Privacy Policy
Privacy Policy
Privacy Policy
Effective Date: January 1, 2025
Last Updated: June 1, 2025
1. COMPANY INFORMATION
Business Name: LAXCORP RESEARCH
Trading As: CiaraAI
Website: www.ciaraai.com
Data Protection Officer:
📧 Email: support@ciaraai.com
📞 Phone: +91-9781843933
🏢 Address: WeWork Prestige Atlanta, 80 Feet Main Road, Koramangala 1A Block, Industrial Layout, Bengaluru, Karnataka 560034
2. INTRODUCTION
LAXCORP RESEARCH (OPC) ("we," "us," "our," or "Company") operating under the brand name CiaraAI is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and safeguard your information when you use our AI-powered enterprise communication services.
This policy applies to all users of our services, including customers, website visitors, and end-users of our AI agents.
3. INFORMATION WE COLLECT
3.1 Personal Information
We collect the following types of personal information:
Account Information:
Name, email address, phone number
Company name and business details
Billing address and payment information
Job title and department
Account preferences and settings
Business Contact Information:
Customer contact databases
Lead information and sales data
Communication preferences
Interaction history and preferences
Technical Information:
IP addresses and device identifiers
Browser type and version
Operating system information
Usage patterns and analytics data
Log files and system performance data
3.2 Call and Communication Data
Voice Data:
Call recordings for quality assurance
Voice interactions with AI agents
Call metadata (duration, time, participants)
Transcription data for analysis
Message Content:
Text messages and chat conversations
Email communications
WhatsApp and other messaging platform data
Customer service interactions
Integration Data:
CRM system data
ERP system information
Third-party application data
API usage and performance metrics
3.3 Automatically Collected Information
Cookies and tracking technologies
Website usage analytics
Service performance metrics
Error logs and debugging information
Security and fraud prevention data
4. HOW WE USE YOUR INFORMATION
4.1 Primary Business Purposes
Service Delivery:
Providing AI agent services and customer communication
Processing and routing customer inquiries
Managing account access and billing
Delivering technical support and maintenance
Business Operations:
Customer relationship management
Sales and marketing activities
Financial reporting and accounting
Legal compliance and regulatory requirements
4.2 Service Improvement
Analytics and Optimization:
Analyzing usage patterns to improve services
Training AI models for better performance
Identifying and fixing technical issues
Developing new features and capabilities
Quality Assurance:
Monitoring call quality and AI performance
Ensuring compliance with service standards
Training and calibrating AI agents
Maintaining security and data integrity
4.3 Communication and Marketing
Customer Communications:
Service updates and announcements
Billing and account notifications
Technical support and troubleshooting
Educational content and best practices
Marketing Activities (with consent):
Product updates and new feature announcements
Industry insights and research reports
Webinars and training opportunities
Customer success stories and case studies
5. LEGAL BASIS FOR PROCESSING (GDPR COMPLIANCE)
We process personal data based on the following legal grounds:
Contract Performance: Processing necessary for service delivery
Legitimate Interests: Business operations, security, and improvements
Legal Obligation: Compliance with Indian and international laws
Consent: Marketing communications and optional features
Vital Interests: Security and fraud prevention
6. DATA SHARING AND DISCLOSURE
6.1 Third-Party Service Providers
We may share data with trusted partners for:
Technology Services:
Cloud hosting and infrastructure providers
Payment processing and billing services
Analytics and monitoring tools
Security and fraud prevention services
Business Services:
Customer support platforms
Marketing and communication tools
Legal and professional services
Audit and compliance verification
6.2 Business Transfers
In case of merger, acquisition, or sale of assets, personal data may be transferred as part of the business transaction, subject to equivalent privacy protections.
6.3 Legal Requirements
We may disclose information when required by:
Court orders or legal processes
Government investigations
Law enforcement requests
Protection of our legal rights
Prevention of fraud or illegal activities
6.4 Data Processing Agreements
All third-party processors are bound by:
Comprehensive data processing agreements
Equivalent security and privacy standards
Limited use restrictions
Audit and compliance requirements
7. DATA SECURITY MEASURES
7.1 Technical Safeguards
Encryption:
AES-256 encryption for data at rest
TLS 1.3 for data in transit
End-to-end encryption for sensitive communications
Encrypted database storage and backups
Access Controls:
Multi-factor authentication requirements
Role-based access permissions
Regular access reviews and updates
Secure API authentication and authorization
Infrastructure Security:
Secure data centers with 24/7 monitoring
Regular vulnerability assessments and penetration testing
Firewall and intrusion detection systems
7.2 Organizational Safeguards
Policies and Procedures:
Comprehensive data protection policies
Regular employee training and awareness programs
Incident response and breach notification procedures
Vendor management and due diligence processes
Compliance and Auditing:
Regular security audits and assessments
Compliance with industry standards (ISO 27001)
Continuous monitoring and improvement
8. DATA RETENTION
8.1 Retention Periods
Account Data: Retained while account is active plus 7 years for business records
Call Recordings: 2 years for quality assurance, then archived or deleted
Communication Logs: 1 year for operational purposes
Analytics Data: 3 years in aggregated, anonymized form
