Privacy Policy

Privacy Policy

Protecting Your Information with Transparency

Last updated: May 2025  |  Effective date: May 2025

This Privacy Policy applies to W3Industry (MSME registered, West Bengal, India) and governs the collection, use, storage, and disclosure of personal data when you access our website at w3industry.com or use any of our digital products and services. This policy is compliant with the Information Technology Act, 2000, the Digital Personal Data Protection Act, 2023 (DPDPA), and applicable rules thereunder.

By using our platform you consent to the practices described herein. If you do not agree, please discontinue use of our services.

1. Data We Collect

We collect the following categories of data:

• Account data: Name, email address, and profile photo when you register via email or Google OAuth (Google Sign-In).
• Transaction data: Order details, payment amounts, Razorpay order/payment IDs, and wallet addresses entered during NFT minting. We do not store card numbers, UPI IDs, or net banking credentials — these are handled exclusively by Razorpay.
• Content data: AI-generated images, text prompts, uploaded files, and chat history created during use of the W3AI Collective Studio.
• Technical data: IP address, browser type, device identifiers, session tokens, and server access logs retained for security and debugging purposes.
• Communication data: Messages you send to our support email or contact form.

2. How We Use Your Data

• To create and manage your account and authenticate your identity.
• To process payments and fulfil orders through Razorpay.
• To operate the W3AI Collective Studio — including generating images, storing chat history, and processing NFT minting on-chain.
• To send transactional emails (order confirmation, minting success, support replies). We do not send unsolicited marketing emails.
• To detect, investigate, and prevent fraudulent or abusive activity.
• To comply with applicable Indian laws and regulatory requirements.
• To maintain and improve platform performance and security.

3. Legal Basis for Processing

We process your personal data on the following legal bases under the DPDPA 2023: (a) consent — obtained at registration and reaffirmed at each payment; (b) performance of a contract — to deliver services you have purchased; (c) legitimate interests — for fraud prevention, security, and platform improvement; (d) legal obligation — to comply with Indian tax, GST, and regulatory requirements.

4. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data. We share data only with:

• Razorpay Software Pvt. Ltd. — for payment processing. Subject to Razorpay's privacy policy.
• Google LLC — if you use Google Sign-In. Subject to Google's privacy policy.
• Amazon Web Services (AWS) — for cloud storage (S3) of generated assets and uploaded files.
• Replicate / OpenAI — AI model providers used for image generation. Prompts and outputs may be processed by these services per their terms.
• Pinata / IPFS — for decentralized storage of NFT metadata.
• Blockchain networks — wallet addresses and token metadata are written publicly and permanently to the blockchain upon NFT minting.
• Legal authorities — when required by law, court order, or government mandate under applicable Indian legislation.

5. Data Retention

We retain your account data for as long as your account remains active. Transaction records are retained for a minimum of 7 years as required under Indian GST and tax laws. Chat history and generated assets are retained until you delete your account or request erasure. Server access logs are retained for up to 90 days.

6. Cookies and Tracking

We use session cookies strictly necessary for authentication and platform operation. We do not use third-party advertising or tracking cookies. You may disable cookies in your browser settings; however, this will prevent login and use of the platform.

7. Data Security

We implement industry-standard security measures including encrypted HTTPS connections (TLS), hashed password storage (bcrypt), server-side session management, and access-controlled cloud infrastructure. No internet transmission is 100% secure, and we cannot guarantee absolute security.

8. Your Rights (DPDPA 2023)

As a data principal under the Digital Personal Data Protection Act, 2023, you have the right to:

• Access — request a copy of the personal data we hold about you.
• Correction — request correction of inaccurate or incomplete data.
• Erasure — request deletion of your data, subject to legal retention obligations.
• Grievance redressal — raise a complaint with our grievance officer (contact below).
• Nominate — nominate another person to exercise your rights in the event of your incapacity or death.

To exercise any right, email info@w3industry.com with subject line "Data Rights Request". We will respond within 30 days.

9. Children's Privacy

Our services are not directed to persons under the age of 18. We do not knowingly collect data from minors. If you believe a minor has submitted data to us, contact us immediately for deletion.

10. Cross-Border Data Transfers

Some of our third-party service providers (AWS, Replicate, OpenAI, Pinata) may process data outside India. We ensure such transfers are governed by appropriate contractual protections consistent with DPDPA 2023 requirements.

11. Grievance Officer

In accordance with the IT Act 2000 and DPDPA 2023, the designated Grievance Officer for W3Industry can be reached at:
Email: info@w3industry.com
Address: W3Industry, West Bengal, India
Response time: Within 30 days of receipt of complaint.

12. Policy Updates

We may update this Privacy Policy to reflect changes in law or our practices. Material changes will be notified via email or a prominent notice on our website. Continued use of our services after the effective date of changes constitutes acceptance.

For any privacy-related query, contact us at info@w3industry.com.