Linxus Infotech
Sign in Start free scan
Legal

Privacy Policy

Last updated: June 11, 2026 · Effective: June 11, 2026 · Applies to linxusinfotech.com and infrasync.app

This Privacy Policy explains how Linxus Infotech Pvt. Ltd. ("Linxus", "we", "us", "our") collects, uses, stores, shares, and protects information when you use our website (linxusinfotech.com) and the InfraSync platform (infrasync.app) (together, the "Services"). It is published in compliance with the Digital Personal Data Protection Act, 2023 (India), the Information Technology Act, 2000 and the rules made thereunder, and — where applicable — the EU/UK General Data Protection Regulation (GDPR). By accessing or using the Services, you acknowledge that you have read and understood this policy.

In this policy, "personal data" means any information relating to an identified or identifiable individual. "Infrastructure metadata" means the read-only configuration data InfraSync collects from your AWS account (such as instance types and security-group rules) and never includes the contents of your applications, databases, or stored objects.

1. Information we collect

Account information

When you create an InfraSync account we collect your name, email address, organisation name, and authentication credentials (or your identity token if you sign in via an OAuth provider such as GitHub).

AWS infrastructure metadata

When you connect an AWS account, InfraSync uses a read-only IAM role that you create to scan resource configurations (for example: EC2 instance types, VPC CIDR blocks, IAM policy documents, tags). We collect configuration metadata only — we never access the contents of your databases, S3 objects, application data, or workloads, and we never modify, create, or delete anything in your AWS account.

Generated code and scan history

Terraform/OpenTofu files generated from your scans, drift reports, and scan history are stored in your organization so you can re-download and compare them.

Payment information

Payments are processed by Razorpay Software Private Limited. We do not store your full card number, CVV, or banking credentials on our servers. We retain transaction references, invoices, billing address, and (where provided) your GSTIN and place of supply as required by Indian tax law.

Usage and technical data

We collect standard log data (IP address, browser type and version, device and operating system, referring pages, pages visited, and timestamps) and use cookies or similar technologies for session management and product analytics.

Communications

When you contact support, request a demo, or email us, we retain your messages and contact details so we can respond and keep a record of the request.

2. How we use your information

  • To provide, operate, and improve the Services — scanning, code generation, drift detection, and GitHub integration.
  • To process subscription payments and send invoices.
  • To send transactional messages (scan completion, drift alerts, billing notices) and, with your consent, product updates.
  • To provide customer support and respond to enquiries.
  • To detect abuse, enforce our Terms, and comply with legal obligations.

We do not sell your personal data or your infrastructure metadata to anyone, and we do not use your infrastructure metadata or generated code to train machine-learning models.

3. Legal bases for processing

Where the GDPR or the DPDP Act applies, we rely on the following legal bases:

  • Performance of a contract — to provide the Services you have signed up for (scanning, code generation, drift detection, GitHub integration, billing).
  • Legitimate interests — to secure, maintain, and improve the Services and prevent abuse, balanced against your rights.
  • Consent — for non-essential analytics cookies and optional marketing communications, which you may withdraw at any time.
  • Legal obligation — to retain invoices and tax records as required by Indian law.

4. Where your data lives

The Services are hosted on Amazon Web Services in the ap-south-1 (Mumbai) region. AWS Secret Access Keys are encrypted at rest using AES-256-GCM; generated Terraform files in Amazon S3 use server-side encryption. Generated code also lives in any GitHub repository you choose to push it to. Full technical detail is in our Security & Data Protection Statement.

5. Sharing & sub-processors

We do not sell or rent personal data. We share data only with the sub-processors needed to operate the Services, each bound by contractual confidentiality and data-protection obligations:

  • Amazon Web Services, Inc. — compute (EC2), object storage (S3), message queue (SQS), in-memory cache (ElastiCache for Redis), and email (SES), all in the ap-south-1 (Mumbai) region.
  • Razorpay Software Private Limited — payments and recurring-billing mandates. Card data is handled directly by the PCI-DSS-compliant gateway and never touches our servers.
  • GitHub, Inc. — only when you install the InfraSync GitHub App and push generated code; access is fine-grained, organisation-scoped, and revocable by you at any time.
  • SMTP email provider (fallback) — used only if AWS SES is unavailable.