Financial Records: 7 years as required by Indian accounting laws
8.2 Deletion Procedures
Secure deletion using industry-standard methods
Verification of complete data removal
Certificate of destruction for sensitive data
Retention of anonymized analytics where legally permitted
9. YOUR PRIVACY RIGHTS
9.1 Access and Control Rights
Data Access:
Right to know what personal data we hold
Right to obtain copies of your data
Right to verify accuracy of information
Right to understand how data is used
Data Correction:
Right to update incorrect information
Right to complete incomplete data
Right to modify communication preferences
Right to update consent choices
Data Deletion:
Right to request deletion of personal data
Right to be forgotten (subject to legal exceptions)
Right to delete account and associated data
Right to opt-out of data processing
9.2 Portability and Restriction
Data Portability:
Right to receive data in machine-readable format
Right to transfer data to another service provider
Assistance with data migration
Export functionality in standard formats
Processing Restrictions:
Right to limit how we use your data
Right to object to certain processing activities
Right to opt-out of marketing communications
Right to withdraw consent
9.3 Exercising Your Rights
To exercise privacy rights, contact us at:
📧 Email: support@ciaraai.com
📞 Phone: +91-9781843933
🏢 Address: WeWork Prestige Atlanta, 80 Feet Main Road, Koramangala 1A Block, Industrial Layout, Bengaluru, Karnataka 560034
Response Timeline: We respond to privacy requests within 30 days
Verification: Identity verification required for security
Fee Structure: Most requests are free; complex requests may incur reasonable fees
10. COOKIES AND TRACKING TECHNOLOGIES
10.1 Cookie Types
Essential Cookies:
Session management and authentication
Security and fraud prevention
Basic functionality and navigation
Load balancing and performance
Analytics Cookies:
Usage statistics and performance metrics
User behavior analysis
Service optimization data
Error tracking and debugging
Marketing Cookies (with consent):
Personalized content delivery
Advertising effectiveness measurement
Social media integration
Third-party marketing platforms
10.2 Cookie Management
Browser settings for cookie control
Opt-out mechanisms for non-essential cookies
Regular cookie audit and cleanup
Clear information about cookie purposes
11. INTERNATIONAL DATA TRANSFERS
11.1 Cross-Border Processing
When transferring data internationally, we ensure:
Adequate protection through legal frameworks
Standard contractual clauses (SCCs)
Adequacy decisions by relevant authorities
Additional safeguards for sensitive data
11.2 Data Localization Compliance
Compliance with Indian data localization requirements
Critical personal data stored within India
Regular audits of data location and processing
Clear documentation of international transfers
12. CHILDREN'S PRIVACY
12.1 Age Restrictions
Services not intended for children under 13
No knowing collection of children's data
Parental consent required for minors
Enhanced protection for educational clients
12.2 Educational Institutions
Special protections for educational data:
FERPA compliance for US educational clients
Enhanced consent mechanisms
Limited data use and sharing
Regular privacy impact assessments
13. PRIVACY BY DESIGN
13.1 Built-in Protection
Privacy considerations in system design
Data minimization principles
Purpose limitation and use restrictions
Regular privacy impact assessments
13.2 Continuous Improvement
Regular policy reviews and updates
User feedback incorporation
Industry best practice adoption
Regulatory change adaptation
14. DATA BREACH NOTIFICATION
14.1 Internal Procedures
Immediate incident response activation
Risk assessment and impact analysis
Containment and remediation actions
Documentation and investigation
14.2 User Notification
Timeline: Within 72 hours of discovery
Method: Email, SMS, or in-app notification
Content: Nature of breach, data affected, actions taken
Support: Dedicated support for affected users
15. COMPLIANCE AND CERTIFICATIONS
15.1 Legal Compliance
Indian Laws:
Information Technology Act, 2000
Information Technology (Reasonable Security Practices) Rules, 2011
Personal Data Protection Bill (when enacted)
Companies Act, 2013
International Standards:
General Data Protection Regulation (GDPR)
California Consumer Privacy Act (CCPA)
ISO 27001 Information Security Management
15.2 Regular Audits
Annual privacy compliance audits
Security assessment and penetration testing
Third-party certification renewals
Regulatory compliance monitoring
16. UPDATES TO THIS POLICY
16.1 Change Notification
30 days advance notice for material changes
Email notification to active users
Website posting of updated policy
Version history maintenance
16.2 Continued Use
Continued use of services after policy updates constitutes acceptance of changes. Users who disagree may terminate their accounts.
17. CONTACT INFORMATION
17.1 Privacy Inquiries
Data Protection Officer:
📧 Email: support@ciaraai.com
📞 Phone: +91-9781843933
🏢 Address: WeWork Prestige Atlanta, 80 Feet Main Road, Koramangala 1A Block, Industrial Layout, Bengaluru, Karnataka 560034
17.2 General Support
Customer Support:
📧 Email: support@ciaraai.com
📞 Phone: +91-9781843933
17.3 Business Hours
Privacy Team: Monday - Friday: 9:00 AM - 6:00 PM IST Response Time: Within 48 hours
Customer Support: 24/7 for Enterprise customers Business hours for other plans
18. SUPERVISORY AUTHORITY
For GDPR-related complaints, you may contact your local supervisory authority. For Indian privacy matters, you may contact the relevant data protection authorities as they become established.
Document Information:
Version: 1.0
Effective Date: January 1, 2025
Last Updated: June 1, 2025
Next Review: July 1, 2025
Languages Available: English, Hindi (contact us for other languages)
Acknowledgment: By using CiaraAI services, you acknowledge that you have read, understood, and agree to this Privacy Policy and our data processing practices.
