Privacy Policy.

1.1.This Policy governs the collection, use, storage, disclosure, transfer, and processing of personal data by Createlixir in connection with the Services.

1.2.This Policy applies to all users of the Services, including registered account holders, visitors to our websites, enterprise customers, individual end-users, and any authorised representatives acting on behalf of such persons.

1.3.This Policy shall be read in conjunction with our Terms of Service and any supplementary terms, data processing addenda, or service-specific notices made available by Createlixir from time to time. In the event of a conflict between this Policy and any such supplementary document, the supplementary document shall prevail solely with respect to its specific subject matter.

1.4.This Policy does not apply to information collected by any third party, including any third-party website, application, or service that may be linked to or integrated with the Services.

Createlixir collects information in three principal categories: information that you directly provide, information that is automatically collected, and content that you submit through the Services.

2.1 Directly Provided Data

We collect personal data that you voluntarily provide when you:

1. create or register an account, including your name, email address, password (in encrypted form), country, organisation name, and role;
2. submit forms on our websites, including waitlist registrations, team applications, partnership inquiries, and contact requests;
3. make payments or initiate financial transactions, in which case billing and transaction-related information is collected, provided that full payment card details are processed exclusively by our payment service providers and are not stored by Createlixir;
4. communicate with our support, sales, or partnerships teams through email, in-product messaging, or any other channel; and
5. participate in surveys, research interviews, beta programmes, or promotional activities offered by Createlixir.

2.2 Automatically Collected Data

When you access or use the Services, we automatically collect certain information, including:

1. device and connection information, such as Internet Protocol (IP) address, browser type and version, operating system, device identifiers, language preferences, and time-zone settings;
2. usage and interaction data, including pages or features accessed, actions performed, session duration, referring URLs, and the date and time of access;
3. telemetry, diagnostic, and performance data necessary to operate, secure, and improve the Services; and
4. information collected through cookies and similar tracking technologies as described in Section 8 of this Policy.

2.3 User Content

The Services permit users to create, upload, generate, store, and transmit content, including text, prompts, code, documentation, project structures, configurations, and related material (“User Content”). User Content shall be processed solely for the purpose of providing the Services, maintaining the integrity of the platform, and fulfilling the contractual obligations of Createlixir to the user. User Content shall not be used for any purpose unrelated to the Services without the prior consent of the user, except where required by applicable law.

Createlixir processes personal data for the following purposes:

1. to provide, maintain, and operate the Services, including the authentication of users, provisioning of accounts, and delivery of platform functionality;
2. to personalise and improve the user experience, including the refinement of features, workflows, and intelligent capabilities of the platform;
3. to communicate with users regarding service updates, security advisories, product announcements, and administrative matters;
4. to process payments, manage subscriptions, prevent fraud, and maintain accurate billing records;
5. to provide customer support and respond to inquiries, feedback, or complaints;
6. to monitor, analyse, and secure the Services, including the detection and prevention of unauthorised access, abuse, or violations of the Terms of Service;
7. to comply with applicable laws, regulations, judicial orders, or lawful requests from governmental authorities; and
8. to enforce, exercise, or defend the legal rights of Createlixir, its affiliates, employees, customers, and users.

Where applicable law requires a lawful basis for processing personal data, Createlixir relies on the following bases:

1. Performance of a Contract: processing necessary to perform a contract with the user or to take steps prior to entering into a contract;
2. Consent: processing carried out on the basis of the explicit consent of the user, which consent may be withdrawn at any time without affecting the lawfulness of processing prior to such withdrawal;
3. Legitimate Interests: processing necessary for the legitimate interests of Createlixir or a third party, provided that such interests are not overridden by the rights and freedoms of the data principal;
4. Legal Obligation: processing necessary to comply with a legal or regulatory obligation to which Createlixir is subject; and
5. Vital Interests: processing necessary to protect the vital interests of the user or another natural person, where applicable.

In the case of users situated in India, Createlixir shall process personal data in accordance with the Digital Personal Data Protection Act, 2023 and the rules and regulations framed thereunder, as applicable from time to time.

Createlixir does not sell, rent, or trade personal data. Personal data may, however, be shared in the following limited circumstances:

5.1 Service Providers

Createlixir engages trusted third-party service providers to perform functions on its behalf, including but not limited to cloud infrastructure, hosting, analytics, customer support tooling, communication services, payment processing, and security services. Such service providers shall process personal data solely on the instructions of Createlixir and in accordance with contractual obligations of confidentiality, security, and limited purpose use consistent with this Policy.

