PRIVACY POLICY FOR YUVO AI PRIVATE LIMITED
Effective Date: March 19, 2025
SUMMARY OF KEY POINTS
TABLE OF CONTENTS
- INTRODUCTION
- DATA PROTECTION PRINCIPLES
- SCOPE OF THIS POLICY
- DATA PROTECTION RISKS
- RESPONSIBILITIES
- GENERAL GUIDELINES FOR STAFF
- DATA COLLECTION AND USE
- TYPES OF DATA COLLECTED
- LEGAL BASIS FOR PROCESSING
- DATA STORAGE AND SECURITY
- DATA ACCURACY AND UPDATES
- DATA RETENTION
- SUBJECT ACCESS REQUESTS AND DATA SUBJECT RIGHTS
- CONTROLS FOR DO-NOT-TRACK FEATURES
- UNITED STATES RESIDENTS' SPECIFIC PRIVACY RIGHTS
- DISCLOSURE OF DATA TO THIRD PARTIES
- INTERNATIONAL DATA TRANSFERS
- EMAIL MARKETING AND COMMUNICATIONS
- CONTACT US FORM
- THIRD-PARTY WEBSITES AND SERVICES
- CHILDREN'S PRIVACY
- UPDATES TO THIS PRIVACY POLICY
- CONTACT INFORMATION
- GOVERNING LAW AND JURISDICTION
Important Disclaimer
This Privacy Policy outlines our commitment to data protection and privacy. Please note the following important points:
- While we strive to align our practices with international privacy standards, we are not currently certified under all listed frameworks. Our compliance efforts are ongoing and we maintain appropriate security measures based on our business needs and applicable laws.
- Our primary jurisdiction is India, and while we respect international privacy standards, our legal obligations are primarily governed by Indian law. Users from other jurisdictions should be aware that their data may be processed in accordance with Indian law.
- While we carefully select our service providers, we are not responsible for their independent actions or policies. Each provider operates under their own privacy policies and terms of service.
- While we primarily store data in India, some data processing may occur in other jurisdictions where our service providers operate. We ensure appropriate safeguards for such transfers.
- While our general policy is not to collect data from persons under 18, we comply with local age requirements in different jurisdictions.
- Response timeframes mentioned in this policy are targets that we strive to meet but may vary based on request complexity, volume of requests, and other factors. These timeframes may be adjusted based on legal requirements and practical constraints.
- We reserve the right to revise and update our practices, including cookie usage and AI model training policies, from time to time, with appropriate notice to users.
- Data retention periods indicated in this policy are general guidelines that may be adjusted based on business needs, regulatory changes, and legal requirements.
1. INTRODUCTION
Yuvo AI Private Limited ("Yuvo AI", "we", "us", or "our"), CIN: U62099DL2024PTC434162, with its registered office at H NO E-115-B G/F R/P AB, NEAR HARI KOTHI/2 HOUSE, Jamia Nagar, New Delhi, South Delhi- 110025, Delhi and operating via https://yuvoai.org/ is committed to protecting the privacy and personal data of individuals who interact with our website, services, and business. This Privacy Policy describes how we collect, use, store, and handle personal data in compliance with applicable data protection laws and best practices.
This policy applies to all personal data collected and processed by Yuvo AI, including data of website visitors, clients, prospective clients, and individuals who contact us through our website or other means.
This Privacy Policy is designed to comply with applicable data protection laws and standards, including but not limited to:
- Indian Laws:
- The Digital Personal Data Protection Act, 2023 ("DPDP Act")
- The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules")
- The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 ("Intermediary Guidelines")
- International Standards:
- SOC 2 (Service Organization Control 2) - A comprehensive auditing procedure developed by the American Institute of CPAs (AICPA)
- HIPAA (Health Insurance Portability and Accountability Act) - US federal law for healthcare data protection
- ISO/IEC 27001 - International standard for information security management
- Regional Data Protection Laws:
- EU: General Data Protection Regulation (GDPR)
- UK: UK Data Protection Act 2018 and UK GDPR
- US: California Consumer Privacy Act (CCPA), Virginia Consumer Data Protection Act (VCDPA), and other state privacy laws
- GCC: UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data Protection Law (PDPL)
- Singapore: Personal Data Protection Act (PDPA)
- Australia: Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs)
For users in other jurisdictions, we also respect and comply with applicable local data protection laws to the extent they apply to our services.
1A. Definitions
For clarity and transparency, the following terms used in this Privacy Policy have specific meanings:
- "Artificial Intelligence" or "AI": Any algorithm, model, or system that is designed to perform tasks that typically require human intelligence, such as natural language processing, pattern recognition, or decision-making.
- "AI Models" or "Models": The specific AI systems, algorithms, or architectures developed, used, or accessed by Yuvo AI to provide services. These Models may be owned, operated, and controlled by us or by third parties we engage.
- "Large Language Models" or "LLM": A type of AI model specifically designed to understand and generate human-like text. These models are trained on large datasets of text and can perform various natural language processing tasks such as text generation, translation, summarization, and question answering.
- "Training" and "Finetuning": The process of refining and teaching a Model to perceive, interpret, and learn by observing a specific set of data, known as a "Training Dataset." If Training begins from scratch, it is referred to as "pre-training." If training resumes from the weights of a previously trained Model and incrementally refines said Model, it is referred to as "finetuning."
