Privacy Policy — Matrixe Zone

01Who we are

This Privacy Policy explains how Matrixe Zone ("we", "us", "our") collects, uses, and protects information when you visit matrixe-zone.com, contact us, or engage us as a client.

For the purposes of the EU General Data Protection Regulation (GDPR) and the UK GDPR, Matrixe Zone is the data controller for personal information collected through our website and during the course of our engagements.

Trading name: Matrixe Zone
Contact: info@matrixe-zone.com
Phone: +91 98973 46327
Postal: See Imprint for full company details.

02Data we collect

We collect only what we need to operate our business. Specifically:

Information you give us

Contact details — name, work email, phone, company, website you submit through our forms or share by email.
Project details — goals, budgets, current performance numbers, KPIs you share so we can scope work.
Communications — emails, calls, meeting notes, and Slack/Teams messages exchanged during an engagement.
Billing details — VAT/GST numbers, invoicing addresses (we never store credit-card numbers — payments run through PCI-compliant processors).

Information collected automatically

Usage data — pages viewed, referrer, country (city-level), device type, browser, approximate session duration.
Technical logs — IP address (truncated), user-agent, request timestamps. Held for security and abuse-prevention only.
Cookies — see our Cookie Policy for the full breakdown.

Information from clients' systems (during engagements)

Aggregated marketing data — Google Analytics, Search Console, ad-platform performance, CRM exports — all under the access scope you approve.
We do not knowingly collect special-category data (health, race, religion, biometrics, political opinions). If your platforms contain such data, tell us — we'll exclude it from our scope.

03How we use it

We use personal information to:

Reply to your enquiries and schedule strategy calls.
Deliver the services you've engaged us to perform.
Send you contractually required communications (invoices, reports, kick-off documents).
Improve our services, content, and website performance — using aggregated, de-identified analytics.
Comply with legal, tax, and accounting obligations.
Detect, prevent, and investigate security incidents and abuse.

We do not sell your personal information. We do not use it to train AI models. We do not share it with advertisers.

04Legal basis

Under GDPR / UK GDPR, we rely on the following lawful bases:

Contract — to perform a contract with you (or take pre-contract steps you've requested), e.g. delivering an engagement.
Legitimate interests — to operate, secure, and improve our website and services, and to keep records of business communications. We balance these against your rights.
Consent — where you opt in to non-essential cookies, marketing emails, or testimonial usage.
Legal obligation — to comply with tax, accounting, anti-fraud, and other applicable laws.

Where we rely on consent, you can withdraw it at any time without affecting prior processing. Email info@matrixe-zone.com.

05Sharing & sub-processors

We share personal data only with vetted sub-processors who help us run the business. They are bound by data-processing agreements and confidentiality terms. Current categories:

Sub-processor	Purpose	Region
Google Workspace	Email, calendar, docs	EU / US
Slack	Client communications	EU / US
Notion	Project management, docs	EU / US
Stripe	Payment processing	EU / US
Plausible Analytics	Privacy-friendly analytics	EU
Cloudflare	CDN, DDoS protection	Global

An up-to-date list is available on request. We never share your data with third parties for their own marketing purposes.

We may also disclose data when required by law (e.g. a court order or regulatory request) — and where legally permitted, we'll tell you first.

06Cookies & tracking

We use a minimal set of essential cookies and one privacy-friendly analytics cookie. We do not use Facebook Pixel, Google Analytics 4, or third-party advertising trackers on this site.

Full breakdown — including how to opt out — is in our Cookie Policy.

07Retention

We hold personal data only as long as we need it:

Enquiry data — 24 months from last contact, then deleted.
Engagement data — for the duration of the engagement plus 7 years for tax / contractual records (legal requirement in most jurisdictions).
Website analytics — 14 months, then aggregated.
Server logs — 30 days.
Marketing emails — until you unsubscribe, then we retain a suppression record indefinitely so we don't email you again by accident.

08Your rights

Depending on your jurisdiction, you have the right to:

Access — request a copy of the personal data we hold about you.
Rectify — correct inaccurate or incomplete data.
Erase — request deletion ("right to be forgotten") where legally possible.
Restrict — pause our processing while we investigate a complaint.
Object — to processing based on legitimate interests or direct marketing.
Data portability — receive your data in a structured, machine-readable format.
Withdraw consent — at any time, where consent is the basis.
Lodge a complaint — with your local data-protection authority. We'd appreciate a chance to respond first.

To exercise any of these rights, email info@matrixe-zone.com with the subject line "Privacy request". We respond within 30 days, usually within 5.

09International transfers

Our team is distributed across seven countries (see Contact). Some of our sub-processors operate outside the EU/UK.

Where personal data leaves the EEA / UK, we rely on the European Commission's Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, or — where applicable — adequacy decisions (e.g. EU–US Data Privacy Framework).

We assess each transfer for risk using a Transfer Impact Assessment and apply additional safeguards (encryption in transit and at rest) where needed.

10Security

We protect personal data with technical and organisational measures appropriate to the risk:

TLS encryption in transit; AES-256 encryption at rest for sensitive client data.
SSO + MFA on every internal tool that touches client data.
Role-based access — engineers see only the projects they work on.
Vendor security reviews and annual penetration testing.
Quarterly security training for the entire team.
Incident-response plan with 72-hour breach-notification commitment.

No system is 100% secure. If a breach occurs and is likely to result in a high risk to your rights, we'll notify you and the relevant supervisory authority within 72 hours.

11Children

Our services are aimed at businesses, not consumers. We do not knowingly collect data from anyone under the age of 16. If you believe we hold data from a child, contact us and we'll delete it promptly.

12Changes

We'll update this policy when our practices, services, or legal obligations change. The "Last updated" date at the top reflects the most recent revision. For material changes, we'll post a banner on the website and — for active clients — email you directly at least 30 days before the change takes effect.

An archive of previous versions is available on request.

13Contact

Privacy questions, data-subject requests, or breach reports — please email info@matrixe-zone.com with the subject line "Privacy". Reply within 1 business day, formal responses within 30 days.

If you're not satisfied with our response, you have the right to complain to your local data-protection authority. In the EU, find your authority at edpb.europa.eu. In the UK, contact the ICO.