lagori.ai

Privacy Policy

Your privacy and data protection are our top priorities. Learn how we collect, use, and protect your information.

Last updated: May, 2025

Plain English Summary: This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights. We never sell your data, and we comply with India's DPDP Act, 2023.

1. Introduction and Scope

This Privacy Policy ("Policy") describes how Lagori AI LLP ("Company," "we," "us," or "our") collects, uses, processes, stores, and protects your personal data when you use our AI-powered products, platforms, and software applications across multiple domains.

This Policy applies to all users of our AI products, including but not limited to our AI-powered software platforms, mobile applications, web applications, and any current or future AI products across various sectors.

Products Covered:

  • • AI-powered software applications and platforms across multiple domains
  • • Mobile applications and web applications with AI capabilities
  • • Desktop software and enterprise AI applications
  • • API services and software development kits (SDKs)
  • • AI-powered analytics and business intelligence platforms
  • • Future AI products across health, retail, public sector, and other domains

Important Note: Lagori AI LLP develops multiple AI products across different domains. Each product may have its own specific privacy policies and compliance requirements. Please refer to the product-specific documentation for detailed privacy terms applicable to individual products.

2. Legal Framework and Compliance

Compliance Framework:

  • • Digital Personal Data Protection Act, 2023 (Primary)
  • • Information Technology Act, 2000 and IT Rules, 2021
  • • GDPR-inspired principles for global best practices
  • • Sector-specific regulations (where applicable)

2.1 Indian Legal Compliance:

Our data processing practices comply with Indian privacy and data protection laws:

  • Digital Personal Data Protection Act, 2023: Primary framework for personal data processing
  • Information Technology Act, 2000: Electronic data protection and cybersecurity
  • IT Rules, 2021: Data protection and privacy standards
  • Consumer Protection Act, 2019: Consumer rights and data protection
  • GST Act: Tax-related data processing compliance

2.2 International Standards Alignment:

We align with global best practices while maintaining Indian law compliance:

This Policy also recognizes rights and obligations under the Arbitration and Conciliation Act, 1996, Consumer Protection Act, 2019, and related sectoral frameworks where applicable.

  • • GDPR-inspired transparency and user rights
  • • ISO 27001 information security standards
  • • Industry best practices for AI data governance
  • • Sector-specific data protection frameworks

2.3 Lawful Basis for Processing (DPDP Act):

LAGORI AI LLP processes personal data in accordance with applicable Indian law, including the Digital Personal Data Protection Act, 2023, and other relevant regulations. Our lawful bases for processing include:

  • Consent: explicit, informed consent for specified purposes.
  • Contractual Necessity: processing necessary to fulfil contractual obligations (e.g., account provisioning, support).
  • Legal Obligation: compliance with statutory or regulatory requirements.
  • Legitimate Interests: necessary processing for business operations, security, and product improvements, provided such interests do not override data principal rights.

Sensitive personal data is processed only with explicit consent or when permitted by law. Withdrawal of consent does not affect lawfulness of prior processing.

3. Data Collection and Categories

3.1 Personal Data We Collect:

We collect the following categories of personal data:

  • Identity Data: Name, email address, phone number, company details
  • Account Data: Username, password, account preferences, subscription details
  • Financial Data: Payment information, billing details, transaction history
  • Technical Data: IP address, device information, browser type, operating system
  • Usage Data: Product usage patterns, feature interactions, performance metrics
  • Business Data: Company information, product requirements, industry sector

3.2 AI-Specific Data Collection:

For AI-powered products, we may collect additional data:

  • Training Data: Anonymized usage patterns for model improvement
  • Model Performance Data: Accuracy metrics, prediction outcomes, error rates
  • User Feedback: Product performance ratings, quality feedback
  • Customization Data: User-specific AI model configurations and preferences
  • Sector-Specific Data: Industry-relevant information for domain-specific solutions

3.4 What We Do Not Collect:

  • • We do not sell your personal data to advertisers or third parties.
  • • We do not engage in profiling or automated decision-making without your consent.
  • • We do not collect special category data (sensitive personal data) unless explicitly required and consented to.
  • • We do not track users across third-party websites for marketing purposes.

3.5 Employee & Vendor Data:

We also collect limited employee, contractor, and vendor data strictly for operational, compliance, and payroll purposes.

3.6 Affiliate Sharing:

If you access Lagori through partner platforms, limited identifiers may be shared with affiliates for authentication and compliance.

3.3 Data Collection Methods:

We collect data through various methods:

  • Direct Input: Information you provide during registration and product usage
  • Automated Collection: Cookies, web beacons, and similar technologies
  • Third-Party Sources: Service providers, payment processors, analytics services
  • Product Usage: Data generated through your interaction with our products
  • Communication: Emails, support tickets, and customer service interactions
  • Cookies and Tracking Technologies: We use cookies, pixels, and similar technologies for product analytics, user experience, and security. For details, please see our dedicated Cookie Policy.