Effective Date: January 1, 2025
Last Updated: June 1, 2025
1. COMPANY INFORMATION
Business Name: LAXCORP RESEARCH
Trading As: CiaraAI
Website: www.ciaraai.com
Data Protection Officer:
📧 Email: support@ciaraai.com
📞 Phone: +91-9781843933
🏢 Address: WeWork Prestige Atlanta, 80 Feet Main Road, Koramangala 1A Block, Industrial Layout, Bengaluru, Karnataka 560034
2. INTRODUCTION
LAXCORP RESEARCH (OPC) ("we," "us," "our," or "Company") operating under the brand name CiaraAI is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and safeguard your information when you use our AI-powered enterprise communication services.
This policy applies to all users of our services, including customers, website visitors, and end-users of our AI agents.
3. INFORMATION WE COLLECT
3.1 Personal Information
We collect the following types of personal information:
Account Information:
Name, email address, phone number
Company name and business details
Billing address and payment information
Job title and department
Account preferences and settings
Business Contact Information:
Customer contact databases
Lead information and sales data
Communication preferences
Interaction history and preferences
Technical Information:
IP addresses and device identifiers
Browser type and version
Operating system information
Usage patterns and analytics data
Log files and system performance data
3.2 Call and Communication Data
Voice Data:
Call recordings for quality assurance
Voice interactions with AI agents
Call metadata (duration, time, participants)
Transcription data for analysis
Message Content:
Text messages and chat conversations
Email communications
WhatsApp and other messaging platform data
Customer service interactions
Integration Data:
CRM system data
ERP system information
Third-party application data
API usage and performance metrics
3.3 Automatically Collected Information
Cookies and tracking technologies
Website usage analytics
Service performance metrics
Error logs and debugging information
Security and fraud prevention data
4. HOW WE USE YOUR INFORMATION
4.1 Primary Business Purposes
Service Delivery:
Providing AI agent services and customer communication
Processing and routing customer inquiries
Managing account access and billing
Delivering technical support and maintenance
Business Operations:
Customer relationship management
Sales and marketing activities
Financial reporting and accounting
Legal compliance and regulatory requirements
4.2 Service Improvement
Analytics and Optimization:
Analyzing usage patterns to improve services
Training AI models for better performance
Identifying and fixing technical issues
Developing new features and capabilities
Quality Assurance:
Monitoring call quality and AI performance
Ensuring compliance with service standards
Training and calibrating AI agents
Maintaining security and data integrity
4.3 Communication and Marketing
Customer Communications:
Service updates and announcements
Billing and account notifications
Technical support and troubleshooting
Educational content and best practices
Marketing Activities (with consent):
Product updates and new feature announcements
Industry insights and research reports
Webinars and training opportunities
Customer success stories and case studies
5. LEGAL BASIS FOR PROCESSING (GDPR COMPLIANCE)
We process personal data based on the following legal grounds:
Contract Performance: Processing necessary for service delivery
Legitimate Interests: Business operations, security, and improvements
Legal Obligation: Compliance with Indian and international laws
Consent: Marketing communications and optional features
Vital Interests: Security and fraud prevention
6. DATA SHARING AND DISCLOSURE
6.1 Third-Party Service Providers
We may share data with trusted partners for:
Technology Services:
Cloud hosting and infrastructure providers
Payment processing and billing services
Analytics and monitoring tools
Security and fraud prevention services
Business Services:
Customer support platforms
Marketing and communication tools
Legal and professional services
Audit and compliance verification
6.2 Business Transfers
In case of merger, acquisition, or sale of assets, personal data may be transferred as part of the business transaction, subject to equivalent privacy protections.
6.3 Legal Requirements
We may disclose information when required by:
Court orders or legal processes
Government investigations
Law enforcement requests
Protection of our legal rights
Prevention of fraud or illegal activities
6.4 Data Processing Agreements
All third-party processors are bound by:
Comprehensive data processing agreements
Equivalent security and privacy standards
Limited use restrictions
Audit and compliance requirements
7. DATA SECURITY MEASURES
7.1 Technical Safeguards
Encryption:
AES-256 encryption for data at rest
TLS 1.3 for data in transit
End-to-end encryption for sensitive communications
Encrypted database storage and backups
Access Controls:
Multi-factor authentication requirements
Role-based access permissions
Regular access reviews and updates
Secure API authentication and authorization
Infrastructure Security:
Secure data centers with 24/7 monitoring
Regular vulnerability assessments and penetration testing
Firewall and intrusion detection systems
7.2 Organizational Safeguards
Policies and Procedures:
Comprehensive data protection policies
Regular employee training and awareness programs
Incident response and breach notification procedures
Vendor management and due diligence processes
Compliance and Auditing:
Regular security audits and assessments
Compliance with industry standards (ISO 27001)
Continuous monitoring and improvement
8. DATA RETENTION
8.1 Retention Periods
Account Data: Retained while account is active plus 7 years for business records
Call Recordings: 2 years for quality assurance, then archived or deleted
Communication Logs: 1 year for operational purposes
Analytics Data: 3 years in aggregated, anonymized form
Financial Records: 7 years as required by Indian accounting laws
8.2 Deletion Procedures
Secure deletion using industry-standard methods
Verification of complete data removal
Certificate of destruction for sensitive data
Retention of anonymized analytics where legally permitted
9. YOUR PRIVACY RIGHTS
9.1 Access and Control Rights
Data Access:
Right to know what personal data we hold
Right to obtain copies of your data
Right to verify accuracy of information
Right to understand how data is used
Data Correction:
Right to update incorrect information
Right to complete incomplete data
Right to modify communication preferences
Right to update consent choices
Data Deletion:
Right to request deletion of personal data
Right to be forgotten (subject to legal exceptions)
Right to delete account and associated data
Right to opt-out of data processing
9.2 Portability and Restriction
Data Portability:
Right to receive data in machine-readable format
Right to transfer data to another service provider
Assistance with data migration
Export functionality in standard formats
Processing Restrictions:
Right to limit how we use your data
Right to object to certain processing activities
Right to opt-out of marketing communications
Right to withdraw consent
9.3 Exercising Your Rights
To exercise privacy rights, contact us at:
📧 Email: support@ciaraai.com
📞 Phone: +91-9781843933
🏢 Address: WeWork Prestige Atlanta, 80 Feet Main Road, Koramangala 1A Block, Industrial Layout, Bengaluru, Karnataka 560034
Response Timeline: We respond to privacy requests within 30 days
Verification: Identity verification required for security
Fee Structure: Most requests are free; complex requests may incur reasonable fees
10. COOKIES AND TRACKING TECHNOLOGIES
10.1 Cookie Types
Essential Cookies:
Session management and authentication
Security and fraud prevention
Basic functionality and navigation
Load balancing and performance
Analytics Cookies:
Usage statistics and performance metrics
User behavior analysis
Service optimization data
Error tracking and debugging
Marketing Cookies (with consent):
Personalized content delivery
Advertising effectiveness measurement
Social media integration
Third-party marketing platforms
10.2 Cookie Management
Browser settings for cookie control
Opt-out mechanisms for non-essential cookies
Regular cookie audit and cleanup
Clear information about cookie purposes
11. INTERNATIONAL DATA TRANSFERS
11.1 Cross-Border Processing
When transferring data internationally, we ensure:
Adequate protection through legal frameworks
Standard contractual clauses (SCCs)
Adequacy decisions by relevant authorities
Additional safeguards for sensitive data
11.2 Data Localization Compliance
Compliance with Indian data localization requirements
Critical personal data stored within India
Regular audits of data location and processing
Clear documentation of international transfers
12. CHILDREN'S PRIVACY
12.1 Age Restrictions
Services not intended for children under 13
No knowing collection of children's data
Parental consent required for minors
Enhanced protection for educational clients
12.2 Educational Institutions
Special protections for educational data:
FERPA compliance for US educational clients
Enhanced consent mechanisms
Limited data use and sharing
Regular privacy impact assessments
13. PRIVACY BY DESIGN
13.1 Built-in Protection
Privacy considerations in system design
Data minimization principles
Purpose limitation and use restrictions
Regular privacy impact assessments
13.2 Continuous Improvement
Regular policy reviews and updates
User feedback incorporation
Industry best practice adoption
Regulatory change adaptation
14. DATA BREACH NOTIFICATION
14.1 Internal Procedures
Immediate incident response activation
Risk assessment and impact analysis
Containment and remediation actions
Documentation and investigation
14.2 User Notification
Timeline: Within 72 hours of discovery
Method: Email, SMS, or in-app notification
Content: Nature of breach, data affected, actions taken
Support: Dedicated support for affected users
15. COMPLIANCE AND CERTIFICATIONS
15.1 Legal Compliance
Indian Laws:
Information Technology Act, 2000
Information Technology (Reasonable Security Practices) Rules, 2011
Personal Data Protection Bill (when enacted)
Companies Act, 2013
International Standards:
General Data Protection Regulation (GDPR)
California Consumer Privacy Act (CCPA)
ISO 27001 Information Security Management
15.2 Regular Audits
Annual privacy compliance audits
Security assessment and penetration testing
Third-party certification renewals
Regulatory compliance monitoring
16. UPDATES TO THIS POLICY
16.1 Change Notification
30 days advance notice for material changes
Email notification to active users
Website posting of updated policy
Version history maintenance
16.2 Continued Use
Continued use of services after policy updates constitutes acceptance of changes. Users who disagree may terminate their accounts.
17. CONTACT INFORMATION
17.1 Privacy Inquiries
Data Protection Officer:
📧 Email: support@ciaraai.com
📞 Phone: +91-9781843933
🏢 Address: WeWork Prestige Atlanta, 80 Feet Main Road, Koramangala 1A Block, Industrial Layout, Bengaluru, Karnataka 560034
17.2 General Support
Customer Support:
📧 Email: support@ciaraai.com
📞 Phone: +91-9781843933
17.3 Business Hours
Privacy Team: Monday - Friday: 9:00 AM - 6:00 PM IST Response Time: Within 48 hours
Customer Support: 24/7 for Enterprise customers Business hours for other plans
18. SUPERVISORY AUTHORITY
For GDPR-related complaints, you may contact your local supervisory authority. For Indian privacy matters, you may contact the relevant data protection authorities as they become established.
Document Information:
Version: 1.0
Effective Date: January 1, 2025
Last Updated: June 1, 2025
Next Review: July 1, 2025
Languages Available: English, Hindi (contact us for other languages)
Acknowledgment: By using CiaraAI services, you acknowledge that you have read, understood, and agree to this Privacy Policy and our data processing practices.
