🔒 Privacy Policy for Docudite.ai

1. Introduction

Welcome to Docudite.ai ("we," "our," or "us"), a product of AIPRAGNYA PRIVATE LIMITED. We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered document analysis services.

Please read this policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access or use our services.

Contact Information:

AIPRAGNYA PRIVATE LIMITED

Email: admin@docudite.ai

Address: Unit 101, Oxford Towers, 139, HAL Old Airport Rd, Kodihalli, Bengaluru, Karnataka 560008, India

For privacy-specific inquiries, you may also contact our Data Protection Officer at: admin@docudite.ai

2. Information We Collect

We collect information that you provide directly to us, information we obtain automatically when you use our services, and information from third-party sources.

2.1 Personal Information You Provide

Account Information:

• Name
• Email address
• Phone number
• Password (encrypted)
• Company name (optional)
• Billing address

Document Data:

• Documents you upload for analysis
• Document content and metadata
• Analysis requests and queries
• Comments and annotations you make

Payment Information:

• Billing name and address
• Payment method details (processed securely by Razorpay; we do not store full credit card numbers)
• Transaction history and invoices

Communications:

• Customer support messages
• Feedback and survey responses
• Email correspondence with us

2.2 Information Collected Automatically

Usage Data:

• Pages visited and features used
• Time and date of access
• Document processing history
• Search queries within the service
• Feature interaction data

Device and Technical Data:

• IP address
• Browser type and version
• Device type and operating system
• Unique device identifiers
• Referring website addresses
• Crash reports and performance data

Cookies and Similar Technologies:

We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activities. For detailed information, please see Section 11 (Cookies Policy).

2.3 Information from Third-Party Sources

• Authentication data from social login providers (if you choose to sign in via Google, LinkedIn, etc.)
• Payment confirmation data from Razorpay
• Public business information if you register with a company email

3. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Performance of Contract: To provide you with our document analysis services, process payments, and manage your account.
• Consent: When you provide explicit consent for specific processing activities, such as marketing communications or optional data uses.
• Legitimate Interests: To improve our services, ensure security, prevent fraud, and conduct business analytics, provided these interests do not override your rights.
• Legal Obligations: To comply with applicable laws, regulations, legal processes, or governmental requests.

You have the right to withdraw consent at any time where we rely on consent as the legal basis for processing.

4. How We Use Your Information

We use the collected information for the following purposes:

Service Delivery:

• Creating and managing your account
• Processing and analyzing your uploaded documents using AI
• Providing document insights, summaries, and analysis results
• Enabling document search and retrieval
• Processing payments and generating invoices

AI and Automated Processing:

• We use artificial intelligence and machine learning models (including large language models) to analyze document content, extract information, generate summaries, and answer questions about your documents
• Our AI systems automatically process document text to identify key information, entities, themes, and relationships
• No human review of your private document content occurs unless you explicitly request customer support assistance

Service Improvement:

• Analyzing usage patterns to improve our services and user experience
• Developing new features and functionality
• Conducting research and analytics (using aggregated, anonymized data only)
• Important: We will NEVER use the content of your private documents to train our AI models without your explicit, separate, opt-in consent

Communication:

• Responding to your inquiries and providing customer support
• Sending transactional emails (account notifications, password resets, payment confirmations)
• Sending service updates, security alerts, and administrative messages
• Sending marketing communications (only with your consent; you can opt out anytime)

Security and Legal Compliance:

• Detecting, preventing, and addressing fraud, security issues, and technical problems
• Enforcing our Terms of Service
• Complying with legal obligations and responding to lawful requests
• Protecting our rights, property, and safety, and that of our users

5. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

Service Providers and Partners:

• Cloud Infrastructure: Google Cloud Platform (for hosting and storage)
• AI Services: OpenAI, Anthropic, or other AI model providers (for document processing)
• Payment Processing: Razorpay (for payment transactions)
• Email Services: Email delivery providers (for transactional and marketing emails)
• Analytics: Google Analytics or similar services (using anonymized data where possible)

All third-party service providers are contractually obligated to protect your data and use it only for the purposes we specify.

