Home For Business For SMEs About Contact Get started →
Legal

Privacy Policy

The absolute privacy of highly sensitive commercial data and the protection of personal data belonging to consumers is viewed not merely as a statutory obligation, but as a central, core foundational principle of the entire business architecture. Highly valuable data shall never be sold, leased, traded, or distributed to external advertisers.

1. Inventory of Procured Data

  • Personal and Commercial Information: Identity Data (legal name, business name), Contact Data (email, physical address, WhatsApp numbers), and Financial Data (payment preferences). Raw credit card data is handled exclusively by PCI-DSS compliant gateways (Razorpay).
  • Technical Setup & Systems Data: Encrypted API Credentials (access tokens for Google, Meta, and OpenAI), Platform Access Logs (IP addresses, timestamps), and temporary Website Technical Data.
  • Operational AI Data: Customer review text (purged within 7 days), aggregated numerical metric snapshots for audits, and raw lead data captured through digital forms (exclusively owned by the Client).

2. Utilization Parameters of Procured Data

Data is utilized strictly for operational necessities:

  • Service Delivery: Foundational construction and deployment of custom digital infrastructure.
  • AI Operation: Provision of contextual fuel required to power analytical engines, sentiment analyzers, and language models.
  • Billing: Secure processing of payments and generation of legally compliant GST tax invoices.
  • Communication: Broadcasting system updates, monthly PDF audit reports, and support request resolutions.

3. Third-Party Data Transmission

Limited, strictly controlled data processing transpires upon several trusted, global mega-platforms:

  • OpenAI & Anthropic (USA): For advanced AI text generation and complex reasoning tasks. Only raw contextual text is shared; no personal identifiers are transmitted.
  • Google & Meta (USA): For GBP API access and WhatsApp Business API infrastructure.
  • Oracle & AWS: For secure cloud database management and high-availability server infrastructure.
  • n8n & Make.com: Encrypted routing layers for secure API integration.
  • Razorpay (India): For impenetrable, PCI-DSS Level 1 compliant payment processing.

4. Data Security and Protection Safeguards

  • Military-Grade Encryption: AES-256 encryption for data at rest; TLS 1.3 encryption for data in transit.
  • Zero-Trust Access Control: Strict role-based access control (RBAC) implemented for all engineering personnel.
  • Redundancy & Backups: Automated daily encrypted backups stored in geographically isolated, off-site server locations.
  • Breach Response: Entities will be notified with full transparency within a strict seventy-two (72) hour window in the event of a suspected breach.

5. Fundamental Data Rights

In accordance with the Digital Personal Data Protection Act, clients may request:

  • Access: Receive a complete inventory of personal/commercial data held.
  • Rectification: Immediate correction of any inaccurate or outdated data.
  • Erasure: Cryptographic deletion of all operational data post-termination (excluding tax-mandated invoices).
  • Portability: Export of lead data and AI conversation logs in machine-readable formats (CSV, JSON).

6. Retention and Destruction Timelines

  • Active Client Info: Retained for the duration of the contract, plus one (1) year post-termination.
  • Financial Records: Forcefully retained for exactly seven (7) years as mandated by Indian GST regulations.
  • API Credentials: Subject to immediate cryptographic deletion upon contract termination or suspension.
  • Grace Period: General operational data is archived in a frozen state for thirty (30) days following cancellation before permanent deletion.