5.2 Legal Requirements

Createlixir may disclose personal data where it determines, in good faith, that such disclosure is necessary to:

1. comply with applicable laws, regulations, or legal processes, including subpoenas, court orders, or governmental requests;
2. respond to lawful requests by public or regulatory authorities, including national security or law enforcement matters;
3. protect the rights, property, or safety of Createlixir, its users, or the public; and
4. investigate or prevent fraud, security incidents, or violations of the Terms of Service.

5.3 Business Transfers

In the event of a merger, acquisition, reorganisation, financing, sale of assets, insolvency, bankruptcy, or similar corporate event, personal data may be transferred to the successor or acquiring entity, provided that such recipient shall be bound by terms substantially consistent with this Policy or shall provide users with notice and the opportunity to exercise their rights in respect of such transfer.

5.4 With Consent

Createlixir may share personal data with additional parties where the user has provided explicit consent for such sharing.

6.1.Createlixir shall retain personal data only for so long as is necessary to fulfil the purposes set out in this Policy, to provide the Services, to comply with legal, accounting, or regulatory obligations, to resolve disputes, and to enforce agreements.

6.2.The applicable retention period shall be determined with reference to the nature, sensitivity, and volume of the personal data, the purposes for which it is processed, the existence of any contractual or statutory retention obligations, and the legitimate interests of Createlixir.

6.3.Upon expiry of the applicable retention period, personal data shall be deleted, anonymised, or rendered irrecoverable in a manner consistent with applicable law and industry-standard practice. Where deletion is not technically feasible, including in respect of secure backup systems, the relevant data shall be isolated from further processing until deletion becomes feasible.

7.1.Createlixir implements and maintains technical, organisational, and administrative safeguards reasonably designed to protect personal data against unauthorised access, alteration, disclosure, destruction, or loss. Such safeguards include encryption in transit, access controls, network segmentation, logging and monitoring, periodic security assessments, and personnel confidentiality obligations.

7.2.Notwithstanding the foregoing, no method of transmission over the Internet and no method of electronic storage is entirely secure. Accordingly, while Createlixir endeavours to apply commercially reasonable measures to protect personal data, Createlixir cannot and does not warrant or guarantee the absolute security of personal data, and to the maximum extent permitted by applicable law, shall not be liable for any unauthorised access, disclosure, alteration, or loss of personal data arising from circumstances beyond its reasonable control.

7.3.Users shall be responsible for maintaining the confidentiality of their account credentials and for any activity occurring under their account. Users shall promptly notify Createlixir of any suspected unauthorised use of their account or any breach of security at support@createlixir.com.

8.1.Createlixir and its authorised service providers may use cookies, web beacons, pixels, local storage, and similar technologies (collectively, “Tracking Technologies”) to operate, secure, and improve the Services, to remember user preferences, to authenticate users, to analyse traffic, and to measure the effectiveness of communications.

8.2.Tracking Technologies are categorised as follows:

1. Strictly Necessary technologies required for the operation of the Services and the security of the user’s session;
2. Functional technologies that enable the Services to remember user choices and preferences;
3. Analytical and Performance technologies that allow Createlixir to understand how the Services are used and to improve them; and
4. Marketing technologies, where deployed, which assist in measuring the effectiveness of communications and outreach.

8.3.Users may control or disable certain Tracking Technologies through their browser settings or, where provided, through in-product preferences. Disabling certain Tracking Technologies may, however, impair the functionality of the Services.

Subject to applicable law, users may exercise the following rights in respect of their personal data:

1. Right of Access: to obtain confirmation as to whether personal data concerning the user is being processed and, where applicable, to obtain a copy of such data;
2. Right to Correction: to request the correction of inaccurate or incomplete personal data;
3. Right to Erasure: to request the deletion of personal data, subject to any statutory or contractual retention obligation;
4. Right to Restriction: to request the restriction of processing in defined circumstances;
5. Right to Object: to object to the processing of personal data on grounds relating to the user’s particular situation;
6. Right to Withdraw Consent: to withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing prior to withdrawal;
7. Right to Data Portability: to receive personal data in a structured, commonly used, and machine-readable format, where technically feasible;
8. Right to Nominate: to nominate another individual to exercise rights in the event of death or incapacity, where applicable under the Digital Personal Data Protection Act, 2023; and
9. Right to Grievance Redressal: to lodge a complaint with Createlixir’s grievance officer or with the competent supervisory authority.

