Effective Date: January 1, 2025
Last Updated: June 1, 2025

1. COMPANY INFORMATION

Business Name: LAXCORP RESEARCH
Trading As: CiaraAI
Website: www.ciaraai.com

Data Protection Officer:
📧 Email: support@ciaraai.com
📞 Phone: +91-9781843933
🏢 Address: WeWork Prestige Atlanta, 80 Feet Main Road, Koramangala 1A Block, Industrial Layout, Bengaluru, Karnataka 560034

2. INTRODUCTION

LAXCORP RESEARCH (OPC) ("we," "us," "our," or "Company") operating under the brand name CiaraAI is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and safeguard your information when you use our AI-powered enterprise communication services.

This policy applies to all users of our services, including customers, website visitors, and end-users of our AI agents.

3. INFORMATION WE COLLECT

3.1 Personal Information

We collect the following types of personal information:

Account Information:

• Name, email address, phone number

• Company name and business details

• Billing address and payment information

• Job title and department

• Account preferences and settings

Business Contact Information:

• Customer contact databases

• Lead information and sales data

• Communication preferences

• Interaction history and preferences

Technical Information:

• IP addresses and device identifiers

• Browser type and version

• Operating system information

• Usage patterns and analytics data

• Log files and system performance data

3.2 Call and Communication Data

Voice Data:

• Call recordings for quality assurance

• Voice interactions with AI agents

• Call metadata (duration, time, participants)

• Transcription data for analysis

Message Content:

• Text messages and chat conversations

• Email communications

• WhatsApp and other messaging platform data

• Customer service interactions

Integration Data:

• CRM system data

• ERP system information

• Third-party application data

• API usage and performance metrics

3.3 Automatically Collected Information

• Cookies and tracking technologies

• Website usage analytics

• Service performance metrics

• Error logs and debugging information

• Security and fraud prevention data

4. HOW WE USE YOUR INFORMATION

4.1 Primary Business Purposes

Service Delivery:

• Providing AI agent services and customer communication

• Processing and routing customer inquiries

• Managing account access and billing

• Delivering technical support and maintenance

Business Operations:

• Customer relationship management

• Sales and marketing activities

• Financial reporting and accounting

• Legal compliance and regulatory requirements

4.2 Service Improvement

Analytics and Optimization:

• Analyzing usage patterns to improve services

• Training AI models for better performance

• Identifying and fixing technical issues

• Developing new features and capabilities

Quality Assurance:

• Monitoring call quality and AI performance

• Ensuring compliance with service standards

• Training and calibrating AI agents

• Maintaining security and data integrity

4.3 Communication and Marketing

Customer Communications:

• Service updates and announcements

• Billing and account notifications

• Technical support and troubleshooting

• Educational content and best practices

Marketing Activities (with consent):

• Product updates and new feature announcements

• Industry insights and research reports

• Webinars and training opportunities

• Customer success stories and case studies

5. LEGAL BASIS FOR PROCESSING (GDPR COMPLIANCE)

We process personal data based on the following legal grounds:

Contract Performance: Processing necessary for service delivery
Legitimate Interests: Business operations, security, and improvements
Legal Obligation: Compliance with Indian and international laws
Consent: Marketing communications and optional features
Vital Interests: Security and fraud prevention

6. DATA SHARING AND DISCLOSURE

6.1 Third-Party Service Providers

We may share data with trusted partners for:

Technology Services:

• Cloud hosting and infrastructure providers

• Payment processing and billing services

• Analytics and monitoring tools

• Security and fraud prevention services

Business Services:

• Customer support platforms

• Marketing and communication tools

• Legal and professional services

• Audit and compliance verification

6.2 Business Transfers

In case of merger, acquisition, or sale of assets, personal data may be transferred as part of the business transaction, subject to equivalent privacy protections.

