Privacy Policy

x42 Venture Studio ("x42", "we", "our") operates https://x42.in and associated microsites (collectively, "Site"). We act as a Data Fiduciary under the Digital Personal Data Protection Act, 2023 (DPDPA) and comply with the Information Technology Act, 2000 and allied rules.

This policy explains how we collect, use, disclose, and safeguard personal data when you browse the Site, subscribe to updates, download resources, or engage with us online. By continuing to use the Site, you consent to the practices described here.

We collect personal data directly from you, automatically through your use of the Site, and from limited third-party sources. We only collect what is necessary for the purposes described in this policy.

• Information you provide: name, professional details, email address, phone number, venture information, event registrations, survey responses, and communications sent to us.
• Information collected automatically: IP address, device identifiers, browser type, operating system, referral URLs, pages viewed, session duration, and cookies or similar technologies.
• Information from third parties: lead generation partners, social network integrations, or publicly available sources used to validate business identities and prevent misuse.

We use your personal data to provide and improve the Site, communicate with you, and meet our legal obligations. Processing is limited to specified purposes that are reasonable and consistent with the DPDPA.

• Deliver newsletters, founder resources, and event information you request.
• Respond to enquiries, support tickets, partnership discussions, and investment submissions.
• Analyse Site usage, run security and fraud detection, and maintain infrastructure resilience.
• Execute marketing campaigns, remarketing, and personalised content in line with your consent and preferences.
• Comply with applicable laws, enforce agreements, and defend legal claims.

We rely on consent, performance of a contract, legitimate uses permitted under the DPDPA, and compliance with legal obligations. When consent is the legal basis, it is specific, informed, and revocable at any time without affecting prior processing.

We do not sell personal data. We share information strictly on a need-to-know basis with parties who are bound to confidentiality and security obligations.

• Service providers delivering hosting, analytics, communications, payment processing, security monitoring, and marketing support.
• Professional advisers (legal, compliance, tax, audit) under duty of confidentiality.
• Regulators, law enforcement, or courts when required to comply with Indian law or valid legal process.
• Business transfers involving mergers, acquisitions, or restructuring, provided equivalent safeguards remain in place.

While core systems are hosted in India, we may transfer data to jurisdictions such as the European Union or the United States for redundancy and specialised processing. All transfers rely on contractual safeguards, intra-group agreements, and due diligence to ensure comparable protection.

We maintain administrative, technical, and organisational controls aligned with ISO/IEC 27001 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. These include encryption, access controls, continuous monitoring, and incident response protocols. No system is completely secure; you share data with us at your own risk.

We retain personal data only as long as necessary for the purposes described above or as required by law. Marketing consent records are kept until you withdraw consent. Transactional and compliance records may be retained for up to eight years to satisfy statutory obligations. Once retention expires, we delete or irreversibly anonymise the data.

Under the DPDPA and other applicable laws, you have rights which we honour subject to authentication and lawful exemptions.

• Right to access and portability: request confirmation of processing and receive a copy of your personal data.
• Right to correction and updating: have inaccurate or incomplete data rectified promptly.
• Right to erasure: request deletion of data that is no longer necessary or when consent is withdrawn.
• Right to withdraw consent and opt out of marketing or profiling activities.
• Right to grievance redressal and escalation to the Data Protection Board of India if unsatisfied with our response.
• Right to nominate an individual to exercise your rights in case of incapacity.

Email: contact@x42.in (general queries)

Data Protection & Grievance Officer: privacy@x42.in

Security response: security@x42.in

Telephone (India): +91 890 1983 838

Postal address: x42 Venture Studio, C 807 Unitech Business Zone, Sector 50, Gurgaon, Haryana 122018, India

We review this policy periodically to reflect legal requirements or operational changes. Material updates will be announced on the Site and, where appropriate, via email at least 15 days before they take effect.

This policy is governed by the laws of India. Any dispute arising out of or relating to this policy or the Site shall be resolved through arbitration under the Arbitration and Conciliation Act, 1996. The seat and venue will be Gurugram (Gurgaon), Haryana, proceedings will be conducted in English, and the arbitral award will be final and binding. Courts in Gurugram (Haryana) have exclusive jurisdiction for interim relief and enforcement.