← Back

Privacy Policy

Effective date: 1 May 2026

1. What we collect

AutoKarya collects the information you provide when you sign in (email address) and the content you upload or generate within the platform (documents, conversation history, analytics inputs). We also collect standard server logs (IP address, browser type, request timestamps) for security and diagnostics.

2. How we use it

  • To authenticate you and maintain your session.
  • To provide the governance analysis and document-processing features you request.
  • To monitor platform health, detect abuse, and improve reliability.
  • To send transactional emails (sign-in codes, account notifications).

We do not sell your personal data to third parties. We do not use your uploaded documents to train AI models for general use.

3. Data storage and security

Your conversations, projects, schedules, and uploads are stored in tenant-scoped workspaces with user-level access checks. Production deployments must use encrypted storage and HTTPS/TLS in transit. Session tokens expire after 8 hours, and security events are recorded for audit and abuse detection.

4. Third-party services

AutoKarya may use the following sub-processors: cloud hosting providers (for compute and storage), LLM API providers (OpenAI, Anthropic — your content may be transmitted to complete your requests), and error-monitoring services (Sentry). Each sub-processor is bound by a data processing agreement.

5. Your rights

Subject to applicable law (notably the Digital Personal Data Protection Act, 2023 of India and the EU/UK General Data Protection Regulation where applicable), you have the following rights with respect to your data:

  • Right to access — request a copy of the personal data we hold about you.
  • Right to correction — ask us to correct inaccurate or incomplete information.
  • Right to erasure (deletion)— delete an individual uploaded file from any conversation, delete an entire conversation (which automatically cascades to all of its uploads), or request account deletion for your user profile, conversations, projects, and schedules. Account deletion does not delete other users in the same firm or tenant.
  • Right to portability — request a machine-readable export of your conversations and metadata.
  • Right to withdraw consent — revoke consent for ongoing processing at any time; deletion follows.
  • Right to grievance redressal — contact our grievance officer (below) for any concern; if unresolved, you may approach the Data Protection Board of India or the relevant supervisory authority.

All data export and deletion requests are processed within 30 days. To exercise these rights, contact privacy@autokarya.in or use the in-app controls.

5a. What happens when you upload data

  • Files are written to the conversation's tenant-scoped upload folder. The app records file metadata such as name, checksum, role, and column mapping so the analysis can be reproduced.
  • Files are used only to produce the analytics you request. They are not used to train any AI model — ours or any third party's.
  • Where an LLM provider is enabled, relevant content may be sent to that processor only to complete your request. Enterprise deployments can configure approved providers and data-processing terms.
  • You can delete any single file from the evidence page. Deleting a conversation removes its files automatically. Deletion does not affect copies you already downloaded outside the app.
  • Conversations, projects, and continuous-control schedules are scoped to the signed-in user unless an administrator role is intentionally granted.
  • Default retention is 365 days for conversations, 180 days for uploads, 90 days for analytics results — configurable for your tenant.

5b. Grievance officer

In accordance with the Digital Personal Data Protection Act, 2023 of India, we have designated a grievance officer for data-protection concerns:

Grievance Officer, AutoKarya
Email: privacy@autokarya.in
Response time: within 7 working days of receipt.

6. Cookies and session storage

AutoKarya uses a single functional session cookie (autokarya_session) to maintain your signed-in state. This cookie is set as HttpOnly and Secure, meaning it cannot be read or modified by JavaScript in your browser and is only transmitted over HTTPS. We also use browser localStorageto store a non-sensitive “session active” marker for client-side routing decisions — this marker contains no tokens or personal data. We do not use advertising, tracking, or third-party cookies.

7. Changes to this policy

We will notify you by email and update the effective date at the top of this page if we make material changes. Continued use after the effective date constitutes acceptance.