Business Transfers:

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

Legal Requirements:

We may disclose your information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to:

• Comply with legal obligations
• Protect and defend our rights or property
• Prevent fraud or security issues
• Protect the safety of our users or the public

With Your Consent:

We may share your information for any other purpose with your explicit consent.

6. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including India, the United States, and other countries where our service providers operate.

For European Economic Area (EEA) and UK Users:

When we transfer personal data outside the EEA or UK, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Other legally approved transfer mechanisms

For all users:

We ensure that any international transfers comply with applicable data protection laws and that your data receives an adequate level of protection.

7. Data Security

We implement appropriate technical and organizational security measures to protect your personal information and documents against unauthorized access, alteration, disclosure, or destruction.

Security Measures Include:

Encryption:

• All data transmitted between your device and our servers is encrypted using SSL/TLS (Transport Layer Security)
• Documents and sensitive data are encrypted at rest using AES-256 encryption
• Database encryption for stored personal information

Access Controls:

• Role-based access control systems
• Multi-factor authentication for administrative access
• Regular access audits and monitoring
• Strict employee data access policies

Infrastructure Security:

• Secure cloud infrastructure with industry-standard certifications
• Regular security audits and penetration testing
• Intrusion detection and prevention systems
• Automated backup systems with encryption

Operational Security:

• Employee security training
• Confidentiality agreements with all personnel
• Incident response procedures
• Regular security updates and patches

While we have taken reasonable steps to secure your information, please be aware that no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against interception or misuse.

8. Data Retention

We retain your information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

Specific Retention Periods:

• Uploaded Documents and Analysis Results: Retained for 30 days from the date of upload or until you delete them, whichever comes first. After 30 days, documents are automatically and permanently deleted from our active servers and backups.
• Account Information: Retained for as long as your account is active or as needed to provide you services.
• Payment Records: Retained for 7 years to comply with tax and accounting requirements.
• Communications and Support Tickets: Retained for 3 years or until resolved.
• Usage and Analytics Data: Aggregated and anonymized data may be retained indefinitely for statistical purposes.

Deletion Process:

When retention periods expire or you request deletion, we permanently delete your data from our active systems and backups within 90 days, except where we are legally required to retain certain information.

9. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

9.1 Rights for All Users

• Access: Request access to the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete personal information.
• Deletion: Request deletion of your personal information and account.
• Data Portability: Request a copy of your data in a structured, commonly used, machine-readable format.
• Opt-Out of Marketing: Unsubscribe from marketing emails at any time.

9.2 Additional Rights for EEA, UK, and Swiss Users (GDPR)

• Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
• Right to Restrict Processing: Request restriction of processing in certain circumstances.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
• Right to Lodge a Complaint: File a complaint with your local data protection authority.

Supervisory Authority Contact:

• EU users: Your local Data Protection Authority
• UK users: Information Commissioner's Office (ICO) - https://ico.org.uk

9.3 Additional Rights for California Residents (CCPA/CPRA)

• Right to Know: Request disclosure of categories and specific pieces of personal information collected, sources, purposes, and third parties with whom we share data.
• Right to Delete: Request deletion of personal information (subject to certain exceptions).
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out: Opt-out of the sale or sharing of personal information (Note: We do not sell personal information).
• Right to Limit Use of Sensitive Personal Information: Request limitation of use of sensitive personal information (if applicable).
• Right to Non-Discrimination: You will not receive discriminatory treatment for exercising your privacy rights.
• Authorized Agent: You may designate an authorized agent to make requests on your behalf.

9.4 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

• Email: admin@docudite.ai
• Subject Line: "Privacy Rights Request"
• Include: Your full name, email address, and specific request

We will respond to your request within:

• 30 days (GDPR/general requests)
• 45 days (CCPA requests, extendable by 45 days if complex)

We may need to verify your identity before processing your request. We will not charge a fee unless your request is manifestly unfounded or excessive.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and track information about your use of our services.

