Privacy Policy

1. Introduction
   
   

1.1 This Privacy Policy ("Policy") is issued by Nexintain Technologies Pvt Ltd. ("Company", "we", "us", or "our"), a company incorporated under the Companies Act, 2013, operating the mobile application and website under the brand name ScrutINT (collectively, the "Platform"). The Platform serves as a technology-facilitated marketplace connecting Users with independent Service Providers offering background due-diligence, strategic advisory, verification, and legal-assistance services.

1.2 We are committed to protecting your privacy and handling your personal data in a fair, transparent, and secure manner, in compliance with the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Information Technology Act, 2000 ("IT Act"), and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), as well as all other applicable laws set out in this Policy.

1.3 This privacy policy is required to be published under Rule 4(1) of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and shall be made available on the Platform in English at all times. The Company shall ensure that a translated version is available in such regional languages as may be required under applicable law or MeitY directions from time to time.

1.4 By accessing or using the Platform, or by otherwise providing your information to us, you agree to the terms of this Policy and our Terms & Condition of Use. Please read this Policy carefully before providing any information. If you do not agree with any part of this Policy, please discontinue use of the Platform immediately.

1.5 We may update or modify this Policy from time to time. Continued use of the Platform after the effective date of any revision constitutes acceptance of the updated Policy. We will notify the material changes, if any, on Our Platform in the manner as described in Clause 17 below.

2. Scope and Applicability
   
   

2.1 This Policy applies to :

• All Users who access or use the Platform to request or avail services;

• All Service Providers who register on the Platform to offer their professional services.
  
  

2.2 This Privacy Policy does not govern the independent Policies of Service Providers or external websites, applications, or services linked from the Platform. Those are governed by their respective policies, and you are encouraged to review them before sharing any personal data with such third parties.

3. Definitions
   
   

For the purposes of this Privacy Policy, the following expressions shall have the meanings ascribed to them below, unless the context otherwise requires:

3.1 "Consent" means a free, specific, informed, unconditional, and unambiguous indication of your agreement to the processing of your Personal Data for a specified purpose, given through a clear affirmative action, as required under Section 6 of the DPDP Act.

3.2 "Data Fiduciary" means any person who, alone or in conjunction with others, determines the purpose and means of processing of Personal Data, as defined under the DPDP Act. The Company acts as a Data Fiduciary in respect of Personal Data shared by the User on this platform.

3.3 "Data Principal" means the individual to whom Personal Data relates. You are the Data Principal in respect of your own data.

3.4 "Data Processor" means any person who processes Personal Data on behalf of a Data Fiduciary pursuant to a contract, as defined under the DPDP Act.

3.5 "Personal Data" means any data about an individual who is identifiable by or in relation to such data, as defined under the DPDP Act, including data that can identify a person directly or indirectly.

3.6 "Platform" has the meaning assigned in Clause 1 of this Policy.

3.7 "Sensitive Personal Data or Information" ("SPDI") means personal data pertaining to passwords, financial information, health or medical information, sexual orientation, biometric information, and such other categories as specified under Rule 3 of the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011.

3.8 "Service Provider" means an independent third-party investigation, advisory, background-check, verification, or legal professional listed on the Platform who provides services to Users.

3.9 "User" means any natural person who accesses or uses the Platform for availing the services, whether as a registered account holder or a visitor.

4. Information We Collect
   
   

We collect Personal Data only to the extent necessary for the purposes identified in this Policy, consistent with the principle of data minimization under the DPDP Act. The categories of information collected are set out below.

4.1 Information You Provide Directly

• Account and profile data: name, salutation, contact number, email address, password (stored in encrypted form), residential or business address, city, profession, and organisation.

• Service-related data: details of the matter for which you seek services, including the nature of the investigation, advisory, or verification service required; relationship or transaction context; factual background submitted; queries and instructions; and any preferences you communicate.

• Third-party personal data provided by you: personal data of individuals who are the subject of the services requested (for example, prospective business partners, key managerial personnel, employees, or prospective employees). See Clause 9 for important obligations applicable to you in this regard.

• Personal data received when you contact us through email, phone, social media, or any other channel in connection with the Platform; and

• Personal data of third parties (such as a prospective business partner, counterparty, employee, or any other individual) provided by you through the Platform in connection with the services requested.

• Documents and files: identity documents, employment records, photographs, agreements, public records, court orders, litigation histories, or other supporting materials you upload.

