Privacy Policy

This Privacy Policy explains how AhuraSense AI Pvt Ltd ("AhuraSense", "Company", "we", "us", or "our") collects, uses, stores, shares, protects, and otherwise processes personal data when you access or use our websites, portals, dashboards, APIs, cloud infrastructure services, AI inference services, AI training services, compute services, GPU pods, Kubernetes services, database services, object storage services, security services, domain services, application deployment services, support services, documentation, billing systems, and related offerings.

This Privacy Policy applies to:

• Visitors to our websites.
• Customers and prospective customers.
• Account administrators, developers, and technical users.
• Billing and support contacts.
• Business contacts and users of our dashboards, APIs, and portals.
• Individuals whose personal data may be processed through customer use of our services.

This Privacy Policy should be read together with our Terms of Service, Cookie Policy, and, where applicable, our Data Processing Agreement.

Depending on the context, AhuraSense may act as a data fiduciary/controller or as a data processor/service provider.

2.1 When AhuraSense Acts as Data Fiduciary or Controller

We act as a data fiduciary/controller when we decide why and how personal data is processed. This includes processing for account registration, billing and payments, customer onboarding, identity verification, security monitoring, fraud prevention, product analytics, marketing, customer support, legal compliance, and business administration.

2.2 When AhuraSense Acts as Processor

We act as a processor when we process Customer Data on behalf of a customer according to the customer's instructions. Customers may upload, host, process, train, infer, store, or transmit data using our infrastructure services. In such cases, the customer is generally responsible for determining the purpose and means of processing.

Where legally required, our Data Processing Agreement governs this processing.

3.1 Account Information

When you create or manage an account, we may collect name, business name, email address, phone number, job title, username, password or authentication credentials, organization name, account role, team members, billing profile, business verification details, tax information, and communications preferences.

3.2 Identity and Verification Information

For certain services — especially high-value infrastructure, GPU resources, domain services, or compliance-sensitive products — we may collect business registration details, government-issued business identifiers, authorized representative details, billing verification information, use-case information, compliance certifications, sanctions screening information, and fraud risk signals.

3.3 Billing and Payment Information

We may collect billing name, billing address, tax registration details, purchase orders, invoices, payment status, payment method metadata, transaction history, usage records, and credit, deposit, prepaid balance, or commitment details. Payment card or bank details may be processed by third-party payment processors. We generally do not store full payment card numbers unless expressly stated.

3.4 Technical and Usage Data

When you use our services, we may collect IP address, device information, browser type, operating system, login events, API request metadata, dashboard activity, resource usage (compute, GPU, storage, bandwidth), region and product selections, error logs, security events, system telemetry, performance metrics, quota usage, rate-limit events, and audit logs.

3.5 Customer Data

Customer Data may include files, datasets, prompts, inputs, outputs, model weights, checkpoints, embeddings, containers, images, code, secrets, configuration data, databases, object storage contents, logs submitted by customers, application data, and end-user data processed through customer workloads.

Customers remain responsible for their workloads, data, software, identities, configurations, end users, compliance, and business decisions.

3.6 Support and Communications Data

When you contact us, we may collect support ticket content, chat messages, emails, call notes, troubleshooting information, screenshots or logs you provide, feedback, survey responses, commercial discussions, and contract and order communications.

3.7 Cookies and Similar Technologies

We collect information through cookies and similar technologies as described in our Cookie Policy, including session identifiers, consent preferences, analytics events, referral sources, device information, security tokens, and dashboard preferences.

4.1 To Provide the Services

We process personal data to create and manage accounts, authenticate users, provision cloud resources, provide dashboards and APIs, enable compute, GPU, database, Kubernetes, storage, domain, security, and deployment services, process AI inference and training workloads, provide support, and maintain service availability.

4.2 To Secure the Services

We use personal data and technical data to detect unauthorized access, prevent fraud, investigate abuse, protect infrastructure, monitor suspicious activity, enforce access controls, manage vulnerabilities, respond to security incidents, and protect customers and third parties.

4.3 To Bill and Manage Commercial Relationships

We use personal data to generate invoices, calculate usage-based charges, process payments, manage prepaid balances, apply taxes, resolve billing disputes, manage subscriptions and commitments, enforce payment obligations, and provide account notices.

4.4 To Improve and Develop Services

We may use personal data, usage data, aggregated data, and de-identified data to improve product functionality, develop new features, improve documentation, measure service performance, analyze product adoption, improve onboarding and customer support, plan capacity, and enhance reliability and security.

Unless separately agreed in writing, we do not use Customer Data to train foundation models for AhuraSense or third parties.

4.5 To Communicate With You

We may use contact information to send account notices, security alerts, billing notices, product updates, maintenance notices, support responses, contract notices, policy updates, service announcements, and marketing communications where permitted. You may opt out of non-essential marketing communications while still receiving transactional, security, legal, and service-related communications.

4.6 To Comply With Law

We may process personal data to comply with tax laws, accounting requirements, court orders, government and law-enforcement requests, export control obligations, sanctions screening, domain registry rules, data protection laws, security and incident reporting requirements, and legal claims and dispute resolution.

Where a legal basis is required, we may process personal data based on:

• Performance of a contract.
• Consent.
• Legitimate business interests.
• Compliance with legal obligations.
• Protection against fraud, abuse, and security threats.
• Customer instructions where we act as processor.
• Other lawful grounds permitted under applicable law.

