For GDPR purposes, Vexyen is theData Controllerof the personal data described in this policy.
Controller name:Vexyen
Email:member@vexyen.com
Website:Vexyen (digital products marketplace)
If you are in the EEA/UK and believe we must appoint an EU/UK representative or a Data Protection Officer (DPO), we will provide those details here if applicable.
This policy applies to personal data we process in connection with:
Visiting and using the Vexyen website
Creating and managing an account
Buying digital products and receiving delivery/access
UsingPremium Plans(extended license for multiple projects)
Paying viaUPI-onlypayment method (through your UPI apps)
Contacting customer support and handling product-support queries (while your support package is valid)
Refunds and exchanges (7-day refund and 3-day exchange policies, counted from your purchase date)
This policy doesnotcover third-party websites or apps (including UPI apps) that you may use. Those third parties have their own privacy policies.
Personal data:Information that identifies you directly or indirectly (name, email, IP address, order history, etc.).
Processing:Anything done with personal data (collecting, storing, using, deleting).
Controller:The party deciding why/how data is processed (Vexyen).
Processor:A service provider processing data on the controller’s behalf (e.g., hosting provider).
EEA/UK:The European Economic Area and the United Kingdom.
We follow adata-minimizationapproach: we collect only what we need for legitimate business purposes.
Name (or display name)
Email address
Account credentials (e.g., passwordin hashed form, never stored as plain text)
Account settings and preferences (where offered)
Order ID and invoice details
Product(s) purchased, plan type (including Premium Plans), license type and status
Purchase date/time and order value
Tax line items shown at checkout (including any3% GSTwe apply)
Payment status (paid/failed/refunded), timestamps
Limited payment references you provide or we receive (for UPI: usually transaction reference/UTR, payment confirmation status).
We do not want or need your bank login, card number, CVV, or UPI PIN.
Messages you send to us (contact form, email, chat if provided)
Support ticket history, troubleshooting logs you voluntarily provide
Records of our replies and support actions (e.g., verifying plan validity for support)
IP address, device type, browser type/version, operating system
Approximate location inferred from IP (country/region level)
Site activity logs (pages viewed, timestamps, basic clickstream)
Security events (login attempts, suspicious activity indicators)
Records to meet tax, accounting, anti-fraud, or legal obligations
Dispute/chargeback/refund logs and communications
We collect data in the following ways:
Directly from you:when you create an account, purchase, submit UPI references/UTR (if required), contact support, or request a refund/exchange.
Automatically:through server logs and essential website technologies when you browse the site.
From service providers:such as hosting providers, email service providers, analytics providers (if used), and payment confirmation mechanisms (where applicable).
From UPI apps/payment networks:typically you control the payment in your UPI app; we may only receive confirmation/status and limited reference details required to match your order.
We process your personal data for the following purposes:
Provide the website and services(account access, digital product delivery, license management)
Process ordersand confirm payments made through UPI
Deliver digital productsand enable downloads/access
Provide Premium Plansand manage extended licenses for multiple projects
Customer support:respond to product/support queries while your support package is valid
Refunds/exchanges:verify eligibility and process within our policies (7-day refund, 3-day exchange)
Security and fraud prevention:protect accounts, prevent abuse, and maintain platform integrity
Tax and accounting:apply and record taxes displayed at checkout (including the 3% GST we apply), issue invoices, keep statutory records
Legal compliance:respond to lawful requests and enforce terms/policies
Improve our services:monitor performance, troubleshoot, and improve the user experience (only with appropriate safeguards)
If you are in the EEA/UK, GDPR requires a lawful basis for processing. We rely on:
Contract (Article 6(1)(b))
To provide the service you request: account creation, product purchase, delivery, license access, and support as part of your purchase/support plan.
Legal obligation (Article 6(1)(c))
To meet tax/accounting requirements, respond to lawful requests, and maintain required records.
Legitimate interests (Article 6(1)(f))
For security, fraud prevention, service reliability, limited analytics (if used), and improving our platform—balanced against your rights.
Consent (Article 6(1)(a))(only where applicable)
For optional features like non-essential cookies or marketing emails (if we run them). You can withdraw consent at any time.
We may use cookies or similar technologies to:
Keep you logged in and maintain sessions (strictly necessary)
Remember preferences (optional)
Measure site performance and reliability (optional, if enabled)
Your choices:Where required by law, we will request consent for non-essential cookies. You can manage cookies via your browser settings and, where available, our cookie preference controls.
If we send newsletters or promotions, we will do so:
With yourconsent, or
Underlegitimate interestswhere permitted by law (with a clear opt-out)
You can opt out at any time using the unsubscribe link or by contacting us at[Support email].
If you do not run marketing emails, you can remove this section or state that you only send transactional emails.
