Policies, Terms and Conditions

Updated on 1 April 2026

Heuristix Digital Technologies Private Limited and its subsidiaries (collectively referred to as “Heuristix”, “Disprz”, “we”, “us”, or “our”) operate the website www.disprz.ai and related domains to provide products and services that enable organization‑wide learning and skilling (the “Services”) under the brand name Disprz.

This Privacy Policy explains how we collect, use, store, share, and protect personal data when you access or use our Services through:

• the Disprz application,
• any disprz.com / disprz.ai sub‑domain (e.g., abc.disprz.com, abc.disprz.ai),
• customer white‑labelled domains (e.g., academy.yourdomain.com),
• or any other services we offer (collectively, the “Platform”).

By using our Services, you acknowledge that your personal data will be processed in accordance with this Privacy Policy.

Personal data processing is carried out based on one or more of the following lawful bases, as applicable:

• Performance of a contract with your employer or organization;
• Legitimate interests to operate, secure, and improve our Services;
• Compliance with legal obligations;
• Consent, where explicitly required by applicable law (for example, optional cookies or analytics).

In most cases, access to the Platform is provided pursuant to a contractual arrangement between Disprz and your employer or organization. If you wish to withdraw consent where consent is the applicable lawful basis, you may submit a request using the Data Subject Rights form listed below. Where required, we will coordinate with your employer to process the request.

This Privacy Policy informs website visitors, customers, and end‑users about our practices concerning the collection, use, storage, disclosure, and protection of personal data when using the Platform or Services.

We may collect the following categories of personal data (“Personal Data”):

• Identification and professional information: name, email address, phone number, profile picture, job title/designation, organization name, employee code, reporting manager, location, and public professional profile information.
• Organizational and assessment data: leadership role, department, cadre, internal team information, industry persona, and documents such as psychometric or skill assessments (where enabled by your organization).
• Technical and usage data: IP address, browser type and version, device information, pages visited, access timestamps, and interaction logs.
• Biometric data: fingerprint, facial, or iris data only if enabled by your organization for authentication purposes and processed strictly as per contractual and legal requirements.

We collect personal data through the following means:

• Information you provide directly when registering for or using the Services;
• Automatic collection through cookies and similar technologies when you access the Platform;
• Information provided by your employer or organization to enable delivery of the Services under an applicable contract.

We use personal data to:

• Provide, operate, and maintain the Platform and Services;
• Identify and authenticate users;
• Send service‑related communications, notifications, and alerts via email or SMS;
• Monitor usage, security, and performance of the Platform;
• Comply with legal, regulatory, and contractual obligations.

We may engage vetted third‑party service providers (processors) to:

• Host infrastructure and data;
• Provide support, ticketing, or communication services;
• Assist with analytics and service improvement.

Such providers are contractually bound to process personal data only on our instructions, maintain confidentiality, and implement appropriate security controls.

Personal data is securely stored on cloud infrastructure operated by leading cloud service providers, with data residency aligned to contractual commitments.

We implement industry‑standard technical and organizational measures, including:

• Encryption of data at rest and in transit;
• Role‑based access controls and authentication mechanisms;
• Audit logging and monitoring;
• Infrastructure, network, and physical security controls;
• Periodic security assessments and audits.

Personal data is retained for the duration of the contractual relationship with your organization unless a longer retention period is required by law. Upon contract termination or account de‑registration, data is deleted or anonymized within three (3) months, unless otherwise contractually required.

We do not use personal data for external marketing purposes. Limited service‑related communications (such as feature updates or platform notifications) may be sent where relevant to the Services already subscribed to by you or your organization. 

Subject to applicable law, you may have the following rights:

• Right to be informed
• Right of access
• Right to rectification
• Right to erasure
• Right to restrict processing
• Right to object to processing
• Right to data portability
• Rights related to automated decision‑making and profiling
• Right to opt‑out of sale or sharing of personal data (where applicable)
• Right to nominate a representative or fiduciary (as applicable under local law)

We will respond to verified requests within one (1) month, subject to legal allowances.

To exercise any of these rights, please submit a request using our unified Data Subject Rights.

You may also contact us at privacy@disprz.com or dpo@disprz.com.

We use cookies and similar technologies to operate our website, improve performance, and enhance user experience.

Details regarding cookie categories, purposes, and consent controls are provided in our Cookie Policy, which forms part of this Privacy Policy.

You can manage cookie preferences through your browser settings or our cookie consent manager. Disabling certain cookies may affect website functionality.

Our Services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that such data has been collected, we will delete it promptly. Parents or guardians may contact us to raise concerns. 

 While we implement commercially reasonable safeguards, no method of transmission or storage is completely secure. Accordingly, we cannot guarantee absolute security of personal data.

 Our Platform may contain links to third‑party websites. This Privacy Policy applies only to Disprz‑operated services. We encourage you to review the privacy policies of external websites you visit. 

If you have concerns about our handling of personal data, please contact our Data Protection Officer at dpo@disprz.com.

If unresolved, you may lodge a complaint with the applicable supervisory authority in your jurisdiction, including but not limited to:

• UK: Information Commissioner’s Office (ICO) at https://ico.org.uk/global/contact-us/. Alternatively, you may also approach the regulatory authority with jurisdiction at your location. More information about your legal rights can be found on the Information Commissioner’s website at https://ico.org.uk/for-the-public/
• Singapore: Personal Data Protection Commission (PDPC) at https://www.pdpc.gov.sg/Complaints-and-Reviews . Alternatively, you may also approach the regulatory authority with jurisdiction at your location. More information about your legal rights can be found on the PDPC’s website at https://www.pdpc.gov.sg/
• Malaysia: Personal Data Protection Commissioner (PDPC)
• UAE: National Electronic Security Authority (NESA)
• KSA: Saudi Data and Artificial Intelligence Authority (SDAIA)
• Oman: Information Technology Authority (ITA)
• Australia: Office of the Australian Information Commissioner (OAIC). If you are a resident of Australia and you have a complaint, you may refer it to the office of the Australian Information Commissioner (“OAIC”). You can contact OAIC by visiting www.oaic.gov.au, through an email to enquiries@oaic.gov.au, by calling 1300 363 992, or writing to OAIC at GPO Box 5218, Sydney NSW 2001.
• EU: European Data Protection Board (EDPB) at https://edpb.europa.eu/about-edpb/about-edpb/members_en, If you are in the European Economic Area you may contact your local data protection authority. You can find details for your local data protection authority by visiting https://edpb.europa.eu/about-edpb/board/members_en, calling +32 2 299 11 11, or writing to Directorate-General for Justice and Consumers | European Commission at 1049 Bruxelles/Brussel, Belgium.
• USA: Federal Trade Commission (FTC)
• California: California Attorney General's Office
• Indonesia: Ministry of Communication and Information Technology (MCIT)
• Myanmar: Personal Data Protection Law (PDPL) Enforcement Commission
• Philippines: National Privacy Commission (NPC)
• South Africa: Information Regulator
• Egypt: National Telecommunications Regulatory Authority (NTRA)
• India: Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology

 We may update this Privacy Policy periodically. Any changes will be posted on this page and become effective immediately upon publication. 

Heuristix Digital Technologies Private Limited (“Disprz”)

CIN: U74999TN2015PTC189109

6th Floor, Olympia Pinnacle #1

S No 69/2A1 S No 67/1-2A, New S No 67/4

Old Mahabalipuram Road,

Okkiyam Thuraipakkam,

Chennai, Tamil Nadu

India - 600097.

Email: privacy@disprz.com

Data Protection Officer: Shajahan L - dpo@disprz.com