AutoCortx Logo

Privacy Policy

Last Updated: January 2025

IMPORTANT: This Privacy Policy ("Policy") describes how Autocortx AI Technologies Pvt. Ltd. ("Autocortx", "we", "our", "us") collects, uses, processes, stores, shares, and protects your personal information when you access our website (www.autocortx.ai) or use our services. As a BFSI-focused AI company, we are committed to the highest standards of data protection and privacy compliance.

This Policy is designed to comply with:

  • The Digital Personal Data Protection Act, 2023 (DPDP Act) of India
  • Relevant RBI, SEBI, and IRDAI data protection guidelines
  • Industry best practices for BFSI data security
  • International data protection standards where applicable

By accessing our website or using our services, you acknowledge that you have read, understood, and agree to this Policy. If you do not agree, please discontinue use immediately.

1. Definitions

  • "Personal Data" means any information that can identify or is reasonably capable of identifying an individual, directly or indirectly.
  • "Sensitive Personal Data" means financial information, passwords, biometric data, health data, or other categories defined under applicable law.
  • "Data Principal" means the individual to whom personal data relates.
  • "Data Fiduciary" means Autocortx, which determines the purpose and means of processing personal data.
  • "Processing" means any operation performed on personal data, including collection, storage, use, analysis, disclosure, or deletion.
  • "AI/ML Processing" means processing using artificial intelligence, machine learning, or automated decision-making systems.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you voluntarily provide, including:

  • Contact Information: Name, email address, phone number, organization name, job title, and business address
  • Communication Data: Messages, inquiries, feedback, and information shared through contact forms, email, or meetings
  • Business Information: Company details, industry, use case information, and requirements for demos, pilots, or partnerships
  • Account Information: Username, password (hashed), and account preferences (for registered users)
  • Professional Information: Resume, professional background, and qualifications (if submitted for employment or partnership opportunities)

2.2 Information Collected Automatically

When you visit our website, we automatically collect certain technical information:

  • Device Information: IP address, device type, operating system, browser type and version, screen resolution
  • Usage Information: Pages visited, time spent, clickstream data, referring URLs, search queries, date and time of access
  • Location Information: Approximate geographic location derived from IP address (country/region level, not precise location)
  • Technical Identifiers: Cookies, session IDs, device identifiers, and similar tracking technologies

2.3 Information from Third Parties

We may receive information from:

  • Business partners, service providers, or affiliates
  • Publicly available sources (for business intelligence purposes)
  • Social media platforms (if you interact with us through social media)
  • Analytics and marketing service providers

2.4 Information We Do NOT Collect

Our public website does NOT collect:

  • Sensitive customer financial data (account numbers, transaction details, credit card information)
  • Regulated institutional data from financial institutions
  • Biometric data (unless explicitly required for specific services with consent)
  • Health or medical information
  • Personal data of minors under 16 years of age

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under the DPDP Act and applicable law:

  • Consent: You have provided explicit consent for specific processing activities
  • Legitimate Interest: Processing is necessary for our legitimate business interests, such as website security, fraud prevention, and service improvement (balanced against your privacy rights)
  • Contractual Necessity: Processing is necessary to perform a contract or take steps at your request before entering into a contract
  • Legal Obligation: Processing is required to comply with applicable laws, regulations, or court orders
  • Public Interest: Processing is necessary for tasks carried out in the public interest or exercise of official authority

4. How We Use Your Information

We use your personal data for the following purposes:

4.1 Service Delivery

  • Respond to inquiries, requests, and communications
  • Provide information about our products and services
  • Facilitate demos, pilots, partnerships, and business collaborations
  • Process and manage registrations, applications, and transactions
  • Deliver and maintain our services

4.2 Communication and Marketing

  • Send newsletters, updates, and marketing communications (with your consent or as permitted by law)
  • Notify you about changes to our services, terms, or policies
  • Invite you to events, webinars, or surveys
  • Provide customer support and respond to requests

4.3 AI and Machine Learning

When you use our AI services, we may process your data to:

  • Train, improve, and optimize AI models and algorithms (with appropriate safeguards and anonymization where applicable)
  • Generate AI outputs and automated insights
  • Analyze usage patterns to enhance model performance
  • Conduct research and development (using anonymized or aggregated data where possible)

Note: We implement technical and organizational measures to minimize personal data in AI training datasets and ensure responsible AI practices.