- "Core Services": The subset of Services that are provided by Yuvo AI and are integral to the unique features and functionalities of our platform. This includes our AI consulting services, research tools, and document review capabilities. Core Services exclude basic atomic units of modern websites providing functions such as authentication, email, network management, or streaming, and also exclude services that are not integral to the experience of using our platform such as those for analytics or marketing.
- "Payment Gateway Service Provider(s)": A Third Party that provides payment gateway, payment processing, or other digital financial services for our platform, including but not limited to Razorpay and their corresponding services.
- "Profile Information": Any information or data that you may voluntarily supply or upload to your account, for example, your profile picture, address, company name, and other details relating to your profession, career, practice, domain area of expertise, work experience, and profession or business.
- "Services": The Services offered by Yuvo AI include AI consulting, research, document review, and other functionalities as described in our Terms & Conditions document. These Services are provided on an "as-is" and "as available" basis for information purposes only.
- "Personal Data" or "Personal Information": Any information relating to an identified or identifiable natural person ('data subject'). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
- "User Data": Any information related to an identified or identifiable individual that is provided to or collected by us, including:
- Provided Information: Data actively provided through various means such as filling out details on our website, communicating with us, or engaging with our services.
- Collected Information: Data automatically collected when you interact with our services, including technical details like IP address and interaction logs.
- Usage Data: Information about your use of our services, such as the types of content you view or engage with, the features you use, and the actions you take.
- "Processing": Any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
- "Data Fiduciary": As defined under the Digital Personal Data Protection Act, 2023 (DPDP Act), any person who alone or in conjunction with other persons determines the purpose and means of processing personal data.
- "Data Principal": As defined under the DPDP Act, the individual to whom the personal data relates.
- "Third Party": A natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
- "Consent": Any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.
2. DATA PROTECTION PRINCIPLES
Yuvo AI is committed to processing personal data in accordance with the following principles, which align with the requirements of the Digital Personal Data Protection Act, 2023, and other applicable data protection laws:
- Fairness and Lawfulness: We will process personal data fairly and lawfully.
- Purpose Limitation: We will collect personal data for specified, explicit, and legitimate purposes and not further process it in a manner that is incompatible with those purposes.
- Data Minimization: We will ensure that personal data collected is adequate, relevant, and limited to what is necessary for the purposes for which they are processed.
- Accuracy: We will take reasonable steps to ensure that personal data is accurate and, where necessary, kept up to date.
- Storage Limitation: We will keep personal data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
- Integrity and Confidentiality: We will process personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
- Data Subject Rights: We will respect the rights of data subjects (referred to as "Data Principals" under the DPDP Act), including the right to access, rectify, erase, restrict processing, object to processing, and data portability, in accordance with applicable laws.
- International Transfers: We will ensure that any transfer of personal data outside of India is conducted in compliance with applicable data protection laws and safeguards, including the DPDP Act's requirements for cross-border data transfers.
3. SCOPE OF THIS POLICY
This policy applies to:
- Yuvo AI Private Limited, including its head office and all branches.
- All employees, contractors, consultants, and other personnel working for or on behalf of Yuvo AI.
- All personal data processed by Yuvo AI, regardless of the format in which it is stored (electronic, paper, or other).
This policy covers, but is not limited to, the following types of personal data:
- Names
- Postal Addresses
- Email Addresses
- Telephone Numbers
- Professional Titles and Company Information
- Any other information relating to identified or identifiable individuals that we may collect in the course of our business.
4. DATA PROTECTION RISKS
This policy is designed to protect Yuvo AI and individuals from data security risks, including:
- Confidentiality Breaches: Unauthorized disclosure or access to personal data.
- Lack of Choice and Control: Failure to provide individuals with choices regarding how their data is used.
- Reputational Damage: Harm to Yuvo AI's reputation resulting from data breaches or mishandling of personal data.
- Legal and Regulatory Non-Compliance: Failure to comply with data protection laws, leading to penalties and legal action.
5. RESPONSIBILITIES
Everyone at Yuvo AI shares responsibility for data protection. Key responsibilities are outlined below:
- Board of Directors: The Board of Directors has ultimate responsibility for ensuring Yuvo AI meets its legal and ethical obligations regarding data protection.
- Data Protection Officer: The Data Protection Officer or DPO, Hadi Khan ([email protected]), is responsible for:
- Overseeing the implementation of this Privacy Policy.
- Keeping the Board informed about data protection responsibilities, risks, and issues.
- Reviewing and updating data protection procedures and policies as appropriate to reflect changes in our practices and legal requirements.
- Providing data protection training and guidance to personnel.
- Handling data protection inquiries from staff and external parties.
- Managing subject access requests and other data subject rights requests.
- Reviewing contracts with third parties that process personal data on behalf of Yuvo AI.
- Supporting the implementation and maintenance of reasonable technical and organizational security measures to protect personal data.
- Facilitating efforts to ensure systems and infrastructure used for data processing meet security standards.
- Facilitating periodic security assessments and vulnerability scans.
- Evaluating the security of third-party services used for data processing.
- All Personnel: All employees, contractors, and personnel are responsible for:
- Being aware of and endeavoring to comply with this Privacy Policy and data protection principles.
- Handling personal data responsibly and in accordance with provided training and guidelines.
- Using strong passwords and endeavoring to maintain confidentiality of login credentials.
- Reporting data security incidents or concerns through established channels.
- Accessing and processing personal data primarily for their work duties.
6. GENERAL GUIDELINES FOR STAFF
- Access to personal data is restricted to authorized personnel who require it for their job responsibilities.
- Personal data should not be shared informally. Requests for confidential information should be directed to line managers or the DPO.
- Yuvo AI aims to provide data protection training to personnel.
- Personnel must keep all data secure by generally following these guidelines:
- Use strong passwords and avoid sharing them.
- Lock computer screens when feasible and unattended.
- Exercise caution when storing personal data on personal devices.
- Encrypt sensitive data where appropriate when stored or transmitted electronically.
- Dispose of data appropriately when no longer needed (e.g., shredding paper documents, securely deleting electronic files).
- Personnel should seek guidance from their line manager or the Data Protection Officer if unsure about any data protection matter.
7. DATA COLLECTION AND USE
In Short: We collect and use the data you provide directly and that which is automatically generated during your interactions to deliver, enhance, and secure our services.
Yuvo AI collects personal data for the following purposes:
- Providing AI Consulting Services: To deliver and manage our AI consulting services to clients, including communication, project management, and service delivery.
- Client Relationship Management: To manage our relationships with clients, including communication, account management, and support.
- Marketing and Business Development: To promote Yuvo AI's services, conduct marketing campaigns, send newsletters and updates (with consent where required), and develop our business.
- Website Contact Form: To respond to inquiries submitted through our website contact form. This may include collecting names, email addresses, company details, and message content.
- Email Subscriptions: To manage email subscriptions for newsletters or updates, with explicit consent obtained before sending marketing communications.
- Recruitment: To process job applications and manage recruitment activities.
- Compliance and Legal Obligations: To comply with applicable laws, regulations, and legal obligations.
We will only use personal data for the purposes for which it was collected, or for compatible purposes. We will obtain consent for any new purposes where required by law.
8. TYPES OF DATA COLLECTED
The types of personal data we may collect include:
- Contact Information: Name, email address, phone number, postal address, company name, job title.
- Professional Information: Company, industry, job title, professional background, skills, and experience (if relevant to services or recruitment).
- Website Usage Data: IP address, browser type, device information, pages visited, and other analytics data (collected through cookies and similar technologies – see our Cookie Policy for detailed information). Our website uses cookies and similar tracking technologies. Where required by law, we obtain user consent for the use of non-essential cookies through a cookie consent banner on our website.
- Communication Data: Records of correspondence and communications with us, including emails and contact form submissions.
- Marketing Preferences: Information about your preferences for receiving marketing communications from us.
- Recruitment Data: Information provided in job applications, resumes, and during the recruitment process.
- Payment Information: Data necessary for processing transactions, including billing addresses and payment instrument details.
8A. COOKIE POLICY
Our website uses cookies and similar technologies to enhance your browsing experience and analyze website traffic. This section explains how we use cookies and your choices regarding them.
What Are Cookies?
Cookies are small text files that are placed on your device when you visit a website. They are widely used to make websites work more efficiently and provide information to the website owners.
Types of Cookies We Use
We use the following types of cookies on our website:
- Essential Cookies: These cookies are necessary for the website to function properly. They enable core functionality such as security, network management, and account access. You cannot opt out of these cookies as the website cannot function properly without them.
- Analytics Cookies: These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously. They help us improve the website's functionality and user experience.
- Functional Cookies: These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages.
- Marketing Cookies: These cookies are used to track visitors across websites. They are set to display targeted advertisements based on visitor interests and to measure the effectiveness of advertising campaigns.
Cookie Management
When you first visit our website, you will be presented with a cookie consent banner that allows you to accept or decline non-essential cookies. You can change your cookie preferences at any time by clicking on the "Cookie Settings" link in the footer of our website.
Most web browsers also allow you to control cookies through their settings. Please note that if you choose to block certain cookies, some features of the website may not function correctly.
Cookie Retention
Different cookies have different lifespans:
- Session cookies: These are temporary and are deleted when you close your browser.
- Persistent cookies: These remain on your device until they expire or you delete them. The duration can range from a few minutes to several years, depending on their purpose.
We reserve the right to revise and update this Cookie Policy to reflect changes in our practices or relevant laws, from time to time.
Cookie Retention
Different cookies have different lifespans:
- Session cookies: These are temporary and are deleted when you close your browser.
- Persistent cookies: These remain on your device until they expire or you delete them. The duration can range from a few minutes to several years, depending on their purpose.
We reserve the right to revise and update this Cookie Policy to reflect changes in our practices or relevant laws, from time to time.
9. LEGAL BASIS FOR PROCESSING
In Short: We process your personal data based on your consent, the necessity to fulfill our contractual obligations, our legitimate business interests, or to comply with legal obligations.
