Privacy Policy

Effective Date [01-Oct-2025] – (Version [1.0])

Company (Private) Limited Company (herein also referred to as “Company”, “we”, “us”, “our” or “Company”) has developed this Privacy Policy (the “Privacy Policy”) to explain how we collect, use, process and protect information in connection with our Connect 360 software (the “Platform” or “C360”).

We are committed to protecting and respecting your privacy.

The terms “you” and “your” refer to the Customer and its Authorized Users of the Platform. Please read this Privacy Policy before using the Platform.

The Customer and their Authorized Users are advised to read and understand this Privacy Policy carefully. By accessing and using the Platform, the Customer acknowledges and agrees to be bound by this Privacy Policy and confirms that it has the necessary authority and consents to permit the Company to collect and process any information strictly in accordance with this Privacy Policy.

BY USING THE PLATFORM, YOU AGREE THAT WE CAN COLLECT AND USE YOUR INFORMATION AS DESCRIBED IN THIS PRIVACY POLICY. BY USING THE PLATFORM, YOU AGREE TO THE CONTENTS OF THIS PRIVACY POLICY GIVE YOUR CONSENT TO US FOR COLLECTING YOUR INFORMATION.

This Privacy Policy explains:

• what information we collect and why we collect it;
• how we use that information; and
• the choices we offer, including how to access and update information.

We have tried to keep the Privacy Policy as simple as possible, but if you are not familiar with terms like cookies, IP addresses, pixel tags and browsers, then read about these key terms first. Your privacy matters to us so please do take the time to get to know our practices and if you have any questions feel free to contact us by sending an email to support@connect360.tenx.ai .

DEFINTIONS

For the purposes of this Privacy Policy, the following terms shall have the meanings set forth below. Unless otherwise defined herein, all the capitalized terms shall have the same meaning as in the Master Service Agreement (“MSA”) or End-user license Agreement (“EULA”) between the Company and the Customer.

1. “Admin Account” means the primary account created by the Customer on the Platform, registered under a designated email address and authorized by the Company. The Admin Account shall be used by the Customer to configure, manage, and control access to the Platform including creating, assigning, and revoking access rights for Authorized Users.
2. “Authorized User(s)” means the representatives authorized by you including employees, temporary staff, contractors, consultants, and service providers to access and use the Platform as specified in EULA.
3. “Customer Account” or “Account” means, collectively, the Admin Account and all Sub-Accounts.
4. “Customer(s)” means a person, which has licensed the Platform from the Company pursuant to the applicable MSA and EULA.
5. “Customer Data” means all data, information, and records uploaded, integrated, or otherwise transmitted into the Platform or provided by the Customer to the Company.
6. “Device” means any device that can access the Platform such as a computer, server, cellphone, or digital tablet.
7. “End User(s)” means the individual or entity bank account holders of the Customer whose data may be collected, processed, or analyzed by the Customer through the Platform.
8. “Platform” means the software program named Connect 360 provided by the Company, installed by you on a device.
9. “Services” means the access to, use of, and related maintenance, hosting, technical support, and other services provided by the Company to the Customer in connection with the Platform.
10. “Sub-Account(s)” means the unique individual accounts created under the Admin Account for each duly Authorized User of the Customer, consisting of User ID and password. Each Sub-Account shall be personal to the Authorized User assigned and shall be used solely for the purposes of accessing and using the Platform in accordance with the T&Cs and Privacy Policy.

CHANGES TO PRIVACY POLICY

The Company may update this Privacy Policy from time to time in response to changes in legal, technical, or business requirements. Any changes we may make to this Privacy Policy in the future will be posted on the Platform and, where appropriate, notified to you when you next start/open/log in the Platform. Once posted on the Platform, the new/amended Privacy Policy will be effective immediately. The new/amended terms may be displayed on-screen and you may be required to read and accept them to continue your use of the Platform or the Services, including any additional terms of use apply to your use of any other linked website(s)/app(s). In certain cases, the Customer may be required to review and acknowledge the updated policy in order to continue using the Platform.

COLLECTION OF INFORMATION

In order to enhance the Customer experience of using our Platform, we collect, process and store personal information provided by you from time to time on the Platform, Company collects information about you: (a) information you affirmatively and voluntarily give to us: (b) information automatically collected when you use or visit the Platform; and (c) information we receive from other valid sources such as third party information.

Information we may collect from you

This includes information submitted when:

• The Customer and its Authorized Users may create and maintain Admin Account and/or Sub-Accounts to access and use the Platform and our Services. The Company may collect the minimum information necessary to provide, maintain, and support such Customer Accounts and ensure proper functioning of the Platform. All processing of Customer Account-related data is conducted solely on behalf of the Customer and in accordance with this Privacy Policy.
• Create, register or update the Account on such interfaces where the Platform is imbedded in.
• When the Customer or its Authorized Users report a problem with the Platform or correspond with the Company for technical or customer support, the Company may collect certain information necessary to resolve the issue. This may include the name, designation, business contact details (such as address, email address and phone number) of the Authorized User, as well as details of the device used to access the Platform, whether a laptop, desktop computer, tablet, or mobile device. The Company may also collect relevant system information such as user ID, login credentials, error logs, configuration data, and other technical details necessary to provide effective troubleshooting and support.
• Contact us for information, questions or feedback about our Platform and Services at support@connect360.tenx.ai .
• Report problems for troubleshooting.
• Subscribe to our newsletters and promotions.

 Information We Collect About You and Your Device

Regarding each time you visit the Platform, we may automatically collect and analyze the following information:

• When you communicate with us via our customer services department i.e. chat service, email, phone, through the Platform or otherwise, we may maintain a record a copy of your communication and your feedback/suggestions to us. We may ask for additional information to verify your identity;
• Unique Platform Numbers: When the Platform is installed, updated, or uninstalled within the Customer’s systems, a unique number and information about the installation, such as the type of operating system may be sent to us;
• Location information: Depending on your Device permissions, we may collect your real time information, or approximate location information as determined through data such as GPS, IP address;
• Usage and Preference Information: We collect information as to how you or your Authorized Users interact with the Platform, including preferences for particular products and Services, settings chosen, the last time the Platform was accessed, the duration of usage, the specific features/Services or modules used and the time spent on them, as well as the activity or inactivity of Authorized Users on the Platform.
• Geo-Location Data: When you or your Authorized Users access and use the Platform, we may collect geo-location and IP address that is automatically captured through the systems they use to log in. If the Customer enables location-based security or monitoring features, such geo-location data may be recorded.
• Device Information: When the Customer or its Authorized Users access the Platform, The Company may collect information about the Devices used, including laptops, desktops, tablets, and mobile devices. This may include IP address, device type, operating system and version, browser type, session details, and other technical information necessary to provide, maintain, and support the Platform. The Company may also collect system-generated information such as user IDs, login credentials, error logs, and configuration data to monitor performance, troubleshoot issues, and ensure proper operation. All information is processed solely for operational and support purposes and in compliance with applicable law. The Company implements appropriate technical and organizational safeguards to protect this information, and access is restricted to personnel who require it to perform their duties in connection with the Platform.
• Stored information and files: Depending on your Device permissions, we may also access metadata and other information associated with other files stored on your Device;
• Transaction Information: We collect details related to your use of the Platform, and information about Authorized Users’ activity on the Platform, including the type of features/Services or modules accessed, reports or dashboards generated, search results selected, number of clicks, information and screens viewed, the order in which they were viewed, the length of time spent on different features of the Platform, the date and time the Platform was accessed, methods used to log out or exit from the Platform, and any correspondence made with the Company for support purposes. Information may also include the timing, duration and nature of Authorized User sessions on the Platform, as well as other related usage details necessary for security, audit and performance monitoring.

 Information we receive from other sources 

• We may receive information about you or your Authorized Users from third parties, integration partners, IT service providers, hosting providers, regulators, ad partners, analytics providers, search engines, or our affiliated companies, or if you use any of the other software solutions or services that we provide.
• If you choose to participate in evaluations, testing or feedback processes relating to the Platform, we may receive information about you or your Authorized Users from third-party partners engaged by us to conduct such evaluations or provide independent feedback on the Platform.

End User’s and Authorized Users’ Data

• The Customer may provide their End Users’ data to the Company but with prior consent of the End User or encrypt or anonymize Personally Identifiable Information (PII) of users so that their identities cannot be readily inferred.
• The Company may collect personal data from Authorized Users of the Platform as provided by the Customer during Customer Account registration or by the Authorized Users directly. This may include information that personally identifies the authorized user, such as their name, job title or role, business contact details, and login credentials.

REMOVAL OF CONSENT FOR COLLECTING FURTHER INFORMATION

You may withdraw your consent for further collection of the above information at any time by instructing the Company. Such instructions include suspending or terminating MSA and EULA.

TRACKING AND COOKIES

The Company may use cookies or similar tracking technologies solely to ensure the proper functioning, performance, and security of the Platform. These technologies help the Company maintain session continuity, monitor system usage, and troubleshoot technical issues.

