Privacy Policy — GTM

Summary: AXIROZ LLC respects your privacy. The GTM Platform is powered by enterprise infrastructure hosted in the United States. We do not sell your data. You remain the data controller for your customers' personal data. This Policy explains everything clearly — please read it carefully.

1. Overview & Scope

AXIROZ LLC ("AXIROZ," "we," "us," or "our") is committed to protecting the privacy and security of personal information entrusted to us by our clients and platform users. This Privacy Policy ("Policy") describes what information we collect, how we use it, with whom we share it, and what rights you have in relation to it.

This Policy applies to all information collected through:

The GTM Platform at gtm.axiroz.tech
The main website at www.axiroz.us
The Support Centre at support.axiroz.us
All related sub-domains, APIs, mobile applications, and services operated by AXIROZ LLC

By accessing or using any of the above, you agree to this Policy. If you do not agree, please discontinue use of the Platform and contact us to close your account.

This Policy is incorporated into and governed by AXIROZ LLC's Terms and Conditions. In the event of conflict between this Policy and the Terms, the Terms prevail.

2. Who We Are

Legal Entity: AXIROZ LLC
Country of Registration: United States of America
Governing Law: State of Wyoming, USA
Platform: GTM — Go To Market
Website: www.axiroz.us
User Login Portal: gtm.axiroz.tech
Privacy Contact: [email protected]

AXIROZ LLC acts as the data controller for personal information collected directly through its websites and account registration processes. For personal data of your customers that you upload or collect through the Platform, AXIROZ LLC acts as a data processor on your behalf — you remain the data controller for your customers' data and bear full responsibility for its lawful processing.

3. Platform Infrastructure & Data Location

GTM — Go To Market is a SaaS platform powered by enterprise-grade infrastructure. The underlying platform technology is developed and maintained by a US-based enterprise technology organisation under a technology licensing and distribution agreement with AXIROZ LLC.

All data processed through the GTM Platform is stored and processed on servers located in the United States.

By using the Platform, you explicitly acknowledge and consent to:

The transfer of your personal data to and storage in the United States
Processing of your data by AXIROZ LLC's upstream technology provider under strict confidentiality and data protection obligations
AXIROZ LLC remaining your sole point of contact for all privacy and data-related matters

4. What Information We Collect

4.1 Information You Provide Directly

Account Information: Full name, business name, email address, phone number, job title, and business address
Billing Information: Payment method details processed via Razorpay or Stripe (we do not store raw card data), billing address, and tax identification numbers where applicable
Business Profile: Business logo, social media profiles, custom domains, and business category
Platform Content: Email templates, SMS messages, WhatsApp templates, workflows, funnels, chatbot flows, AI-generated content, and other content you create within the Platform
Support Communications: Help desk tickets, chat transcripts, emails, and any correspondence with our support team
Verification Information: Identity documents or business registration information where required for compliance verification

4.2 Information Collected Automatically

Usage Data: Features accessed, campaigns sent, contacts created, workflows built, login timestamps, session duration, and feature interaction logs
Device & Technical Data: IP address, browser type and version, operating system, device identifiers, and screen resolution
Log Data: Server logs, error logs, API call logs, security event logs, and access logs
Cookies & Tracking Technologies: See Section 8 for full details

4.3 Client Contact Data — Your Customers' Personal Data

As a GTM client, you upload and manage your customers' personal data within the Platform ("Client Contact Data"), including names, email addresses, phone numbers, and other contact information. This is your data — you control it.

Important: With respect to Client Contact Data, AXIROZ LLC acts as a data processor on your behalf, not as an independent data controller. You are the data controller for your customers' personal data and are solely responsible for: (1) obtaining all required consents and permissions; (2) providing required privacy notices to your customers; (3) ensuring your customers accept a privacy policy that provides at least the same level of protection as this Policy; and (4) ensuring compliance with all applicable data protection laws in your jurisdiction.

5. How We Use Your Information

Purpose	Data Used	Legal Basis
Providing and operating the GTM Platform	Account data, usage data, billing data	Contract performance
Processing payments and managing subscriptions	Billing data, account data	Contract performance
Providing customer support and onboarding	Account data, support communications, usage data	Contract performance / Legitimate interest
Sending service notifications, renewal reminders, and product updates	Email address, name, account data	Contract performance / Legitimate interest
Security monitoring, fraud detection, and account protection	Log data, device data, usage data, IP address	Legitimate interest / Legal obligation
Platform performance analytics and improvement	Usage data (aggregated and anonymised where possible)	Legitimate interest
Enforcing our Terms and Conditions	Account data, usage data, communications	Legitimate interest / Legal obligation
Compliance with legal obligations	As required by applicable law	Legal obligation
Responding to data subject rights requests	Account data, relevant personal data	Legal obligation
Tax record-keeping and financial compliance	Billing data, account data	Legal obligation

We do not sell, rent, or trade your personal information to any third party for their own marketing, advertising, or commercial purposes under any circumstances.