4. Data Processing and AI Operations

AI Processing Notice: Our AI systems process your data to provide personalized products, improve model accuracy, and enhance user experience. All processing is conducted in accordance with applicable laws and your consent.

4.1 AI Model Training and Improvement:

We use your data to improve our AI products:

  • Model Training: Anonymized data for algorithm improvement
  • Performance Optimization: Product enhancement based on usage patterns
  • Feature Development: New capabilities based on user needs
  • Quality Assurance: Product reliability and accuracy improvement
  • Risk Management: Enhanced security and fraud detection

4.2 Personalized AI Products:

AI-powered personalization includes:

  • Business Solutions: Customized AI recommendations for your industry
  • Risk Assessment: Personalized risk management suggestions
  • Performance Analytics: Tailored insights and predictions
  • Product Recommendations: AI-driven feature and product suggestions
  • Content Personalization: Relevant educational and informational content

4.3 Data Processing Purposes:

We process your data for the following purposes:

  • Product Provision: Delivering and maintaining our AI-powered products
  • Account Management: User authentication, billing, and support
  • Product Improvement: Enhancing AI models and platform functionality
  • Security: Fraud detection, threat prevention, and system protection
  • Compliance: Meeting legal and regulatory obligations
  • Communication: Product updates, security alerts, and support

4.4 AI Model Training – Anonymization and Opt-Out:

  • Anonymization: Personal data is anonymized or pseudonymized where feasible.
  • Consent: Explicit consent is obtained for processing identifiable data for AI model training.
  • Opt-Out: Users may request exclusion from AI training datasets by contacting our Data Protection Officer (see Section 7.6). We will take reasonable steps to remove personal data from active datasets. Note: complete removal from trained models may not always be technically feasible.
  • Aggregated Use: Anonymized and aggregated data may continue to be used for research and product improvement.

5. Data Sharing and Third-Party Services

5.1 Third-Party Service Providers:

We may share data with trusted third-party providers:

  • Cloud Infrastructure: AWS, Google Cloud, or Azure for data hosting
  • Payment Processors: Stripe, Razorpay, or similar for financial transactions
  • Analytics Services: Google Analytics, Mixpanel for product improvement
  • Support Tools: Customer service and ticketing systems
  • AI Model Providers: Third-party AI services and APIs

5.2 Data Sharing Limitations:

We strictly limit data sharing:

  • • No sale of personal data to third parties
  • • Data sharing only for essential product provision
  • • Strict confidentiality agreements with all providers
  • • Data minimization principles in all sharing arrangements
  • • Regular audits of third-party data handling practices

5.3 Legal and Regulatory Sharing:

We may disclose data when required by law:

  • • Compliance with court orders or legal requests
  • • Regulatory investigations by relevant authorities
  • • Tax compliance and GST-related disclosures
  • • Fraud prevention and security investigations
  • • Protection of our rights, property, or safety

5.4 Anonymized Data Sharing:

We may share anonymized, aggregated insights with affiliates, research partners, or investors, but this data cannot identify you.

5.5 Cross-Border Transfers and International Processing:

Lagori may transfer, store, or process personal data outside India where our cloud providers or third-party services operate.

  • • Technical and organizational safeguards are applied to protect data.
  • • Transfers are limited to jurisdictions with adequate protection or suitable contractual safeguards.
  • • Government restrictions under DPDP will be followed.
  • • Where legally required, explicit user consent will be obtained.

6. Data Security and Protection

Security Commitment: We implement industry-leading security measures to protect your data, including encryption, access controls, and regular security audits. However, no system is completely secure, and we cannot guarantee absolute protection against all threats.

6.1 Technical Security Measures:

Our security infrastructure includes:

  • Encryption: AES-256 encryption for data at rest and in transit
  • Access Controls: Multi-factor authentication and role-based access
  • Network Security: Firewalls, intrusion detection, and DDoS protection
  • Data Backup: Regular encrypted backups with disaster recovery
  • Security Monitoring: 24/7 threat detection and response

6.2 AI-Specific Security Measures:

Specialized security for AI systems:

  • Model Security: Protection against adversarial attacks and model poisoning
  • Data Isolation: Separation of training and production data
  • Access Logging: Comprehensive audit trails for AI model access
  • Secure APIs: Rate limiting and authentication for AI product access
  • Privacy-Preserving AI: Techniques to minimize data exposure in AI operations

We also subject our security controls and AI systems to periodic external audits and independent third-party assessments to ensure compliance with applicable standards and regulations.

6.3 Incident Response and Breach Notification:

Our incident response procedures:

  • • Immediate containment and investigation of security incidents
  • • Notification to affected users as required by applicable law and regulator guidance
  • • Coordination with relevant authorities as required by law
  • • Post-incident analysis and security improvements
  • • Regular security training and awareness programs

We maintain a responsible disclosure program to encourage security researchers to report vulnerabilities ethically.

6.4 Liability for Data Breaches:

While we take all reasonable measures to protect your personal data, Lagori AI LLP shall not be liable for breaches resulting from events beyond our reasonable control, including force majeure events, cyber-attacks beyond industry-standard protections, or negligence by third-party service providers not under our direct control.

7. Your Rights and Data Control

Your Rights Under DPDP Act 2023:

  • • Right to access and obtain copy of your personal data
  • • Right to correction and updating of inaccurate data
  • • Right to erasure and deletion of your data
  • • Right to grievance redressal
  • • Right to withdraw consent at any time

7.1 Data Access and Portability:

You have the right to:

  • • Access all personal data we hold about you
  • • Request a copy of your data in portable format (where we choose to offer this service)
  • • View your data processing history and purposes
  • • Understand how your data is used in AI systems
  • • Request information about third-party data sharing

7.2 Data Correction and Erasure:

You can request:

  • • Correction of inaccurate or incomplete data
  • • Updating of outdated information
  • • Deletion of your personal data (with limitations)
  • • Removal of data from AI training datasets
  • • Restriction of data processing for specific purposes

7.3 Consent Management:

Control your data processing consent:

  • • Withdraw consent for specific processing activities
  • • Modify consent preferences for different products
  • • Opt-out of non-essential data processing
  • • Control marketing and promotional communications
  • • Manage AI personalization preferences

Lagori AI LLP does not use deceptive interfaces or "dark patterns" to obtain your consent. All consent must be freely given, specific, informed, and unambiguous, in compliance with the Digital Personal Data Protection Act, 2023.

7.4 Grievance Redressal:

We provide a grievance redressal mechanism:

  • • Contact our Data Protection Officer for privacy concerns
  • • Submit formal grievances through our designated process
  • • Escalate unresolved issues to relevant authorities
  • • Track grievance resolution status
  • • Appeal mechanisms for grievance decisions

Unresolved grievances will be escalated within the timeframe required by applicable law to the Data Protection Board of India or equivalent competent authority.

7.5 Data Breach Remedies:

In the event of a data breach caused by negligence on our part, affected users may be entitled to remedies or compensation as provided under the Digital Personal Data Protection Act, 2023 or other applicable laws.

7.6 How to Exercise Your Rights & Contact DPO:

To exercise your rights (access, correction, erasure, portability, restriction, objection, withdrawal of consent, removal from AI training datasets) or raise a grievance, contact:

Email: privacy@lagori.ai

  • • Requests acknowledged within 7 days.
  • • Substantive response within 30 days or as required by applicable law.
  • • Unresolved grievances will be escalated within the timeframe required by applicable law to the Data Protection Board of India or equivalent competent authority.

8. Data Retention and Deletion

8.1 Retention Periods:

We retain your data for specific periods:

  • Account Data: Retained while your account is active
  • Transaction Data: 7 years for tax and compliance purposes
  • Product Data: 5 years for product quality improvement
  • AI Training Data: anonymized/pseudonymized and retained only as long as needed for model improvement; personal data is minimized and deleted or anonymized when no longer required.
  • Communication Data: 3 years for product quality improvement

8.2 Data Deletion and Anonymization:

Our data deletion practices:

  • • Immediate deletion upon account closure request
  • • Anonymization of data used in AI training
  • • Secure deletion of sensitive information
  • • Regular cleanup of outdated and unnecessary data
  • • Verification of complete data removal

8.3 Post-Deletion Considerations:

Important considerations after data deletion:

  • • Some data may be retained for legal compliance
  • • Anonymized data may continue to be used for AI improvement
  • • Backup data may require additional time for deletion
  • • Third-party services may retain data according to their policies
  • • Regulatory authorities may require data retention

8.4 Data Sovereignty and Localization:

For government projects and regulated sector clients, all project-related data will be stored and processed exclusively within India, in compliance with the National Data Governance Framework Policy, the Information Technology Act, 2000, and any applicable sector-specific regulations. Cross-border transfer of such data will occur only with prior written consent from the client and in accordance with applicable laws.