Requests to exercise these rights shall be submitted in writing to support@createlixir.com. Createlixir shall respond to such requests within the time period prescribed by applicable law and may require verification of the user’s identity prior to acting upon the request.

10.1.Createlixir is headquartered in India and may store, process, or transfer personal data within India or to other jurisdictions in which Createlixir, its affiliates, or its service providers operate.

10.2.Where personal data is transferred across national borders, Createlixir shall implement appropriate safeguards in accordance with applicable law, including contractual protections, standard data protection clauses, or other lawful transfer mechanisms recognised by the relevant regulatory authorities.

10.3.By using the Services, the user acknowledges that personal data may be transferred to jurisdictions whose data protection laws may differ from those of the user’s country of residence.

11.1.The Services may contain links to, or interoperate with, third-party websites, applications, platforms, or services that are not owned, operated, or controlled by Createlixir.

11.2.Createlixir is not responsible for the content, policies, practices, or operations of any such third party. The collection, use, and disclosure of personal data by third parties shall be governed by the privacy policies and terms of such third parties.

11.3.Users are encouraged to review the privacy policies of any third-party service prior to providing personal data or otherwise engaging with such service. Createlixir shall bear no liability whatsoever for the acts, omissions, or data practices of any third party.

12.1.The Services are not directed to, and Createlixir does not knowingly collect personal data from, individuals under the age of eighteen (18) years, or such other age of digital majority as may be prescribed under the applicable law of the user’s jurisdiction.

12.2.Where Createlixir becomes aware that personal data has been collected from a child without verifiable parental or guardian consent, Createlixir shall take reasonable steps to delete such information from its records.

12.3.Parents or guardians who believe that their child has provided personal data to Createlixir without consent may contact support@createlixir.com to request review and deletion of such information.

13.1.To the maximum extent permitted by applicable law, Createlixir, its affiliates, officers, directors, employees, contractors, agents, and licensors shall not be liable for any indirect, incidental, special, consequential, punitive, or exemplary damages, including but not limited to loss of profits, revenue, data, goodwill, or other intangible losses, arising out of or in connection with this Policy, the processing of personal data, or the use or inability to use the Services.

13.2.Without prejudice to the generality of the foregoing, Createlixir shall not be liable for:

1. any unauthorised access, use, alteration, disclosure, or loss of personal data resulting from causes beyond the reasonable control of Createlixir, including but not limited to acts of force majeure, cyber-attacks, intrusions, or actions of third parties;
2. any failure of any third-party service, integration, or infrastructure relied upon for the operation of the Services; and
3. any act, omission, or breach of confidentiality by any user or third party in connection with the Services.

13.3.To the maximum extent permitted by applicable law, the aggregate liability of Createlixir arising out of or in connection with this Policy shall not exceed the amounts, if any, actually paid by the user to Createlixir for the Services during the twelve (12) months preceding the event giving rise to such liability.

14.1.Createlixir reserves the right to amend, modify, or update this Policy at any time and from time to time to reflect changes in its practices, the Services, applicable law, or regulatory guidance.

14.2.Material changes to this Policy shall be notified to users by reasonable means, including by posting a revised version on the Createlixir website with an updated “Last Updated” date, or, where appropriate, by direct notice to registered users.

14.3.Continued use of the Services following the effective date of any amended Policy shall constitute the user’s acceptance of such amended Policy. Users who do not agree with the amended Policy shall discontinue use of the Services.

15.1.This Policy and any disputes, claims, or matters arising out of or in connection with this Policy shall be governed by, and construed in accordance with, the laws of the Republic of India, without regard to its conflict of laws principles.

15.2.The courts of competent jurisdiction located in India shall have exclusive jurisdiction over any disputes arising out of or in connection with this Policy, subject to any binding alternative dispute resolution mechanism agreed between the parties in writing.

15.3.Createlixir’s data processing activities shall be conducted in compliance with applicable Indian law, including the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, and the rules and regulations framed thereunder, in each case as amended from time to time.

For any questions, requests, complaints, or grievances relating to this Policy or the processing of personal data by Createlixir, please contact:

Users may submit requests to exercise their rights, withdraw consent, or raise privacy-related concerns through the contact details set forth above. Createlixir shall acknowledge and respond to such communications within the time period prescribed by applicable law.