Effective Date: 1 June 2025 

Last Updated: 1 June 2025 

1. Introduction

This Privacy Policy (“Policy”) describes how NIEUW Solutions Pvt Ltd, operating as Xuvian Ventures (“Xuvian,” “we,” “us,” or “our”), collects, uses, processes, stores, and shares information when you use our platform and services. 

2. Information We Collect

2.1 Information You Provide Directly

We collect information you voluntarily provide when using our platform, including:

Account Registration Information:

• Full name, email address, phone number 

• Company name, brand name, business stage 

• LinkedIn profile and professional background 

• Business address and contact details

Business Information: 

• Company overview, mission, vision statements 

• Financial information including funding history, projections, and cap table details 

• Team information, organizational structure, and employee details 

• Product descriptions, pitch decks, and business plans 

• Market analysis, competitive information, and strategic plans 

• Customer information, testimonials, and case studies 

• Legal documents, compliance records, and intellectual property information 

Platform Interactions: 

• Responses to platform questionnaires and assessments 

• Messages and communications through the platform 

• File uploads, documents, and multimedia content 

• Investor interaction records and meeting notes 

• Platform usage data and engagement metrics

2.2 Information We Collect Automatically

Technical Information: 

• IP address, device type, operating system, and browser information 

• Platform usage patterns, features accessed, and time spent 

• Log files, cookies, and similar tracking technologies 

• Geographic location data (country/city level) 

• Platform performance data and error reports 

Platform Analytics: 

• User behavior patterns and navigation paths 

• Feature usage statistics and engagement metrics 

• Search queries and filter preferences 

• Document access and sharing patterns

2.3 Information from Third Parties 

We may collect information from: 

• Social media platforms (LinkedIn, when you connect your account) 

• Business partners and incubators who refer you to our platform 

• Public databases and business registries 

• Credit agencies and background verification services 

• Investor networks and industry databases

3. How We Use Your Information

3.1 Platform Services and Operations 

• Service Delivery: Providing all platform features including profile management, investor matching, and communication tools 

• Account Management: Creating and maintaining your account, authentication, and customer support 

• Platform Improvement: Enhancing platform functionality, user experience, and developing new features 

• Quality Assurance: Monitoring platform performance, troubleshooting issues, and ensuring service reliability

3.2 Business Operations and Communications 

• Investor Matching: Connecting you with relevant investors based on your business profile and preferences 

• Business Communications: Facilitating communications between startups, investors, and other platform users 

• Educational Content: Providing learning resources, best practices, and industry insights 

• Platform Updates: Sending notifications about new features, service changes, and important announcements

3.3 Marketing and Promotional Activities 

Default Marketing Rights: By using our platform, you automatically grant us the right to use your information for: 

• Success Stories: Featuring your company in case studies, testimonials, and success stories 

• Marketing Materials: Including your company in promotional content, website materials, and presentations 

• Industry Examples: Using your business as examples in educational content and industry analysis 

• Media and PR: Featuring your startup in press releases, blog posts, and social media content 

• Events and Conferences: Highlighting your participation and achievements at industry events 

• Platform Demonstrations: Using your profile (with sensitive information redacted) in platform demos 

• Opt-Out: You may opt out of marketing usage by providing written notice to legal@xuvian.com with 30 days’ advance notice.

3.4 Anonymized Data Usage and Platform Enhancement 

We use anonymized and aggregated data for: 

• Platform Development: Improving algorithms, matching systems, and user experience 

• Industry Research: Creating market insights, trend analysis, and benchmarking reports 

• Product Innovation: Developing new features and services based on usage patterns 

• Academic Partnerships: Collaborating with research institutions using non-identifiable data 

• Business Intelligence: Generating platform analytics and performance metrics 

• Guarantee: All data used for these purposes will be completely anonymized with no identifying information.

4. Information Sharing and Disclosure

4.1 Controlled Sharing Through Platform 

• Investor Access: Information shared with investors only when you explicitly authorize such sharing through platform controls 

• User-Controlled Permissions: You determine what information specific investors or partners can access 

• Secure Communication: Facilitating communications while maintaining your control over information flow 

• Platform Transactions: Information necessary to complete platform transactions and services

4.2 Business Operations 

• Service Providers: Sharing with third-party service providers who assist in platform operations (hosting, analytics, customer support) 

• Business Partners: Sharing with partners like incubators and accelerators as part of collaborative programs 

• Professional Services: Sharing with legal, accounting, or other professional service providers when necessary 

• Verification Services: Sharing with background verification and credit assessment agencies

4.3 Legal and Regulatory Requirements 

• Legal Compliance: Disclosing information to comply with applicable laws, regulations, and legal processes 

• Regulatory Authorities: Sharing information with regulatory bodies as required by law 

• Law Enforcement: Cooperating with law enforcement agencies for legitimate investigations 

• Court Orders: Complying with court orders, subpoenas, and other legal demands

4.4 Business Transactions 

• Mergers and Acquisitions: Information may be transferred in connection with business mergers, acquisitions, or asset sales 

• Corporate Restructuring: Sharing information during corporate restructuring or business reorganization 

