Legal

Privacy Policy.

How we collect, use, share and protect personal data — written in plain words. We treat your data the way we'd want ours treated.

Last updated: 1 April 2026 · Effective: 1 May 2026

Contents

  1. Who we are
  2. What data we collect
  3. Why we collect it
  4. Who we share data with
  5. AI agents & training data
  6. Your rights
  7. Security
  8. International transfers
  9. Changes to this policy
  10. Contact us

1 · Who we are

"Polluxa" refers to Pollux Technologies and its subsidiaries operating the Polluxa platform (polluxa.com and its sub-domains). For customers in the European Economic Area and the United Kingdom, the data controller for our marketing site and prospect data is Pollux Ltd, registered in England. For product-tenant data, your organization is the data controller and Polluxa is the data processor under your Data Processing Agreement.

2 · What data we collect

We collect three kinds of data:

  • Data you give us when you contact us, sign up for a free trial, or apply for a job — typically name, work email, company, role and any message you send.
  • Data we collect automatically when you visit the marketing site — IP, browser, pages viewed, referrer. We use first-party cookies for session and a small set of analytics tools (see our cookie notice).
  • Data within the product processed on behalf of customer organizations — order records, contact records, inventory data, etc. This is governed by the customer's DPA and not by this policy.

3 · Why we collect it

We use marketing-site data to respond to your enquiry, deliver the trial, and improve the site. We do not sell personal data. We do not use marketing-site data to train any model.

4 · Who we share data with

We share marketing-site data only with vendors that process it on our behalf under strict data-protection terms — typically our CRM, email-send provider, analytics tool and cloud infrastructure. A full sub-processor list is available on request.

5 · AI agents & training data

Polluxa's AI agents run on a mix of in-house and third-party large language models. We do not use customer tenant data to train any foundation model. Tenant data is used only to power the agents serving that specific tenant, under the customer's DPA. Where a customer enables an optional feature ("Improve agents from my data"), that data may be used to fine-tune agents that serve only that customer.

6 · Your rights

If you are in a region with data-protection law (EU/EEA, UK, India under DPDP, GCC, Brazil, California), you have rights to access, correct, delete, restrict or port your data, and to object to certain processing. To exercise these, write to privacy@polluxa.com. For product-tenant data, address requests to your administrator at the customer organization.

7 · Security

Polluxa maintains an information security program aligned to ISO/IEC 27001 and SOC 2 Type II. Encryption in transit (TLS 1.2+) and at rest (AES-256). Strict access controls. Continuous monitoring. External penetration tests at least annually. A trust report including SOC 2, ISO 27001, and pen-test summaries is available under NDA on request.

8 · International transfers

Data may be processed in regions other than where you live. Where required, we rely on Standard Contractual Clauses (EU/UK), India's DPDP transfer mechanisms, and equivalent legal bases for other regions. Customers may pin tenant data to a region (EU, IN, GCC, US, SEA) under their service order.

9 · Changes to this policy

We may update this policy from time to time. Material changes are announced on this page at least 30 days before they take effect, and notified to existing customers via the in-product notice and to subscribers via email.

10 · Contact us

Email: privacy@polluxa.com
Postal: Data Protection Officer, Polluxa, 4th Floor, Manyata Tech Park, Hebbal, Bangalore 560045, India.
EU representative: Polluxa BV, Amsterdam (full address on request).