Under India's DPDP Act, processing of digital personal data must be for lawful purposes and in accordance with applicable notice, consent, legitimate use, and data fiduciary obligations.

Customers are responsible for:

• Ensuring they have the right to upload and process Customer Data.
• Providing required notices to their users and obtaining required consents.
• Selecting appropriate regions, services, access controls, and encryption choices.
• Managing retention, deletion settings, and data subject requests concerning Customer Data.
• Ensuring compliance with applicable laws.

Customers must not upload personal data, regulated data, health data, payment card data, government secrets, biometric data, children's data, or other sensitive data unless the applicable service, order, and data protection terms permit it and appropriate safeguards are implemented.

7.1 Service Providers

We may share data with service providers for cloud infrastructure, data centers, network connectivity, payment processing, email delivery, analytics, security monitoring, customer support, error tracking, identity verification, CRM systems, and accounting and invoicing.

7.2 Infrastructure and Technology Partners

We may rely on third-party facilities, hardware vendors, connectivity providers, domain registries, DNS providers, cloud suppliers, and software providers. These parties may process data where required to provide the services.

7.3 Legal, Security, and Compliance Recipients

We may disclose data where necessary to comply with law, respond to valid legal requests, enforce our Terms, investigate abuse, protect security, prevent fraud, protect rights, property, and safety, or address sanctions and export-control concerns.

7.4 Business Transfers

If we are involved in a merger, acquisition, financing, restructuring, sale of assets, or similar transaction, personal data may be transferred as part of that transaction, subject to appropriate confidentiality and legal protections.

We may process and store data in India and other countries where we, our service providers, infrastructure partners, or customers operate.

Where applicable law requires safeguards for cross-border transfers, we will use appropriate mechanisms such as contractual safeguards, standard contractual clauses, transfer impact assessments, customer instructions, or other lawful transfer tools.

For EU/EEA personal data, GDPR Article 28 requires specific controller-processor terms, including documented instructions, confidentiality, security, subprocessor controls, assistance with data subject rights, deletion or return, and audit support.

We maintain administrative, technical, and organizational measures designed to protect personal data and the services, including:

• Access controls and authentication.
• Logging, monitoring, and network security.
• Encryption where appropriate.
• Vulnerability management and incident response processes.
• Supplier review, backup, and recovery controls.
• Segregation of environments and security reviews.

No security system is perfect. Customers must also secure their workloads, credentials, applications, containers, databases, APIs, models, secrets, storage buckets, and access policies.

We retain personal data for as long as reasonably necessary for the purposes described in this Privacy Policy, including providing services, maintaining accounts, billing and tax compliance, security monitoring, fraud prevention, legal compliance, dispute resolution, contract enforcement, and audit purposes.

Customer Data retention depends on the applicable service, order, configuration, and customer instructions. After termination or expiry, Customer Data may be deleted or disabled after the period stated in the Terms of Service or applicable agreement.

We may retain logs, billing records, security records, legal records, and backup copies for legitimate business, compliance, security, or dispute purposes.

Depending on applicable law, individuals may have rights to:

• Access, correct, or delete personal data.
• Withdraw consent and object to or restrict certain processing.
• Receive a copy of personal data and file a complaint.
• Nominate another person to exercise rights where applicable.
• Request information about processing.

Where AhuraSense acts as a processor for Customer Data, we may direct requests to the relevant customer unless legally required to respond directly. To submit a request, email [email protected]. We may need to verify your identity before responding.

Our services are intended for business and developer use. They are not intended for children.

Customers must not use the services to collect or process children's personal data unless they have a lawful basis, required consents, appropriate safeguards, and written agreement from AhuraSense where required.

Customers may use AhuraSense services for AI inference, fine-tuning, training, embedding generation, evaluation, model hosting, and related workloads. Customers are responsible for:

• Dataset rights, privacy notices, lawful bases, and consent.
• Sensitive data safeguards, bias and safety testing, and model license compliance.
• Output review, downstream use, end-user disclosures, retention and deletion, and regulatory compliance.

Unless separately agreed in writing, AhuraSense does not use Customer Data to train foundation models for AhuraSense or third parties.

Customers must not upload or process highly sensitive or regulated data unless the applicable service and agreement permit it. This may include:

• Health data, biometric data, and children's data.
• Payment card data and financial account data.
• Government secrets and authentication secrets.
• Special-category personal data and data subject to sector-specific regulation.

If such processing is permitted, customers must implement appropriate safeguards, including encryption, access control, logging, retention controls, and legal compliance processes.

We may send marketing communications about our products, services, events, updates, and offers where permitted by law.

You may opt out of marketing emails by using the unsubscribe link or contacting us. Opting out of marketing does not affect transactional, legal, billing, security, or service-related communications.

Our websites and services may link to third-party websites, registries, payment processors, model providers, software repositories, documentation, marketplaces, or integrations.

We are not responsible for the privacy practices of third parties. You should review their privacy policies before using them.

We may update this Privacy Policy from time to time to reflect changes in law, services, security practices, or business operations.

We will post the updated policy on our website or otherwise notify you where required. Continued use of the services after the effective date means you accept the updated policy, where permitted by law.

For privacy questions, requests, or complaints, contact: