Privacy Policy

Effective Date: 5 March 2026  ·  Last Updated: 5 March 2026
Applies to nexlyadvisory.com and aegis.nexlyadvisory.com operated by Sapiex Technologies Private Limited.

1. Who We Are

Data Fiduciary (Controller):
Sapiex Technologies Private Limited
(Operating as Nexly Advisory)
Registered Office: New Delhi, India
Email: advisory@nexlyadvisory.com

Nexly Advisory is a regulatory compliance advisory firm serving Urban Cooperative Banks (UCBs) in India. We operate the AEGIS platform — an audit lifecycle management SaaS — at aegis.nexlyadvisory.com.

For purposes of the Digital Personal Data Protection Act, 2023 (DPDPA 2023) and the Information Technology Act, 2000, Sapiex Technologies Private Limited is the Data Fiduciary responsible for determining the purposes and means of processing your personal data.

2. Scope of This Policy

This Privacy Policy explains how we collect, use, store, share, and protect personal data when you:

  • Visit and use nexlyadvisory.com (our marketing website)
  • Subscribe to our newsletter or download resources
  • Contact us through our contact form or by email
  • Use the AEGIS platform at aegis.nexlyadvisory.com (subject to a separate Data Processing Agreement for enterprise clients)

This policy does not cover third-party websites linked from our site.

3. What Personal Data We Collect

We collect only what we need, and only for clearly defined purposes.

3.1 Information You Provide Directly

  • Contact Form: Name, job title, organisation (bank name), email address, phone number, and your query or message.
  • Newsletter Subscription (/api/subscribe): Email address only.
  • AEGIS Platform Registration: Name, designation, organisation details, email address, and login credentials. (Governed additionally by your engagement agreement.)

3.2 Information Collected Automatically

  • Website Analytics: IP address (anonymised where possible), browser type, operating system, pages visited, time spent, referral source, and geographic region.
  • Cookies and Similar Technologies: See Section 9 (Cookie Policy) below.
  • Server Logs: Standard web server access logs, retained for security and diagnostic purposes.

3.3 What We Do Not Collect

We do not collect Sensitive Personal Data or Information (SPDI) as defined under the IT (SPDI) Rules, 2011 — such as financial account details, health data, biometrics, or passwords — through our marketing website. The AEGIS platform may process bank-related operational data under a separate contractual framework.

4. How We Use Your Data

We process your personal data for the following purposes:

  • Responding to Enquiries: To respond to your contact form submissions and schedule consultations.
  • Newsletter and Insights: To send regulatory updates and thought leadership content to subscribers who have opted in.
  • Service Delivery: To provide access to and support for the AEGIS platform and our advisory services.
  • Website Improvement: To analyse usage patterns and improve our website.
  • Legal Compliance: To comply with applicable Indian laws or respond to regulatory enquiries.
  • Security: To detect, prevent, and respond to fraud, abuse, or security incidents.

5. Legal Basis for Processing (DPDPA 2023)

Under the Digital Personal Data Protection Act, 2023, we process personal data on the following bases:

  • Consent (Section 6, DPDPA 2023): For newsletter subscriptions and non-essential cookies. You may withdraw consent at any time by emailing us or clicking "Unsubscribe" in any newsletter.
  • Certain Legitimate Uses (Section 7, DPDPA 2023) / Contractual Necessity: For processing enquiries and delivering services where processing is necessary to fulfil a contract to which you or your organisation are a party.
  • Legal Obligation: Where processing is required under applicable Indian law (e.g., tax records, regulatory compliance).

As a body corporate under the IT Act, 2000, we comply with Section 43A (reasonable security practices) and the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

6. Data Retention

We retain personal data only as long as necessary for the purposes described, or as required by law:

  • Contact form submissions: Up to 3 years from date of submission, or until the engagement concludes.
  • Newsletter subscriber emails: Until you unsubscribe or request deletion.
  • AEGIS platform data: As specified in your engagement agreement and applicable regulatory requirements (typically 7 years for financial records under the Companies Act, 2013).
  • Server logs and analytics: Up to 12 months.
  • Legal / compliance records: As mandated by applicable Indian law.

After the applicable retention period, personal data is securely deleted or anonymised.

7. Sharing Your Data

We do not sell, rent, or trade your personal data. We may share data with:

  • Technology Service Providers: Hosting, email delivery, and analytics providers who process data on our behalf under data processing agreements. These providers are contractually bound to use your data only as we instruct.
  • Professional Advisors: Lawyers, accountants, or auditors where necessary and under strict confidentiality obligations.
  • Regulatory Authorities: Government bodies or regulators (such as RBI, MCA, or law enforcement) where required by law or a valid legal order.

Any cross-border transfer of personal data is conducted only with your consent or where equivalent data protection standards exist, in compliance with DPDPA 2023.

8. Data Security

We implement reasonable security practices and procedures as required under Section 43A of the IT Act, 2000 and the IT (SPDI) Rules, 2011. Our security measures include:

  • Encryption of data in transit (TLS/HTTPS) across all our web properties.
  • Access controls limiting data access to authorised personnel on a need-to-know basis.
  • Regular security assessments and vulnerability monitoring.
  • Secure credential storage using industry-standard hashing algorithms.
  • Incident response procedures aligned with CERT-In directions.

In the event of a personal data breach likely to cause harm, we will notify the Data Protection Board of India and affected individuals in accordance with DPDPA 2023. No method of internet transmission is completely secure; we cannot guarantee absolute security.

9. Cookie Policy

Our website uses cookies — small text files stored on your device. We use:

  • Strictly Necessary Cookies: Required for the website to function (e.g., session management, security). These cannot be disabled.
  • Analytics Cookies: Help us understand how visitors interact with our website (page views, visit duration, traffic sources). Set only with your consent.
  • Preference Cookies: Remember your settings and choices. Set only with your consent.

You can control cookies through your browser settings. Disabling analytics cookies will not affect your ability to use our website.

10. Your Rights Under DPDPA 2023

As a Data Principal under the Digital Personal Data Protection Act, 2023, you have the following rights:

  • Right to Information (Section 11): Request a summary of the personal data we hold about you and details of how it is processed.
  • Right to Correction and Erasure (Section 12): Request correction of inaccurate data, or erasure where the purpose of processing is no longer served — subject to our legal retention obligations.
  • Right to Grievance Redressal (Section 13): Raise a grievance by contacting us. If unresolved, you may approach the Data Protection Board of India.
  • Right to Nominate (Section 14): Nominate another individual to exercise your rights in the event of your death or incapacity.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting prior lawful processing.

To exercise any of these rights, contact us at advisory@nexlyadvisory.com. We will respond within 30 days.

11. Children's Data

Our services are directed exclusively at businesses — specifically Urban Cooperative Banks and their professional staff. We do not knowingly collect personal data from individuals under 18. If we become aware that we have collected such data, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be reflected in the "Last Updated" date above. For significant changes, we may notify registered users by email. Continued use of our website after changes constitutes acceptance of the updated policy.

13. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of the Republic of India, including the Digital Personal Data Protection Act, 2023 and the Information Technology Act, 2000. Any disputes shall be subject to the exclusive jurisdiction of the courts of New Delhi, India.

14. Contact Us

For questions about this Privacy Policy, to exercise your data rights, or to raise a privacy concern:

Nexly Advisory (Sapiex Technologies Private Limited) New Delhi, India
Email: advisory@nexlyadvisory.com
Website: nexlyadvisory.com

If you are unsatisfied with our response, you may approach the Data Protection Board of India once constituted under DPDPA 2023, or seek remedies under applicable Indian law.