Effective Date: January 1, 2025
Last Updated: June 1, 2025
1. COMPANY INFORMATION
Business Name: LAXCORP RESEARCH
Trading As: CiaraAI
Website: www.ciaraai.com
Data Protection Officer:
📧 Email: support@ciaraai.com
📞 Phone: +91-9781843933
🏢 Address: WeWork Prestige Atlanta, 80 Feet Main Road, Koramangala 1A Block, Industrial Layout, Bengaluru, Karnataka 560034
2. INTRODUCTION
LAXCORP RESEARCH (OPC) ("we," "us," "our," or "Company") operating under the brand name CiaraAI is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and safeguard your information when you use our AI-powered enterprise communication services.
This policy applies to all users of our services, including customers, website visitors, and end-users of our AI agents.
3. INFORMATION WE COLLECT
3.1 Personal Information
We collect the following types of personal information:
Account Information:
Name, email address, phone number
Company name and business details
Billing address and payment information
Job title and department
Account preferences and settings
Business Contact Information:
Customer contact databases
Lead information and sales data
Communication preferences
Interaction history and preferences
Technical Information:
IP addresses and device identifiers
Browser type and version
Operating system information
Usage patterns and analytics data
Log files and system performance data
3.2 Call and Communication Data
Voice Data:
Call recordings for quality assurance
Voice interactions with AI agents
Call metadata (duration, time, participants)
Transcription data for analysis
Message Content:
Text messages and chat conversations
Email communications
WhatsApp and other messaging platform data
Customer service interactions
Integration Data:
CRM system data
ERP system information
Third-party application data
API usage and performance metrics
3.3 Automatically Collected Information
Cookies and tracking technologies
Website usage analytics
Service performance metrics
Error logs and debugging information
Security and fraud prevention data
4. HOW WE USE YOUR INFORMATION
4.1 Primary Business Purposes
Service Delivery:
Providing AI agent services and customer communication
Processing and routing customer inquiries
Managing account access and billing
Delivering technical support and maintenance
Business Operations:
Customer relationship management
Sales and marketing activities
Financial reporting and accounting
Legal compliance and regulatory requirements
4.2 Service Improvement
Analytics and Optimization:
Analyzing usage patterns to improve services
Training AI models for better performance
Identifying and fixing technical issues
Developing new features and capabilities
Quality Assurance:
Monitoring call quality and AI performance
Ensuring compliance with service standards
Training and calibrating AI agents
Maintaining security and data integrity
4.3 Communication and Marketing
Customer Communications:
Service updates and announcements
Billing and account notifications
Technical support and troubleshooting
Educational content and best practices
Marketing Activities (with consent):
Product updates and new feature announcements
Industry insights and research reports
Webinars and training opportunities
Customer success stories and case studies
5. LEGAL BASIS FOR PROCESSING (GDPR COMPLIANCE)
We process personal data based on the following legal grounds:
Contract Performance: Processing necessary for service delivery
Legitimate Interests: Business operations, security, and improvements
Legal Obligation: Compliance with Indian and international laws
Consent: Marketing communications and optional features
Vital Interests: Security and fraud prevention
6. DATA SHARING AND DISCLOSURE
6.1 Third-Party Service Providers
We may share data with trusted partners for:
Technology Services:
Cloud hosting and infrastructure providers
Payment processing and billing services
Analytics and monitoring tools
Security and fraud prevention services
Business Services:
Customer support platforms
Marketing and communication tools
Legal and professional services
Audit and compliance verification
6.2 Business Transfers
In case of merger, acquisition, or sale of assets, personal data may be transferred as part of the business transaction, subject to equivalent privacy protections.
6.3 Legal Requirements
We may disclose information when required by:
Court orders or legal processes
Government investigations
Law enforcement requests
Protection of our legal rights
Prevention of fraud or illegal activities
6.4 Data Processing Agreements
All third-party processors are bound by:
Comprehensive data processing agreements
Equivalent security and privacy standards
Limited use restrictions
Audit and compliance requirements
7. DATA SECURITY MEASURES
7.1 Technical Safeguards
Encryption:
AES-256 encryption for data at rest
TLS 1.3 for data in transit
End-to-end encryption for sensitive communications
Encrypted database storage and backups
Access Controls:
Multi-factor authentication requirements
Role-based access permissions
Regular access reviews and updates
Secure API authentication and authorization
Infrastructure Security:
Secure data centers with 24/7 monitoring
Regular vulnerability assessments and penetration testing
Firewall and intrusion detection systems
7.2 Organizational Safeguards
Policies and Procedures:
Comprehensive data protection policies
Regular employee training and awareness programs
Incident response and breach notification procedures
Vendor management and due diligence processes
Compliance and Auditing:
Regular security audits and assessments
Compliance with industry standards (ISO 27001)
Continuous monitoring and improvement
8. DATA RETENTION
8.1 Retention Periods
Account Data: Retained while account is active plus 7 years for business records
Call Recordings: 2 years for quality assurance, then archived or deleted
Communication Logs: 1 year for operational purposes
Analytics Data: 3 years in aggregated, anonymized form
Financial Records: 7 years as required by Indian accounting laws
8.2 Deletion Procedures
Secure deletion using industry-standard methods
Verification of complete data removal
Certificate of destruction for sensitive data
Retention of anonymized analytics where legally permitted
9. YOUR PRIVACY RIGHTS
9.1 Access and Control Rights
Data Access:
Right to know what personal data we hold
Right to obtain copies of your data
Right to verify accuracy of information
Right to understand how data is used
Data Correction:
Right to update incorrect information
Right to complete incomplete data
Right to modify communication preferences
Right to update consent choices
Data Deletion:
Right to request deletion of personal data
Right to be forgotten (subject to legal exceptions)
Right to delete account and associated data
Right to opt-out of data processing
9.2 Portability and Restriction
Data Portability:
Right to receive data in machine-readable format
Right to transfer data to another service provider
Assistance with data migration
Export functionality in standard formats
Processing Restrictions:
Right to limit how we use your data
Right to object to certain processing activities
Right to opt-out of marketing communications
Right to withdraw consent
9.3 Exercising Your Rights
To exercise privacy rights, contact us at:
📧 Email: support@ciaraai.com
📞 Phone: +91-9781843933
🏢 Address: WeWork Prestige Atlanta, 80 Feet Main Road, Koramangala 1A Block, Industrial Layout, Bengaluru, Karnataka 560034
Response Timeline: We respond to privacy requests within 30 days
Verification: Identity verification required for security
Fee Structure: Most requests are free; complex requests may incur reasonable fees
10. COOKIES AND TRACKING TECHNOLOGIES
10.1 Cookie Types
Essential Cookies:
Session management and authentication
Security and fraud prevention
Basic functionality and navigation
Load balancing and performance
Analytics Cookies:
Usage statistics and performance metrics
User behavior analysis
Service optimization data
Error tracking and debugging
Marketing Cookies (with consent):
Personalized content delivery
Advertising effectiveness measurement
Social media integration
Third-party marketing platforms
10.2 Cookie Management
Browser settings for cookie control
Opt-out mechanisms for non-essential cookies
Regular cookie audit and cleanup
Clear information about cookie purposes
11. INTERNATIONAL DATA TRANSFERS
11.1 Cross-Border Processing
When transferring data internationally, we ensure:
Adequate protection through legal frameworks
Standard contractual clauses (SCCs)
Adequacy decisions by relevant authorities
Additional safeguards for sensitive data
11.2 Data Localization Compliance
Compliance with Indian data localization requirements
Critical personal data stored within India
Regular audits of data location and processing
Clear documentation of international transfers
12. CHILDREN'S PRIVACY
12.1 Age Restrictions
Services not intended for children under 13
No knowing collection of children's data
Parental consent required for minors
Enhanced protection for educational clients
12.2 Educational Institutions
Special protections for educational data:
FERPA compliance for US educational clients
Enhanced consent mechanisms
Limited data use and sharing
Regular privacy impact assessments
13. PRIVACY BY DESIGN
13.1 Built-in Protection
Privacy considerations in system design
Data minimization principles
Purpose limitation and use restrictions
Regular privacy impact assessments
13.2 Continuous Improvement
Regular policy reviews and updates
User feedback incorporation
Industry best practice adoption
Regulatory change adaptation
14. DATA BREACH NOTIFICATION
14.1 Internal Procedures
Immediate incident response activation
Risk assessment and impact analysis
Containment and remediation actions
Documentation and investigation
14.2 User Notification
Timeline: Within 72 hours of discovery
Method: Email, SMS, or in-app notification
Content: Nature of breach, data affected, actions taken
Support: Dedicated support for affected users
15. COMPLIANCE AND CERTIFICATIONS
15.1 Legal Compliance
Indian Laws:
Information Technology Act, 2000
Information Technology (Reasonable Security Practices) Rules, 2011
Personal Data Protection Bill (when enacted)
Companies Act, 2013
International Standards:
General Data Protection Regulation (GDPR)
California Consumer Privacy Act (CCPA)
ISO 27001 Information Security Management
15.2 Regular Audits
Annual privacy compliance audits
Security assessment and penetration testing
Third-party certification renewals
Regulatory compliance monitoring
16. UPDATES TO THIS POLICY
16.1 Change Notification
30 days advance notice for material changes
Email notification to active users
Website posting of updated policy
Version history maintenance
16.2 Continued Use
Continued use of services after policy updates constitutes acceptance of changes. Users who disagree may terminate their accounts.
17. CONTACT INFORMATION
17.1 Privacy Inquiries
Data Protection Officer:
📧 Email: support@ciaraai.com
📞 Phone: +91-9781843933
🏢 Address: WeWork Prestige Atlanta, 80 Feet Main Road, Koramangala 1A Block, Industrial Layout, Bengaluru, Karnataka 560034
17.2 General Support
Customer Support:
📧 Email: support@ciaraai.com
📞 Phone: +91-9781843933
17.3 Business Hours
Privacy Team: Monday - Friday: 9:00 AM - 6:00 PM IST Response Time: Within 48 hours
Customer Support: 24/7 for Enterprise customers Business hours for other plans
18. SUPERVISORY AUTHORITY
For GDPR-related complaints, you may contact your local supervisory authority. For Indian privacy matters, you may contact the relevant data protection authorities as they become established.
Document Information:
Version: 1.0
Effective Date: January 1, 2025
Last Updated: June 1, 2025
Next Review: July 1, 2025
Languages Available: English, Hindi (contact us for other languages)
Acknowledgment: By using CiaraAI services, you acknowledge that you have read, understood, and agree to this Privacy Policy and our data processing practices.
