Privacy Policy

1. Introduction

At AIVO Technologies Pvt Ltd. (“AIVO”, “we”, “our” or “us”), we believe that your privacy is not just a right but a fundamental trust. This Privacy Policy reflects our deep commitment to safeguarding your personal data and ensuring that you retain full control over the information you choose to share with us.

This Policy governs the use of our AI-powered document storage and retrieval application, AIVO DocAI (the “App”), and our associated websites and services (collectively, the “Services”). It outlines the types of personal data we collect, the purposes for which we process such data, and your rights under applicable data protection laws including the General Data Protection Regulation (EU) 2016/679 (“GDPR”), as well as other international privacy laws.

2. Scope of this Privacy Policy

This Privacy Policy applies to all users of our App and Services globally, unless specified otherwise. It applies whether you access our Services through a web interface, mobile application, desktop application, or through integrated APIs.

3. Data Controller

AIVO Technologies Pvt Ltd. is the data controller for all personal data collected through the App and Services.

Data Protection Officer (DPO): Mr. Kushal Singh
Email: aivotechai@gmail.com

4. Categories of Personal Data Collected

We collect the following types of data, either directly from you, through your use of our Services, or from your device:

4.1 Directly Provided Data

• Full name, email address, and phone number
• User credentials and profile preferences
• Identity documents (e.g., Aadhaar, PAN, Passport)
• Property records, bills, invoices, medical documents, legal contracts, and other user-uploaded files

4.2 Sensitive Personal Data

• Biometric data (e.g., facial recognition, fingerprint) used strictly for user authentication
• Health-related or financial data stored by you in the app

4.3 AI Processing Data

• Prompts and queries entered for document search or retrieval
• Metadata extracted from stored documents
• Classification or summarisation outputs (only when enabled by user)

4.4 Device & Usage Data

• IP address, browser type, device information, OS
• Time of access, duration, and frequency of usage
• Crash logs, performance logs

4.5 Website Data

• Cookies, pixels, and similar tracking tools
• Pages visited, referral sources, and click patterns

5. Legal Basis for Processing

• Consent: For optional AI classification/summarisation and biometric use, obtained via affirmative opt-in.
• Contractual Necessity: To deliver our core services and provide access to the App.
• Legitimate Interests: For enhancing security, preventing abuse, service analytics, and improving user experience.
• Legal Obligation: To comply with tax, regulatory, or judicial requirements.

6. Purposes of Data Processing

• To enable you to securely upload, classify, and retrieve your documents
• To verify your identity and ensure data is only accessible to you
• To improve performance of the AI engine (only when enabled)
• To deliver notifications, service updates, or critical system alerts
• To authenticate your access through optional biometric login
• To facilitate payment processing (if you opt for paid features)
• To ensure compliance with applicable laws and enforce our Terms

7. AI and Machine Learning Use

AIVO DocAI incorporates Artificial Intelligence (AI) and Machine Learning (ML) functionalities to enhance user experience, streamline document management, and enable intelligent retrieval and summarisation of documents. These technologies are designed and deployed in a privacy-conscious manner, with clear user control, opt-in preferences, and strict data governance.

7.1 Nature and Scope of AI Processing

The App leverages AI models to perform the following actions:

• Natural Language Query Interpretation: Users may retrieve stored documents by typing or speaking natural language instructions (e.g., “show my electricity bill for April 2023”).
• Document Classification: When enabled by the user, DocAI uses ML to automatically assign categories to uploaded documents.
• Document Summarisation: Upon user request, the App may summarise contents of lengthy documents using AI tools.

No AI/ML processing occurs without your knowledge or consent.

7.2 User Consent and Controls

• Enable or disable AI-powered features via in-app settings
• Revoke previously granted consent at any time
• Access logs or summaries generated by the AI (where available)

We do not use AI to make legally significant automated decisions.

7.3 Data Inputs and Outputs

All inputs used by the AI engine are encrypted during processing. Outputs are linked only to your account and not shared externally.

7.4 No Profiling or Behavioural Tracking

DocAI does not use AI to profile users, build behavioural models, or for advertising/marketing exploitation.

7.5 Data Minimisation and Privacy by Design

• Minimal data retention
• Automatic deletion of cached results
• End-to-end encryption
• Localised inference where possible

7.6 AI Model Transparency and Auditability

• Timestamped queries
• Processing status
• AI version used

8. Access Permissions

• Camera and File Access
• Biometrics/Face ID (optional)
• Contacts (used only in-app)
• Location: Not collected

9. Data Retention Policy

• You may delete any document anytime.
• Upon account deletion, data is deleted within 7 days, with limited retention of basic details and financial records as per law.

10. Data Security

DocAI follows security-by-design and zero-trust principles.

10.1 Technical and Organizational Measures

• End-to-End Encryption (TLS 1.3, AES-256)
• Zero-Knowledge Architecture
• Biometric Access (local only)
• Strict Access Controls
• File Integrity Monitoring
• Regular Penetration Testing
• Cloud Security Controls (ISO, SOC 2, PCI DSS)

10.2 Internal Security Protocols

• Employee confidentiality and training
• Data minimisation and anonymisation
• System monitoring and audit trails

10.3 User Responsibility

• Use strong passwords and biometric lock
• Do not share login credentials
• Keep software updated

10.4 Incident Response and Breach Notification

If a breach occurs, AIVO will notify users promptly, inform regulators (within 72h for GDPR), and take remedial action.

11. Sharing of Data

No sale or marketing use of data. Data may be disclosed only to comply with law, prevent fraud, or process payments securely.

12. International Data Transfers

Data may be transferred outside your country with safeguards such as SCCs, encryption, and regional hosting where required.

13. Your Rights

• Access your data
• Correct inaccuracies
• Request deletion
• Restrict processing
• Withdraw consent
• Request portability

Contact DPO at aivotechai@gmail.com to exercise these rights.

14. Analytics and Cookies

Cookies and analytics are used only on the website, anonymised, and not linked to profiles.

15. Data Relating to Children

Services are not intended for children under 16. Data from minors is deleted if discovered.

16. Data Breach Notification

• Notify affected users
• Inform regulators
• Take remedial measures

17. Updates to this Privacy Policy

Policy may be updated for legal, technical, or service changes. Users will be notified of material updates.

18. Calendar Events

With your explicit permission, our app may access your Google Calendar events. This may include event details such as titles, descriptions, dates, times, locations, and attendee lists. We use this information solely to allow you to create, update, and manage events directly from within the app. We do not share or sell this information to third parties.

19. Calendar Information

To provide accurate functionality, we may access your calendar ID(s) and calendar name(s). This enables us to display the correct calendars within the app and associate new events with the selected calendar. This information is only used for display and event management purposes and is not disclosed to external parties.

20. Limited Use Disclosure

Our use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, we only use Google Calendar data to provide the core functionality of our app, such as creating, updating, and displaying your events. We do not use your data for advertising, do not share it with third parties, and do not allow humans to read it, except when required for security purposes, to comply with applicable law, or as part of an explicit user request.

21. Contact Information

AIVO Technologies Pvt Ltd.
Attn: Data Protection Officer (DPO)
Email: aivotechai@gmail.com