6. Sharing of Information

6.1 Upstream Technology Provider

The GTM Platform is powered by a US-based enterprise technology provider. Your account data and platform usage data is shared with this provider solely as necessary to operate, maintain, secure, and support the Platform. This provider processes data as a sub-processor under strict confidentiality obligations and data protection requirements consistent with applicable US law.

6.2 Payment Processors

Payments are processed by Razorpay Software Pvt. Ltd. and/or Stripe Inc., each of which receives billing information necessary to process your transactions. Both are PCI-DSS compliant. AXIROZ LLC does not store raw payment card data.

6.3 Communication Service Providers

To enable SMS, WhatsApp, email, and calling features, data is shared with licensed telecommunications and messaging providers, including Meta Platforms Inc. (WhatsApp Business API), email delivery infrastructure providers, and licensed telecom carriers. Sharing is strictly limited to information required to transmit your communications.

6.4 Analytics and Performance Tools

We use third-party analytics tools (such as Google Analytics) to understand how clients use the Platform. These tools receive anonymised or pseudonymised usage data. We have data processing agreements in place with all such providers.

6.5 Professional Advisors

We may share information with our legal advisors, accountants, and insurers for legitimate business purposes under applicable professional confidentiality obligations.

6.6 Legal Disclosures

We may disclose your information if required by law, court order, government authority, or regulatory body, or if we reasonably believe disclosure is necessary to: protect the rights and safety of AXIROZ LLC or others; investigate suspected fraud or security incidents; or comply with applicable export control or sanctions laws.

6.7 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of assets, your information may be transferred as part of that transaction. We will notify registered account holders via email if your data becomes subject to a materially different privacy policy as a result of such a transaction, with reasonable advance notice where possible.

7. Data Security

AXIROZ LLC and its upstream technology provider implement industry-standard and enterprise-grade security measures to protect your personal information:

TLS/SSL encryption for all data in transit
AES-256 encryption for data at rest
Role-based access controls strictly limiting data access to authorised personnel
Multi-factor authentication for platform administrative access
Regular security audits, penetration testing, and vulnerability assessments
SOC 2 Type II compliance of the underlying platform infrastructure
Automated intrusion detection, threat monitoring, and incident response systems
Logical separation between client sub-accounts to prevent cross-account data access

Despite these measures, no internet transmission or electronic storage system is 100% secure. We cannot guarantee absolute security and encourage you to use strong, unique passwords and enable two-factor authentication on your account.

In the event of a security incident affecting your data, we will notify you promptly in accordance with applicable law and the procedures described in Section 13.

8. Cookies & Tracking Technologies

Our websites and Platform use cookies and similar technologies to operate, secure, and improve your experience.

Cookie Type	Purpose	Duration
Strictly Necessary	Session management, login security tokens, CSRF protection, platform authentication	Session
Functional	Remembering your preferences, timezone settings, language, and dashboard layout	Up to 12 months
Analytics	Understanding how users navigate the Platform to improve performance (Google Analytics, anonymised)	Up to 24 months
Marketing	Measuring campaign effectiveness and enabling retargeting on external platforms (Google Ads, Facebook Pixel)	Up to 90 days

You may control or disable non-essential cookies through your browser settings or our cookie consent manager. Disabling strictly necessary cookies will impair Platform functionality and may prevent you from logging in.

9. Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal information held by AXIROZ LLC:

Right of Access: Request a copy of the personal information we hold about you
Right of Correction: Request correction of inaccurate or incomplete personal data
Right of Erasure: Request deletion of your personal data, subject to legal retention obligations and our legitimate interests
Right to Data Portability: Receive your personal data in a structured, machine-readable format
Right to Restrict Processing: Request that we limit how we process your data in certain circumstances
Right to Object: Object to processing of your data based on legitimate interests, or for direct marketing
Right to Withdraw Consent: Where processing is consent-based, withdraw that consent at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at [email protected]. We will respond to verified requests within 30 days, or within the timeframe required by applicable law. We may need to verify your identity before processing your request.