• Communications: content of messages, emails, chat transcripts, call recordings (where permitted under applicable law including the IT Act, 2000 and the Bharatiya Sakshya Adhiniyam, 2023), and in-app communications you exchange with us or through the Platform.

• Feedback and reviews: ratings, comments, complaints, or testimonials you submit in relation to the Platform or any Service Provider.

• Payment and billing data: bank account details, UPI IDs, credit or debit card particulars, and transaction history, collected at the point of payment only and constituting SPDI under the SPDI Rules, 2011.
  
  

4.2 Information Collected Automatically

When you access or use the Platform, we or our authorised technology partners may automatically collect the following information:

• Device identifiers, device type, operating system version, browser type and version;

• IP address, internet service provider, and general geo-location derived from IP;

• Date and time of access, session duration, pages and screens viewed, and features used;

• App usage statistics, crash reports, and diagnostic data; and

• Information collected through cookies, web beacons, and similar tracking technologies (see Clause 7).
  
  

4.3 Information from Third-Party Sources

We may obtain information about you and about subjects of requested services from:

• Public records and publicly available databases;

• Government databases and court records, accessed in the course of providing services and to the extent permitted by applicable law;

• Background-screening, identity-verification, and fraud-prevention service providers; and

• KYC providers, where applicable under the Prevention of Money Laundering Act, 2002 ("PMLA") or Reserve Bank of India directives.
  
  

Information from third-party sources is used only to the extent necessary for the services requested and on the lawful grounds described in Clause 5.

At or before the time of collecting Personal Data, the Data Principle shall sign/Accept the consent form authorizing the Data Fiduciary to collect the categories of Personal Data sought for the purpose of processing. Users shall also be informed about the summary of rights available under Clause 10 of this Policy or the manner in which a complaint may be lodged with the Data Protection Board of India. The User's consent shall be obtained through an in-app consent mechanism, whereby the User expressly accepts the consent notice during registration and prior to the collection or processing of personal data. By accepting such notice, the User provides their informed and explicit consent to the collection, use, and processing of their personal data as described therein.

5. Lawful Basis and Purposes of Processing
   
   

5.1 Lawful Grounds

We process Personal Data on one or more of the following lawful grounds under the DPDP Act, and other applicable laws:

• Consent: obtained expressly at or before the time of collection through your acceptance of this Policy and applicable in-app consent notices. You may withdraw consent at any time, subject to Clause 10.3.

• Performance of contract: processing necessary to provide services you have requested, manage your account, process payments, and fulfil our obligations under the Terms of Use.

• Legal obligation: processing required to comply with a legal or regulatory obligation, including record-keeping, tax and audit requirements, KYC/AML obligations under the PMLA and RBI guidelines, and responding to lawful requests from courts or government authorities under the Bharatiya Nagarik Suraksha Sanhita, 2023 or any other applicable laws.

• Legitimate purpose: processing for the legitimate purposes of the Company (balanced against your rights and reasonable expectations), including ensuring Platform security, preventing fraud, and improving services.

• In respect of Personal Data of third parties provided by a User in connection with due-diligence, verification check, or advisory services, the Company processes such data on the basis of legitimate uses under Sections 7 & 8 of the DPDP Act, 2023, including: (a) performance of a contract or service to which the User is a party, which necessitates processing such data; and/or (b) compliance with a legal obligation or exercise of a function under applicable laws. The Company shall document the applicable lawful basis for each category of third-party data processing and shall make such records available to the DPBI upon request.
  
  

5.2 Purposes of Processing

We use the Personal Data we collect for the following purposes, among others:

• Account creation and management: to register your account, verify your identity, authenticate log-ins, maintain your profile, and administer account-related services.

• Service facilitation: to understand your requirements, identify and connect suitable Service Providers, enable communication between you and such providers, and administer the delivery of requested services.

• Processing third-party data: to carry out the due-diligence, verification services, or legal-assistance services you have requested in relation to such third parties, on the basis of the authority or lawful basis you confirm you possess (see Clause 9).

• Payments and billing: to process payments, issue invoices and receipts, and maintain financial records as required under the Income Tax Act, 1961 and the PMLA, 2002.

• Customer support and dispute resolution: to respond to queries, resolve complaints, and manage disputes in accordance with the Consumer Protection Act, 2019 and Consumer Protection (E-Commerce) Rules, 2020.

