Privacy Policy

Ubikon Technologies Pvt Ltd ("Ubikon", "we", "us", "our") is the Data Fiduciary as defined under India's Digital Personal Data Protection Act 2023 (DPDP Act).

Registered address: C21 Mall, Scheme 54 PU4, Vijay Nagar, Indore, Madhya Pradesh 452010, India.

Grievance Officer: grievance@ubikon.in | Response within 72 hours. Data Protection Officer (DPO): dpo@ubikon.in General privacy enquiries: privacy@ubikon.in

We collect the following categories of personal data ("Personal Data"):

Contact & identity data: Full name, email address, phone number, company name, designation.

Address data: Street address, city, state, country, postal code — collected when required for billing or service delivery.

Project & enquiry data: Project description, budget range, timeline, technical requirements submitted via contact forms, quotation apps, or the AI proposal tool.

Communication data: Email correspondence, WhatsApp messages you send to us, chat transcripts from our JARVIS AI widget, and call recordings (where consent is separately obtained before the call begins).

Device & usage data: IP address, browser type, operating system, pages visited, time on page, referral source, UTM parameters — collected via server logs and first-party analytics.

AI interaction data: Prompts submitted to our AI tools (App Cost Calculator, AI Proposal Generator), AI model responses, token counts, and associated cost records.

We process Personal Data for the following purposes:

Lead management: Receiving and processing enquiries, assigning leads to our team, and following up to understand your project requirements.

Quotation and proposal generation: Creating detailed project proposals, cost estimates, and quotations including via AI-assisted tools.

Annual Maintenance Contract (AMC) and service delivery: Delivering software development, maintenance, and support services under signed agreements.

Customer support: Resolving support tickets, bug reports, and service queries.

Marketing and lead nurturing: Sending relevant project case studies, technology updates, and service information to contacts who have opted in or with whom we have a legitimate business relationship. You may unsubscribe at any time.

Security and fraud prevention: Detecting and preventing unauthorised access, abuse, or fraudulent activity.

Legal and regulatory compliance: Fulfilling obligations under applicable law including tax, anti-money laundering, and data protection regulations.

Under India's DPDP Act 2023, we rely on the following lawful bases:

Consent (Section 6): Where you fill in a web form, use our Flutter quotation app, or otherwise provide data with a clear consent checkbox, we process your data on the basis of consent. You may withdraw consent at any time via our Privacy Settings or by emailing grievance@ubikon.in.

Legitimate use for business purposes (Section 7): For B2B contacts — i.e., sole proprietors, partners, or company representatives — we may process professional contact details under the legitimate-use provision for purposes of responding to business enquiries and maintaining existing client relationships.

Legal obligation: Where required by Indian law (including GST, income tax, and corporate record-keeping obligations).

Contractual necessity: Where processing is necessary to perform a contract with you (e.g., project delivery, invoicing).

We share Personal Data only with the following categories of recipients, each bound by data processing agreements:

Payment processing: Razorpay (India) — for invoice payments and refunds. Card details are handled by Razorpay and never stored on our servers.

Telephony and messaging: Twilio (USA) — for SMS and programmable voice services; AiSensy (India) — for WhatsApp Business API messaging; Bolna AI (India) — for AI-powered voice calls.

AI and machine learning providers: OpenAI LLC (USA) — for GPT-based AI features; Anthropic PBC (USA) — for Claude-based AI features. Prompts and responses are processed under their respective data processing addenda. Data may be transferred to the USA (see Section 9).

Cloud infrastructure: AWS (Mumbai and Singapore regions) — primary hosting, database, and file storage.

Analytics: Privacy-preserving first-party analytics. No cross-site tracking. No advertising networks.

We do not sell, rent, or trade your Personal Data to any third party for their own marketing purposes.

We retain Personal Data for the following periods:

Lead and enquiry data: 2 years from last contact, or until deletion is requested.

Client project and contract data: 7 years after project completion — required for tax and corporate record-keeping under Indian law.

Call recordings and WhatsApp transcripts: 1 year from date of recording, then deleted unless required for ongoing dispute resolution.

Audit log (system events): 365 days in hot storage (MongoDB), then archived to cold storage for 7 years to satisfy DPDP audit requirements, then permanently deleted.

AI usage records (token counts, costs): 2 years for billing reconciliation.

Newsletter / marketing contacts: Until unsubscribed.

After the retention period expires, data is securely deleted or anonymised.

Under the DPDP Act 2023, you have the following rights as a Data Principal:

Right of access (Section 11): Request a summary of the Personal Data we hold about you and how it is being processed.

Right to correction (Section 12): Request correction of inaccurate or incomplete data.

Right to erasure (Section 12): Request deletion of your Personal Data, subject to legal retention requirements.

Right to grievance redressal (Section 13): Lodge a complaint with our Grievance Officer (grievance@ubikon.in) if you believe your rights have been violated. We respond within 72 hours.

Right to withdraw consent (Section 6(7)): Withdraw consent at any time with the same ease as it was given — via our Privacy Settings screen (Flutter app) or by emailing grievance@ubikon.in.

Right to nominate (Section 14): Nominate another individual to exercise your rights in the event of death or incapacity.

To exercise any right, contact grievance@ubikon.in with subject "DPDP Rights Request — [Right Type]". We will respond within 30 days.

Our website uses the following categories of cookies and tracking technologies:

Strictly necessary cookies: Required for the website to function — session management, CSRF protection, authentication tokens. Cannot be disabled.

First-party analytics cookies: Aggregated, anonymised analytics to understand which pages are most useful. We do not store IP addresses in our analytics system. No cross-site tracking.

We do not use advertising cookies, third-party tracking pixels, or behavioural retargeting cookies on this Privacy Policy page. Some pages (e.g., /contact) may use Meta Pixel and Google Analytics for lead attribution — disclosed at the point of data collection.

You can control cookies through your browser settings. Disabling strictly necessary cookies will affect website functionality.

Your Personal Data may be transferred to and processed in countries outside India, specifically:

United States of America: OpenAI LLC (AI processing), Anthropic PBC (AI processing), and Twilio Inc (telephony).

Singapore: AWS Singapore region (backup infrastructure).

We ensure such transfers comply with applicable data protection law. For transfers to jurisdictions without an adequacy decision, we rely on contractual protections including the service providers' standard data processing agreements and, where applicable, Binding Corporate Rules or equivalent safeguards.

Our services are intended for business professionals aged 18 and above. We do not knowingly collect Personal Data from children under 18. If you believe a minor has submitted data to us, please contact privacy@ubikon.in immediately and we will delete it promptly.

We implement appropriate technical and organisational measures to protect your Personal Data against unauthorised access, alteration, disclosure, or destruction. These include:

- TLS 1.3 encryption in transit for all API and web traffic. - AES-256 encryption at rest for database and file storage. - JWT-based authentication with short-lived tokens and refresh rotation. - Role-based access controls limiting data access to authorised personnel only. - Regular security reviews and penetration testing.

In the event of a data breach that is likely to result in high risk to your rights, we will notify affected individuals and the appropriate regulatory authority within 72 hours of becoming aware.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Material changes will be notified to existing clients and newsletter subscribers by email at least 14 days before taking effect.

The version number and date at the top of this page indicate the current version. Continued use of our services after the effective date constitutes acceptance of the updated policy. If you do not accept the changes, please contact grievance@ubikon.in to exercise your data rights.

If you have any questions, concerns, or complaints regarding this Privacy Policy or our data processing practices, please contact:

Grievance Officer: grievance@ubikon.in (Response within 72 hours) Data Protection Officer: dpo@ubikon.in Postal address: Ubikon Technologies Pvt Ltd, C21 Mall, Scheme 54 PU4, Vijay Nagar, Indore, Madhya Pradesh 452010, India.

If you are not satisfied with our response, you may approach the Data Protection Board of India once it is constituted under the DPDP Act 2023.