4.4 Business Operations

  • Improve website functionality, user experience, and content relevance
  • Conduct analytics, research, and business intelligence
  • Prevent fraud, abuse, and security threats
  • Ensure compliance with legal and regulatory obligations
  • Maintain business records and documentation

4.5 Legal and Regulatory Compliance

  • Comply with applicable laws, regulations, and government requests
  • Respond to legal processes, court orders, or regulatory inquiries
  • Enforce our Terms and Conditions and protect our rights
  • Investigate and prevent illegal activities, fraud, or security breaches

We do NOT sell, rent, or trade your personal data to third parties for their marketing purposes.

5. Sharing and Disclosure of Information

We may share your personal data in the following circumstances:

5.1 Service Providers and Business Partners

We may share data with trusted third-party service providers who assist us in:

  • Website hosting, cloud infrastructure, and data storage
  • Analytics, marketing, and customer relationship management
  • Email delivery, communication tools, and customer support
  • Security, fraud prevention, and compliance services
  • Payment processing (if applicable)

All service providers are contractually bound to protect your data and use it only for specified purposes.

5.2 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred to the acquiring entity, subject to the same privacy protections.

5.3 Legal and Regulatory Requirements

We may disclose personal data when required by:

  • Laws, regulations, or government authorities (including RBI, SEBI, IRDAI, or data protection authorities)
  • Court orders, subpoenas, or legal processes
  • Regulatory investigations or compliance audits

5.4 Protection of Rights

We may disclose data to protect our rights, property, or safety, or that of our users, employees, or others, including to prevent fraud, abuse, or security threats.

5.5 With Your Consent

We may share data with third parties when you have provided explicit consent for such sharing.

6. Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar technologies ("Cookies") to:

  • Essential Cookies: Required for website functionality, security, and basic features
  • Analytics Cookies: Help us understand how visitors use our website (anonymized and aggregated data)
  • Functional Cookies: Remember your preferences and enhance user experience
  • Marketing Cookies: Used for targeted advertising and marketing (with your consent)

You can control Cookies through your browser settings. However, disabling certain Cookies may limit website functionality.

For detailed information about our Cookie practices, please refer to our Cookie Policy (if available) or contact us.

7. Data Security

We implement comprehensive technical, administrative, and physical safeguards to protect your personal data, including:

  • Encryption: Data encryption in transit (TLS/SSL) and at rest
  • Access Controls: Role-based access controls, authentication, and authorization mechanisms
  • Network Security: Firewalls, intrusion detection, and prevention systems
  • Security Monitoring: Continuous monitoring, logging, and incident response procedures
  • Employee Training: Regular security awareness and data protection training
  • Vendor Management: Due diligence and contractual requirements for third-party service providers
  • Compliance: Alignment with industry standards (ISO 27001, SOC 2, where applicable)

However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

8. Data Retention

We retain personal data only for as long as necessary to:

  • Fulfill the purposes for which it was collected
  • Comply with legal, regulatory, and contractual obligations
  • Resolve disputes and enforce agreements
  • Maintain accurate business records
  • Support ongoing business relationships

Retention periods vary based on:

  • Legal and regulatory requirements (e.g., tax records, audit trails)
  • Nature of the data and purpose of processing
  • Statute of limitations for potential claims
  • Your consent and preferences

When data is no longer needed, we securely delete or anonymize it in accordance with our data retention policies.

9. Cross-Border Data Transfers

Your personal data may be transferred to and processed in countries other than India, including:

  • Countries where our service providers or cloud infrastructure are located
  • Countries where our affiliates or business partners operate

When transferring data internationally, we ensure:

  • Compliance with applicable data protection laws, including the DPDP Act
  • Appropriate safeguards, such as standard contractual clauses, adequacy decisions, or other legal mechanisms
  • That recipients provide adequate levels of data protection

By using our services, you consent to such transfers, subject to applicable legal protections.

