Privacy Policy

1. Introduction

Autoom Studio (AUTOOM STUDIO (OPC) PRIVATE LIMITED) ("we," "us," or "our") operates the AnalyzAX application ("the Service"). We are committed to protecting your privacy and ensuring the security of your personal information.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. This policy is compliant with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (DPDPA) of India.

2. Information We Collect

2.1 Personal Information

We collect information that you provide directly to us, including:

• Name and contact information (email address, phone number)
• Account credentials (username, password)
• Business information provided during evaluations
• Payment information (processed securely through third-party payment gateways)
• Communication preferences

2.2 Usage Information

We automatically collect certain information when you use the Service:

• Device information (device type, operating system, browser type)
• IP address and location data
• Usage patterns and interactions with the Service
• Log files and analytics data
• Cookies and similar tracking technologies

2.3 Google OAuth Authentication

When you choose to sign in using Google OAuth, we collect the following information from your Google account:

• Basic Profile Information: Your name and email address
• Profile Picture: Your Google profile picture (if available)

How We Use Google User Data:

• To create and manage your account on AnalyzAX
• To authenticate your identity when you sign in
• To personalize your experience within the Service
• To communicate with you about your account and our services

Data Storage: Your Google account information is securely stored in our authentication database (Supabase Auth) using industry-standard encryption and security measures. We do not store your Google account password.

Data Sharing: We do not share your Google user data with any third parties except:

• Supabase: Our authentication service provider, which processes your Google authentication on our behalf in accordance with their privacy policy and security standards
• Google: As required for the OAuth authentication process

Compliance with Google API Services User Data Policy: Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only access and use Google user data for the purposes of authentication and account management as described above.

Your Rights: You can revoke our access to your Google account at any time by:

• Visiting your Google Account permissions page
• Removing AnalyzAX from your authorized apps
• Deleting your account in our Service (which will remove your Google-linked account data)

We do not use Google user data for advertising purposes or share it with advertisers. Your Google account information is used solely for authentication and account management purposes.

2.4 Sensitive Personal Data

In accordance with Indian IT Rules, we may collect sensitive personal data including financial information (for payment processing) and business-related information. We handle such data with enhanced security measures and only use it for the purposes for which it was collected.

3. How We Use Your Information

We use the collected information for the following purposes:

• To provide, maintain, and improve the Service
• To authenticate your identity and manage your account (including Google OAuth authentication)
• To process your evaluations and generate reports
• To process payments and manage your account
• To communicate with you about the Service, updates, and support
• To send you marketing communications (with your consent)
• To detect, prevent, and address technical issues and security threats
• To comply with legal obligations and enforce our Terms of Service
• To analyze usage patterns and improve user experience

Google OAuth Data: When you sign in with Google, we use your Google account information (name, email, profile picture) solely for authentication and account management purposes. We do not use Google user data for advertising or share it with advertisers. For more details, see Section 2.3 above.

4. Data Storage and Security

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

When you delete your account, we will delete or anonymize your personal information, except where we are required to retain it for legal, regulatory, or business purposes.

6. Third-Party Services

We may use third-party services to help us operate the Service and administer activities on our behalf, including:

• Authentication Services: Google OAuth for secure user authentication and Supabase Auth for authentication management
• Payment Processors: Cashfree and other payment gateways for processing payments
• Cloud Services: Supabase and other cloud providers for hosting and data storage
• Analytics: Services to analyze usage patterns and improve the Service
• AI Services: OpenAI and other AI providers for evaluation analysis

These third parties have access to your information only to perform specific tasks on our behalf and are obligated not to disclose or use it for any other purpose. We ensure that third-party service providers comply with applicable data protection laws.

Google OAuth: When you use Google OAuth to sign in, Google processes your authentication request. We only receive basic profile information (name, email, profile picture) from Google, and we use this information solely for authentication and account management as described in Section 2.3. Our use of Google APIs complies with the Google API Services User Data Policy.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and hold certain information. Cookies are files with a small amount of data that may include an anonymous unique identifier.

Types of cookies we use:

• Essential Cookies: Required for the Service to function properly
• Analytics Cookies: Help us understand how users interact with the Service
• Preference Cookies: Remember your settings and preferences

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

8. Your Rights

Under Indian IT Act, 2000, IT Rules, 2011, and DPDPA, 2023, you have the following rights regarding your personal information:

• Right to Access: Request access to your personal information we hold
• Right to Correction: Request correction of inaccurate or incomplete information
• Right to Deletion: Request deletion of your personal information (subject to legal obligations)
• Right to Withdraw Consent: Withdraw consent for processing of your personal information
• Right to Data Portability: Request a copy of your data in a structured format
• Right to Grievance: File a complaint with us or the relevant authority

To exercise these rights, please contact us at [email protected]. We will respond to your request within 30 days as required by law.

9. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child without verification of parental consent, we will take steps to delete that information.

10. International Data Transfers

Your information may be transferred to and maintained on computers located outside of India, including countries that may not have the same data protection laws as India.

By using the Service, you consent to the transfer of your information to facilities located outside India. We ensure that appropriate safeguards are in place to protect your information in accordance with applicable laws.

11. Grievance Officer

In accordance with Indian IT Rules, 2011, we have appointed a Grievance Officer to address your concerns regarding the processing of your personal information. You may contact our Grievance Officer:

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

Material changes will be communicated to you via email or through a prominent notice on the Service. You are advised to review this Privacy Policy periodically for any changes.

13. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us: