1. Introduction

This Privacy Policy describes how Phyzii, a product of Cirrius Technologies Pvt. Ltd., collects, uses, stores, processes and protects information. This policy applies to the Phyzii website, mobile applications, cloud services, APIs and related offerings.

2. Scope

This policy applies to all users, customer organizations, administrators, employees, contractors and authorized users of the Phyzii platform.

3. Definitions

Data Principal, Personal Data, Processing, Data Controller, Data Processor, Customer Organization, User, Device Data and Services shall have meanings aligned with applicable privacy regulations.

4. Information Collected

We may collect the following categories of information:

• Identity information and contact details
• Employee information and CRM data
• Attendance records and location data
• Survey responses and expense information
• Uploaded documents and photographs
• Device identifiers, IP addresses, diagnostics and audit logs

5. Mobile Application Permissions

Camera, location, notifications, storage and phone permissions may be requested only where required for configured business processes.

6. Purpose of Processing

Information is processed for the following purposes:

• Authentication and service delivery
• Attendance tracking and reporting
• CRM activities and expense management
• Analytics, compliance and support
• Troubleshooting and security monitoring

7. Data Sharing

Phyzii does not sell personal data. Information may be shared with:

• Customer organizations
• Infrastructure and support providers
• Authorities where legally required

8. Security Measures

We implement a range of technical and organizational controls, including:

• Encryption in transit and at rest
• Access controls and password protection
• Audit logging and backup procedures
• Secure SDLC, vulnerability assessments and VAPT
• Monitoring and incident response controls

We value your trust in providing us your personal information and strive to use commercially acceptable means of protecting it. However, no method of transmission over the internet or electronic storage is 100% secure and reliable, and we cannot guarantee absolute security.

9. Data Retention

Information is retained according to contractual obligations, customer instructions, legal requirements and operational needs. Please refer to Appendix A for the Data Retention Matrix.

10. DPDP Compliance

Phyzii supports compliance with the Digital Personal Data Protection Act, 2023, including lawful processing, consent management and grievance handling.

11. GDPR Principles

Where applicable, Phyzii supports the following GDPR principles: lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation and confidentiality.

12. Data Controller and Processor

Customer organizations generally act as Data Controllers. Cirrius Technologies acts as a Data Processor, processing data on documented instructions.

13. International Transfers

Appropriate safeguards may be implemented where information is processed outside the country of origin.

14. User Rights

Subject to applicable laws and customer agreements, users may request:

• Access to their personal data
• Correction of inaccurate data
• Deletion or restriction of processing
• Data portability
• Withdrawal of consent

15. Children's Privacy

The services are intended for enterprise use and are not directed toward children. We do not knowingly collect personally identifiable information from children. Parents and legal guardians are encouraged to monitor their children's internet usage.

16. Incident Response

Security incidents are investigated, documented and managed through formal response procedures.

17. Sub-processors

Cloud hosting, email delivery, monitoring and messaging providers may act as sub-processors under contractual controls.

18. Account Deletion and Data Removal

User accounts for this application are provisioned and managed by authorized administrators of the organization.

If a user requires their account or associated personal data to be deleted, they should contact their organization's administrator or designated IT support team. Upon receiving a valid request, the administrator will review and process the account deletion in accordance with the organization's policies and applicable legal requirements.

Certain information may be retained where required for operational, legal, security or compliance purposes.

19. Google Play Data Safety

Data collected is used only for service delivery, support, analytics, security and compliance. Personal information is not sold.

20. Apple App Store Privacy

Collection of identifiers, diagnostics, location data, images and files depends on permissions granted and enabled workflows.

21. Contact Information

Privacy inquiries may be directed to privacy@phyzii.com. Customer users should first contact their organization administrator.

General support inquiries can also be sent to customer.support@cirrius.com.

22. Changes to Policy

This Privacy Policy may be updated from time to time. Updated versions become effective upon publication. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this page periodically for any changes.

Appendix A – Data Retention Matrix

Appendix B – Security Controls

• Access Management
• Encryption
• Monitoring
• Backup
• Vulnerability Assessment
• Incident Management
• Business Continuity and Disaster Recovery