Privacy Policy

1. Introduction

Triovex Technologies Private Limited ("Company", "We", "Us", "Our"), a company incorporated under the laws of India with its registered office at Kolkata, West Bengal, India, operates the Mind Sphire platform ("Service", "Platform"). This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our Service.

This Privacy Policy is published in compliance with:

• Information Technology Act, 2000 ("IT Act")
• Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules")
• Digital Personal Data Protection Act, 2023 ("DPDP Act")
• Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021

By using the Service, you consent to the collection and processing of your personal data as described in this Privacy Policy.

2. Data Controller

For the purposes of applicable data protection laws, Triovex Technologies Private Limited is the "Data Fiduciary" (as defined under the DPDP Act) responsible for your personal data collected through the Service.

3. Information We Collect

3.1 Information You Provide Directly

• Account Information: Name, email address, password, and profile information when you create an account
• User Content: Documents, files, text, images, and other materials you upload to the Service
• Communication Data: Information you provide when contacting us for support or inquiries
• Payment Information: Billing details processed securely through our payment partners (we do not store full payment card details)

3.2 Information Collected Automatically

• Usage Data: How you interact with the Service, including features used, pages visited, and session duration
• Device Information: IP address, browser type, operating system, and device identifiers
• Cookies and Tracking: Session cookies and analytics data (see Section 11)

3.3 Sensitive Personal Data or Information (SPDI)

Under the SPDI Rules, 2011, "Sensitive Personal Data or Information" includes:

• Passwords
• Financial information (bank account, credit/debit card details)
• Physical, physiological, and mental health condition
• Sexual orientation
• Medical records and history
• Biometric information

We do not intentionally collect SPDI unless explicitly required for providing specific features. If your uploaded Content contains SPDI, you are responsible for ensuring you have appropriate consent and lawful basis to share such information.

4. Purpose of Data Processing

In accordance with the DPDP Act's principle of purpose limitation, we process your personal data only for the following specified purposes:

• Service Provision: To provide, operate, and maintain the Service
• AI Processing: To analyze your documents and generate AI-powered insights, summaries, and responses
• Account Management: To create and manage your account
• Communication: To send service-related notifications, updates, and respond to inquiries
• Payment Processing: To process transactions and billing
• Security: To detect, prevent, and address fraud, unauthorized access, and security incidents
• Legal Compliance: To comply with applicable laws, regulations, and legal processes
• Service Improvement: To analyze usage patterns and improve the Service (in aggregated, anonymized form)

5. Lawful Basis for Processing

Under the DPDP Act, we process your personal data based on the following lawful grounds:

• Consent: Your explicit consent provided at the time of registration or uploading Content
• Contractual Necessity: Processing necessary to perform our contract with you (i.e., providing the Service)
• Legal Obligation: Processing required to comply with applicable laws
• Legitimate Interests: Processing for our legitimate business interests, where not overridden by your rights

6. AI Processing of Your Content

When you upload documents to Mind Sphire, they are processed by artificial intelligence systems to provide features such as summarization, question-answering, and knowledge extraction. We want you to understand:

• Your Content is NOT used to train public AI models. We do not use your personal documents to train or improve models shared with other users or the public.
• Processing is isolated. Your Content is processed in a manner that keeps it separate from other users' data.
• Third-Party AI Providers: We may use third-party AI service providers (such as Google, OpenAI, or others) to process your Content. These providers are bound by data processing agreements and are prohibited from using your data for their own purposes.
• Encryption: Your Content is encrypted during transmission (TLS) and at rest.

7. Disclosure and Sharing of Personal Data

We do not sell your personal data. We may share your data with third parties only in the following circumstances:

• Service Providers: Trusted partners who assist in operating the Service (cloud hosting, payment processing, AI providers, analytics) under strict data protection agreements
• Legal Requirements: When required by law, court order, or government authority, including compliance with the IT Act and lawful requests from Indian law enforcement agencies
• Protection of Rights: To protect our rights, property, safety, or that of our users or the public
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, where your data may be transferred to the successor entity
• With Your Consent: For any other purpose with your explicit consent

8. Cross-Border Data Transfers

Your personal data may be transferred to, stored, and processed in countries outside India, including countries where our service providers (such as cloud hosting and AI providers) operate. Such transfers are made in compliance with the DPDP Act and applicable regulations.

We take appropriate safeguards to ensure that your data remains protected in accordance with this Privacy Policy and applicable Indian law, including executing appropriate data processing agreements with recipients.

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law:

• Account Data: Retained for the duration of your account and for 30 days after deletion request
• User Content: Retained until you delete it or request account deletion
• Transaction Records: Retained for 7 years as required under Indian tax and commercial laws
• Usage Logs: Retained for 180 days for security and analytics purposes

10. Data Security

In compliance with the SPDI Rules, 2011, we implement reasonable security practices and procedures including international standards such as ISO/IEC 27001 to protect your personal data from unauthorized access, disclosure, alteration, or destruction:

• Encryption of data in transit (TLS 1.3) and at rest (AES-256)
• Secure authentication mechanisms
• Regular security assessments and audits
• Access controls limiting data access to authorized personnel only
• Incident response procedures for data breaches

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

11. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

• Essential Cookies: Required for the Service to function (session management, authentication)
• Analytics Cookies: To understand usage patterns and improve the Service (anonymized)
• Preference Cookies: To remember your settings and preferences

You can control cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Service.

12. Your Rights as a Data Principal

Under the Digital Personal Data Protection Act, 2023, you have the following rights as a "Data Principal":

• Right to Access: Request confirmation of whether we process your personal data and obtain a summary of such data
• Right to Correction: Request correction of inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data (subject to legal retention requirements)
• Right to Data Portability: Request your personal data in a structured, commonly used, machine-readable format
• Right to Withdraw Consent: Withdraw your consent to processing at any time (without affecting the lawfulness of processing before withdrawal)
• Right to Grievance Redressal: File a complaint with our Grievance Officer or the Data Protection Board of India

To exercise any of these rights, please contact our Grievance Officer at support@triovextech.com. We will respond to your request within 30 days.

13. Children's Privacy

The Service is not intended for individuals under the age of 18 years. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete such information promptly.

Under the DPDP Act, processing of a child's personal data requires verifiable consent from a parent or lawful guardian.

14. Third-Party Links and Services

The Service may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to such third parties. We encourage you to review the privacy policies of any third-party services you access through our Service.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. Material changes will be notified to you via email or through a prominent notice on the Service at least 30 days before the changes take effect.

Your continued use of the Service after the effective date of the revised Privacy Policy constitutes your acceptance of the changes.