Find high‑potential outlets and clusters with expected GMV - expand coverage where conversion odds are highest.  Find New Markets →

Privacy Policy

Last updated: 2025-12-13

This Privacy Policy explains how BenPlat EPP Technology Private Limited (d/b/a “SwishX”, “we”, “us”, “our”) collects, uses, discloses, and protects personal information when you visit swishx.com, request a consultation, access our platform and apps, or interact with our products and services, including pAI (collectively, the “Services”).

SwishX is an AI-native distribution intelligence platform built for pharmaceutical and medical equipment organizations. Our Services digitize downstream distribution after dispatch—connecting manufacturers, distributors, stockists, retailers, and field teams with live data, insights, and workflow automation.

This Policy is provided for transparency and is not legal advice. If you are a Customer, your contract (including any Data Processing Addendum) may further define how we process data on your behalf.

1. Scope

  • Website visitors: people who visit swishx.com and our marketing pages.
  • Business contacts: people who request consultations, proposals, or communicate with us for sales, support, or partnerships.
  • Platform users: authorized users of a SwishX customer account (e.g., employees, contractors, admins).
  • Channel participants: distributors, stockists, retailers, and other downstream participants who use SwishX apps/dashboards under a Customer’s program.

2. Roles and Responsibilities (Controller vs. Processor)

SwishX can act as either (a) a “data controller” or (b) a “data processor,” depending on the context:

  • As a controller: when we process personal information for our own purposes (e.g., website analytics, marketing, sales communications).
  • As a processor: when we process Customer data within the platform on behalf of the Customer, who determines the purposes and means of processing.

If you are an end user accessing SwishX through your employer or another Customer, that Customer is typically the controller for platform data. For rights requests related to platform data, you may need to contact the Customer first.

3. Personal Information We Collect

3.1 Information you provide to us

  • Contact information: name, work email, phone number, company, job title, and location.
  • Inquiry and meeting information: messages, meeting notes, and information you share in consultations or support.
  • Account information: username, role, permissions, and authentication identifiers (including SSO identifiers).
  • Billing and contracting contacts: name, business email, and invoicing information (where applicable).

3.2 Information processed through the platform (Customer data)

  • Commercial and operational records: invoices, orders, stock statements, returns/claims, and related metadata.
  • Channel engagement: scheme/loyalty participation, redemption events, and offer eligibility signals.
  • Field execution signals: visit logs, call logs, route/beat execution signals, and performance metrics (where enabled by the Customer).
  • System and usage telemetry: audit logs and access history needed for security and troubleshooting.

3.3 Information we collect automatically

  • Device and usage data: IP address, browser type, device identifiers, pages viewed, clicks, and session events.
  • Cookie and tracking data: identifiers stored via cookies or similar technologies used for security, analytics, and marketing attribution.
  • Diagnostic data: performance and error logs (typically excluding Customer content unless needed to diagnose a reported issue).

4. How We Use Personal Information

We use personal information for the following purposes:

  • Provide the Services: onboarding, authentication, dashboards, workflows, ordering, finance features, and customer support.
  • Operate and secure the platform: access controls, monitoring, fraud prevention, and incident response.
  • Improve and develop the Services: feature improvements, usability, reliability, and performance.
  • Business communications: respond to inquiries, send consultation confirmations, product updates, and service notices.
  • Marketing and growth: send relevant communications, measure campaign performance, and improve the website experience.
  • Compliance: meet legal obligations and enforce our agreements.

5. pAI and AI-Assisted Features

pAI is SwishX’s mascot-led pharma AI copilot. pAI can help users search connected data sources, summarize information, surface insights, and propose or trigger workflows subject to permissions and guardrails.

  • Permission-aware retrieval: pAI is designed to respect user roles and permissions; users should only see content they are authorized to access.
  • Human-in-the-loop controls: sensitive actions can require approvals based on Customer configuration and policies.
  • Accuracy: AI outputs can be probabilistic and may contain errors; users should validate outputs before acting, especially for regulated decisions.

Model training: By default, SwishX does not use a Customer’s platform data to train generalized models for other customers. Any training or evaluation using Customer data, if offered, will be governed by the Customer’s contract and configuration.

6. Legal Bases for Processing (GDPR)

Where GDPR applies, SwishX processes personal information under one or more legal bases, including:

  • Contract performance: to provide the Services you or your organization requested.
  • Legitimate interests: to secure and improve our Services, prevent fraud, and communicate with business contacts.
  • Consent: for certain cookies and marketing communications where required.
  • Legal obligation: to comply with applicable laws and lawful requests.

7. How We Share Personal Information

We may share personal information in the following circumstances:

  • With Customers: authorized admins and users within the Customer organization may access platform data as configured.
  • With service providers (subprocessors): hosting, analytics, customer support tools, communication tools, and security vendors.
  • With marketing and sales enablement providers: for marketing automation and outreach (e.g., HubSpot, Lemlist, Apollo.io) as configured for business communications.
  • With analytics providers: website analytics and performance measurement (e.g., Google Analytics).
  • With integration partners: when a Customer enables integrations (e.g., ERP/CRM/warehouse), relevant data may flow to/from that system.
  • For legal and safety reasons: to comply with law, protect rights, prevent misuse, or respond to lawful requests.
  • In business transfers: if we are involved in a merger, acquisition, financing, or sale of assets, subject to confidentiality and legal safeguards.

8. Cookies and Similar Technologies

We use cookies and similar technologies to operate our website, understand performance, and improve user experience. These may include essential cookies (security and site functionality), analytics cookies (e.g., Google Analytics), and marketing/attribution cookies (e.g., HubSpot).

  • You can manage cookies through your browser settings.
  • Where required by law, we will request consent for non-essential cookies.
  • Some marketing tools may use tracking pixels to measure email or campaign engagement; you can opt out of marketing communications at any time.

9. Data Retention

We retain personal information only as long as necessary for the purposes described in this Policy, including to provide the Services, meet contractual commitments, resolve disputes, and comply with legal obligations.

For Customer platform data, retention and deletion are governed by the Customer contract. Upon termination, Customers may have a limited time window to export data, after which data is securely deleted or anonymized unless retention is required by law or contractual obligations.

10. Security

SwishX maintains an information security program designed to protect confidentiality, integrity, and availability of data. We use encryption in transit and at rest, role-based access controls, audit logging, and monitoring. SwishX is SOC 2 compliant, ISO 27001 aligned, and GDPR compliant.

11. International Data Transfers

SwishX may process personal information in countries where we and our service providers operate. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for international transfers.

12. Your Rights and Choices

Depending on your location and applicable law, you may have rights to:

  • Access, correct, or delete your personal information.
  • Object to or restrict certain processing.
  • Withdraw consent where processing is based on consent.
  • Request portability of your personal information (where applicable).
  • Lodge a complaint with a supervisory authority (EEA/UK).

If we process your information as a processor on behalf of a Customer, we may direct your request to the Customer, or assist the Customer in responding as required by the contract.

13. Marketing Preferences

You can opt out of marketing emails at any time by using the unsubscribe link in the email or contacting us. We may still send you non-promotional messages related to security, support, or contractual updates.

14. Children’s Privacy

SwishX is a business-to-business service and is not intended for children. We do not knowingly collect personal information from children.

15. Changes to this Policy

We may update this Privacy Policy from time to time. If changes are material, we will provide appropriate notice by posting an updated Policy and updating the “Last updated” date.

16. Contact Us

For questions or requests related to this Privacy Policy:

  • Email: privacy@swishx.com (recommended)
  • Security: security@swishx.com
  • General: enterprise@swishx.com

Company: BenPlat EPP Technology Private Limited (d/b/a SwishX)

X

Book an Exploratory Call
with our leadership team.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Or
Book a Calendar Slot
X

Download Pharma Report 2026
Submit your info & we'll send you the full report for free

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.