We will only process personal data when we have a lawful basis for doing so. These bases may include:
- Consent: Where you have given us explicit consent to process your personal data for a specific purpose (e.g., email marketing). You have the right to withdraw your consent at any time. Legal Basis: Consent is relied upon for processing related to Email Subscriptions (Marketing).
- Contract: Where processing is necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into a contract (e.g., providing consulting services). Legal Basis: Contract is relied upon for processing necessary for Providing AI Consulting Services and Client Relationship Management.
- Legitimate Interests: Where processing is necessary for our legitimate interests or the legitimate interests of a third party, provided that your interests and fundamental rights do not override those interests (e.g., direct marketing, business development, website analytics). Legal Basis: Legitimate Interests are relied upon for Marketing and Business Development activities (excluding email marketing which relies on consent), Website Contact Form inquiries, Website Usage Data analytics, and general business development and communication purposes. Our legitimate interests include promoting and improving our services, managing inquiries, and understanding website usage to enhance user experience.
When relying on legitimate interests as a legal basis, Yuvo AI considers relevant factors to ensure a proper balance between our interests and your rights. We evaluate the nature of our relationship with you, the type of data involved, and implement appropriate safeguards. You may contact us regarding any processing based on legitimate interests, and we will consider your concerns on a case-by-case basis.
- Legal Obligation: Where processing is necessary for compliance with a legal obligation to which we are subject. Legal Basis: Legal Obligation is relied upon for processing necessary for Compliance and Legal Obligations.
We will only process personal data for the purposes for which it was collected, or for compatible purposes. We will obtain consent for any new purposes where required by law.
9A. AI AND MODEL USAGE
As an AI consulting company, we want to be transparent about how we use AI technologies and your data:
- No Training on Your Personal Data: We do not train AI Models with your Personal Data or User Data. None of our AI systems or algorithms learn from or improve based on your Personal Data, including your queries, messages, files, and profile information.
- Temporary Processing Only: When you use our services, your User Data such as queries, messages, files, and profile information is only temporarily made available to the memory and context of our AI systems for the purpose of generating responses to your queries. Our AI systems do not store, retain, or use your User Data for any purpose other than to provide the requested service.
- Third-Party AI Providers: We may use third-party AI providers to deliver certain services. We only work with third parties who maintain equivalent privacy guarantees to ours and who do not train on any user data collected via their APIs. Our current AI providers include OpenAI, Anthropic, Google Gemini, and Deepseek.
- Confidentiality of Your Content: We do not monitor, see, or use any of your User Data including but not limited to files and documents uploaded to our platform for any purpose other than providing our services to you. Your content remains confidential and is not used to train, retrain, improve, or fine-tune any of our AI tools or those of our third-party service providers.
- Transparency About AI Use: We will clearly indicate when AI technologies are being used to provide a service and will provide information about the specific AI systems being used upon request.
10. DATA STORAGE AND SECURITY
Yuvo AI takes data security seriously and implements appropriate technical and organizational measures to protect personal data against unauthorized access, accidental loss, destruction, or damage. These measures include:
- Secure Storage: Personal data is stored on secure servers and in controlled environments with restricted physical access.
- Industry-Standard Encryption: We use industry-standard encryption (both in transit and at rest where appropriate) to protect sensitive data, such as during transmission over the internet and when stored in our databases.
- Strict Access Controls: Access to personal data is strictly controlled and limited to authorized personnel based on the principle of least privilege. We implement role-based access controls, multi-factor authentication, and strong password management policies.
- Firewalls and Security Software: We utilize robust firewalls, intrusion detection and prevention systems, anti-virus software, and other advanced security technologies to protect our systems and data from cyber threats and unauthorized access.
- Regular Security Assessments and Vulnerability Scans: We conduct regular security assessments, penetration testing, and vulnerability scans to proactively identify and address potential security weaknesses and ensure our security measures remain effective and up-to-date.
- Physical Security: We implement physical security measures, including secure office access, surveillance systems, and secure disposal of physical records, to protect data stored in physical formats.
- Data Minimization Practices: We adhere to data minimization principles by ensuring that we only collect and retain personal data that is necessary for the specified purposes, reducing the overall risk surface.
- Security Awareness Training: We provide regular security awareness training to our personnel to educate them about data security best practices, phishing attacks, and other cyber threats, fostering a culture of security consciousness.
11. DATA ACCURACY AND UPDATES
Yuvo AI is committed to maintaining accurate and up-to-date personal data. We take reasonable steps to ensure data accuracy, including:
- Data Validation: Implementing procedures to verify the accuracy of data at the point of collection and at regular intervals.
- Data Subject Access and Rectification: Providing individuals with the ability to access and update their personal data.
- Regular Data Reviews: Conducting reviews as necessary to identify and correct inaccuracies or outdated information.
We encourage individuals to inform us of any changes to their personal data so that we can keep our records accurate and current.
12. DATA RETENTION
Yuvo AI will retain personal data for no longer than is necessary for the purposes for which it is processed, or as required by applicable laws and regulations. Our retention of your information is guided by the following considerations:
- Active Account Data: We generally retain your personal information for as long as your account remains active or as needed to provide you with our services.
