Privacy Policy

Last updated: 11 April 2026

1. Who We Are

FASSIX is an AI character platform operated by Ishaan Shringi ("we", "us", "our") based in India. This policy explains how we collect, use, store, and protect personal data when you use our website (fassix.com), dashboard (app.fassix.com), embeddable widget, and related services (collectively, the "Service").

By using the Service, you consent to the data practices described in this policy.

2. What Data We Collect

We collect different data depending on how you interact with FASSIX. There are three categories of people whose data we process:

2.1 Customers (users who sign up and create AI agents)

  • Name, email address, phone number (optional)
  • Password (stored as a one-way hash — we cannot read your password)
  • Billing information: plan tier, subscription status, payment transaction records. We do not store credit card or bank account details — all payments are processed by Razorpay.
  • Agent configurations: business descriptions, personality settings, knowledge base content (documents, website URLs, FAQs) that you upload
  • Usage data: conversations used, login timestamps, feature usage

2.2 Visitors (end users who interact with AI agents on customer websites or WhatsApp)

When someone chats with a FASSIX-powered AI agent, we collect:

  • A persistent visitor identifier (stored in a browser cookie and localStorage)
  • Conversation messages (both visitor messages and AI responses)
  • Device information: browser type, screen dimensions, operating system, language, timezone
  • Page URL and referrer (the page where the widget is embedded)
  • Approximate location derived from IP address (city, region, country) — we do not store raw IP addresses
  • Name, email, phone number — only if the visitor voluntarily provides them during a conversation or through data collection prompts configured by the customer
  • For WhatsApp conversations: phone number, WhatsApp profile name, message content

Important: The customer who deploys the AI agent on their website is the data controller for their visitors' data. FASSIX acts as a data processor on behalf of the customer. Customers are responsible for informing their own visitors about the use of FASSIX and obtaining any necessary consent.

2.3 Website visitors (people browsing fassix.com)

  • Standard analytics data collected via Google Analytics 4 (page views, device type, referral source, approximate location). This data is aggregated and not linked to individual identities.

3. How We Use Your Data

  • To provide the Service: powering AI conversations, managing subscriptions, delivering email notifications, enabling real-time chat monitoring
  • To process payments: creating payment orders via Razorpay, generating invoices, managing subscription lifecycle
  • To improve the Service: understanding usage patterns, diagnosing errors, improving AI response quality
  • To communicate with you: sending verification emails, billing receipts, trial reminders, and service announcements. We do not send marketing emails without your consent.
  • To enforce our terms: detecting and preventing abuse, fraud, or violations of our Terms of Service

4. AI Processing and Third-Party Data Sharing

To generate AI responses, conversation data — including visitor messages, conversation history, and the knowledge base configured by the customer — is sent to third-party AI providers for processing. This is a core part of how the Service works.

We share data with the following service providers (sub-processors), strictly for operating the Service:

ProviderPurposeData Shared
OpenAIAI response generationConversation messages, knowledge base context, visitor information (name, location, device type) included in the prompt for personalization
Amazon Web Services (AWS)Infrastructure hosting, file storageAll Service data (hosted on AWS servers)
RazorpayPayment processingPayment amount, currency, order reference. Razorpay independently collects card/bank details under their own privacy policy.
TwilioWhatsApp and SMS messagingPhone numbers, message content, WhatsApp profile information
PineconeKnowledge base search (vector embeddings)Numerical embeddings derived from knowledge base content (not raw text)
Google AnalyticsWebsite analyticsAnonymized browsing data on fassix.com only

We do not sell, rent, or trade personal data to any third party. Data is shared with sub-processors only as necessary to operate the Service.

5. Cookies and Local Storage

We use minimal cookies and browser storage, limited to what is necessary for the Service to function:

NameTypeDurationPurpose
__fassix_vkCookie (first-party)1 yearIdentifies returning visitors so conversation history is preserved. Set on the customer's domain, not fassix.com.
fassix:visitorKeylocalStoragePersistentFallback visitor identifier (same purpose as cookie above)
fassix:draftlocalStorageSessionPreserves unsent message draft in the chat widget

We do not use any third-party tracking cookies in the widget. Google Analytics cookies are used only on fassix.com and are governed by Google's Privacy Policy.

6. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Passwords are hashed using bcrypt (one-way encryption)
  • All data transmitted over HTTPS (TLS encryption in transit)
  • Payment webhook signatures are verified using HMAC-SHA256
  • API authentication via JSON Web Tokens (JWT)
  • Rate limiting on API endpoints to prevent abuse
  • Security headers enforced via Helmet.js
  • Credentials are stored as environment variables, never in source code

No system is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security. If we become aware of a data breach affecting your personal data, we will notify you in accordance with applicable law.

7. Data Retention

  • Account data and conversations: retained for as long as your account is active
  • After account deletion: personal data is deleted within 90 days. Some data may be retained in backups for a limited period.
  • Payment and invoice records: retained for 7 years as required by Indian tax law
  • Visitor cookies: expire after 1 year. Visitors can clear cookies at any time through their browser settings.
  • Analytics data: governed by Google Analytics' own retention settings

8. Your Rights

Under the Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable law, you have the following rights:

  • Right to access: request a summary of the personal data we hold about you and how it is being processed
  • Right to correction: request correction of inaccurate or incomplete personal data
  • Right to erasure: request deletion of your personal data, subject to legal retention requirements
  • Right to nominate: nominate another individual to exercise your rights on your behalf
  • Right to grievance redressal: raise a complaint about our data processing practices

To exercise any of these rights, contact our Grievance Officer (see Section 12 below). We will respond to requests within 30 days.

For visitors (end users of AI agents): since the customer who deployed the AI agent is the data controller for your data, please contact the website owner directly for data access or deletion requests related to your conversations. You may also contact us, and we will assist in fulfilling your request.

9. Children's Privacy

FASSIX is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

Customers must not configure AI agents to knowingly collect personal data from children without verifiable parental consent, as required under the DPDP Act.

10. International Data Transfers

Your data may be processed by our sub-processors in countries outside India, including the United States (OpenAI, AWS, Twilio, Pinecone). These transfers are necessary to provide the Service.

We ensure that such transfers comply with applicable data protection laws. Where required, we use appropriate safeguards such as contractual clauses with our sub-processors.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify customers via email and update the "Last updated" date at the top of this page. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Grievance Officer

In accordance with the DPDP Act, 2023, the Grievance Officer for FASSIX is:

Ishaan Shringi

hello@fassix.com

+91 95583 13578

We will acknowledge your complaint within 48 hours and aim to resolve it within 30 days.