• Analytics and improvement: to analyze Platform usage, improve our services and user experience, develop new features, and conduct statistical or aggregate research in a de-identified or pseudonymized form.

• Security and fraud prevention: to monitor, detect, prevent, and address fraudulent or suspicious activity, security incidents, and violations of our Terms of Use.

• Legal and regulatory compliance: to comply with applicable laws, court orders, lawful government directions, and regulatory obligations, including those under the IT Act, 2000, the DPDP Act, 2023, and the Advocates Act, 1961 (in relation to legal professionals listed on the Platform).

• Communications: to send you service-related communications, administrative messages, policy update notices, and, where you have opted in or such communications are permitted under applicable law, promotional communications (with the ability to opt-out at any time).
  
  

6. Sensitive Personal Data or Information
   
   

6.1 Certain information collected through the Platform constitutes SPDI under Rule 3 of the SPDI Rules, 2011 and may also constitute sensitive personal data under the DPDP Act, 2023. This includes, without limitation, financial information (bank account details, card details, UPI IDs), passwords, and any health or biometric data that may be incidentally disclosed in the course of investigation or legal services.

6.2 We expressly commit that:

• SPDI shall be collected only with your prior written consent (which may be given electronically through the Platform in accordance with the IT Act, 2000 and the Indian Contract Act, 1872).

• SPDI shall be used strictly for the purpose for which consent was obtained and shall not be retained beyond such period.

• SPDI shall not be shared with third parties without your explicit consent, except where disclosure is required by applicable law or by a lawful order of a court or authority.

• We shall adopt industry-standard security practices for the protection of SPDI, including encryption, access controls, and secure storage, in compliance with the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011.

• We do not store CVV numbers or full card details after a transaction has been authorised, in compliance with applicable payment security standards.
  
  

7. Cookies and Similar Technologies
   
   

7.1 We may use cookies, pixels, web beacons, and similar technologies on the Platform to:

• Recognise you when you return to the Platform and maintain your login session;

• Remember your preferences and settings;

• Improve security and prevent fraudulent activity;

• Understand how you interact with the Platform in order to improve its performance and usability; and

• Measure the effectiveness of our communications and features.
  
  

7.2 You can manage cookie preferences through your browser or device settings. Disabling certain cookies may affect the proper functioning of some features of the Platform. We do not use cookies to track your browsing activity on third-party websites that do not use our services.

7.3 Where third-party analytics or advertising tools place cookies on your device through the Platform, we ensure that they are contractually required to process such data only for the limited and specified purposes for which they have been engaged, and in compliance with applicable law. Your consent to the use of non-essential third-party cookies will be obtained prior to their deployment, where required under law.

8. Data Sharing and Disclosure
   
   

8.1 We do not sell, rent, or trade your Personal Data to third parties for their independent marketing or commercial purposes. We may share your Personal Data only in the following limited and specified circumstances:

• With Service Providers (Investigation / Advisory / Legal). Relevant portions of your information including case or matter details and third-party data you have provided may be shared with the Service Provider identified for your matter, strictly to enable them to evaluate, accept, and deliver the requested services. Such sharing is subject to confidentiality obligations consistent with professional duties under applicable law, including (in the case of advocates) the Advocates Act, 1961 and the Bar Council of India Rules.

• With Vendors and Data Processors. With trusted third-party vendors who perform operational functions on our behalf, including hosting and cloud-storage providers, payment gateways, KYC and verification providers, analytics platforms, customer-support tools, and IT and security vendors. These parties are bound by contractual obligations (constituting Data Processing Agreements under the DPDP Act) to process Personal Data only in accordance with our instructions and applicable law, and to implement adequate security measures.

• For Legal and Regulatory Compliance. Where required by applicable law, regulation, valid legal process, court order, or enforceable governmental or regulatory direction, including under the IT Act, 2000, the BNSS, 2023, the PMLA, 2002, or any other applicable statute; and to protect the rights, property, or safety of the Company, Users, Service Providers, or the public.

• For Security and Fraud Prevention. To detect, prevent, or address fraud, security threats, or technical issues, including sharing information with law-enforcement agencies where lawfully required.

• Business Transfers. In connection with any proposed or actual merger, acquisition, restructuring, sale of assets, or other corporate transaction involving the Company, your information may be transferred to the relevant parties subject to appropriate confidentiality safeguards and in compliance with applicable data-protection law. You will be notified of any such transfer in accordance with Clause 17.

• With Your Explicit Consent. In any other circumstance where you have explicitly consented to such sharing after being informed of the purpose, recipient, and nature of the data to be shared.
  
  

8.2 Where Personal Data is shared in a de-identified or aggregated form that cannot reasonably be used to identify you, such sharing falls outside the scope of this Policy.

9. Personal Data of Third Parties Provided by You
   
   

9.1 In connection with certain services offered through the Platform (for example, corporate due-diligence, employment-verification, partner-assessment, or pre-litigation investigation services), you may provide personal data of third parties who are the subjects of the services requested. This is a significant legal responsibility, and the Company relies on your compliance with this Clause as a fundamental condition for providing such services.

9.2 By providing any such data on or through the Platform, you expressly represent, warrant, and confirm that:

• You have a lawful basis under applicable data-protection law, including the DPDP Act, 2023, to share the Personal Data of such individuals and to authorise its processing for the specific purposes of the services;

• You have obtained all necessary consents, approvals, or authorisations from such individuals, or have otherwise satisfied the applicable notice or consent requirements under law;

• You have, where required by law, informed such individuals of the nature of the services requested and the categories of data being processed; and

• You shall indemnify and hold harmless the Company from and against any claim, demand, penalty, loss, or proceeding initiated by or on behalf of any such third party arising from your failure to comply with your legal obligations under this Clause or under applicable law.
  
  

9.3 The Company shall not be responsible for any failure by you to comply with your own legal obligations in relation to third-party data. You are also reminded of your obligations under any applicable professional duty of confidentiality and under the Bharatiya Sakshya Adhiniyam, 2023 in relation to electronic records.

10. Your Rights as a Data Principal
    
    

Subject to applicable laws, including the DPDP Act, 2023 and the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011, you have the following rights in relation to your Personal Data:

10.1 Right to Access. You may request information confirming whether we hold your Personal Data, a summary of the data held, and the purposes for which it is being processed. You may also access and update certain personal information directly by logging into your account on the Platform.

10.2 Right to Correction and Erasure. You may request correction of inaccurate or incomplete Personal Data held by us, and request erasure of Personal Data that is no longer necessary for the purposes for which it was collected or where the legal basis for processing no longer subsists subject always to our legal retention obligations under applicable law (including the IT Act, 2000, the PMLA, 2002, and the Income Tax Act, 1961).

10.3 Right to Withdraw Consent. Where processing is based on consent, you may withdraw such consent at any time by contacting our Grievance Officer or through the in-app privacy settings. Withdrawal of consent shall not affect the lawfulness of processing carried out prior to withdrawal. Please note that withdrawal of consent may result in our inability to continue providing some or all of the services available on the Platform.

10.4 Right to Grievance Redressal. Where a complaint relates to:

(a) Content that is prima facie unlawful - the Company shall act within 36 (thirty-six) hours of receipt;

(b) Content that infringes the bodily privacy of a Data Principal, including any personal data relating to physical characteristics, health, or intimate imagery - the Company shall act within 2 (two) hours of receipt of a valid complaint;

(c) All other privacy-related grievances - the Company shall take action within 7 (seven) days.

These timelines are in compliance with the IT (Intermediary Guidelines and Digital Media Ethics Code) Amendment Rules, 2026.

10.5 Right to Nominate. Under the DPDP Act, you have the right to nominate another individual to exercise your data-related rights in the event of your death or incapacity. Details of how to exercise this right are available from our Grievance Officer.

10.6 Opt-Out of Marketing. You may opt-out of marketing or promotional communications at any time by using the unsubscribe mechanism in such communications or by contacting us. This opt-out will not apply to service-related or transactional communications.

To exercise any of these rights, please contact us using the details in Clause 16. We may need to verify your identity before acting on your request. In certain circumstances, we may be unable to fully comply with a request where restricted by applicable law or overriding legitimate interests (for example, where retention is mandated by law or is necessary for ongoing legal claims).

11. Data Retention
    
    

11.1 We retain Personal Data only for as long as is necessary to fulfil the purposes set out in this Policy or as required under applicable law, including:

• To provide and support the services requested by you;

• To comply with legal, regulatory, accounting, or reporting obligations under the IT Act, 2000, the Income Tax Act, 1961, the PMLA, 2002, and other applicable statutes;

• To resolve disputes and enforce our contractual and legal rights; and

• For legitimate business-continuity purposes such as audit trails and legal claims.
  
  

11.2 In general, as guidance:

• Account-related data is retained for the duration of your active account and for up to 180 (one hundred and eighty) days after account closure or deletion, unless longer retention is required by law.

• Transaction and payment data is retained for a minimum of 8 (eight) years, or such longer period as required under the PMLA, 2002 or the Income Tax Act, 1961.

• Log and usage data is retained for a rolling period of up to 24 (twenty-four) months, unless anonymized for longer-term analytics.

• Communications and matter-related data may be retained for the duration of any ongoing matter and for up to 3 (three) years thereafter, or for such period as may be required by limitation or regulatory provisions.
  
  

11.3 We conduct periodic reviews (at least once every 12 months) to determine whether continued retention remains necessary. Upon expiry of the applicable retention period, or when data is no longer required for any lawful purpose, Personal Data shall be securely deleted or irreversibly anonymized such that it no longer constitutes Personal Data under applicable law.

11.4 You may request deletion of your data in accordance with Clause 10.2 of this Policy and the rights conferred on you under the DPDP Act, subject to overriding legal obligations to retain such data.

12. Cross-Border Data Transfers
    
    

12.1 Your Personal Data is primarily stored and processed on servers located within India, in compliance with the applicable provisions of the DPDP Act, 2023 and applicable government notifications on data localization. Certain data for example, data processed by cloud-service providers, global payment gateways, or analytics platforms may be transferred outside India.

12.2 Any such cross-border transfer shall be made only in compliance with Section 16 of the DPDP Act and rules or notifications issued by the Central Government in relation to permitted jurisdictions or categories of transfer. Until specific rules are notified, cross-border transfers shall be subject to:

• Standard contractual clauses or data-transfer agreements with the overseas recipient;

• Encryption of Personal Data in transit and at rest;

• Access controls and confidentiality obligations binding on the foreign recipient; and

• Contractual commitments ensuring the overseas recipient provides a standard of protection at least comparable to that required under Indian law.
  
  

12.3 Cross-border transfers shall be carried out only to countries or territories notified by the Central Government under Section 16 of the DPDP Act, 2023, or as otherwise permitted under applicable law. Until the Central Government notifies the list of permitted countries, transfers shall be made only pursuant to contractual safeguards (including standard contractual clauses or data transfer agreements) and on a lawful basis established separately from this Policy. We will not rely on consent embedded in this Policy as the sole or primary basis for cross-border transfers. If you have concerns regarding such transfers, or wish to exercise your rights in relation to data processed overseas, you may contact our Grievance Officer using the details in Clause 16.

13. Data Security
    
    

13.1 We implement reasonable technical and organizational security measures designed to protect Personal Data from unauthorized access, alteration, disclosure, or destruction, commensurate with the nature and sensitivity of the data processed. Such measures include, without limitation:

• Encryption of data in transit and at rest;

• Firewalls, intrusion-detection systems, and secure server configurations;

• Role-based access controls and multi-factor authentication;

• Regular security assessments and vulnerability testing; and

• Employee confidentiality obligations and security training.
  
  

13.2 We maintain a comprehensive Information Security Programme consistent with the requirements of Rule 8 of the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011, incorporating technical, managerial, operational, and physical security controls. We adopt security standards aligned with IS/ISO/IEC 27001 or equivalent, to the extent applicable.

13.3 Your account is protected by means of a one-time password (OTP) or similar authentication mechanism. You are responsible for maintaining the confidentiality of your account credentials and for controlling access to your account. You must notify us immediately if you suspect any breach of your account security, including compromise of your password or OTP.

13.4 In the event of a personal data breach likely to cause harm to Data Principals, the Company shall: (a) notify the Data Protection Board of India as soon as possible and, in any event, within such time as may be prescribed under the DPDP Act, 2023 and rules made thereunder; (b) notify affected Data Principals of the nature of the breach, the categories and approximate volume of data affected, the likely consequences of the breach, and the measures taken or proposed to address it; and (c) maintain an internal breach register recording the details of all breaches and remedial steps taken.

14. Children's Privacy
    
    

14.1 The Platform is intended exclusively for use by adults aged 18 (eighteen) years and above. We do not knowingly collect, solicit, or process Personal Data from individuals under 18 years of age. If we become aware that we have inadvertently collected Personal Data from a minor, we will delete such data promptly in accordance with applicable law, including the DPDP Act, 2023 and its provisions relating to the processing of personal data of children.