• Investor Due Diligence: Providing information to potential investors or acquirers of Xuvian

4.5 Emergency Situations 

• Safety and Security: Sharing information to protect the safety and security of users, platform, or public 

• Fraud Prevention: Sharing information to prevent fraud, unauthorized access, or illegal activities 

• Platform Integrity: Protecting the integrity and security of our platform and services

5. Data Retention and Storage

5.1 Retention Periods 

• Active Accounts: Information retained as long as your account remains active and for legitimate business purposes 

• Inactive Accounts: Information retained for 3 years after account becomes inactive, unless legally required otherwise 

• Financial Records: Financial and transaction data retained for 7 years for compliance purposes 

• Marketing Materials: Content used in marketing materials may be retained indefinitely unless removal is specifically requested 

• Legal Requirements: Information retained longer when required by applicable laws or ongoing legal proceedings

5.2 Data Storage and Security 

• Data Localization: Personal data of Indian users stored within India as required by applicable regulations 

• Security Measures: Industry-standard encryption, access controls, and security protocols 

• Backup Systems: Regular data backups for business continuity and disaster recovery 

• Access Controls: Limited access to personal information on a need-to-know basis 

5.3 Data Deletion 

• Account Termination: You may request deletion of your account and associated data 

• 30-Day Export Period: Data export period following account termination before deletion 

• Legal Preservation: Some information may be retained if required by law or for legitimate business purposes 

• Anonymized Data: Anonymized and aggregated data may be retained indefinitely for platform improvement

6. Cross-Border Data Transfers

6.1 International Operations 

• Global Platform Access: Our platform may be accessed by users and investors from multiple countries 

• Data Transfer Necessity: Cross-border transfers may be necessary for platform functionality and investor connections 

• Compliance Framework: All international transfers comply with applicable Indian data protection laws 

6.2 Transfer Safeguards 

• Contractual Protections: Standard contractual clauses for international data transfers 

• Adequacy Decisions: Transfers to countries with adequate data protection levels as recognized by Indian authorities 

• Consent–Based Transfers: Explicit consent for transfers to countries without adequate protection 

• Business Necessity: Transfers necessary for platform operations and service delivery 

6.3 International Investor Connections 

• Investor Matching: Connecting Indian startups with international investors may require data transfers 

• Due Diligence: Facilitating due diligence processes between startups and international investors 

• Regulatory Compliance: Ensuring all transfers comply with FEMA and other applicable regulations 

• User Control: You control what information is shared with international investors

7. Your Privacy Rights and Choices

7.1 Access and Control Rights 

• Information Access: View and download your personal information stored on the platform 

• Profile Management: Update and modify your business profile and account information 

• Privacy Settings: Control who can access specific information through platform permissions 

• Communication Preferences: Manage email notifications and communication settings 

7.2 Data Portability and Deletion 

• Data Export: Export your data in a structured, commonly used format 

• Account Deletion: Request deletion of your account and associated personal information. 

• Selective Deletion: Request deletion of specific information categories 

• Response Timeline: We will respond to requests within 30 days of receipt 

7.3 Marketing and Communications 

• Marketing Opt-Out: Opt out of marketing usage by written notice to legal@xuvian.com 

• Email Unsubscribe: Unsubscribe from marketing emails using provided links 

• Communication Preferences: Manage types and frequency of communications received 

7.4 Limitations on Rights 

• Legal Requirements: Some information may be retained for legal compliance purposes 

• Business Operations: Information necessary for ongoing business operations and platform functionality 

• Anonymized Data: Rights do not apply to completely anonymized data 

• Third-Party Rights: Information that affects rights of other users or third parties 

8. Cookies and Tracking Technologies

8.1 Types of Cookies Used 

• Essential Cookies: Necessary for platform functionality and security 

• Performance Cookies: Analyzing platform usage and improving performance 

• Functional Cookies: Remembering your preferences and settings 

• Analytics Cookies: Understanding user behavior and platform effectiveness 

8.2 Third-Party Cookies 

• Service Providers: Cookies from third-party service providers for analytics and functionality 

• Social Media: Cookies from social media platforms when you interact with integrated features 

• Advertising: Cookies for targeted advertising and marketing campaigns 

8.3 Cookie Management 

• Browser Controls: Manage cookies through your browser settings 

• Opt-Out Options: Some third-party cookies can be disabled through opt-out mechanisms 

• Platform Impact: Disabling certain cookies may affect platform functionality 

9. Data Security and Protection

9.1 Security Measures 

• Encryption: Industry-standard encryption for data transmission and storage 

• Access Controls: Multi-factor authentication and role-based access controls 

• Network Security: Firewalls, intrusion detection, and network monitoring 

• Regular Audits: Periodic security assessments and vulnerability testing 

9.2 Data Breach Response 

• Incident Response: Established procedures for responding to security incidents 

• Notification Timeline: User notification within 72 hours of confirmed breach affecting personal data 

• Regulatory Reporting: Timely reporting to relevant authorities as required by law 

• Remediation Measures: Immediate steps to contain breaches and prevent future incidents 

9.3 Employee Training and Policies 

• Privacy Training: Regular training for employees on data protection and privacy practices 

