Privacy Policy

1. Who We Are

Astitva Technologies Private Limited ("Astitva", "we", "our", or "us") is a technology company incorporated in India, building applied artificial-intelligence products for enterprises. This Privacy Policy applies to all our websites, products, APIs, and services (collectively, the "Services"), including PulseVoice.ai, LiveAnima.ai, Fintastick, AutoPandits, and astitva.ai.

For the purposes of the Digital Personal Data Protection Act, 2023 (India) ("DPDPA"), Astitva acts as a Data Fiduciary in respect of data collected directly from you, and may act as a Data Processor when processing data on behalf of enterprise customers.

2. Data We Collect

Information you provide directly:

• Identity data: name, job title, company name.
• Contact data: email address, phone number, business address.
• Account credentials: username, hashed password.
• Communications: messages you send us via forms, email, or chat.
• Payment data: billing information processed via PCI-DSS compliant payment gateways (we do not store raw card data).

Information collected automatically:

• Usage data: pages visited, features used, session duration, click-path.
• Device data: IP address, browser type and version, operating system, device identifiers.
• Performance data: API call logs, error rates, latency metrics (used for service reliability).
• Cookies and similar tracking technologies (see Section 9).

Data processed on behalf of enterprise customers:

• Voice recordings and transcripts from PulseVoice.ai deployments.
• Video content and avatar data from LiveAnima.ai deployments.
• Document and knowledge-base content uploaded to RAG/chatbot systems.
• End-user interaction data from deployed AI agents.

When processing enterprise customer data, we act strictly on the enterprise customer's documented instructions under a Data Processing Agreement (DPA).

3. How We Use Your Data

We process personal data only for the following purposes and on the following legal bases:

• Service delivery: To provide, maintain, and improve the AI services you have subscribed to. (Legal basis: contract performance.)
• Account management: To create and manage your account, process authentication, and send essential service notices. (Legal basis: contract performance.)
• Billing and payments: To invoice you and process payments. (Legal basis: contract performance, legal obligation.)
• Customer support: To respond to your enquiries and resolve issues. (Legal basis: legitimate interest.)
• Security and fraud prevention: To monitor for and prevent unauthorised access, abuse, and fraud. (Legal basis: legitimate interest, legal obligation.)
• Product improvement: To analyse aggregated, anonymised usage patterns to improve our AI systems. We do NOT use your identifiable data or your end-users' data to train our AI models without a separate written agreement. (Legal basis: legitimate interest.)
• Marketing communications: To send you updates, webinars, and product news — only with your prior consent, which you may withdraw at any time. (Legal basis: consent.)
• Legal compliance: To comply with applicable laws, regulations, and lawful government orders. (Legal basis: legal obligation.)

4. Data Sharing and Disclosure

We do not sell your personal data. We share data only in the following circumstances:

• Service providers: Cloud infrastructure providers (AWS, GCP), analytics tools, payment processors, and email delivery services — bound by contractual data protection obligations.
• AI model providers: Where our services are built on third-party foundation models, data may be sent to those providers subject to appropriate data processing agreements.
• Enterprise customers: End-user interaction data from your deployed AI agents is shared with the enterprise customer who deployed those agents.
• Legal disclosure: Where required by Indian law, court order, or regulatory authority (e.g., CERT-In under the IT Act 2000 and its rules).
• Business transfers: In the event of a merger, acquisition, or sale of assets, with notice to affected users.

5. AI and Automated Decision-Making

Our services use AI and machine learning models to process inputs and generate outputs. We do not make legally significant decisions about individuals solely through automated means without human oversight. Where AI outputs inform consequential decisions (e.g., credit, insurance, employment), we require our enterprise customers to maintain human review as part of their own compliance obligations.

Voice recordings processed through PulseVoice.ai may be transcribed and analysed to facilitate call automation. Video processed through LiveAnima.ai may include facial processing for avatar creation. These processes are subject to your enterprise DPA and to the specific consent flows you implement for your end users.

6. Data Retention

We retain personal data only as long as necessary for the purpose it was collected, or as required by applicable law:

• Account data: retained for the duration of your subscription plus 3 years for accounting and legal compliance.
• Call recordings and transcripts: configurable by enterprise customers; default 90-day retention unless extended by contract.
• API logs: retained for 30 days for debugging and security analysis.
• Marketing consent records: retained for 3 years from the last interaction.
• Legal hold: data subject to a regulatory inquiry or litigation hold is retained until the matter is resolved.

7. Data Security

We implement industry-standard technical and organisational safeguards including:

• Encryption in transit (TLS 1.2+) and at rest (AES-256).
• Role-based access control and least-privilege principles.
• Regular security assessments and penetration testing.
• Incident response procedures aligned with CERT-In's 6-hour breach notification requirement.
• Employees with access to personal data are bound by confidentiality obligations and receive data-protection training.

Despite our safeguards, no internet transmission is 100% secure. You acknowledge and accept this inherent risk.

8. Your Rights

Under the DPDPA 2023 and, where applicable, the EU General Data Protection Regulation (GDPR), you have the right to:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data where it is no longer necessary for the purpose collected, subject to legal retention obligations.
• Restriction: Request that we restrict processing while a dispute is resolved.
• Portability: Receive your data in a structured, machine-readable format.
• Withdraw consent: Withdraw consent for processing based on consent at any time, without affecting the lawfulness of prior processing.
• Nominate: Under the DPDPA, nominate another person to exercise your rights in the event of death or incapacity.
• Grievance: Lodge a complaint with India's Data Protection Board or, for EU users, your local supervisory authority.

To exercise any of these rights, email privacy@astitva.ai. We will respond within 30 days. Identity verification may be required.

9. Cookies and Tracking

We use the following categories of cookies:

• Strictly necessary: Session cookies essential to make our services work. Cannot be disabled.
• Analytics: Aggregated, anonymised usage statistics (e.g., page views, bounce rate). You may opt out via your browser settings.
• Preferences: Remember your settings and configurations across sessions.
• Marketing: Used only with your explicit consent. Not currently deployed on astitva.ai.

You can control cookies through your browser settings. Note that disabling certain cookies may impair service functionality.

10. International Data Transfers

Our primary data centres are in India. Some of our sub-processors operate globally (e.g., cloud infrastructure). When personal data is transferred outside India, we ensure adequate protections are in place through standard contractual clauses or adequacy decisions, consistent with DPDPA requirements and, where applicable, GDPR Chapter V.

11. Children's Privacy

Our services are designed for enterprise and business users. We do not knowingly collect personal data from individuals under the age of 18. If you become aware that a child has provided us with personal data, please contact us at privacy@astitva.ai and we will delete it promptly.

12. Third-Party Links

Our websites and marketing materials may link to third-party websites and products (e.g., partner pages, integration documentation). We are not responsible for the privacy practices of those third parties and encourage you to review their privacy policies independently.

13. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. Material changes will be communicated by email or prominent in-platform notice at least 14 days before taking effect. The "Effective date" at the top of this page will always reflect the current version.

14. Grievance Officer

In accordance with the Information Technology Act, 2000 and rules thereunder, and the DPDPA 2023, our designated Grievance / Data Protection Officer is reachable at: