Privacy Policy

Adwix Atlas is operated by Adwix Media Prop. (the “data controller” / “Data Fiduciary” / “business” for your account data). You can reach us at connect@adwixmedia.com.

Two distinct roles: (a) For the account data of agency users (your name, email, login, billing), we are the controller. (b) For the data your agency enters about its own customers (leads, travellers, bookings), your agency is the controller / Data Fiduciary / business and we act only as a processor / Data Processor / service provider acting on your documented instructions.

• Account information — your name, email, phone and agency details when you sign up.
• Google Sign-In (optional) — if you sign in with Google we receive your name, email address and Google profile ID/picture to create and authenticate your account.
• Other Google services (optional, future) — if you connect additional Google products (for example Google Sheets to import/export data, Google Drive, or Google Ads/Analytics), we access only the specific data you authorise through Google’s consent screen, and only to provide the feature you turned on (see Section 4).
• Business data you add — leads, customers, packages, quotations, bookings, invoices, payments and expenses you create in the app.
• Meta (Facebook/Instagram) integration data — if you connect a Page (see Section 5): the leads submitted through your lead forms, the connected Page/account id and name, and the access tokens required to deliver them.
• Payment data — if you purchase a paid plan, billing is handled by our payment processor; we receive transaction metadata (amount, status, reference) but not full card numbers.
• Usage & device data — basic logs, IP address and browser information needed to operate, secure and troubleshoot the service.
• Cookies — strictly-necessary cookies for authentication and session security (see Section 14).

We use personal data to provide and maintain the service, authenticate you, send transactional emails you trigger (such as quotations), deliver leads from connected channels, provide support, bill paid plans, and keep the platform secure and compliant. We do not sell or “share” your personal information (as those terms are defined under the CCPA/CPRA), and we do not use it for our own advertising or to build cross-context behavioural profiles.

Where the GDPR/UK GDPR applies, our legal bases are: performance of a contract (running your account and the features you use); legitimate interests (securing, improving and supporting the service); consent (e.g. connecting optional integrations such as Google or Meta, which you can withdraw at any time); and legal obligation (tax, accounting and lawful requests). Where the DPDP Act applies, we process personal data on the basis of your consent or the legitimate uses that Act permits. We do not carry out solely-automated decision-making that produces legal or similarly significant effects on you.

Adwix Atlas’ use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. Specifically:

• We use Google user data only to provide or improve the user-facing feature you authorised (sign-in today; if enabled in future, importing/exporting via Google Sheets, Drive storage, or Ads/Analytics measurement).
• We do not transfer or sell Google user data for advertising, market research or any unrelated purpose.
• We do not allow humans to read your Google data unless we have your consent for support, it is necessary for security or to comply with law, or the data is aggregated/anonymised.
• You can revoke our access at any time from your Google account permissions, and we delete the corresponding tokens.

If you choose to connect a Meta Page, you grant Adwix Atlas specific permissions through Facebook’s consent dialog. We request only what is necessary to bring your Lead Ads into your CRM and, optionally, to measure ad conversions. Today this includes:

• leads_retrieval — read the leads submitted on your own lead forms (the field answers, e.g. name, phone, email) so we can import them into your private pipeline.
• pages_show_list — list the Pages you manage so you can choose which one to connect.
• pages_read_engagement & pages_manage_metadata — subscribe your chosen Page to our app’s lead notifications (webhook) and read its basic details for that connection.
• business_management — help you locate the right Page/Pixel that belongs to your Business.
• ads_management — used only if you enable the Meta Conversions API: we send conversion events (such as a new lead or a confirmed booking) to your own ad pixel so your campaigns can optimise. Customer identifiers (email/phone) are irreversibly hashed with SHA-256 on our server before being sent to Meta; we never send raw contact details.

As our product grows we may offer further Meta-powered features (for example WhatsApp messaging, or richer lead/messaging integrations). Any new permission will be requested through Meta’s consent flow, used only for the feature you enable, and described here before it is used. We do not post on your behalf and do not use Meta data for our own advertising. Our use of Meta data complies with the Meta Platform Terms and Developer Policies.

Revoking access & deleting Meta data: disconnect any time from Settings → Integrations → Disconnect, or remove the app in your Facebook settings — either action deletes the stored Meta tokens and Page connection. You can also use our Data Deletion page; Facebook can additionally trigger removal through our automated Data Deletion Request callback, which returns a confirmation page with a tracking code.

