Privacy Policy

Last updated: 8 May 2026 · Effective date: 8 May 2026

This Privacy Policy explains how XYOS Tecnologies Private Limited(CIN: U62099KA2026PTC219759), with its registered office at Innov8 PrestigeTechPlatin, No. 32/2, 34/1, Kadabisanahalli, Varthur, Bangalore South, Bangalore - 560087, Karnataka ("BrandSaathi", "we", "us", "our") collects, uses, stores, shares, and protects your personal data when you use BrandSaathi.ai and related services (the "Service").

We act as a Data Fiduciaryunder India's Digital Personal Data Protection Act, 2023 (" DPDP Act") for personal data you submit to the Service.

1. What we collect

We collect only what is necessary to provide and improve the Service.

a) Information you give us

Account data: name, email address, password (stored as a one-way hash), and account preferences.
Brand Profile data: business name, business type (e.g. CA, doctor, consultant), industry, products or services, customer type, and similar fields you submit during onboarding.
Content data: prompts, topics, and AI-generated LinkedIn posts you create or save in the Service. Voice note recording and processing is a Phase 2 feature not active in v1.
Payment data: billing name, GSTIN (optional), and payment method details. Card and bank details are collected and stored by our payment processor (Razorpay), not by us. We receive only a transaction reference and status.
Support data: emails, chat messages, or feedback you send to us.

b) Information collected automatically

Usage data: pages visited, features used, number of generations, session timestamps, and approximate location derived from IP.
Device & log data: IP address, browser type, operating system, device identifiers, and crash logs.
Cookies & similar: essential cookies for login sessions and security. We currently do not use third-party advertising cookies.

c) What we do NOT collect

We do not knowingly collect personal data of children under 18.
We do not collect biometric data, government IDs, or sensitive financial information beyond what payment processors require.
We do not sell your personal data to data brokers or advertisers.

2. How we use your data

We use your data to:

Create and operate your account.
Generate AI LinkedIn posts tailored to your brand profile and vertical (v1). Multi-platform and channel features coming Phase 2.
Process payments and issue invoices (including GST invoices).
Provide customer support, troubleshoot issues, and prevent fraud or abuse.
Send you transactional emails (signup confirmation, password reset, billing, important Service updates).
Send you product updates and marketing communications, where permitted — you can unsubscribe at any time.
Improve the Service through aggregated and anonymised analytics.
Comply with legal obligations under Indian law.

3. Legal basis (DPDP Act)

We process your personal data based on:

Your consent, which you provide when you sign up, accept these terms, or opt in to specific features.
Performance of contract, where processing is necessary to deliver the Service you have subscribed to.
Legitimate uses permitted under the DPDP Act, such as fraud prevention, network security, and compliance with legal obligations.

4. AI processing & third-party AI providers

To generate AI Output, we send your prompts, brand profile context, and (where applicable) Content to third-party AI providers, currently including Google (Gemini) and, in the future, others such as Sarvam AI and OpenAI/Anthropic.

These providers process your data under their own privacy and security commitments. We do not permit them to use your inputs to train their public foundation models, where contractually controllable. You are responsible for not submitting confidential or sensitive third-party information into the Service unless you have authority to do so.

5. Sharing your data

We share personal data only with the following categories of recipients, and only to the extent needed to deliver the Service:

Hosting & infrastructure: Vercel (hosting), Supabase (database, primary region: Mumbai, India).
AI providers: Google (Gemini) and other AI partners as we expand the Service.
Payments: Razorpay for subscription processing.
Email: Resend for transactional emails (welcome, billing, Service updates).
Analytics: PostHog for product analytics (pages visited, feature usage). Data is anonymised at the session level and not used for advertising profiling.
Messaging: WhatsApp / Meta (Cloud API) integration is a Phase 2 feature not active in v1. No WhatsApp data is shared in the current version.
Professional advisers: auditors, lawyers, and consultants under confidentiality.
Authorities: where required by Indian law, regulation, or valid legal process.

We do not sell your personal data.

6. Data location & international transfers

Your account and Brand Profile data is primarily stored in our Supabase database hosted in Mumbai, India. Some sub-processors (for example, AI model providers and email services) may process data outside India. Where this happens, we rely on the provider's contractual safeguards and applicable Indian law.

7. Data retention

Active accounts: we keep your data while your account is active.
After account closure: we typically retain core account and billing data for up to 7 years to comply with Indian tax and accounting laws, after which it is deleted or anonymised.
Generated content history: you can request deletion of saved Content via a written request to hello@brandsaathi.ai.
Logs & analytics: aggregated and de- identified usage data may be retained indefinitely for product improvement.

8. Your rights under the DPDP Act

As a Data Principal, you have the right to:

Access a summary of the personal data we hold about you.
Request correction or update of inaccurate data.
Request erasure of your personal data, subject to legal retention obligations.
Withdraw consent at any time (this may limit your ability to use parts of the Service).
Nominate another individual to exercise these rights in the event of your death or incapacity.
File a grievance with us (see Section 11 below).

To exercise any of these rights, email hello@brandsaathi.ai from your registered email address. We will respond within a reasonable time and in any event within timelines required by law.

9. Security

We use industry-standard security measures including encryption in transit (TLS), encryption at rest for the database, hashed passwords, role-based access control, row-level security policies, and least-privilege access for employees and contractors. No Internet service is 100% secure, and you are responsible for protecting your password and account.

10. Children

The Service is not intended for individuals under 18. We do not knowingly collect personal data of minors. If you believe we have collected data of a minor, please contact us and we will delete it.

11. Grievance Officer

Under the DPDP Act and the Information Technology Act, 2000, you may contact our Grievance Officer:

Name: Kalakata Sanjay Bhargav
Designation:Director & Grievance Officer, XYOS Tecnologies Private Limited
Email: hello@brandsaathi.ai
Address: Innov8 PrestigeTechPlatin, No. 32/2, 34/1, Kadabisanahalli, Varthur, Bangalore South, Bangalore - 560087, Karnataka, India

We aim to acknowledge grievances within 48 hours and resolve them within 30 days.

12. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be notified by email or in-app notice at least 30 days before they take effect. The "Last updated" date at the top reflects the latest version.

13. Contact

For any privacy questions or to exercise your rights, contact us at hello@brandsaathi.ai.