• Access Policies: Strict policies governing employee access to personal information 

• Confidentiality Agreements: All employees sign comprehensive confidentiality agreements 

• Background Checks: Background verification for employees with access to sensitive data 

10. Compliance with Indian Privacy Laws

10.1 Information Technology Act, 2000 

• Reasonable Security Practices: Implementation of security practices as per IT (Reasonable Security Practices) Rules, 2011 

• Sensitive Personal Data: Special protection for sensitive personal data including financial information 

• Consent Requirements: Obtaining proper consent for collection and processing of personal information 

• Data Breach Notification: Compliance with breach notification requirements 

10.2 Future Privacy Legislation 

• Adaptive Compliance: Policies will be updated to comply with Personal Data Protection Bill when enacted 

• Regulatory Changes: Continuous monitoring and compliance with evolving privacy regulations 

• Best Practices: Implementation of international best practices for data protection 

10.3 Sectoral Regulations 

• SEBI Compliance: Compliance with securities regulations where applicable 

• RBI Guidelines: Adherence to banking and financial data protection guidelines 

• Corporate Laws: Compliance with Companies Act provisions regarding data protection 

11. Children’s Privacy

11.1 Age Restrictions 

• Minimum Age: Our platform is intended for users 18 years and older 

• No Intentional Collection: We do not knowingly collect information from children under 18 

• Parental Consent: If we discover collection from minors, we will seek parental consent or delete the information 

• Verification: Age verification processes during account registration 

11.2 Educational Content 

• Business Education: Platform content is designed for adult business professionals 

• Mentorship Programs: Any mentorship programs comply with appropriate supervision requirements 

• Safety Measures: Additional safety measures for any programs involving younger participants 

12. Updates to Privacy Policy

12.1 Policy Changes 

• Regular Reviews: This policy is reviewed and updated periodically 

• Material Changes: Significant changes will be communicated through email or platform notifications 

• Notice Period: 30 days’ advance notice for material changes affecting user rights 

• Continued Use: Continued platform use after changes constitutes acceptance of updated policy 

12.2 Version Control 

• Effective Date: Each version includes clear effective date and version information 

• Historical Versions: Previous versions available upon request for reference 

• Change Documentation: Summary of material changes provided with each update 

13. International Users and Jurisdictional Issues

13.1 Governing Law 

• Indian Law: This Privacy Policy is governed by Indian privacy and data protection laws 

• Jurisdiction: Disputes subject to jurisdiction of courts in Bengaluru, Karnataka 

• Regulatory Authority: Indian Computer Emergency Response Team (CERT-In) and relevant authorities 

13.2 International Users 

• Local Law Compliance: International users responsible for compliance with their local privacy laws 

• Conflict of Laws: Indian law prevails in case of conflicts with international regulations 

• Cross-Border Transfers: International users consent to data transfers to India for platform operations 

14. Business Contact Information and Privacy Inquiries

14.1 Privacy Contact Information 

For Privacy-Related Inquiries: 

Data Protection Officer 

NIEUW Solutions Pvt Ltd (Xuvian Ventures) 

Email: legal@xuvian.com 

Address: Pavani Sarovar, Nallurhalli Main Road, Whitefield, Bengaluru 560066 

Phone: [To be specified] 

For General Legal Matters: 

Email: legal@xuvian.com 

14.2 Response Timeline 

• General Inquiries: Response within 7 business days 

• Data Subject Requests: Response within 30 days 

• Urgent Security Matters: Response within 24 hours 

• Regulatory Inquiries: Response as required by applicable law 

14.3 Complaint Resolution 

• Internal Process: Initial resolution through our internal complaint handling process 

• Regulatory Complaints: Right to file complaints with appropriate regulatory authorities 

• Escalation: Clear escalation process for unresolved privacy concerns 

15. Specific Terms for Business Users

15.1 Business-to-Business Processing 

• Commercial Relationship: Information processing primarily for business-to-business commercial purposes 

• Professional Information: Most information collected relates to business and professional activities 

• Legitimate Interests: Processing based on legitimate business interests and commercial relationships 

15.2 Employee Data 

• Employee Information: Collection of employee data from business users for professional purposes 

• Consent and Authorization: Business users warrant they have appropriate consent for employee data sharing 

• Limited Processing: Employee data used only for business purposes and platform functionality 

15.3 Business Records 

• Corporate Information: Much of the information constitutes business records and corporate information 

• Public Information: Some information may already be publicly available through corporate filings 

• Business Necessity: Processing necessary for legitimate business operations and commercial relationships 

Effective Date and Acceptance

This Privacy Policy becomes effective on the date specified above. By using the Xuvian platform, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your information as described in this Privacy Policy. 

Document Version: 1.1 

Effective Date: 1 June 2025 

Next Review Date: [Date + 12 months] 

For questions about this Privacy Policy or our privacy practices, please contact us at legal@xuvian.com 

This Privacy Policy has been drafted to comply with applicable Indian privacy laws including the Information Technology Act 2000, IT Rules 2011, and other relevant regulations. We recommend consulting with legal counsel for specific privacy law questions.