We may disclose information if required by law, court order, or a lawful governmental request, or to protect the rights, safety, and security of Linxus, our users, or the public. In a merger, acquisition, or sale of assets, data may be transferred to the successor entity under this policy.

6. International data transfers

Your data is primarily stored and processed in India (AWS ap-south-1). Some sub-processors (such as GitHub or your payment gateway) may process limited data outside India. Where this happens, we rely on appropriate safeguards — such as Standard Contractual Clauses or equivalent contractual protections — and only transfer to jurisdictions or providers that maintain an adequate level of protection.

7. Data retention

Account data is retained while your account is active. Scan history and generated code are retained per your plan limits. If you delete your account, we delete or anonymise your personal data and organization contents within 30 days, except records we must keep under Indian tax and accounting law (typically 8 years for invoices). Backups containing your data are purged on a rolling cycle not exceeding 90 days.

8. Your rights

Under the (Indian) Digital Personal Data Protection Act, 2023 and, where applicable, the GDPR, you may:

  • Request access to or a copy of your personal data;
  • Correct inaccurate data;
  • Request deletion of your account and data;
  • Withdraw consent for non-essential communications at any time;
  • Lodge a complaint with the relevant data protection authority.

To exercise any of these rights, email privacy@linxusinfotech.com or our Grievance Officer (section 14). We verify your identity and respond within 30 days. You also have the right to nominate another person to exercise these rights in the event of death or incapacity, as provided under the DPDP Act.

9. Security & breach notification

We use industry-standard safeguards: TLS in transit (minimum TLS 1.2), encryption at rest for sensitive credentials (AES-256-GCM), least-privilege access controls, network isolation, and audit logging (retained 90 days by default). InfraSync's AWS access is read-only by design — it cannot write to your account even in the event of a compromise of your organization credentials. No system is perfectly secure; you are responsible for keeping your own login credentials confidential. See our Security & Data Protection Statement for full detail.

In the event of a personal-data breach that is likely to result in risk to you, we will notify the affected users and the relevant authority (the Data Protection Board of India and/or applicable supervisory authority) without undue delay and in line with our legal obligations.

10. Cookies & tracking

We use the following categories of cookies and similar technologies:

  • Strictly necessary — sign-in sessions, security, and load balancing. These cannot be switched off.
  • Analytics — to understand aggregate product usage so we can improve it.
  • Preference — to remember settings such as currency or billing-period toggles.

You can block non-essential cookies in your browser settings without affecting core functionality. We honour browser “Do Not Track” / Global Privacy Control signals where technically feasible. We do not use advertising or cross-site tracking cookies.

11. Children

The Services are for business use and are not directed at children under 18. We do not knowingly collect data from children. If we learn that we have collected data from a child, we will delete it.

12. Automated decision-making

We do not make decisions producing legal or similarly significant effects about you based solely on automated processing. Drift severity bands and scan results are advisory only and are always subject to your review.

13. Changes to this policy

We may update this policy from time to time. Material changes will be announced by email or an in-app notice at least 7 days before they take effect. The “Last updated” date above reflects the latest revision.

14. Grievance Officer & contact

In accordance with the Information Technology Act, 2000 and rules made thereunder, and the DPDP Act, 2023, the contact details of our Grievance Officer are below. The Grievance Officer addresses complaints regarding the processing of personal data and any breach of this policy.

Grievance Officer: Sachin (Founder)
Linxus Infotech Private Limited
G.NO.215, Dongargaon (Shev), Phulambri,
Aurangabad, Maharashtra 431111, India
CIN: U62099MH2024PTC424743
Privacy & data requests: privacy@linxusinfotech.com
Grievances: grievance@linxusinfotech.com
Phone: +91 8828 757 008

We acknowledge grievances within 48 hours and aim to resolve them within 30 days.