Effective Date: January 1, 2025
Last Updated: June 1, 2025
1. COMPANY INFORMATION
Business Name: LAXCORP RESEARCH
Trading As: CiaraAI
Website: www.ciaraai.com
Data Protection Officer:
📧 Email: support@ciaraai.com
📞 Phone: +91-9781843933
🏢 Address: WeWork Prestige Atlanta, 80 Feet Main Road, Koramangala 1A Block, Industrial Layout, Bengaluru, Karnataka 560034
2. INTRODUCTION
LAXCORP RESEARCH (OPC) ("we," "us," "our," or "Company") operating under the brand name CiaraAI is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and safeguard your information when you use our AI-powered enterprise communication services.
This policy applies to all users of our services, including customers, website visitors, and end-users of our AI agents.
3. INFORMATION WE COLLECT
3.1 Personal Information
We collect the following types of personal information:
Account Information:
Name, email address, phone number
Company name and business details
Billing address and payment information
Job title and department
Account preferences and settings
Business Contact Information:
Customer contact databases
Lead information and sales data
Communication preferences
Interaction history and preferences
Technical Information:
IP addresses and device identifiers
Browser type and version
Operating system information
Usage patterns and analytics data
Log files and system performance data
3.2 Call and Communication Data
Voice Data:
Call recordings for quality assurance
Voice interactions with AI agents
Call metadata (duration, time, participants)
Transcription data for analysis
Message Content:
Text messages and chat conversations
Email communications
WhatsApp and other messaging platform data
Customer service interactions
Integration Data:
CRM system data
ERP system information
Third-party application data
API usage and performance metrics
3.3 Automatically Collected Information
Cookies and tracking technologies
Website usage analytics
Service performance metrics
Error logs and debugging information
Security and fraud prevention data
4. HOW WE USE YOUR INFORMATION
4.1 Primary Business Purposes
Service Delivery:
Providing AI agent services and customer communication
Processing and routing customer inquiries
Managing account access and billing
Delivering technical support and maintenance
Business Operations:
Customer relationship management
Sales and marketing activities
Financial reporting and accounting
Legal compliance and regulatory requirements
4.2 Service Improvement
Analytics and Optimization:
Analyzing usage patterns to improve services
Training AI models for better performance
Identifying and fixing technical issues
Developing new features and capabilities
Quality Assurance:
Monitoring call quality and AI performance
Ensuring compliance with service standards
Training and calibrating AI agents
Maintaining security and data integrity
4.3 Communication and Marketing
Customer Communications:
Service updates and announcements
Billing and account notifications
Technical support and troubleshooting
Educational content and best practices
Marketing Activities (with consent):
Product updates and new feature announcements
Industry insights and research reports
Webinars and training opportunities
Customer success stories and case studies
5. LEGAL BASIS FOR PROCESSING (GDPR COMPLIANCE)
We process personal data based on the following legal grounds:
Contract Performance: Processing necessary for service delivery
Legitimate Interests: Business operations, security, and improvements
Legal Obligation: Compliance with Indian and international laws
Consent: Marketing communications and optional features
Vital Interests: Security and fraud prevention
6. DATA SHARING AND DISCLOSURE
6.1 Third-Party Service Providers
We may share data with trusted partners for:
Technology Services:
Cloud hosting and infrastructure providers
Payment processing and billing services
Analytics and monitoring tools
Security and fraud prevention services
Business Services:
Customer support platforms
Marketing and communication tools
Legal and professional services
Audit and compliance verification
6.2 Business Transfers
In case of merger, acquisition, or sale of assets, personal data may be transferred as part of the business transaction, subject to equivalent privacy protections.
6.3 Legal Requirements
We may disclose information when required by:
Court orders or legal processes
Government investigations
Law enforcement requests
Protection of our legal rights
Prevention of fraud or illegal activities
6.4 Data Processing Agreements
All third-party processors are bound by:
Comprehensive data processing agreements
Equivalent security and privacy standards
Limited use restrictions
Audit and compliance requirements
7. DATA SECURITY MEASURES
7.1 Technical Safeguards
Encryption:
AES-256 encryption for data at rest
TLS 1.3 for data in transit
End-to-end encryption for sensitive communications
Encrypted database storage and backups
Access Controls:
Multi-factor authentication requirements
Role-based access permissions
Regular access reviews and updates
Secure API authentication and authorization
Infrastructure Security:
Secure data centers with 24/7 monitoring
Regular vulnerability assessments and penetration testing
Firewall and intrusion detection systems
7.2 Organizational Safeguards
Policies and Procedures:
Comprehensive data protection policies
Regular employee training and awareness programs
Incident response and breach notification procedures
Vendor management and due diligence processes
Compliance and Auditing:
Regular security audits and assessments
Compliance with industry standards (ISO 27001)
Continuous monitoring and improvement
8. DATA RETENTION
8.1 Retention Periods
Account Data: Retained while account is active plus 7 years for business records
Call Recordings: 2 years for quality assurance, then archived or deleted
Communication Logs: 1 year for operational purposes
Analytics Data: 3 years in aggregated, anonymized form
Financial Records: 7 years as required by Indian accounting laws
8.2 Deletion Procedures
Secure deletion using industry-standard methods