We never sell your or your customers’ data. We share data only with infrastructure providers (“sub-processors”) that help us run the service, under contractual confidentiality and data-protection terms:

• Supabase — database, authentication and file storage.
• Vercel — application hosting and delivery.
• Render — backend services that power optional integrations (e.g. WhatsApp messaging via Adwix Connect).
• Resend — sending platform/system emails (e.g. account notifications).
• Anthropic (Claude) — powers the optional AI features; receives only the prompt and the scoped data needed to generate a response, and does not use it to train its models (see Section 14).
• Razorpay — payment processing for paid plans.
• Your email/SMTP provider — when you send a quotation it is delivered using the SMTP credentials you configure, from your own email account.
• Meta and Google — only for the integrations you explicitly enable (Sections 4–5).

We may also disclose data where required by law, regulation or valid legal process, or to protect the rights, safety and security of users and the service. If we are involved in a merger, acquisition or asset sale, data may be transferred under equivalent protections and we will notify you.

We and our sub-processors may process data on servers located outside your country, including outside the EU/UK, India, the US, Canada and Brazil. Where personal data is transferred internationally, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses, the UK Addendum, and equivalent measures under the DPDP Act and other applicable laws, so your data continues to receive an adequate level of protection.

Each agency’s data is isolated at the database level using row-level security, so one agency can never access another’s data. Access tokens, SMTP and API credentials are stored server-side and never exposed to the browser. Access is restricted to your authenticated team members and to a limited number of our personnel on a need-to-know basis. We apply reasonable technical and organisational measures — encryption in transit, scoped access, rate limiting and logging — though no method of transmission or storage is perfectly secure.

If a personal-data breach is likely to result in a risk to your rights, we will notify the relevant supervisory authority and affected users without undue delay and within the timeframes required by applicable law (for example, where feasible within 72 hours under the GDPR, and as required by the DPDP Act and other regimes).

We retain personal data while your account is active and as needed to provide the service. Integration tokens and Page connections are deleted when you disconnect or remove the app. On account closure we delete or anonymise your data within a reasonable period (typically within 30 days), except where retention is required by law (for example tax records). You can request export or deletion of your data at any time — see our Data Deletion page.

If you are in the EU/UK, you have the right to access, rectify, erase, restrict and port your personal data, to object to certain processing, and to withdraw consent at any time (without affecting prior processing). You may lodge a complaint with your local supervisory authority. To exercise any right, email connect@adwixmedia.com; we respond within the timeframes the law requires.

If you are in India, you may access and correct your personal data, request its erasure, nominate another person to exercise your rights, and seek grievance redressal. As the Data Fiduciary for your customers’ information, you are responsible for handling it lawfully and obtaining required consents; we act as your Data Processor. Grievance redressal: contact our Grievance Officer at connect@adwixmedia.com and we will address your concern within statutory timelines.

• California (CCPA/CPRA): you may request to know, access, correct and delete your personal information, and to opt out of “sale”/“sharing” — note we do not sell or share personal information. We will not discriminate against you for exercising these rights. You may use an authorised agent.
• Canada (PIPEDA): you may access and correct your personal information and withdraw consent, subject to legal/contractual limits.
• Brazil (LGPD): you have the rights of confirmation, access, correction, anonymisation, portability, deletion and information about sharing.
• Australia & other regions: you may exercise the access, correction and complaint rights granted by your local privacy law.

To exercise any of these, email connect@adwixmedia.com. We verify requests using the email associated with your account.

Adwix Atlas includes optional AI features — “Ask Atlas” (which answers questions about your own data), AI message drafting, AI itinerary generation and AI lead insights — powered by large-language models provided by Anthropic (the “Claude” models). When you use an AI feature, the content you submit and, for data-aware features, a limited and scoped extract of your own CRM data needed to answer your request, are sent to Anthropic’s API to generate a response.

• We send only the data necessary for the feature you invoke, scoped to your own agency. One agency’s data is never used to answer another agency’s prompts.
• Anthropic acts as our sub-processor and processes this data solely to return the AI output to you. Under Anthropic’s commercial terms, your inputs and outputs are not used to train its models.
• AI output can be inaccurate or incomplete. It is a drafting and decision-support aid only — you remain responsible for reviewing any AI-generated message, quotation or itinerary before sending it or relying on it.
• AI features are optional and metered by plan. If you do not use them, no data is sent to Anthropic. Please do not enter information through AI features that you are not permitted to process.

We use only strictly-necessary cookies to keep you signed in and to secure your session. We do not use third-party advertising or cross-site tracking cookies.

Adwix Atlas is a business tool not intended for children. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us data, contact us and we will delete it.

We may update this policy from time to time. Material changes will be reflected by the “Last updated” date above and, where appropriate, notified to you. Continued use after an update means you accept the revised policy.

Questions, requests or grievances about this policy or your data:

Adwix Media Prop. (operator of Adwix Atlas)
Kuhn Khas, Himachal Pradesh – 176098, India
Email: connect@adwixmedia.com
Phone: +91 82194 18927 · +91 93179 41470