10. Your Rights and Choices

Under the DPDP Act and applicable laws, you have the following rights regarding your personal data:

10.1 Right to Access

You can request access to your personal data, including information about how it is processed.

10.2 Right to Correction

You can request correction of inaccurate or incomplete personal data.

10.3 Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data, subject to legal and regulatory retention requirements.

10.4 Right to Data Portability

You can request a copy of your personal data in a structured, machine-readable format.

10.5 Right to Withdraw Consent

Where processing is based on consent, you can withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.

10.6 Right to Grievance Redressal

You can file a complaint with us or with the Data Protection Board under the DPDP Act if you believe your rights have been violated.

10.7 Marketing Opt-Out

You can opt out of marketing communications at any time by clicking unsubscribe links or contacting us.

To exercise these rights, please contact us at privacy@autocortx.ai. We will respond to your request within the timeframes required by applicable law (typically 30 days under the DPDP Act).

11. AI and Algorithmic Decision-Making

When our services involve AI or automated decision-making, we are committed to:

  • Transparency: Providing information about how AI systems work and make decisions (to the extent possible)
  • Fairness: Implementing measures to detect and mitigate bias in AI models
  • Human Oversight: Ensuring appropriate human review for critical decisions
  • Explainability: Striving to make AI decisions explainable, where feasible
  • Accountability: Maintaining responsibility for AI outputs and their impacts

If you are subject to automated decision-making that significantly affects you, you may have the right to request human review or challenge the decision, subject to applicable law.

12. Data Breach Notification

In the event of a data breach that may cause harm to you, we will:

  • Investigate and remediate the breach promptly
  • Notify affected individuals and relevant authorities as required by the DPDP Act and applicable law
  • Provide information about the nature of the breach, potential impacts, and remedial measures
  • Take steps to prevent future breaches

Notifications will be provided without undue delay, typically within 72 hours of becoming aware of the breach, as required by law.

13. Children's Privacy

Our website and services are not intended for individuals under 16 years of age. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a minor without parental consent, we will take steps to delete such information promptly. If you believe we have collected data from a minor, please contact us immediately.

14. Third-Party Links and Services

Our website may contain links to third-party websites, services, or applications. This Policy does not apply to third-party sites. We are not responsible for the privacy practices, content, or security of third parties. We encourage you to review their privacy policies before providing any information.

15. Data Protection Principles

Autocortx adheres to the following data protection principles:

15.1 Lawfulness, Fairness, and Transparency

We process personal data lawfully, fairly, and transparently, with clear communication about our practices.

15.2 Purpose Limitation

We collect data only for specified, explicit, and legitimate purposes and do not use it for incompatible purposes.

15.3 Data Minimization

We collect only data that is adequate, relevant, and necessary for the intended purposes.

15.4 Accuracy

We take reasonable steps to ensure data is accurate, complete, and up-to-date.

15.5 Storage Limitation

We retain data only for as long as necessary for the purposes for which it was collected.

15.6 Integrity and Confidentiality

We implement appropriate security measures to protect data against unauthorized access, loss, or destruction.

15.7 Accountability

We are responsible for compliance with data protection principles and demonstrate accountability through policies, procedures, and documentation.

16. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or services. Material changes will be notified through:

  • Email notification (for registered users)
  • Prominent notice on our website
  • Updated "Last Updated" date

Your continued use of our website or services after changes constitutes acceptance of the updated Policy. If you do not agree, please discontinue use and contact us to exercise your rights.

We encourage you to review this Policy periodically to stay informed about how we protect your data.

17. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Autocortx AI Technologies Pvt. Ltd.
Mumbai, Maharashtra, India
Data Protection Officer / Privacy Team
Email: privacy@autocortx.ai
Website: www.autocortx.ai

For legal inquiries: legal@autocortx.ai

We will respond to your inquiries within the timeframes required by applicable law (typically 30 days under the DPDP Act).

18. Grievance Redressal

If you have a complaint about our data handling practices, you may:

  • Contact us directly at privacy@autocortx.ai to resolve the issue
  • File a complaint with the Data Protection Board under the DPDP Act, if applicable
  • Seek redressal through other legal channels as available under Indian law