Verification of complete data removal
Certificate of destruction for sensitive data
Retention of anonymized analytics where legally permitted
9. YOUR PRIVACY RIGHTS
9.1 Access and Control Rights
Data Access:
Right to know what personal data we hold
Right to obtain copies of your data
Right to verify accuracy of information
Right to understand how data is used
Data Correction:
Right to update incorrect information
Right to complete incomplete data
Right to modify communication preferences
Right to update consent choices
Data Deletion:
Right to request deletion of personal data
Right to be forgotten (subject to legal exceptions)
Right to delete account and associated data
Right to opt-out of data processing
9.2 Portability and Restriction
Data Portability:
Right to receive data in machine-readable format
Right to transfer data to another service provider
Assistance with data migration
Export functionality in standard formats
Processing Restrictions:
Right to limit how we use your data
Right to object to certain processing activities
Right to opt-out of marketing communications
Right to withdraw consent
9.3 Exercising Your Rights
To exercise privacy rights, contact us at:
📧 Email: support@ciaraai.com
📞 Phone: +91-9781843933
🏢 Address: WeWork Prestige Atlanta, 80 Feet Main Road, Koramangala 1A Block, Industrial Layout, Bengaluru, Karnataka 560034
Response Timeline: We respond to privacy requests within 30 days
Verification: Identity verification required for security
Fee Structure: Most requests are free; complex requests may incur reasonable fees
10. COOKIES AND TRACKING TECHNOLOGIES
10.1 Cookie Types
Essential Cookies:
Session management and authentication
Security and fraud prevention
Basic functionality and navigation
Load balancing and performance
Analytics Cookies:
Usage statistics and performance metrics
User behavior analysis
Service optimization data
Error tracking and debugging
Marketing Cookies (with consent):
Personalized content delivery
Advertising effectiveness measurement
Social media integration
Third-party marketing platforms
10.2 Cookie Management
Browser settings for cookie control
Opt-out mechanisms for non-essential cookies
Regular cookie audit and cleanup
Clear information about cookie purposes
11. INTERNATIONAL DATA TRANSFERS
11.1 Cross-Border Processing
When transferring data internationally, we ensure:
Adequate protection through legal frameworks
Standard contractual clauses (SCCs)
Adequacy decisions by relevant authorities
Additional safeguards for sensitive data
11.2 Data Localization Compliance
Compliance with Indian data localization requirements
Critical personal data stored within India
Regular audits of data location and processing
Clear documentation of international transfers
12. CHILDREN'S PRIVACY
12.1 Age Restrictions
Services not intended for children under 13
No knowing collection of children's data
Parental consent required for minors
Enhanced protection for educational clients
12.2 Educational Institutions
Special protections for educational data:
FERPA compliance for US educational clients
Enhanced consent mechanisms
Limited data use and sharing
Regular privacy impact assessments
13. PRIVACY BY DESIGN
13.1 Built-in Protection
Privacy considerations in system design
Data minimization principles
Purpose limitation and use restrictions
Regular privacy impact assessments
13.2 Continuous Improvement
Regular policy reviews and updates
User feedback incorporation
Industry best practice adoption
Regulatory change adaptation
14. DATA BREACH NOTIFICATION
14.1 Internal Procedures
Immediate incident response activation
Risk assessment and impact analysis
Containment and remediation actions
Documentation and investigation
14.2 User Notification
Timeline: Within 72 hours of discovery
Method: Email, SMS, or in-app notification
Content: Nature of breach, data affected, actions taken
Support: Dedicated support for affected users
15. COMPLIANCE AND CERTIFICATIONS
15.1 Legal Compliance
Indian Laws:
Information Technology Act, 2000
Information Technology (Reasonable Security Practices) Rules, 2011
Personal Data Protection Bill (when enacted)
Companies Act, 2013
International Standards:
General Data Protection Regulation (GDPR)
California Consumer Privacy Act (CCPA)
ISO 27001 Information Security Management
15.2 Regular Audits
Annual privacy compliance audits
Security assessment and penetration testing
Third-party certification renewals
Regulatory compliance monitoring
16. UPDATES TO THIS POLICY
16.1 Change Notification
30 days advance notice for material changes
Email notification to active users
Website posting of updated policy
Version history maintenance
16.2 Continued Use
Continued use of services after policy updates constitutes acceptance of changes. Users who disagree may terminate their accounts.
17. CONTACT INFORMATION
17.1 Privacy Inquiries
Data Protection Officer:
📧 Email: support@ciaraai.com
📞 Phone: +91-9781843933
🏢 Address: WeWork Prestige Atlanta, 80 Feet Main Road, Koramangala 1A Block, Industrial Layout, Bengaluru, Karnataka 560034
17.2 General Support
Customer Support:
📧 Email: support@ciaraai.com
📞 Phone: +91-9781843933
17.3 Business Hours
Privacy Team: Monday - Friday: 9:00 AM - 6:00 PM IST Response Time: Within 48 hours
Customer Support: 24/7 for Enterprise customers Business hours for other plans
18. SUPERVISORY AUTHORITY
For GDPR-related complaints, you may contact your local supervisory authority. For Indian privacy matters, you may contact the relevant data protection authorities as they become established.
Document Information:
Version: 1.0
Effective Date: January 1, 2025
Last Updated: June 1, 2025
Next Review: July 1, 2025
Languages Available: English, Hindi (contact us for other languages)
Acknowledgment: By using CiaraAI services, you acknowledge that you have read, understood, and agree to this Privacy Policy and our data processing practices.
Product
© Copyright 2024. All rights reserved.
© Copyright 2024. All rights reserved.
© Copyright 2024. All rights reserved.
Product
© Copyright 2024. All rights reserved.
© Copyright 2024. All rights reserved.