Introduction
AIzYantra ("we," "us," or "our"), operated by AIzYantra Technologies, is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, store, share, and protect information when you use our website (aizyantra.com), services, and platforms.
We operate as a Data Fiduciary under India's Digital Personal Data Protection Act, 2023 (DPDPA). You, as a user, are a Data Principal with rights over your personal data as outlined in this policy and applicable law.
This policy applies to all users globally, with additional provisions for users covered by the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
Information We Collect
Information You Provide Directly
| Data Type | When Collected |
|---|---|
| Name, email, phone number | Contact forms, AI Assessment, account creation |
| Company name, industry, role | AI Readiness Assessment, consultation requests |
| Voice recordings & transcripts | Tripti Voice SDR conversations |
| Business requirements & documents | POC Program submissions, consulting engagements |
| Payment information | Service subscriptions (processed by Razorpay — we do not store card details) |
| Login credentials | Client portal account creation |
Information Collected Automatically
| Data Type | Purpose |
|---|---|
| IP address, browser type, device info | Security, analytics, service optimization |
| Pages visited, time spent, click patterns | Website improvement, user experience enhancement |
| Cookies and similar technologies | Authentication, preferences, analytics (see our Cookie Policy) |
Information from Third Parties
| Source | Data Type |
|---|---|
| Google Analytics | Anonymized usage patterns, demographics |
| Meta Pixel | Ad interaction data, conversion tracking |
| LinkedIn Insight Tag | Professional demographics, ad performance |
How We Use Your Information
| Purpose | Legal Basis (DPDPA) |
|---|---|
| Delivering AI consulting and automation services | Contractual necessity |
| Processing AI Readiness Assessments | Consent |
| Operating Tripti Voice SDR conversations | Consent |
| Sending service updates and notifications | Legitimate use |
| Marketing communications (with opt-in) | Consent |
| Analytics and service improvement | Legitimate use |
| Security monitoring and fraud prevention | Legitimate use |
| Legal compliance and regulatory obligations | Legal obligation |
Third-Party Service Providers
We share data with trusted third-party providers who assist in delivering our services. Each provider is contractually obligated to protect your data.
| Provider | Purpose | Data Shared |
|---|---|---|
| Vercel | Website hosting & CDN | Access logs, IP addresses |
| Supabase | Database & authentication | Account data, application data |
| OpenAI | AI models (GPT-4o, Whisper, Realtime API) | Conversation data, voice inputs |
| Simli | 3D avatar rendering for Tripti | Voice session data |
| Google Analytics | Website analytics | Anonymized usage data |
| Meta Pixel | Advertising analytics | Conversion events |
| Razorpay | Payment processing | Transaction data (PCI DSS compliant) |
Data Retention
| Data Category | Retention Period |
|---|---|
| Active client engagement data | Duration of engagement + 3 years |
| AI Readiness Assessment responses | 2 years from submission |
| Tripti voice recordings | 90 days, then anonymized |
| Marketing consent records | Until consent is withdrawn |
| Analytics data | 26 months (Google Analytics default) |
| Payment & billing records | 8 years (Indian tax compliance) |
| Client portal accounts | Until account deletion is requested |
Your Rights as a Data Principal
Under the DPDPA 2023, you have the following rights regarding your personal data:
- Right to Access — Request confirmation of whether we process your data and obtain a summary of your personal data and processing activities.
- Right to Correction — Request correction of inaccurate or incomplete personal data, and have outdated data updated.
- Right to Erasure — Request deletion of your personal data when it is no longer necessary for the purpose it was collected, subject to legal retention requirements.
- Right to Withdraw Consent — Withdraw previously given consent at any time. Withdrawal does not affect the lawfulness of processing performed before withdrawal.
- Right to Grievance Redressal — File a complaint with our Grievance Officer or escalate to the Data Protection Board of India.
- Right to Nominate — Nominate another individual to exercise your data rights in the event of your death or incapacity.
Additional Rights (GDPR / CCPA)
If you are located in the European Economic Area (EEA) or California, you may have additional rights including data portability, the right to restrict processing, the right to object to processing, and the right to opt out of the sale of personal information. Contact us at privacy@aizyantra.com to exercise these rights.
Children's Data
Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. In compliance with DPDPA Section 9, if we become aware that we have collected data from a minor without verifiable parental consent, we will promptly delete such data. If you believe a child has provided us with personal data, please contact us immediately at privacy@aizyantra.com.
Cross-Border Data Transfers
Your data may be transferred to and processed in countries outside India, including the United States, where our service providers (OpenAI, Vercel, Google) operate. We ensure that any cross-border transfer complies with DPDPA requirements and that adequate safeguards are in place. We do not transfer data to countries restricted by the Central Government of India.
Security Measures
We implement comprehensive security measures to protect your personal data:
- Encryption in Transit — All data transmitted via TLS 1.3 encryption (HTTPS enforced across all pages).
- Encryption at Rest — Database encrypted using AES-256 via Supabase's infrastructure.
- Access Control — Row-Level Security (RLS) policies on all 41+ database tables ensuring data isolation between clients.
- Authentication — Multi-factor authentication (MFA) enforced for all team members.
- Breach Notification — In the event of a data breach, we will notify affected Data Principals and the Data Protection Board within 72 hours as required by the DPDPA.
AI-Specific Disclosures
- Tripti Voice SDR — Conversations with Tripti are processed using OpenAI's GPT-4o Realtime API. Voice data is transmitted in real-time, processed for response generation, and transcripts are stored for 90 days before anonymization. You will be informed that you are interacting with an AI agent at the start of each conversation.
- AI Readiness Assessment — Your assessment responses are processed by AI models to generate scores and recommendations. Raw responses are stored for 2 years. AI-generated insights are clearly labeled as such in your assessment report.
- AI-Generated Content — Content produced by our AI systems (reports, recommendations, analysis) is labeled as AI-generated where applicable.
Grievance Officer
In compliance with the DPDPA 2023, we have appointed the following Grievance Officer to address your concerns:
| Detail | Information |
|---|---|
| Name | Kunal Bellur, CPO |
| grievance@aizyantra.com | |
| Response Time | Within 30 days of receiving your request |
| Escalation | Data Protection Board of India |
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by posting the updated policy on our website with a revised "Last Updated" date. For significant changes affecting your rights, we will provide prominent notice on our website or via email.
Contact Us
For any privacy-related inquiries, data access requests, or concerns, please contact us:
- Email: privacy@aizyantra.com
- Phone: +91-9958824555
- Address: AIzYantra Technologies, Bengaluru, Karnataka, India
