Privacy Policy &
Data Governance

GV Systems Technologies Private Limited (hereinafter referred to as the "Data Fiduciary") is committed to protecting the privacy and personal data of its users (hereinafter referred to as the "Data Principal"). This comprehensive Privacy Policy outlines our data processing practices in strict compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act 2023) of India.

We recognize the significance of personal data and the right to privacy as a fundamental aspect of digital existence. Our data governance framework is designed to ensure transparency, accountability, and security in the handling of all digital personal data collected through the Aithra.online platform. By accessing or using our services, the Data Principal expressly consents to the collection, processing, and storage of their data as described herein, for lawful purposes as mandated by Section 6 of the DPDP Act 2023.

In the course of providing our advanced Voice Intelligence services, we collect specific categories of personal data essential for the functionality and improvement of the AI system. This collection is limited to what is necessary for the specified purpose, adhering to the principle of data minimization.

• Voice Biometrics & Recordings: We collect audio inputs provided voluntarily by the Data Principal during interactions with the Aithra AI agent. These recordings are processed to generate real-time intelligent responses and are analyzed to enhance the accuracy of our speech recognition models.
• Textual Transcripts: Real-time transcriptions of voice interactions are generated and stored to maintain conversation context and for quality assurance analysis.
• Device & Telemetry Data: We collect technical information regarding the Data Principal's device, browser configuration, and network connection to ensure service compatibility and security.

Processing of this data is conducted solely for the purpose of "Analysis and Continuous Improvement" of our artificial intelligence models, aiming to deliver a seamless and personalized user experience.

We implement robust technical and organizational measures to safeguard personal data against unauthorized access, misuse, or loss, in accordance with the security safeguards recognized under the DPDP Act 2023. Our security architecture employs a defense-in-depth strategy.

Encryption Standards: All data in transit between the Data Principal's device and our servers is secured using industry-standard Transport Layer Security (TLS) encryption. Furthermore, sensitive personal data, including voice recordings and transcripts stored at rest, are encrypted using Advanced Encryption Standard (AES-256) protocols, ensuring that even in the unlikely event of a data breach, the data remains unintelligible to unauthorized entities.

Access to personal data is strictly regulated through Role-Based Access Control (RBAC), ensuring that only authorized personnel with a legitimate business need can access the data, and all such access is logged and audited.

We adhere to a strict data retention schedule to ensure that personal data is not held for longer than necessary. All voice recordings and interaction logs collected by Aithra.online are retained for a maximum period of Six (6) Months from the date of collection.

Upon the expiration of this retention period, or upon the withdrawal of consent by the Data Principal (whichever is earlier), the data is securely erased or effectively anonymized such that it can no longer be used to identify the Data Principal. This protocol aligns with the erasure obligations mandated under Section 8(7) of the DPDP Act 2023.

Under the DPDP Act 2023, the Data Principal is vested with specific rights regarding their personal data, which we fully acknowledge and support:

• Right to Access: You have the right to request a summary of the personal data being processed and the identities of all Data Processors with whom the personal data has been shared.
• Right to Correction & Erasure: You may request the correction of inaccurate or misleading personal data, the completion of incomplete data, or the erasure of your personal data unless retention is required by law.
• Right to Grievance Redressal: You have the right to readily available means of grievance redressal regarding the performance of our obligations regarding your personal data.
• Right to Withdraw Consent: You have the right to withdraw your consent for the processing of your personal data at any time, with the understanding that such withdrawal shall not affect the legality of processing based on consent before its withdrawal.

In compliance with Section 13 of the DPDP Act 2023, we have established a robust mechanism for the redressal of grievances. If you have any concerns regarding the processing of your data or wish to exercise your rights, you may contact our designated Grievance Officer.

We are committed to acknowledging your complaint promptly and resolving it within a timeframe of 15 to 30 days from the date of receipt. All grievances are recorded, tracked, and managed to ensure a fair and efficient resolution.