Back to home

Privacy Policy

Privacy Policy

Last Updated: June 11, 2026

1. Introduction

This Privacy Policy describes how CinfyAI ("Service") collects, uses, and protects personal data.

This policy applies to users located in the United States, Singapore, and India.

2. Scope

This is a Business-to-Business (B2B) platform. Personal data processed is limited to:

  • Authorized users of client organizations
  • Administrative and authentication data
  • Usage metadata

3. Data We Collect

3.1 Account Information

  • Name
  • Email
  • Organization details
  • Role and permissions

3.2 Authentication Data

  • Username/password (if applicable)
  • SSO identifiers (e.g., Entra ID, Google)

3.3 Usage Data

  • Interaction logs
  • Queries submitted to AI
  • System performance metrics

3.4 Analytics Data

  • Collected only upon explicit consent
  • Includes anonymized usage patterns via tools like Google Analytics

4. Nature of AI Processing

  • AI responses are generated using integrated organizational data sources
  • AI operates in read-only mode
  • No independent profiling or automated decision-making is performed

5. Legal Basis for Processing

Processing is based on:

  • Contractual necessity (B2B service delivery)
  • Legitimate interests (service improvement)
  • Explicit consent (for analytics tracking)

For Indian users, processing aligns with the Digital Personal Data Protection Act (DPDP).

6. Purpose of Data Processing

We use personal data to:

  • Provide and maintain the Service
  • Authenticate and authorize users
  • Generate AI responses
  • Ensure system security
  • Improve product performance (subject to consent)

7. Data Sharing

We do NOT sell personal data.

Data may be shared with:

  • Authorized organization administrators
  • Cloud infrastructure providers
  • Sub-processors under contractual safeguards

8. Cross-Border Data Transfers

Data may be processed outside the user’s country, subject to:

  • Adequate safeguards
  • Contractual protections
  • Applicable regulatory requirements

9. Data Retention

  • Data is retained as long as required for service provision
  • Organizations may request deletion as per contractual terms
  • Logs may be retained for security and audit purposes

10. Data Security

We implement:

  • Encryption (in transit and where applicable at rest)
  • Access control mechanisms
  • Monitoring and logging systems

Despite safeguards, no system is fully secure.

11. User Rights

Depending on jurisdiction, users may have rights to:

  • Access their data
  • Correct inaccuracies
  • Request deletion
  • Withdraw consent (for analytics)

Requests must be routed through the respective organization administrator.

12. Consent Management

  • Analytics tracking is disabled by default
  • Activated only upon explicit user consent
  • Users can withdraw consent at any time

13. Cookies and Tracking

  • Essential cookies are used for authentication and session management
  • Non-essential tracking (e.g., Google Analytics) requires explicit consent

14. Children’s Privacy

The Service is not intended for individuals under 18 years of age.

15. Third-Party Services

The platform integrates with enterprise systems and identity providers.

These services are governed by their respective privacy policies.

16. Data Protection Compliance

We align with:

  • Digital Personal Data Protection Act (India)
  • Singapore Personal Data Protection Act (PDPA)
  • Applicable US data protection standards

17. Updates to Policy

We may update this policy periodically. Continued use implies acceptance.

18. Contact

For data protection inquiries:

Compileinfy Technology Solutions Private Limited
Email: [email protected]