14.2 However if the personal data of children under the age of 18 years has explicitly been provided by the data principle for the purpose of services sought, such information shall be regulated strictly in accordance with the provisions of section 9 of DPDP Act, 2023, wherein the Data Fiduciary shall, before processing any personal data of a child or a person with disability who has a lawful guardian obtain verifiable consent of the parent of such child or the lawful guardian, as the case may be, in such manner as may be prescribed.

14.3 The Company implements age-verification measures at the point of registration (including self-declaration of date of birth and, where prescribed under the DPDP Rules, additional technical verification measures) to prevent the registration of individuals under 18 years of age. The Company does not engage in tracking, behavioural monitoring, or targeted advertising in relation to any Data Principal who is or may be a child. Where age-verification measures are prescribed under the DPDP Rules, 2025, the Company shall implement such measures within the timelines prescribed.

15. Third-Party Links and Services
    
    

15.1 The Platform may contain links to third-party websites, applications, or services. We have no control over and are not responsible for the content, privacy practices, or data-handling of such third parties. Their collection and processing of your information is governed by their own privacy policies, and the Company encourages you to review such policies before providing any Personal Data to third parties. The Company shall not be liable for any loss or damage arising from your use of, or reliance on, any third-party service.

16. Grievance Officer and Contact Details
    
    

16.1 Where a complaint relates to:

(a) Content that is prima facie unlawful - the Company shall act within 36 (thirty-six) hours of receipt;

(b) Content that infringes the bodily privacy of a Data Principal, including any personal data relating to physical characteristics, health, or intimate imagery - the Company shall act within 2 (two) hours of receipt of a valid complaint;

(c) All other privacy-related grievances - the Company shall take action within 7 (seven) days.

16.2 In accordance with the IT Act, 2000, the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the DPDP Act, 2023, the Company has appointed a Grievance Officer / Data Protection Officer. If you have any questions, concerns, requests to exercise your rights, or complaints regarding this Policy or our handling of your Personal Data, please contact :

Data Protection Officer / Grievance Officer

Name: Jyot Baxi

Designation: Grievance Redressal

Email: support@nexintain.com

Address: A-116, Uber Tech Center, Sector 132, Noida, Greater Noida Expressway, Gautam Budh Nagar, Uttar Pradesh.

16.3 We will acknowledge your complaint or request within 24 (twenty-four) hours of receipt and shall endeavour to resolve it within 7 (Seven) days from the date of receipt, or such other period as may be prescribed under applicable law.

16.4 If you are not satisfied with our response, you may approach the Data Protection Board of India (once constituted and operational under the DPDP Act, 2023) or such other authority as may be designated under applicable law.

17. Changes to this Privacy Policy
    
    

17.1 We may update or modify this Policy from time to time to reflect changes in applicable law, our practices, or the Platform. When we do so, we will revise the "Last Updated" date at the top of this Policy. Where changes are material, we will provide prior notice of not less than 7 (seven) days through in-app notifications, email, or a prominent notice on the Platform, except where immediate changes are required by applicable law or regulatory mandate.

17.2 Your continued use of the Platform after the effective date of any such changes shall constitute your acceptance of the updated Policy. If you do not agree to the revised Policy, you must discontinue use of the Platform and may request deletion of your account in accordance with Clause 10.

18. Governing Law and Jurisdiction
    
    

18.1 This Policy is governed by the laws of India, without regard to its conflict-of-laws principles. Any dispute arising under or in connection with this Policy shall be subject to and governed by the dispute resolution mechanism set out in the Terms of Use, and the courts specified therein shall have exclusive jurisdiction.

19. Disclaimer on Deceptive Communications
    
    

19.1 We take your data security seriously. We do not send unsolicited communications asking for your login credentials, OTPs, financial details, UPI PINs, or any payment or verification via unofficial links. All legitimate communications from the Company will originate from verified email addresses (ending with @[scrutinint.com]) or through in-app notifications.

19.2 We collect user information like name, email (for log-in purpose) & profile picture for completing the profile of the users. This data is stored securely with ScrutINT. Any user at any time can can contact us on support@nexintain.com for deactivating their account & permanently remove their user data with us. We adhere to this with our 'no questions asked' policy.

19.3 If you receive any suspicious communication purporting to be from the Company, please report it immediately to our Grievance Officer. Do not share your credentials or click on unverified links. The Company disclaims all responsibility for actions or losses resulting from your interaction with unauthorised communications claiming to be from us.