Privacy Policy

This Privacy Policy explains how Bondhu AI ("we," "our," or "Bondhu") collects, uses, stores, shares, and protects your personal information when you use our Platform at bondhu.tech. This policy complies with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000, and the Mental Healthcare Act, 2017.

Your Privacy Matters: We are committed to protecting your personal data and providing transparency about our data practices. This policy outlines your rights and how we safeguard your information in accordance with Indian data protection laws.

Information We Collect

We collect the following categories of personal data necessary to provide and improve Bondhu's services:

📧 Account Data

•Email address (required for account creation and communication)
•Name (optional for personalization)
•Authentication details (email or Google OAuth credentials)

💬 Usage Data

•Conversation logs and chat history with AI companions
•User preferences, settings, and customizations
•Activity patterns, feature usage, and engagement metrics

🧠 Personality & Well-being Data

•Responses to personality assessments, quizzes, and interactive games
•Behavioral insights and patterns derived from AI interactions
•Emotional well-being indicators and mood tracking data

🔧 Technical Data

•Device type, model, and operating system information
•Browser type, version, and language preferences
•IP address (for security, analytics, and fraud prevention)
•Cookies and similar tracking technologies

Legal Basis for Data Processing

We process your personal data based on the following legal grounds under the DPDP Act, 2023:

✓

Consent

You provide explicit, informed, and freely given consent when creating an account and using our services

✓

Contractual Necessity

To perform our services as outlined in the Terms of Service agreement

✓

Legitimate Interests

To improve services, ensure platform security, and prevent fraud or abuse

✓

Legal Obligations

To comply with applicable Indian laws, regulations, and legal processes

How We Use Your Data

Your personal information is used for the following purposes:

•Service Delivery: Provide personalized AI conversations, personality insights, well-being tools, and analytics
•AI Improvement: Train and enhance AI models, improve adaptive personality response systems, and refine recommendation algorithms
•Account Management: Maintain account functionality, security, authentication, and user preferences
•Communication: Send service updates, feature announcements, security alerts, and support responses
•Analytics & Research: Understand usage patterns, conduct research, and enhance user experience
•Security & Fraud Prevention: Detect and prevent fraud, abuse, unauthorized access, and security threats
•Legal Compliance: Meet legal and regulatory obligations under Indian law

Data Security Measures

We implement industry-standard security practices to protect your personal data:

🔒

Encryption

All data is encrypted in transit (using HTTPS/TLS) and at rest using AES-256 encryption

🛡️

Row-Level Security (RLS)

Implemented via Supabase backend to isolate user data and prevent unauthorized access

🔑

Access Controls

Restricted access to personal data on a strict need-to-know basis with role-based permissions

🔍

Regular Security Audits

Periodic security assessments, vulnerability testing, and penetration testing

Important Note: While we employ robust security measures, no online system is 100% secure. Users share data at their own discretion.

Data Retention Policy

Active Accounts

Personal data is retained as long as your account remains active and you continue using our services

Inactive Accounts

Data may be retained for up to 12 months after account inactivity before deletion, allowing account recovery

Deleted Accounts

Upon account deletion, personal data is permanently erased within 30 days, except where retention is required by law

Legal Compliance

Some data may be retained longer to comply with legal obligations, resolve disputes, or enforce agreements

Your Privacy Rights

Under the DPDP Act, 2023 and applicable Indian laws, you have the following rights:

👁️

Right to Access

Request access to view the personal data we hold about you

✏️

Right to Correction

Request correction or updating of inaccurate or incomplete personal data

🗑️

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data, subject to legal retention requirements

📤

Right to Data Portability

Request export of your personal data in a machine-readable format (JSON, CSV)

🚫

Right to Withdraw Consent

Withdraw your consent for data processing at any time (note: this may limit some features)

📝

Right to Grievance Redressal

File a complaint regarding data processing practices with our Grievance Officer

How to Exercise Your Rights: To exercise any of these rights, please contact our Privacy team via the Contact section below. We will respond to your request within 30 days of receipt.

Children's Privacy & Parental Consent

Age Restriction: Bondhu does not knowingly collect personal data from children under 13 years of age without verifiable parental consent.

•Users aged 13–17 years may only use Bondhu with verifiable parental or legal guardian consent
•Parents or guardians can review, modify, or request deletion of their child's data by contacting us
•If we discover that we have inadvertently collected data from a child under 13 without parental consent, we will promptly delete such data

Cookies & Tracking Technologies

Bondhu uses cookies and similar technologies to:

Maintain user sessions and authentication
Analyze usage patterns and improve services
Provide personalized experiences

You can manage cookie preferences through your browser settings. Note that disabling cookies may affect Platform functionality.

International Data Transfers

Your data may be transferred to and processed in locations outside India for cloud hosting and AI processing purposes. We ensure that all such transfers comply with applicable data protection laws and include appropriate safeguards.

Data Breach Notification

In the event of a data breach that may compromise your personal information, we will:

Notify affected users via email within 72 hours of discovering the breach
Report the breach to the Data Protection Board of India as required by law
Take immediate steps to mitigate harm and prevent future breaches

Grievance Redressal Officer

For privacy-related concerns, complaints, or requests, you may contact our Grievance Redressal Officer:

📧 Email: bondhuaitech@gmail.com
🌐 Website: bondhu.tech
📍 Location: Kolkata, India

We will acknowledge your complaint within 24 hours and resolve it within 30 days.

Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Updated versions will be posted on this page with a revised "Last Updated" date. Material changes will be communicated via email or prominent notice on the Platform. Continued use after changes constitutes acceptance of the updated Privacy Policy.

Language Availability

This Privacy Policy is available in English. In compliance with the DPDP Act, we are working to make this policy available in additional Indian languages listed in the 8th Schedule of the Indian Constitution.

Contact Information

If you have any questions, concerns, feedback, or requests regarding these Terms of Service, please contact us using the contact form on our website.

Governing Law

Governing Law: These Terms and your use of the Platform shall be governed by and construed in accordance with the laws of India, without regard to its conflict of law provisions. The Indian Contract Act, 1872, the Information Technology Act, 2000, the Digital Personal Data Protection Act, 2023, and other applicable Indian laws shall apply.

Jurisdiction: Any disputes, claims, or controversies arising out of or relating to these Terms, the Platform, or your relationship with Bondhu AI shall be subject to the exclusive jurisdiction of the competent courts located in Kolkata, West Bengal, India.