- Post-Termination Retention: After account termination or service completion, we may retain certain information for a reasonable period to:
- Comply with legal obligations, including tax, accounting, and reporting requirements
- Resolve disputes
- Enforce our agreements
- Protect against fraudulent, malicious, or abusive activity
- Client Data related to AI Consulting Services: Client data related to AI Consulting Services will be retained for a period necessary to comply with applicable legal and contractual obligations.
- Email Marketing Subscriber Data: Email marketing subscriber data will be retained until the subscriber unsubscribes or becomes inactive, for a period consistent with marketing best practices and legal requirements. Subscribers can unsubscribe at any time via the unsubscribe link in marketing emails.
- Website Contact Form Inquiry Data: Website contact form inquiry data will be retained for a period necessary for record-keeping, follow-up purposes, and to manage ongoing communication related to the inquiry.
- Recruitment Data (Job Applications): Recruitment data for unsuccessful candidates will be retained for a period necessary for managing recruitment processes and complying with applicable laws. For successful candidates, recruitment data becomes part of the employee record and is retained according to employee data retention policies.
- Website Usage Data (Analytics): Anonymized and aggregated website usage data may be retained indefinitely for statistical analysis and website improvement purposes. Raw, identifiable website usage logs will be retained for a period necessary for security and analytical purposes.
When your personal information is no longer required for the purposes for which it was collected or for which consent has been obtained, it will be securely deleted or anonymized in accordance with our data retention policies and applicable law.
13. SUBJECT ACCESS REQUESTS AND DATA SUBJECT RIGHTS
Individuals have certain rights regarding their personal data under applicable data protection laws. We are committed to respecting these rights and have established procedures to help you exercise them. Your rights may include:
13.1 Right to Access
- What this means: You have the right to request access to the personal data we hold about you.
- How to exercise: Submit a request via email to [email protected] with the subject line "Data Access Request."
- What to expect: We will make reasonable efforts to provide a copy of your personal data in an appropriate format within a reasonable timeframe. For complex requests or when we receive a high volume of requests, response time may be extended as permitted by applicable law.
13.2 Right to Rectification
- What this means: You have the right to request that we correct any inaccurate or incomplete personal data.
- How to exercise: Submit specific corrections to [email protected] with the subject line "Data Rectification Request."
- What to expect: We will respond to your request in a timely manner and in accordance with legal requirements. For complex requests, this timeframe may be extended in accordance with applicable law.
13.3 Right to Erasure ("Right to be Forgotten")
- What this means: You have the right to request that we delete your personal data under certain circumstances (e.g., when the data is no longer necessary, when you withdraw consent).
- How to exercise: Submit a request to [email protected] with the subject line "Data Erasure Request."
- What to expect: We will respond to your request within the timeframe stipulated by applicable data protection laws where legally required to do so and confirm when completed. For complex cases, this timeframe may be extended in accordance with applicable law.
13.4 Right to Restriction of Processing
- What this means: You have the right to request that we restrict the processing of your personal data under certain circumstances (e.g., when you contest the accuracy of the data).
- How to exercise: Submit a request to [email protected] with the subject line "Processing Restriction Request."
- What to expect: We will restrict processing as requested in accordance with applicable law where legally required to do so.
13.5 Right to Data Portability
- What this means: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
- How to exercise: Submit a request to [email protected] with the subject line "Data Portability Request."
- What to expect: We will provide your data in a portable format within a legally required timeframe.
13.6 Right to Object
- What this means: You have the right to object to the processing of your personal data under certain circumstances, including for direct marketing purposes.
- How to exercise: Submit a request to [email protected] with the subject line "Processing Objection."
- What to expect: We will respond to your request in a timely manner and in accordance with legal requirements where legally required to do so.
13.7 Right to Withdraw Consent
- What this means: Where processing is based on consent, you have the right to withdraw your consent at any time.
- How to exercise: Click the "unsubscribe" link in any marketing email or submit a request to [email protected] with the subject line "Consent Withdrawal."
- What to expect: We will process your request as promptly as possible and in accordance with applicable law.
Response Timeline
We will respond to your request within a timeframe stipulated by applicable data protection laws, unless a longer period is permitted by applicable law. Response times may vary based on the complexity and volume of requests, but we will always strive to respond in a timely manner and in accordance with legal requirements. If we need to extend the response period, we will notify you and explain the reasons for the delay.
13.8 Right to Lodge a Complaint with a Supervisory Authority
- What this means: You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data infringes applicable data protection laws.
- How to exercise: For individuals in India, you may lodge a complaint with the Data Protection Board of India (once established under the DPDP Act). For individuals in the EU, you may lodge a complaint with the Data Protection Authority in your EU member state.
To exercise any of these rights, please contact us by email at [email protected] or by mail at:
Yuvo AI Private Limited
H NO E-115-B G/F R/P AB, NEAR HARI KOTHI/2 HOUSE
Jamia Nagar, New Delhi
South Delhi- 110025, Delhi
Verification Process
When we receive your request, we may need to verify your identity to confirm you are the person about whom we hold the information. This is a security measure to ensure personal information is not disclosed to unauthorized individuals. We may ask for additional information to verify your identity based on the nature of your request and the sensitivity of the information involved.
14. CONTROLS FOR DO-NOT-TRACK FEATURES
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Policy.