Note on Client Contact Data: If you are a customer of one of our clients (i.e., a contact in their GTM CRM), please contact that client directly to exercise your data rights — AXIROZ LLC processes your data on behalf of that client and will direct any requests to them. AXIROZ LLC is not the data controller for contact data uploaded by its clients.

10. US Law Compliance

10.1 California Consumer Privacy Act (CCPA / CPRA)

California residents have rights under the CCPA and CPRA including the right to know what personal information is collected, the right to delete, the right to correct, the right to opt out of the sale of personal information, and the right to non-discrimination for exercising these rights. AXIROZ LLC does not sell personal information. California residents may exercise their rights by contacting [email protected].

10.2 CAN-SPAM Act

All commercial email sent by AXIROZ LLC in connection with the Platform complies with the CAN-SPAM Act, including a valid physical address, clear commercial identification, and a functioning unsubscribe mechanism. Clients who use the Platform to send commercial email are solely responsible for their own CAN-SPAM compliance.

10.3 Telephone Consumer Protection Act (TCPA)

AXIROZ LLC's own marketing communications comply with TCPA requirements. Clients who use the Platform's SMS, calling, or messaging features to contact recipients in the United States are solely responsible for their own TCPA compliance, including obtaining prior express written consent. See Section 12 of the Terms and Conditions for full details.

10.4 Do Not Track

See Section 17 for our Do Not Track policy.

11. Client Data Responsibilities — Your Obligations as a Data Controller

If you are a GTM Platform client, you collect and process personal data of your own customers ("Client Contact Data") through the Platform. As the data controller for this data, you are solely and entirely responsible for:

Having a lawful basis for collecting and processing each category of personal data you add to the Platform
Providing adequate and compliant privacy notices to your customers before or at the time of data collection
Obtaining affirmative consent from your customers where required by applicable law
Implementing and maintaining your own privacy policy that provides at least the same level of protection as this Policy
Obtaining affirmative acknowledgement from your customers that they agree to be bound by your privacy policy before granting them access to any Platform features
Ensuring all contacts in your CRM have consented to receive the type of communications you send through the Platform
Managing all data subject rights requests from your customers (see Section 12)
Complying with all applicable data protection laws in every jurisdiction in which you or your customers operate
Ensuring data is not retained for longer than necessary for the purposes for which it was collected
Implementing appropriate technical and organisational measures within your own business to protect your customers' data

AXIROZ LLC processes Client Contact Data only as directed by you and only as necessary to provide the Services. We will not use Client Contact Data for any purpose other than providing the Platform services to you.

12. Data Subject Rights — Your Downstream Obligations

When your own customers exercise data subject rights (such as requesting access to, deletion, or correction of their personal data), you — as their data controller — are solely responsible for managing and fulfilling those requests.

Your obligations include:

Establishing clear procedures to receive, document, and respond to data subject rights requests from your customers
Fulfilling all verified requests within the timeframes required by applicable law in your jurisdiction
Where fulfilling a request requires action within the GTM Platform (e.g., deleting a contact record), you must take that action directly within your account or contact AXIROZ LLC support to assist
Maintaining complete records of all data subject rights requests received and your responses

If AXIROZ LLC receives a data subject rights request directly from one of your customers, we will forward it to you and you shall respond and fulfil the request promptly in accordance with applicable law. You shall indemnify and hold AXIROZ LLC harmless from any claims, penalties, or liabilities arising from your failure to properly respond to or fulfil data subject rights requests from your customers.

13. Data Breach Notification

13.1 AXIROZ LLC's Obligations to You

In the event AXIROZ LLC or its upstream technology provider discovers a security incident that affects personal data processed through the Platform, AXIROZ LLC will notify you promptly — and in any event within 72 hours of becoming aware of a confirmed breach where feasible — with the following information:

The nature of the security incident
The categories and approximate number of individuals and records affected
The likely consequences of the breach
The measures AXIROZ LLC has taken or proposes to take to address the breach

13.2 Your Obligations Following Notification

Upon being notified of a security incident by AXIROZ LLC, or upon independently discovering any breach affecting Client Contact Data, you are solely responsible for:

Conducting your own independent assessment of the incident and its impact on your customers' personal data
Determining whether the incident triggers data breach notification obligations under applicable laws in your jurisdiction
Making all legally required notifications to affected individuals, regulatory authorities, and other required parties within the timeframes specified by applicable law — entirely at your own cost
Taking all appropriate remedial measures to contain, mitigate, and prevent recurrence of the breach on your end
Notifying AXIROZ LLC promptly of any notifications you make to regulatory authorities or affected individuals
Maintaining complete documentation of the incident, your assessment, and all notifications made

AXIROZ LLC's notification to you of a security incident does not constitute an admission of fault and does not relieve you of your independent obligations to assess and fulfil your own notification requirements under applicable law. You shall indemnify and hold AXIROZ LLC harmless from any claims or penalties arising from your failure to fulfil your breach notification obligations.

14. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements.

Data Type	Retention Period	Reason
Account data	Duration of account + up to 7 years	Legal and tax compliance
Billing and payment records	7 years from date of transaction	US financial record-keeping requirements
Platform usage logs	12 months active; up to 3 years archived	Security, fraud prevention, and dispute resolution
Support communications	3 years from closure of support ticket	Dispute resolution and service improvement
Marketing communications	Until unsubscribe + 1 year	CAN-SPAM compliance records
Client Contact Data	Until deleted by client; 90 days post-termination	Per client instruction; then permanent deletion
Security incident logs	Up to 5 years	Security investigation and regulatory compliance

Following account closure or termination, Client Contact Data and account data are scheduled for permanent deletion within 90 days. You are responsible for exporting any data you need before account closure. AXIROZ LLC is not responsible for data loss following account termination.

15. Third-Party Services & Integrations

The GTM Platform integrates with third-party services as part of its feature set. When you enable these integrations, relevant data is shared with those providers governed by their own privacy policies:

Google (Gmail, Google Calendar, Google Ads) — Google Privacy Policy
Meta / Facebook (Lead Ads, WhatsApp Business API, Instagram, Facebook Messenger) — Meta Privacy Policy
Razorpay — Razorpay Privacy Policy
Stripe Inc. — Stripe Privacy Policy
Zapier / Make — governed by their respective privacy policies

AXIROZ LLC is not responsible for the privacy practices, security, or content of any third-party services. We encourage you to review the privacy policies of any third-party service you connect with the Platform before enabling the integration.

Our websites may contain links to third-party websites not operated by AXIROZ LLC. We are not responsible for the privacy practices of those websites.

16. Children's Privacy

The GTM Platform is a B2B service exclusively for business professionals and is not directed to individuals under the age of 18. We do not knowingly collect or solicit personal information from minors under 18. If we become aware that personal information has been collected from a person under 18, we will take immediate steps to delete such information from our systems. If you believe we may have inadvertently collected information from a minor, please contact us immediately at [email protected].

17. Do Not Track

Some browsers offer a "Do Not Track" (DNT) signal to indicate that a user does not wish to be tracked across websites. Currently, our websites do not respond to browser DNT signals, as no uniform technical standard for doing so has been established and adopted across the industry. We will reassess this position as applicable standards and laws develop. You may opt out of analytics tracking by disabling analytics cookies through our cookie consent manager.

18. International Data Transfers

AXIROZ LLC is a US-based entity and all data processed through the GTM Platform is stored in the United States. If you are located outside the United States, your use of the Platform involves the transfer of your personal data to the United States, which may have different data protection standards than your home country.

By using the Platform, you explicitly consent to the transfer of your personal data to the United States for processing and storage. AXIROZ LLC implements contractual and technical safeguards to ensure that data transferred internationally is handled in accordance with applicable data protection standards.

If you are a resident of the European Economic Area (EEA), United Kingdom, or other jurisdiction with specific requirements for international data transfers, please contact [email protected] for information about the specific transfer mechanisms applicable to your situation.

19. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time. For material changes, we will:

Update the "Last Updated" date at the top of this page
Send an email notification to all registered account holders at least 14 days before material changes take effect
Display a prominent notice on the GTM Platform

Your continued use of the Platform after the effective date of any revised Policy constitutes your acceptance of the changes. If you do not agree with the revised Policy, you must discontinue use of the Platform and contact us to close your account. No refund is provided for account closure arising from disagreement with revised privacy terms.

20. Contact Us

For any questions, concerns, data access requests, or privacy-related matters:

AXIROZ LLC — Privacy & Data Protection

📧 General / Support: [email protected]
📧 Legal & Contractual: [email protected]
📧 Billing: [email protected]
🌐 Website: www.axiroz.us
🔐 User Login Portal: gtm.axiroz.tech
📚 Support Centre: support.axiroz.us
⏰ Support Hours: Monday – Saturday, 9:00 AM – 7:00 PM IST
⚡ Privacy Requests: Within 30 days · General Support: Within 2 business hours

This Privacy Policy was last reviewed and updated on June 1, 2025, and supersedes all prior versions of the AXIROZ LLC Privacy Policy. Governing law: State of Wyoming, USA.