, alerts).
• Cloudflare — DDoS protection and edge caching for our marketing site only. They do not see customer cluster traffic.
• Plausible — privacy-friendly site analytics (no cookies, no PII).

We do not sell, rent, or trade your data with anyone. If we are ever required by law to disclose data, we will challenge overbroad requests and notify you unless legally prohibited.

Your rights

Under DPDP (India), GDPR (EU), and similar laws, you have the right to:

• Access the personal data we hold about you.
• Correct anything that's wrong.
• Delete your account and personal data (subject to legal retention).
• Export your data in a machine-readable format.
• Object to processing based on legitimate interest.
• Withdraw consent for marketing communications.
• Lodge a complaint with India's Data Protection Board or your local supervisory authority.

Email privacy@glixy.com with the subject "Data Request" and we'll respond within 7 working days.

How long we keep data

• Lead form submissions that don't convert: 18 months, then deleted.
• Active customer accounts: for the life of the contract plus 7 years (Indian tax requirement on invoice records).
• Usage telemetry: 13 months, after which it's aggregated and anonymized.
• Audit logs: 13 months, longer for accounts subject to compliance regimes.
• Customer cluster data: we never store or copy this. It lives where your cluster lives, deleted when you delete it.

How we protect it

Encryption in transit (TLS 1.3 + mTLS between services), encryption at rest (AES-256-GCM with rotated keys), customer-managed keys via HSM/KMS available on Enterprise plans, SOC 2 Type II audited annually, and a security team that does this for a living. Read more at our security page.

How to reach us

Email privacy@glixy.com or write to us at:

Glixy Labs Pvt Ltd
Attn: Data Protection Officer
BKC, Mumbai 400051, India

If we materially change this policy, we'll email you and post a banner on the site at least 30 days before the change takes effect.

Last updated 1 May 2026. Previous versions are available on request.