Vexyen supportsUPI payment only. You can pay using any UPI-enabled app. Payment is completed in your UPI app; we generally donotcollect sensitive banking credentials.
We may process limited payment-related information to:
Match a payment to your order
Confirm successful payment
Prevent fraud and resolve payment disputes
Process refunds (where applicable)
Third-party payment providers:UPI apps and payment networks process your payment under their own privacy policies. They may act as independent controllers of your data.
When you purchase from Vexyen, we process:
Your account identity (so we can deliver access)
Purchase and license details (so you can use the product under the correct license terms)
Premium Plan details (extended license for multiple projects)
We may generate internal records showing license status (active/expired), download entitlements, and support validity windows.
We provide product supportwhen your product support package is valid. To enforce this, we may process:
Your purchase history and plan validity
Your support request content
Technical details you choose to share (e.g., error logs/screenshots)
We recommend you avoid sending unnecessary sensitive data in support messages.
We apply a3% GSTcharge with orders (as displayed at checkout) and maintain records for accounting and invoicing. For this purpose we may process:
Invoice identifiers
Transaction values and tax line items
Country/region information (from billing/order context or IP-derived approximate location)
Note:Tax rules vary by country. We display charges at checkout and keep records as required for financial compliance.
We donot sellyour personal data and we donot shareit with third parties for their own marketing.
We may share limited personal data only when necessary, such as with:
Service providers (processors)
Examples: website hosting, database hosting, email delivery services, customer support tools, security monitoring. These providers process data only on our instructions and under contractual safeguards.
Payment-related parties
Where needed to confirm payment or resolve disputes (usually limited to reference IDs/status rather than full financial details).
Legal and compliance
If required by law, court order, or to protect rights, safety, and security.
Business transfers
If Vexyen is involved in a merger, acquisition, or asset sale, personal data may be transferred with appropriate protections and notice.
If personal data is transferred outside the EEA/UK, we use appropriate safeguards, such as:
European Commission Standard Contractual Clauses (SCCs), and/or
Other lawful transfer mechanisms recognized by GDPR/UK GDPR
You may request more information about transfer safeguards by contacting[Support email].
We retain personal data only as long as necessary for the purposes described:
Account data:kept while your account is active; may be retained for a limited period after closure for security, fraud prevention, and legal compliance.
Order and invoice records:kept as required for accounting/tax and dispute resolution (often several years depending on legal requirements).
Support communications:kept to handle ongoing issues, maintain service quality, and for recordkeeping.
Security logs:kept for a limited period to investigate abuse and maintain platform safety.
When data is no longer needed, we delete or anonymize it.
We use reasonable technical and organizational measures to protect personal data, including:
HTTPS/SSL encryption in transit
Access controls and authentication measures
Least-privilege access to systems
Monitoring for suspicious activity
Secure password storage (hashing)
Regular updates and security hardening where applicable
No method of transmission or storage is 100% secure, but we work to protect your data with industry-standard practices.
If GDPR applies to you, you have the right to:
Access– request a copy of your personal data
Rectification– correct inaccurate or incomplete data
Erasure(“right to be forgotten”) – request deletion in certain cases
Restriction– limit processing in certain cases
Data portability– receive data in a portable format (where applicable)
Object– object to processing based on legitimate interests
Withdraw consent– where processing is based on consent
Lodge a complaint– with your local data protection authority
To submit a request, contact us at[Support email]with:
Your name and account email
The right you wish to exercise
Enough information for us to verify your identity
Identity verification:We may request additional verification to protect your account and prevent unauthorized disclosure.
Response time:We generally respond within30 days, subject to lawful extensions.
Fees:Requests are generally free, but we may charge a reasonable fee for excessive or repetitive requests as permitted by GDPR.
Vexyen is not intended for children under16in the EEA/UK (or a lower age if permitted by local law). We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us to request deletion.
We do not make decisions producing legal or similarly significant effects solely by automated means, unless we clearly inform you and provide required safeguards. We may use automated systems for security (e.g., detecting suspicious login attempts) to protect our services.
Refund and exchange processing may require verifying:
Purchase date and product details
Payment confirmation status
Account ownership
Policy summary:7-day refund and 3-day exchange from the purchase date (as stated on our website). Refund and exchange rules may include additional conditions listed in the relevant policy pages.
We donotsell your personal data. We donotshare customer payment, email, name, or confidential information with third parties for their independent marketing or unrelated purposes. We only disclose data as described in this policy (service providers, payment confirmation needs, legal compliance, etc.).
We may update this GDPR Privacy Policy to reflect changes in our practices, technology, or legal requirements. When we make changes, we will update the “Last updated” date and, where appropriate, notify you through the website or email.
