Privacy Policy & Notice of Consent


1. Introduction

We are committed to providing a Sovereign AI experience that prioritizes your data privacy and compliance with the Digital Personal Data Protection (DPDP) Act, 2023. DataComplAI is built on a "Privacy-by-Design" architecture, ensuring that your personal data remains under your control through our local agent and edge-AI processing.

2. Personal Data We Collect

In accordance with the principle of Data Minimization, we only collect personal data that is strictly necessary for providing our services. This may include:

  • Identity Data: Name, contact details, and professional credentials (e.g., UDYAM/GST IDs).
  • Professional Data: Information required for DPDP compliance workflows for MSMEs.
  • Voice Data: Audio inputs used for obtaining multilingual consent via the Bhashini platform.
  • Technical Data: Metadata required for the functioning of the local agent (e.g., device-level logs).

3. Purpose of Processing

Your data is processed for the following specified purposes:

  • To facilitate DPDP compliance through automated PII-scrubbing and local data management.
  • To enable voice-based interaction and consent in 22 Indian languages using Bhashini.
  • To provide sovereign, edge-based AI services that ensure data does not leave your local environment without explicit authorization.

4. Consent and The Bhashini Protocol

Processing is based on your free, specific, informed, and unambiguous consent.

  • Multilingual Consent: We provide notice and seek consent in your preferred language (among 22 official Indian languages) via voice or text.
  • Withdrawal: You have the right to withdraw consent at any time. Upon withdrawal, we will cease processing and erase your data unless retention is required by law.

5. Data Localization and The Local Agent

DataComplAI utilizes a local agent for edge-AI processing.

  • Local Processing: Personal data is processed locally on your infrastructure to the extent possible.
  • PII-Scrubbing: Our architecture includes automated scrubbing of Personally Identifiable Information (PII) before any data is utilized for higher-level AI insights.
  • Storage: All personal data is stored within the territory of India in compliance with Section 16 of the DPDP Act.

6. Rights of the Data Principal

As a Data Principal, you have the following rights:

  • Right to Access: Obtain a summary of the personal data being processed.
  • Right to Correction/Erasure: Request updates to inaccurate data or deletion of data no longer needed for the specified purpose.
  • Right of Grievance Redressal: Access a transparent mechanism for resolving complaints.
  • Right to Nominate: Appoint an individual to exercise your rights in the event of death or incapacity.

7. Security Safeguards

We implement Reasonable Security Safeguards to prevent personal data breaches, including:

  • Encryption: Standard-grade encryption for data at rest and in transit.
  • Quantized SLMs: Use of Small Language Models that run locally to minimize data exposure.
  • Breach Notification: In the event of a personal data breach, we will notify the Data Protection Board (DPB) and affected individuals within 72 hours.

8. Contact Information (Grievance Officer)

For any queries, exercise of rights, or grievances, please contact