For clarity, a “cookie” is a small piece of information stored on a web browser or device, which can be later read back to facilitate technical operations. Any cookies or similar technologies used in connection with the Platform do not contain personal data of the Customers End Users and are used exclusively for operational and support purposes.

USES MADE OF THE INFORMATION

Information collected by us shall be used for the purpose:

• To allow you to use the Services on the Platform, like:
  • Managing your account;
  • Communicating with you;
  • accessing and utilizing the functionalities of the Platform
• To provide technical support, resolve reported issues, and ensure the proper functioning and performance of the Platform.
• To monitor and improve system performance by collecting operational and device-related information.
• To verify Authorized Users, verify user identity and login credentials, secure access to the Platform, detect and prevent unauthorized use, and comply with applicable legal obligations.
• To communicate important notices or changes to the Services provided by the Company on the Platform, use of Platform and the terms/policies which govern he relationship between Customer and Company.
• To respond to requests from regulators, auditors, and contractual obligations.
• To analyze aggregated and anonymized usage trends for the purpose of enhancing existing features/Services and developing new functionalities of the Platform.
• Of auditing, conducting data analysis and research either indirectly/directly by the Company on personal, aggregated statistics and/or de-identified information related to sales, Services, customers, network traffic and location patterns of the Customer.
• For our internal record keeping, quality assurance, training and feedback
• For any other purposes with your consent

From time to time, we may use your information to customize, develop, improve and Update the Platform according to your interests

DISCLOSURE OF YOUR INFORMATION

Information provided by you and processed through the Platform may be shared with verified third-party service providers who support the hosting, operation, improvement, or maintenance of the Platform, subject always to strict confidentiality and security obligations.

We may also provide anonymous, encrypted and/or anonymized aggregate information and insights derived from the use of the Platform. Such information may include statistics or reports relating to system performance or general trends but will never contain any data that identifies the Customers End Users or Authorized Users.

We do not sell or rent data belonging to the Customer or its End Users to third parties for marketing purposes. Should we wish to use information relating to the Customer for any marketing or promotional purposes, we will inform the Customer in advance to get written consent from the Customer for such use. Once such consent is given it shall only be withdrawn by contacting us at support@connect360.tenx.ai .

Data collected by you or collected automatically from the Platform shall only be used for the uses mentioned above other than that, the Company may disclose some or all of the data to:

• Company’s Affiliate Entities: any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries.
• Law Enforcement Agencies: any local or international law enforcement, court of competent jurisdiction, competent regulatory or governmental agencies so as to assist in the prevention, detection, investigation or prosecution of criminal activities or fraud.
• Third Parties in following cases:
• With prospective business partners or in the event that we sell or buy any business or assets, in which case we may disclose your data to the prospective seller or buyer of such business or assets;
• If Company or substantially all of its assets are acquired by a third party, information held by it in relation to the Platform will be one of the transferred assets;
• If you request integration with third-party systems, such as authentication services, reporting tools or data sources, we may share information as needed to enable these integrations; and
• Where you consent to such disclosure to the relevant third parties.
• Comply with our duty to disclose or share your data in order to comply with any legal or regulatory obligation or request.
• Enforce our terms and conditions and other agreements or investigate potential breaches.
• Publish statistic relating to the use of the Platform, in which case all information will be aggregated and anonymized.
• Protect us from incurring any legal liability. In such an event we shall be under no obligation to specifically inform you or seek additional approval or consent.
• Protect the security and safety of you, the Company, its members and employees, or any person, in any emergency.
• Third-party service providers solely for the purpose of assisting or rendering services to us in the administration, maintenance or support of the Platform.
• The information collected from you may also be used by us to file a complaint against you and to initiate or commence proceedings against you for recovery of outstanding amounts.

WHERE THE COMPANY STORES YOUR PERSONAL DATA AND ITS PROTECTION

All data and information processed through the Platform is stored on secure servers which are secured with passwords and pins to ensure that no unauthorized person has access to it. Once your information is in our possession, we adhere to strict security guidelines, protecting it against unauthorized access. We shall take reasonable steps to help protect your rights of privacy and your information (personal or otherwise) in an effort to prevent loss, misuse, unauthorized access, disclosure, alteration, or destruction of such information, in compliance with applicable laws.

We take all steps that are reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. Where access credentials, including usernames or passwords, are provided to Authorized Users of the Platform, you and your Authorized Users are responsible for keeping such credentials confidential. You must ensure that your Authorized Users do not share their usernames or passwords with any unauthorized person.

In addition to the above, we protect your information through:

• Data encryption: All data transmitted between the Customers systems and the Platform is encrypted using strong security protocols such as TLS And SSL.
• Auto Logout: If you’re not active on the Platform for a while, we’ll automatically log you out to keep your information safe and reduce the risk of unauthorized access to the Platform.
• Third-party protection: Where the Company engages trusted third-party service providers to support hosting, infrastructure, or technical services, such providers are bound by strict contractual obligations to maintain confidentiality and data security. Their access is limited to what is strictly necessary, and they must comply with applicable data protection laws.

 DATA RETENTION AND DELETION

We retain data provided by you or your Authorized Users only for as long as necessary to fulfill the purposes for which it was shared, including providing, maintaining and supporting the Platform, as well as complying with applicable legal, regulatory, or contractual obligations.

You may request the deletion of your data at any time by contacting our support team. Upon receiving a valid request, we will delete the data within a reasonable timeframe, unless retention is required for legal, contractual, or operational reasons. Aggregated or anonymized data that does not identify Authorized Users or Customer’s End Users may be retained for analytical purposes or research purposes.

YOUR RIGHTS

We place great importance on ensuring your awareness of your privacy rights. To that end, we have outlined a non-exhaustive list of privacy rights that you can exercise while entrusting us with your information:

• Right to revoke consent: If you have granted consent for us to utilize, process, or share your data, you have the option to withdraw that consent at any time, unless the information is essential for us to carry out our Services.
• Right to access your information: You have the ability to access and request a copy of the personal data we hold about you whenever you wish. You can do this by getting in touch with us at support@connect360.tenx.ai .
• Right to correction: If any data we hold about you is inaccurate, incomplete, or outdated, you have the right to request that we correct or update such information without undue delay.
• Right to restrict processing: Under certain circumstances, you may request that we restrict the processing of your data. This may include situations where you contest the accuracy of the data or object to its use, pending verification.
• Right to deletion: You can request that we delete specific portions of the data we have on you, provided certain conditions are met:
  • The information is no longer necessary for our purposes, and there is no legal requirement for us to retain it.
  • Other legal justifications that permit you to make such a request.

While we will make every effort to accommodate your request, subject to identity verification and applicable laws, please keep in mind that this may render you ineligible for certain Services.

CONSENT AND AUTHORIZATION TO USE OF INFORMATION

By using our Platform, you agree and consent, without any reservation:

• To allow us to access any and all information and data provided by you or by your Authorized Users, in the manner detailed in this Privacy Policy:
• To allow us to use such information and data solely for purposes of providing, maintaining, and supporting the Platform, including sharing the data third parties, regulators, or service providers in accordance with applicable laws and regulations of Pakistan, without any commercial benefit of the same to the Company
• To allow us to store and utilize the data for such period of time as we deem fit for the purposes of this Privacy Policy or under the applicable law to fulfill its
• To allow us to use the data in connection with the operation and support of the Platform and in compliance with all applicable laws.

Your consent is of your own free will, without any duress or coercion of any nature. By using our Platform, you confirm unequivocally that you have read the Privacy Policy and are aware of and have no objection to the collection, storage and use of your data by the Company.

DATA SECURITY AND BREACH NOTIFICATION

In the event that the Company becomes aware of a data breach or security incident that compromises or is likely to compromise the confidentiality, integrity, or availability of the Customer’s information, the Company will take prompt action to assess the nature and scope of the breach. Where required under applicable law, or if we determine that a breach has resulted in or is likely to result in unauthorized access to information that could pose a risk to the Customer or its End Users, we will notify the Customer as soon as reasonably practicable. Such notification may be provided via email, official correspondence, or any other reasonable means, and will include relevant details such as the nature of the breach, affected data categories, potential consequences, and the steps being taken to mitigate harm.

Likewise, the Customer is responsible for maintaining the confidentiality of its access credentials, device-level protections, and any local data stored in connection with the Platform. If the Customer or any Authorized User becomes aware of any unauthorized access, suspicious activity, or a security breach at its end which may compromise the safety of its data or the data of others, it is obligated to notify the Company immediately at support@connect360.tenx.ai .

The Company reserves the right to take appropriate remedial measures in the event of any confirmed or suspected breach, and may without prior notice, take actions including but not limited to:

• Disabling access to affected Customer Accounts;
• Initiating credentials resets;
• Suspending use of certain features;
• Preserving relevant data for forensic investigations;
• Notifying regulators and affected third parties where legally required.

By using the Platform, the Customer acknowledges and agrees to cooperate fully with the Company’s investigations and mitigation efforts in the event of a security breach.