DivyCHI | Privacy Policy

This Privacy Policy explains how DIVY CHI Pvt. Ltd. ("DivyCHI," "we," "our," or "us") handles your data. By using our services, you agree to the practices described herein. Please read it carefully.

Section 01

Who We Are

DIVY CHI Pvt. Ltd. is an artificial intelligence research and technology company incorporated in India. We operate DivyCHI — a suite of intelligence products powered by our proprietary Existence Intelligence architecture — including our web platform, mobile applications, APIs, and enterprise services.

Our registered address is available upon written request. For all privacy-related inquiries, please contact our Data Protection Officer at privacy@divychi.com.

This policy applies to all individuals who access or use DivyCHI products, visit our website, interact with our sales or support teams, or provide us with personal data in any context.

Section 02

Information We Collect

We collect information in three principal ways: information you provide directly, information generated through your use of our services, and information received from third parties.

Information You Provide

Account data: name, email address, password (hashed), profile information, and organisation details when you create an account.
Payment data: billing address, payment method details processed and stored by our PCI-DSS-compliant payment processor (we do not store raw card numbers).
Communications: messages you send to us via email, support tickets, forms, or chat — including feedback, bug reports, and feature requests.
User content: text, files, code, or other inputs you submit to DivyCHI models and agents during your sessions.
Professional data: job title, company size, industry, and use-case information collected during enterprise onboarding or research participation.

Information Collected Automatically

Usage data: queries made, features accessed, session duration, button clicks, and navigation patterns within our products.
Device & technical data: IP address, browser type and version, operating system, device identifiers, screen resolution, and time zone.
Log data: server logs, error reports, API call records, latency metrics, and performance diagnostics.
Inference outputs: metadata about model responses such as token counts, response times, and quality feedback signals.

Information from Third Parties

Single sign-on providers (Google, Microsoft) when you choose to authenticate via OAuth.
Analytics partners providing aggregate and anonymised usage insights.
Referral sources and resellers who introduce enterprise customers to DivyCHI.

Section 03

How We Use Your Information

We use personal data only for purposes that are lawful, proportionate, and disclosed to you. Our primary purposes are:

Purpose	Data Used	Legal Basis
Providing and operating our services	Account data, usage data, user content	Contract performance
Processing payments and managing subscriptions	Payment data, account data	Contract performance
Improving and training our AI models	Usage data, inference outputs (anonymised)	Legitimate interest / Consent
Customer support and communications	Account data, communications	Contract performance
Safety monitoring and abuse prevention	Usage data, log data, user content	Legitimate interest
Legal compliance and audits	All categories as required	Legal obligation
Product analytics and feature development	Usage data, device data	Legitimate interest
Marketing and promotional communications	Account data, professional data	Consent / Legitimate interest

We do not use your private conversation content to train our models without your explicit opt-in consent. Enterprise plan customers have model training opted out by default.

Section 04

Information Sharing & Disclosure

We do not sell, rent, or trade your personal data to third parties for marketing purposes. We share data only in the following limited circumstances:

Service providers: cloud hosting (AWS, GCP), payment processing (Stripe), analytics, and customer support tools operating under strict data processing agreements.
Business transfers: in the event of a merger, acquisition, or asset sale, your data may be transferred to a successor entity subject to equivalent privacy protections.
Legal requirements: when required by applicable law, court order, or governmental authority — we will notify you where legally permitted.
Safety and fraud prevention: to protect the rights, property, or safety of DivyCHI, our users, or the public.
With your consent: for any sharing not described above, we will seek your explicit consent beforehand.

Section 05

Data Retention

We retain personal data for as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, resolve disputes, and enforce our agreements.

Account data: retained for the duration of your account and for up to 90 days following closure, after which it is permanently deleted.
Conversation content: retained for 30 days by default; Enterprise customers may configure shorter retention windows or disable retention entirely.
Payment records: retained for 7 years in accordance with financial and tax regulations.
Log and technical data: retained for up to 12 months for security and performance analysis.
Anonymised data: aggregate, non-identifiable data may be retained indefinitely for research and service improvement.

Section 06

Security

We implement industry-standard technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction.

AES-256 encryption at rest for all stored personal data and user content.
TLS 1.3 encryption in transit for all data moving between your device and our servers.
Role-based access controls and least-privilege principles for all internal access to production systems.
Regular third-party penetration testing and security audits.
SOC 2 Type II compliance (in progress; available to Enterprise customers upon request).
Incident response plan with obligation to notify affected users within 72 hours of becoming aware of a qualifying breach.

No method of transmission or electronic storage is 100% secure. While we use commercially reasonable measures, we cannot guarantee absolute security.

Section 07

Your Rights & Choices

Depending on your jurisdiction, you may have the following rights regarding your personal data. To exercise any of these rights, contact privacy@divychi.com. We respond to all legitimate requests within 30 days.

Access: request a copy of the personal data we hold about you.
Rectification: request correction of inaccurate or incomplete information.
Erasure: request deletion of your personal data, subject to legal retention obligations.
Portability: receive your data in a structured, machine-readable format.
Restriction: request that we limit processing in certain circumstances.
Objection: object to processing based on legitimate interests or for direct marketing.
Withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting prior processing.
Marketing opt-out: unsubscribe from marketing emails at any time via the link in each message or via account settings.

Section 08

Cookies & Tracking Technologies

We use cookies and similar technologies to operate our services, understand usage patterns, and personalise your experience.

Category	Purpose	Opt-Out
Essential / Strictly Necessary	Authentication, security tokens, session management	Not possible (required for service)
Functional	Remembering preferences, language, layout settings	Available via cookie banner
Analytics	Understanding how users navigate and interact with the product	Available via cookie banner
Marketing	Interest-based advertising and conversion tracking	Available via cookie banner or browser settings

You may manage cookie preferences through our on-site cookie banner, your browser settings, or by contacting us. Note that disabling certain cookies may impact service functionality.

Section 09

International Data Transfers

DivyCHI is headquartered in India and operates globally. Your data may be processed in countries other than your country of residence, including countries that may not have the same data protection laws.

When we transfer data from the European Economic Area (EEA), the United Kingdom, or Switzerland to countries not recognised as providing adequate protection, we rely on Standard Contractual Clauses (SCCs) approved by relevant supervisory authorities, or other appropriate safeguards.

By using DivyCHI services, you acknowledge that your personal data may be transferred to and processed in India and other jurisdictions where we operate or engage service providers.

Section 10

Children's Privacy

DivyCHI services are not directed to individuals under the age of 18 ("minors"). We do not knowingly collect personal data from minors. If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us immediately at privacy@divychi.com.

Upon verification, we will take prompt steps to delete the relevant data. Accounts found to be operated by minors will be suspended and any associated data deleted.

Section 11

Third-Party Services & Links

Our services may contain links to third-party websites, integrations, or plugins not operated by DivyCHI. This Privacy Policy does not apply to third-party services. We encourage you to review the privacy policies of any third-party services you access through or in connection with DivyCHI.

Where third-party services are integrated directly into our platform (e.g., payment processors, SSO providers), we ensure they operate under appropriate data protection agreements, but their own policies also govern their use of your data.

Section 12

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. Material changes will be communicated to you via:

Email notification to the address associated with your account (at least 14 days before changes take effect for material updates).
Prominent in-product banners or notifications.
Updated "Last Modified" date at the top of this page.

Your continued use of DivyCHI services after the effective date of any changes constitutes your acceptance of the updated policy. If you do not agree to changes, you should stop using the services and may request deletion of your data.

Section 13

Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact:

Data Protection Officer
DIVY CHI Pvt. Ltd.
Email: privacy@divychi.com
Subject line: "Privacy Request — [Your name]"

If you are located in the EEA or UK and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local supervisory authority.