9. AI-Specific Privacy Considerations

AI Privacy Features:

  • • Privacy-preserving AI techniques
  • • Federated learning for distributed data processing
  • • Differential privacy for statistical analysis
  • • Secure multi-party computation for collaborative AI

9.1 AI Model Privacy:

How we protect privacy in AI operations:

  • Federated Learning: AI training without centralizing user data
  • Differential Privacy: Adding noise to protect individual privacy
  • Homomorphic Encryption: Processing encrypted data without decryption
  • Secure Aggregation: Combining model updates without exposing individual data
  • Privacy Budgets: Limiting information leakage from AI queries

9.2 AI Decision Transparency:

Understanding AI decision-making:

  • • Explanation of AI-generated recommendations and decisions
  • • Transparency about data sources and processing methods
  • • Ability to challenge and appeal AI decisions
  • • Human oversight and intervention capabilities
  • • Regular audits of AI system fairness and bias

9.3 AI Bias and Fairness:

Our commitment to fair AI:

  • • Regular testing for algorithmic bias and discrimination
  • • Diverse training data to prevent bias
  • • Fairness metrics and monitoring systems
  • • User feedback mechanisms for bias reporting
  • • Continuous improvement of AI fairness and equity

10. International Data Transfers

10.1 Cross-Border Data Processing:

Data may be processed outside India:

  • • Cloud infrastructure providers with global data centers
  • • International AI model and analytics services
  • • Global payment processing and financial services
  • • International customer support and service providers
  • • AI model training and optimization services

10.2 Transfer Safeguards:

We implement appropriate safeguards:

  • • Compliance with DPDP Act cross-border transfer restrictions
  • • Adequacy decisions for recognized jurisdictions
  • • Binding corporate rules for multinational transfers
  • • Data localization requirements where applicable
  • • Regular assessment of transfer risks and compliance

Users will be notified before any significant cross-border transfer of personal data and may exercise the right to restrict or object to such transfers where legally permissible.

11. Children's Privacy and Special Categories

11.1 Age Restrictions:

Our products are not intended for children:

  • • Minimum age requirement of 18 years for account creation
  • • No intentional collection of data from children under 18
  • • Immediate deletion of any discovered child data
  • • Parental consent requirements for users under 18
  • • Age verification measures for regulated products

11.2 Special Category Data:

We do not intentionally collect sensitive data:

  • • No collection of health, biometric, or genetic data
  • • No processing of political or religious beliefs
  • • No collection of sexual orientation or gender identity
  • • Financial data limited to product provision requirements
  • • Explicit consent required for any special category data

12. Policy Updates and Communication

12.1 Policy Modification Process:

How we update this Policy:

  • • Regular review and updates to reflect legal changes
  • • Notification of material changes via email and website
  • • 30-day advance notice for significant modifications
  • • Opportunity to review and provide feedback
  • • Continued use constitutes acceptance of updates

12.2 Change Notification Methods:

We communicate changes through:

  • • Email notifications to registered users
  • • Website announcements and pop-up notifications
  • • Mobile app updates and in-app notifications
  • • Social media announcements for major changes
  • • Direct communication for critical privacy updates

12.3 Policy Transparency and User Rights:

Archived versions of this Policy will remain available upon request to ensure full transparency. If you do not accept material updates, you may terminate use and request data deletion.

13. Contact Information and Complaints

Data Protection Officer:

For privacy-related inquiries and data subject requests:

  • Email: privacy@lagori.ai
  • Phone: +91 9886644123
  • Response Time: Within 30 days for data subject requests

Address:

Lagori AI LLP
#402, Pyramid Pinnacle Apartment
35th A Cross, 17th Main
JP Nagar 6th Phase
Bengaluru-560078

Regulatory Complaints:

If you have concerns about our data handling practices, you may:

  • • Contact our Data Protection Officer first
  • • File a complaint with the Data Protection Board of India
  • • Seek legal recourse through appropriate courts
  • • Contact relevant regulatory authorities

14. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of India. Any disputes arising under this Policy shall be subject to the exclusive jurisdiction of the courts in Bengaluru, Karnataka, India. Where applicable, disputes may be resolved through arbitration under the Arbitration and Conciliation Act, 1996.

14.1 Severability and Non-Waiver:

If any provision of this Policy is held unenforceable, the remaining provisions shall remain valid. Failure to enforce rights under this Policy shall not constitute a waiver.

Final Acknowledgment

By using Lagori AI LLP's products, you acknowledge that you have:

  • • Read and understood this Privacy Policy
  • • Consented to our data processing practices
  • • Understood your rights and how to exercise them
  • • Agreed to our data retention and deletion policies
  • • Accepted our AI-specific privacy protections

If you do not agree with this Policy, you must immediately cease using our products.

Version History

  • v1.0 – May 15, 2025 – Initial release
  • v1.1 – August 15, 2025 – Added jurisdiction clause, cookie cross-reference, breach liability, user transparency, consent clarity, breach remedies, external audits, version control.