We respect your privacy choices, and while we don't currently have a technical mechanism to recognize DNT signals, we're committed to providing you with meaningful control over your data. You can exercise your rights as described in the Subject Access Requests and Data Subject Rights section of this policy.
15. UNITED STATES RESIDENTS' SPECIFIC PRIVACY RIGHTS
In Short: If you are a resident of California or other US states with applicable privacy laws, you may have specific rights regarding your personal information, including the right to access, delete, or opt out of certain data sharing practices.
California Residents
In accordance with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), California residents have certain rights regarding their personal information. This section provides information on how we collect, use, and disclose personal information and describes the rights California residents have under California law.
We have collected the following categories of personal information over a relevant period:
Category |
Examples |
Collected |
A. Identifiers |
Name, email address, postal address, IP address, account name |
YES |
B. Personal information (as defined in the California Customer Records statute) |
Name, contact information, education, employment information |
YES |
C. Protected classification characteristics |
Age, gender, nationality (only when voluntarily provided or when necessary for specific services) |
YES |
D. Commercial information |
Transaction data, purchase history, payment information |
YES |
E. Biometric information |
Fingerprints, voiceprints |
NO |
F. Internet or other network activity |
Browsing history, information on interaction with our website |
YES |
G. Geolocation data |
Device location |
YES |
H. Audio, electronic, visual information |
Call recordings if you contact our customer service, profile pictures |
YES |
I. Professional or employment-related information |
Job title, work history (when relevant to services or if you apply for a job) |
YES |
J. Education information |
Academic records |
NO |
K. Inferences from other personal information |
Preferences, characteristics, behavior patterns |
NO |
L. Sensitive personal information |
Account login information, payment card information |
YES |
We collect sensitive personal information only for the purposes allowed by law or with your consent. Sensitive personal information is used only for the purposes of providing the services you have requested, security and fraud prevention, and legal compliance. We do not collect or process sensitive personal information for the purpose of inferring characteristics about you.
We may also collect other personal information outside of these categories through interactions with our website, customer support, surveys, and communications.
We use the personal information we collect as described in the Data Collection and Use section of this Privacy Policy. We retain personal information for as long as necessary to fulfill the purposes for which it was collected, as detailed in the Data Retention section.
We collect personal information directly from you when you provide it to us, automatically as you navigate our website, and from third-party sources as described in the Types of Data Collected section.
We may disclose your personal information to service providers, business partners, and other third parties as described in the Disclosure of Data to Third Parties section of this Privacy Policy.
We disclose the following categories of personal information to third parties for business purposes:
- Identifiers
- Personal information categories listed in the California Customer Records statute
- Commercial information
- Internet or other similar network activity
- Geolocation data
The categories of third parties with whom we share personal information include:
- Service providers and vendors who help us provide our services
- Analytics partners
- Marketing and advertising partners (with your consent)
- Professional advisors and consultants
- Legal and regulatory authorities
Definition of "Sale" and "Sharing" Under California Law
Under the CCPA/CPRA, "selling" personal information means disclosing or making available personal information to a third party for monetary or other valuable consideration. "Sharing" refers to disclosing or making available personal information to a third party for cross-context behavioral advertising purposes.
Yuvo AI's Position: While we do not "sell" your personal information in the traditional sense of exchanging it for money, certain aspects of our operations may be considered "sharing" under the CCPA/CPRA's broad definitions:
- Analytics and Tracking Technologies: Our use of third-party analytics services and cookies may constitute "sharing" under California law when these tools collect information about your activity across different contexts.
- Third-Party Service Providers: Our engagement with certain service providers who may use your data for their own business purposes beyond merely providing services to us could potentially constitute "selling" or "sharing" under California law's expansive definitions.
Opt-Out of Sale or Sharing
California residents have the right to opt out of the sale or sharing of their personal information. To exercise this right:
- Web-Based Opt-Out: You can click on the "Do Not Sell or Share My Personal Information" link in the footer of our website.
- Email Request: Send an email to [email protected] with the subject line "California Opt-Out Request."
- Response Timeline: We will process your opt-out request within 15 business days and maintain your opt-out preference for at least 12 months before requesting authorization to sell or share your personal information again.
Your Rights Under California Law
As a California resident, you have the following rights:
- Right to Know: You have the right to request that we disclose what personal information we collect, use, disclose, and sell.
- Right to Delete: You have the right to request deletion of your personal information we have collected about you, subject to certain exceptions.
- Right to Correct: You have the right to request correction of inaccurate personal information maintained about you.
- Right to Opt-Out of Sale or Sharing: You have the right to opt-out of the sale or sharing of your personal information as described above.
- Right to Limit Use and Disclosure of Sensitive Personal Information: You have the right to limit the use and disclosure of your sensitive personal information to that use which is necessary to perform the services.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
To exercise your rights under California law, please submit a request through our Subject Access Request process or contact us at [email protected] with the subject line "California Privacy Rights."
Other US State Privacy Laws
Residents of Virginia, Colorado, Utah, Connecticut, and other states with applicable privacy laws may have similar rights regarding their personal information. If you are a resident of one of these states, you may exercise your rights by contacting us at [email protected].
16. DISCLOSURE OF DATA TO THIRD PARTIES
In Short: We only share your data with trusted third parties when necessary, such as for service provision, legal obligations, or business transfers. All such third parties are contractually required to maintain data protection standards equivalent to ours.
Yuvo AI may share personal data with trusted third parties in the following circumstances:
- Service Providers: We may engage third-party service providers to assist us in providing our services, such as IT support, data analytics, marketing automation, and payment processing. These providers will have access to personal data only to the extent necessary to perform their functions and are contractually obligated to protect the data.
- Legal Compliance: We may disclose personal data to law enforcement agencies, regulatory bodies, or other authorized parties if required by law or legal process, or to protect our legal rights or the rights of others.
- Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, personal data may be transferred as part of the transaction, subject to applicable confidentiality and data protection obligations.
We will not sell or rent personal data to third parties for marketing purposes without explicit consent.
Third-Party Service Providers
The following is a list of key third-party service providers we use who may process your personal data:
Service Provider |
Purpose |
Type of Data Processed |
Cloudflare |
Website hosting and content delivery network |
Website usage data, IP addresses |
Razorpay |
Payment processing (if applicable) |
Transaction data, limited payment information |
Cursor IDE |
Development environment |
Code and development data (not user personal data) |
OpenAI |
AI services and capabilities |
Temporary processing of queries for service delivery |
Anthropic |
AI services and capabilities |
Temporary processing of queries for service delivery |
Google Gemini |
AI services and capabilities |
Temporary processing of queries for service delivery |
Deepseek |
AI services and capabilities |
Temporary processing of queries for service delivery |
We carefully select our service providers and require them to adhere to data protection standards comparable to our own. We enter into data processing agreements with these providers to ensure they process your data only according to our instructions and in compliance with this Privacy Policy and applicable data protection laws.
17. INTERNATIONAL DATA TRANSFERS
Personal data collected by Yuvo AI is primarily processed and stored within India. We take measures to ensure that any international transfers of personal data comply with applicable data protection laws.
In certain limited circumstances, we may transfer personal data to countries outside of India. This may occur, for example, when using third-party service providers who have infrastructure or operations in other countries. These countries may not have data protection laws that are similar to those in India.
If we transfer personal data outside of India, we will ensure that appropriate safeguards are in place to protect the data, such as:
- Data Transfer Agreements: Implementing Standard Contractual Clauses approved by the European Commission or other legally recognized data transfer mechanisms to ensure that data recipients are bound by contractual obligations to protect your personal data.
- Adequacy Decisions: Transferring data to countries that have been deemed to provide an adequate level of data protection by relevant authorities (where applicable).
We will take all necessary measures to ensure that your personal data is treated securely and in accordance with this Privacy Policy and applicable data protection laws, regardless of where it is processed.
17A. DATA LOCALIZATION INFORMATION
In Short: While our primary servers are located in India, we may transfer, store, and process your information in countries other than your own with appropriate safeguards in place.
Server Locations and Data Storage
Our primary servers are located in India, in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act). We store the following categories of data in India as required by applicable law:
- Personal Data as defined under Indian law
- Financial transaction records related to Indian customers
- Primary user account information for Indian residents
- Data specifically subject to data localization requirements under the DPDP Act
However, in certain circumstances, your information may be transferred to, stored by, and processed in facilities outside India, including facilities operated by the third-party service providers listed in the Disclosure of Data to Third Parties section. These locations may include the United States and other countries where our service providers maintain operations.
Cross-Border Transfer Safeguards
For residents in jurisdictions with comprehensive data protection laws (such as the EU, UK, or Singapore), please be aware that some countries where data may be processed may not have data protection laws as comprehensive as those in your country. However, we implement robust safeguards to protect your personal information during international transfers, including:
- Standard Contractual Clauses (SCCs): We have implemented appropriate measures to protect your personal information during cross-border transfers, including by using Standard Contractual Clauses approved by relevant authorities for transfers of personal information between our group companies and third-party providers. These clauses require all recipients to protect personal information they process in accordance with applicable data protection laws and regulations.
- Data Processing Agreements: We enter into comprehensive data processing agreements with all third-party service providers who may process your data internationally, requiring them to implement security measures equivalent to our own and to process data only according to our instructions.
- Encryption and Security Measures: All data in transit during international transfers is protected using industry-standard encryption protocols, and we implement strict access controls for any data stored or processed outside India.
Compliance with International Frameworks
While our primary regulatory compliance focus is on Indian law, we also respect and adhere to international data protection frameworks where applicable to our operations, including:
- GDPR Compliance: For data of EU/EEA residents, we comply with GDPR requirements for international data transfers.
- APEC Cross-Border Privacy Rules: We respect the principles of the APEC Cross-Border Privacy Rules system for transfers to participating APEC economies.
- Data Sovereignty Principles: We honor the data sovereignty principles of various jurisdictions and implement measures to ensure compliance with local requirements.
Data Localization Compliance
We continuously monitor and update our data localization practices to ensure compliance with the evolving regulatory landscape in India and other jurisdictions where we operate. This includes:
- Regular audits of data storage locations and data flows
- Maintaining a comprehensive data map documenting where different categories of data are stored
- Implementing technical measures to ensure data subject to localization requirements remains within approved jurisdictions
- Periodic review of third-party service providers' compliance with data localization requirements
You may request information about the specific locations where your personal data is stored and the safeguards we have implemented by contacting our Data Protection Officer at [email protected].
Our Standard Contractual Clauses and details about our international data transfer mechanisms can be provided upon request.
18. EMAIL MARKETING AND COMMUNICATIONS
Yuvo AI may send email marketing communications to individuals who have subscribed to our newsletters or provided their consent to receive such communications.
- Consent: We will obtain explicit consent before sending marketing emails where required by law.
- Opt-Out: Individuals have the right to opt-out of receiving marketing communications at any time. Each marketing email will include a clear and easy-to-use unsubscribe link.
- Content: Marketing emails may include information about our services, industry news, events, and other relevant updates.
- Data Management: We will manage email lists and subscriber data in accordance with this Privacy Policy and applicable laws.
19. CONTACT US FORM
Our website includes a contact form for visitors to submit inquiries. When you use the contact form, we collect the following personal data:
- Name
- Email Address
- Company (Optional)
- Message Content
We will use this data to respond to your inquiry and communicate with you regarding your request. Data submitted through the contact form will be stored securely and retained for a period necessary for record-keeping, follow-up purposes, and to manage ongoing communication related to the inquiry.
20. THIRD-PARTY WEBSITES AND SERVICES
Our website may contain links to third-party websites or services that are not controlled by Yuvo AI. This Privacy Policy does not apply to those third-party websites or services. We encourage you to review the privacy policies of any third-party websites you visit.
21. CHILDREN'S PRIVACY
In Short: We do not knowingly collect or process personal data from children under 18 years of age.
The Yuvo AI website and services are not intentionally designed for or directed at persons younger than 18 years of age. We do not knowingly collect or process personal data from children below 18 years of age.
- No Collection from Children: It is our policy not to collect and process any personal data from children below 18 years of age or offer to send any promotional materials to persons in that category.
- Parental Notification: Should a parent or guardian have reasons to believe that a minor has provided us with personal data without their prior consent, please contact us immediately at [email protected] to ensure that the personal data is removed from our systems.
- Verification: If we become aware that we have inadvertently collected personal data from a child under the age of 18, we will take reasonable steps to delete such information from our records as soon as possible.
- Enforcement Measures: To help prevent the inadvertent collection of data from minors, we implement reasonable measures, which may include:
- Age Verification: For services requiring account creation, we may implement age verification during the registration process.
- Terms of Service: Our Terms of Service prohibit use of our services by individuals under 18 years of age.
- Staff Awareness: Our staff is informed about our policy regarding underage users.
- Content Considerations: Where appropriate, we consider the potential appeal of our content to younger audiences.
- Parental Controls: We encourage parents and guardians to monitor and supervise their children's online activities and to teach them about safe internet practices.
- Parental Consent Mechanisms: In the rare event that we knowingly collect information from children in contexts where it may be legally permitted (such as educational tools with appropriate safeguards), we will implement robust parental consent mechanisms in compliance with applicable children's privacy laws.
22. UPDATES TO THIS PRIVACY POLICY
We reserve the right to revise and update this Privacy Policy from time to time to reflect changes in our data processing practices, legal requirements, or technological developments. The updated version will be indicated by an updated "Effective Date" at the top of this Privacy Policy.
If we make material changes to this Privacy Policy that significantly affect your rights or our use of your personal data, we will provide notice through appropriate means before the changes become effective.
Notification Methods: When we update our Privacy Policy in material ways, we may notify users through one or more of the following methods depending on the circumstances and nature of the changes:
- Website Notice: We may display a notice on our website or update the Effective Date.
- Email Notification: For users with registered accounts, we may send an email notification when significant changes are made.
- App Notifications: If applicable, we may provide in-app notifications about policy updates.
For changes that do not materially affect rights or obligations, we may update the Privacy Policy without specific notice.
We encourage you to review this Privacy Policy periodically to stay informed about our data practices. Your continued use of our Services following the posting of changes constitutes your acceptance of the revised Privacy Policy.
Periodic Review: This Privacy Policy is reviewed and updated periodically to ensure it remains accurate, comprehensive, and compliant with applicable data protection laws and best practices. We will also review and update this policy as needed to reflect significant changes in our data processing activities or legal obligations.
23. CONTACT INFORMATION
If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us at:
Yuvo AI Private Limited
H NO E-115-B G/F R/P AB,
NEAR HARI KOTHI/2 HOUSE,
Jamia Nagar, New Delhi,
South Delhi- 110025, Delhi
Email: [email protected]
Grievance Redressal Officer
In accordance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the Digital Personal Data Protection Act, 2023, we have appointed a Grievance Redressal Officer who can be contacted for any grievances or concerns related to our privacy practices:
Name: Hadi Khan
Email: [email protected]
The Grievance Redressal Officer will acknowledge receipt of your complaint within 24 hours and resolve it within 15 days from the date of receipt.
24. GOVERNING LAW AND JURISDICTION
This Privacy Policy shall be governed by and construed in accordance with the laws of India. Any disputes arising out of or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of Saket Court, South Delhi, India.
End of Privacy Policy