Types of Cookies We Use:

• Essential Cookies: Necessary for the service to function (authentication, security, load balancing).
• Functional Cookies: Enable enhanced features and personalization (remember your preferences).
• Analytics Cookies: Help us understand how visitors use our service (Google Analytics).
• Advertising Cookies: Used to deliver relevant advertisements (if applicable).

Cookie Management:

Most browsers allow you to control cookies through settings. You can:

• Block all cookies
• Accept only certain cookies
• Delete cookies after your session

Note that disabling certain cookies may affect the functionality of our service.

Do Not Track:

Our service does not currently respond to "Do Not Track" signals. We may implement this feature in the future as industry standards develop.

For more information about cookies and how to manage them, visit: www.allaboutcookies.org

11. Third-Party Links and Services

Our service may contain links to third-party websites, applications, or services that are not operated by us. If you click on a third-party link, you will be directed to that third party's site.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We strongly advise you to review the privacy policy of every site you visit.

Key Third-Party Services:

• Razorpay: Payment processing - https://razorpay.com/privacy
• Google Cloud Platform: Infrastructure and hosting - https://cloud.google.com/privacy
• AI Model Providers: Document processing (specific providers disclosed in service documentation)

12. Children's Privacy

Our service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at admin@docudite.ai. If we discover that a child under 18 has provided us with personal information, we will delete such information from our systems promptly.

13. AI Model Training and Your Data

Our Commitment:

We take your privacy seriously and will NEVER use your private document content to train our AI models without your explicit, informed, opt-in consent.

Current Practice:

• Your uploaded documents are processed by AI to provide you with analysis results
• Document content is NOT used to train or improve AI models
• Only aggregated, anonymized usage statistics (not document content) may be used for service improvement

Future Consent-Based Training (If Implemented):

If we ever offer an option for users to contribute their data for AI training in exchange for benefits (such as improved accuracy or reduced pricing), we will:

• Provide a completely separate, explicit opt-in mechanism
• Clearly explain what data will be used and how
• Allow you to withdraw consent at any time
• Never enroll you without explicit action on your part
• Maintain separate data storage for consented data

AI Provider Data Usage:

The AI model providers we use (such as OpenAI, Anthropic, or others) have their own data usage policies. We select providers who:

• Do not use customer data submitted via API for training unless explicitly opted in
• Implement strong security and privacy measures
• Comply with applicable data protection laws

We encourage you to review the privacy policies of the specific AI providers mentioned in our service documentation.

14. California Privacy Rights - "Shine the Light"

California residents may request information about our disclosure of personal information to third parties for their direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

15. Nevada Privacy Rights

Nevada residents have the right to opt-out of the sale of certain personal information to third parties. We do not sell personal information as defined under Nevada law. If you have questions, contact us at admin@docudite.ai.

16. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

• Notify affected users within 72 hours of becoming aware of the breach (as required by GDPR)
• Notify relevant supervisory authorities as required by law
• Provide information about the nature of the breach, potential consequences, and measures taken
• Offer guidance on steps you can take to protect yourself

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

Notification of Changes:

• We will post the updated Privacy Policy on this page
• We will update the "Last Updated" date at the top
• For material changes, we will provide prominent notice (such as email notification or in-app alert) at least 30 days before the changes take effect
• Your continued use of our services after changes become effective constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

AIPRAGNYA PRIVATE LIMITED

Product: Docudite.ai

Email: admin@docudite.ai

Address: Unit 101, Oxford Towers, 139, HAL Old Airport Rd, Kodihalli, Bengaluru, Karnataka 560008, India

Data Protection Officer: admin@docudite.ai

For Privacy Rights Requests: Please use subject line "Privacy Rights Request"

For Security Issues: Please use subject line "Security Issue" and provide detailed information

We will respond to all legitimate requests within the timeframes required by applicable law.

Appendix: Categories of Personal Information (CCPA)

For California residents, the following table summarizes the categories of personal information we collect, use, and disclose:

We do NOT collect: Biometric data, geolocation data (precise), sensitive personal information beyond account security.

We do NOT sell or share personal information for cross-context behavioral advertising.