Recomnext Privacy Notice
Last updated: 26 May 2026
This Privacy Notice explains how Remittx Private Limited, operating under the brand name "Recomnext" ("we", "us", "our"), collects, uses, shares, and protects personal data when you visit our websites, create an account, integrate our SDKs, subscribe to our service, contact us, apply for a job with us, or otherwise interact with us.
It is written to satisfy our obligations under (i) the EU General Data Protection Regulation 2016/679 ("GDPR"), (ii) the UK General Data Protection Regulation and the Data Protection Act 2018 ("UK GDPR"), (iii) the Indian Digital Personal Data Protection Act, 2023 ("DPDP Act"), (iv) the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA"), and (v) other applicable data-protection laws.
1. Scope of this Notice
1.1 What this Notice covers. This Notice covers personal data that Recomnext processes as a Controller (a "Data Fiduciary" under the DPDP Act) — that is, where Recomnext decides why and how the data is processed.
Examples include:
- visitors to our websites at https://recomnext.com and related domains;
- developers and administrators who hold a Recomnext account;
- billing, legal, and procurement contacts at customer organisations;
- people who write to us through support, sales, or general inquiry channels;
- subscribers to our marketing communications;
- candidates who apply for jobs with us.
1.2 What this Notice does NOT cover. This Notice does not cover personal data of end-users of our customers (i.e., shoppers, readers, app users whose behavioural data flows through the Recomnext Service when our customers integrate our SDK). For that data, Recomnext acts as a Processor / Data Processor on behalf of our customer, who is the Controller / Data Fiduciary. Processing of that data is governed by the Recomnext Data Processing Addendum (https://recomnext.com/dpa) and by the privacy notice published by the relevant customer.
If you are an end-user of a website or app that uses Recomnext for recommendations, and you have questions about how your data is being used, please contact the operator of that website or app — they are the Controller of your data, not us.
2. Who We Are
Controller / Data Fiduciary: Remittx Private Limited 1st Floor, Gopala Krishna Complex, Residency Road Bengaluru, Karnataka 560025, India CIN: [corporate identification number]
General contact: support@driffle.com Privacy and data-protection contact: legal@driffle.com
Grievance Officer (as required under the DPDP Act and the Information Technology Rules, 2011): Name: [grievance officer name] Designation: [title] Email: grievance@driffle.com Postal address: as above Response time: within fifteen (15) days of receipt of a grievance, in accordance with applicable law.
EU and UK Representative (if applicable under Article 27 GDPR): [Name, address, and contact details of EU/UK representative, if appointed]
Data Protection Officer (DPO): [If appointed: name and contact. If not appointed: state "We have not appointed a statutory DPO; data-protection matters are handled by our privacy contact above."]
3. Personal Data We Collect
We collect different categories of personal data depending on how you interact with us.
3.1 Information you provide directly
| Category | Examples | Where collected |
|---|---|---|
| Identity & contact | Name, work email, phone, job title, employer, country | Account sign-up, sales inquiries, contact forms |
| Account credentials | Username, password (hashed), MFA tokens | Account sign-up and login |
| Billing & financial | Billing address, VAT/GSTIN/tax ID, payment-method last-4 and token, invoice history | Subscription checkout, billing portal |
| Service configuration | Workspace name, integration settings, team-member email addresses | Dashboard configuration |
| Support communications | Support tickets, chat transcripts, screenshots, screen recordings you share, call notes | Support email, in-app chat, scheduled calls |
| Marketing preferences | Subscription status, communication preferences, interests | Marketing forms, preference centre |
| Job applications | CV/résumé, cover letter, education and employment history, references, work-authorisation status | Careers page, recruitment platforms |
3.2 Information collected automatically
| Category | Examples | Where collected |
|---|---|---|
| Device & technical | IP address, browser type and version, operating system, device identifiers, language, time zone, referrer URL | Website visits, dashboard usage |
| Usage data | Pages viewed, features used, dashboard actions, time on page, search queries | Website, dashboard, documentation site |
| SDK telemetry | SDK package name, version, runtime environment, error traces, API-key fingerprint, license-acceptance flag value | SDK initialization pings from your applications |
| Cookies & similar | Session cookies, authentication cookies, analytics cookies, preference cookies (see Section 11) | Website, dashboard |
3.3 Information from third parties
| Source | Examples |
|---|---|
| Identity providers (e.g., Google, Microsoft, GitHub SSO) | Name, email, profile photo, identity-provider user ID |
| Payment processors (e.g., Stripe, Razorpay) | Payment status, transaction ID, partial card details |
| Sales intelligence and enrichment (e.g., LinkedIn, Clearbit) | Company information, role, public professional details |
| Background-check providers (for hiring only, with consent) | Employment verification, identity verification |
| Public sources | Company website, government registries, press releases |
3.4 Sensitive personal data. We do not normally collect special-category data (Article 9 GDPR) or sensitive personal data under the DPDP Act. Where job applicants voluntarily disclose health, disability, or other sensitive information (for example, to request reasonable accommodation), we process it only for that purpose and with appropriate safeguards.
4. How We Use Your Personal Data
We process personal data for the purposes set out below. The legal basis under GDPR / UK GDPR appears in the right-hand column; under the DPDP Act, processing is based on consent or on "legitimate uses" under Section 7 of the Act as applicable.
| Purpose | Categories of data | Legal basis (GDPR/UK GDPR) |
|---|---|---|
| Providing the Recomnext Service to account holders | Identity, account credentials, configuration | Performance of a contract (Art. 6(1)(b)) |
| Authenticating users and protecting accounts | Identity, device, credentials, cookies | Performance of contract; legitimate interest in security (Art. 6(1)(f)) |
| Billing, invoicing, and tax compliance | Billing, financial, identity | Performance of contract; legal obligation (Art. 6(1)(c)) |
| Responding to support and inquiries | Identity, support communications | Performance of contract; legitimate interest in serving inquiries |
| Improving the Service and developing new features | Usage, SDK telemetry, support feedback | Legitimate interest in improving our products (Art. 6(1)(f)) |
| Monitoring license compliance | SDK telemetry, account, usage | Legitimate interest in protecting our intellectual property (Art. 6(1)(f)); performance of contract |
| Sending service emails (security, billing, policy changes) | Identity, account | Performance of contract; legal obligation |
| Sending marketing communications | Identity, marketing preferences, usage | Consent (Art. 6(1)(a)) or legitimate interest in marketing to existing business customers (subject to opt-out) |
| Securing our systems and detecting fraud | Device, usage, SDK telemetry | Legitimate interest in security; legal obligation |
| Recruiting and assessing candidates | Job application data | Pre-contractual steps; consent for background checks |
| Complying with legal obligations | Any | Legal obligation (Art. 6(1)(c)) |
| Establishing, exercising, or defending legal claims | Any | Legitimate interest; legal obligation |
We do not use personal data for automated decision-making producing legal or similarly significant effects on individuals (Article 22 GDPR).
5. Who We Share Personal Data With
We share personal data with the following categories of recipients, in each case under appropriate contractual and security safeguards:
5.1 Group companies. Remittx Private Limited is part of a corporate group that includes affiliated entities. Where group companies provide shared services (engineering, support, finance, legal), personal data may be shared between them under intra-group data-sharing arrangements. [A list of group entities is available on request.]
5.2 Service providers (sub-processors). We use third-party service providers to operate the Recomnext Service and our business — for example, cloud hosting, managed databases, email delivery, payment processing, customer support tooling, analytics, and observability. A current list of sub-processors used for the Recomnext Service is at https://recomnext.com/subprocessors.
5.3 Professional advisers. Lawyers, accountants, auditors, and consultants, where necessary for legal, financial, or compliance purposes.
5.4 Authorities. Courts, regulators, law-enforcement agencies, and other public authorities, where required by law, court order, or regulatory request — and where we are not legally prohibited from doing so, we will notify you before complying.
5.5 Business transactions. Counterparties and their advisers in connection with a corporate transaction such as a merger, acquisition, financing, restructuring, sale of assets, or bankruptcy. We will require recipients to honour the privacy commitments in this Notice.
5.6 With your consent. Any other recipient where you have given us your consent or otherwise directed us to share your data.
We do not sell personal data, and we do not "share" personal data for cross-context behavioural advertising as those terms are defined under the CCPA/CPRA.
6. International Transfers
Recomnext is headquartered in India and may transfer personal data to, and process it in, jurisdictions outside your country of residence, including India and the locations of our cloud providers (which may include the EEA, the United Kingdom, and the United States).
Where personal data is transferred from the EEA, the UK, or Switzerland to a country not recognised as providing an adequate level of protection, we rely on:
- the EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) and, for UK transfers, the UK International Data Transfer Addendum;
- supplementary technical, organisational, and contractual measures where necessary;
- in limited cases, your explicit consent or other derogations under Article 49 GDPR.
For transfers from India, we comply with the cross-border transfer rules under the DPDP Act and any country-restrictions notified by the Indian Central Government.
You may request a copy of the transfer mechanism applicable to your data by emailing legal@driffle.com.
7. How Long We Keep Personal Data
We keep personal data only as long as necessary for the purposes for which it was collected, and to comply with our legal, tax, accounting, and dispute-resolution obligations. Indicative retention periods:
| Category | Retention |
|---|---|
| Account data | While the account is active, plus 12 months after closure for support and audit |
| Billing and tax records | At least 8 years under Indian Companies Act/GST/tax-law requirements; longer where required by other tax authorities |
| Support tickets and communications | 3 years from closure |
| Marketing-list data | Until you unsubscribe, or 2 years of inactivity, whichever is earlier |
| Website analytics | 14 months from collection |
| Job applications (unsuccessful) | 12 months from decision, longer with consent for future opportunities |
| Security logs | 12 months, longer for confirmed-incident records |
| SDK telemetry | 24 months |
| Backups | Rolling 180-day cycle |
After expiry of the retention period, we delete or anonymise the personal data, except where retention is required by applicable law.
8. How We Protect Personal Data
We implement technical and organisational measures designed to protect personal data against unauthorised access, alteration, disclosure, loss, or destruction. These measures include encryption in transit (TLS 1.2+) and at rest (AES-256), role-based access controls with multi-factor authentication, network segmentation, security monitoring, vulnerability and penetration testing, employee training, vendor due diligence, and a documented incident-response plan.
A more detailed description of measures applicable to Customer Personal Data is set out in Annex 3 of our Data Processing Addendum at https://recomnext.com/dpa.
No system is perfectly secure. If we become aware of a personal data breach that affects you, we will notify you and any required regulator without undue delay and in accordance with applicable law.
9. Your Rights
Depending on the law that applies to you, you have some or all of the following rights with respect to your personal data.
9.1 Rights available under GDPR / UK GDPR / DPDP Act:
- Access — obtain confirmation that we process your personal data and a copy of it.
- Rectification — have inaccurate or incomplete personal data corrected.
- Erasure — request deletion of your personal data, subject to legal retention requirements.
- Restriction — request that we restrict processing in certain circumstances.
- Portability — receive your personal data in a structured, commonly-used, machine-readable format and transmit it to another controller.
- Objection — object to processing based on our legitimate interests, including profiling, and to direct-marketing processing.
- Withdraw consent — where processing is based on your consent, withdraw that consent at any time (without affecting prior lawful processing).
- Nominate (DPDP Act, Section 14) — nominate another individual to exercise your rights in the event of your death or incapacity.
- Complain — lodge a complaint with a supervisory authority (see Section 9.3).
9.2 Rights available under CCPA/CPRA (California residents):
- Right to know what personal information we have collected, the sources, purposes, and categories of recipients.
- Right to delete personal information, subject to legal exceptions.
- Right to correct inaccurate personal information.
- Right to opt out of "sale" or "sharing" of personal information for cross-context behavioural advertising — although as noted, we do not sell or share personal information as defined under the CCPA/CPRA.
- Right to limit use of sensitive personal information.
- Right to non-discrimination for exercising any of these rights.
- An authorised agent may submit a request on your behalf.
9.3 How to exercise your rights. Send a request to legal@driffle.com with enough information for us to identify you and your request. We will respond within the time required by applicable law (one month under GDPR/UK GDPR; thirty days under the DPDP Act and CCPA/CPRA, extendable as permitted). We may need to verify your identity before acting on the request.
9.4 Supervisory authorities. If you are in the EEA, you may lodge a complaint with your national data-protection authority. If you are in the UK, the Information Commissioner's Office (https://ico.org.uk). If you are in India, the Data Protection Board of India established under the DPDP Act. We would, however, appreciate the chance to address your concerns directly before you contact a regulator.
10. Children's Personal Data
The Recomnext Service is intended for businesses, not for individuals under the age of 18. We do not knowingly collect personal data of children. Under the DPDP Act, processing of personal data of children (under 18) requires verifiable parental consent and is subject to additional restrictions; we do not process such data as a Controller. If you believe we may have collected personal data of a child, please contact legal@driffle.com.
11. Cookies and Similar Technologies
Our websites and dashboard use cookies and similar technologies to operate, secure, and improve our services. The categories of cookies we use:
| Category | Purpose | Consent |
|---|---|---|
| Strictly necessary | Authentication, security, session continuity, load balancing | No consent required |
| Functional | Remember preferences (language, layout) | Consent in jurisdictions that require it |
| Analytics | Understand how visitors use our sites (e.g., aggregate page views) | Consent in jurisdictions that require it |
| Marketing | Measure marketing-campaign effectiveness | Consent (opt-in) |
You can manage cookie preferences through the cookie banner on our websites and through your browser settings. Blocking strictly-necessary cookies may break the Service.
A full, up-to-date list of cookies and their durations is available in the cookie-preferences centre at https://recomnext.com/cookies.
12. Marketing
We may send you marketing communications about Recomnext products, features, events, and content. We rely on your consent where required, and otherwise on our legitimate interest in marketing to existing business customers. You may opt out at any time by clicking the unsubscribe link in any marketing email, or by emailing legal@driffle.com. Opting out of marketing does not stop service-related communications (billing, security, policy changes) that we are required to send.
13. Changes to This Notice
We may update this Notice from time to time. When we do, we will revise the "Last updated" date at the top. For material changes, we will provide additional notice (for example, an email or in-product notification) where feasible. Your continued use of our services after a change takes effect indicates your acknowledgement of the updated Notice; where the change requires fresh consent under applicable law, we will obtain it.
A version history of this Notice is available at https://recomnext.com/privacy/history.
14. Contact Us
Questions about this Notice, your personal data, or your rights:
Email: legal@driffle.com Grievance Officer: grievance@driffle.com Post: Remittx Private Limited, 1st Floor, Gopala Krishna Complex, Residency Road, Bengaluru, Karnataka 560025, India
We aim to respond to all inquiries promptly and within the time required by applicable law.
© 2026 Remittx Private Limited. All rights reserved.