6.3 Legal Requirements

We may disclose information when required by:

• Court orders or legal processes

• Government investigations

• Law enforcement requests

• Protection of our legal rights

• Prevention of fraud or illegal activities

6.4 Data Processing Agreements

All third-party processors are bound by:

• Comprehensive data processing agreements

• Equivalent security and privacy standards

• Limited use restrictions

• Audit and compliance requirements

7. DATA SECURITY MEASURES

7.1 Technical Safeguards

Encryption:

• AES-256 encryption for data at rest

• TLS 1.3 for data in transit

• End-to-end encryption for sensitive communications

• Encrypted database storage and backups

Access Controls:

• Multi-factor authentication requirements

• Role-based access permissions

• Regular access reviews and updates

• Secure API authentication and authorization

Infrastructure Security:

• Secure data centers with 24/7 monitoring

• Regular vulnerability assessments and penetration testing

• Firewall and intrusion detection systems

7.2 Organizational Safeguards

Policies and Procedures:

• Comprehensive data protection policies

• Regular employee training and awareness programs

• Incident response and breach notification procedures

• Vendor management and due diligence processes

Compliance and Auditing:

• Regular security audits and assessments

• Compliance with industry standards (ISO 27001)

• Continuous monitoring and improvement

8. DATA RETENTION

8.1 Retention Periods

Account Data: Retained while account is active plus 7 years for business records
Call Recordings: 2 years for quality assurance, then archived or deleted
Communication Logs: 1 year for operational purposes
Analytics Data: 3 years in aggregated, anonymized form
Financial Records: 7 years as required by Indian accounting laws

8.2 Deletion Procedures

• Secure deletion using industry-standard methods

• Verification of complete data removal

• Certificate of destruction for sensitive data

• Retention of anonymized analytics where legally permitted

9. YOUR PRIVACY RIGHTS

9.1 Access and Control Rights

Data Access:

• Right to know what personal data we hold

• Right to obtain copies of your data

• Right to verify accuracy of information

• Right to understand how data is used

Data Correction:

• Right to update incorrect information

• Right to complete incomplete data

• Right to modify communication preferences

• Right to update consent choices

Data Deletion:

• Right to request deletion of personal data

• Right to be forgotten (subject to legal exceptions)

• Right to delete account and associated data

• Right to opt-out of data processing

9.2 Portability and Restriction

Data Portability:

• Right to receive data in machine-readable format

• Right to transfer data to another service provider

• Assistance with data migration

• Export functionality in standard formats

Processing Restrictions:

• Right to limit how we use your data

• Right to object to certain processing activities

• Right to opt-out of marketing communications

• Right to withdraw consent

9.3 Exercising Your Rights

To exercise privacy rights, contact us at:
📧 Email: support@ciaraai.com
📞 Phone: +91-9781843933
🏢 Address: WeWork Prestige Atlanta, 80 Feet Main Road, Koramangala 1A Block, Industrial Layout, Bengaluru, Karnataka 560034

Response Timeline: We respond to privacy requests within 30 days
Verification: Identity verification required for security
Fee Structure: Most requests are free; complex requests may incur reasonable fees

10. COOKIES AND TRACKING TECHNOLOGIES

10.1 Cookie Types

Essential Cookies:

• Session management and authentication

• Security and fraud prevention

• Basic functionality and navigation

• Load balancing and performance

Analytics Cookies:

• Usage statistics and performance metrics

• User behavior analysis

• Service optimization data

• Error tracking and debugging

Marketing Cookies (with consent):

• Personalized content delivery

• Advertising effectiveness measurement

• Social media integration

• Third-party marketing platforms

10.2 Cookie Management

• Browser settings for cookie control

• Opt-out mechanisms for non-essential cookies

• Regular cookie audit and cleanup

• Clear information about cookie purposes

11. INTERNATIONAL DATA TRANSFERS

11.1 Cross-Border Processing

When transferring data internationally, we ensure:

• Adequate protection through legal frameworks

• Standard contractual clauses (SCCs)

• Adequacy decisions by relevant authorities

• Additional safeguards for sensitive data

11.2 Data Localization Compliance

• Compliance with Indian data localization requirements

• Critical personal data stored within India

• Regular audits of data location and processing

• Clear documentation of international transfers

12. CHILDREN'S PRIVACY

12.1 Age Restrictions

• Services not intended for children under 13

• No knowing collection of children's data

• Parental consent required for minors

• Enhanced protection for educational clients

12.2 Educational Institutions

Special protections for educational data:

• FERPA compliance for US educational clients

• Enhanced consent mechanisms

• Limited data use and sharing

• Regular privacy impact assessments

13. PRIVACY BY DESIGN

13.1 Built-in Protection

• Privacy considerations in system design

• Data minimization principles

• Purpose limitation and use restrictions

• Regular privacy impact assessments

13.2 Continuous Improvement

• Regular policy reviews and updates

• User feedback incorporation

• Industry best practice adoption

• Regulatory change adaptation

14. DATA BREACH NOTIFICATION

14.1 Internal Procedures

• Immediate incident response activation

• Risk assessment and impact analysis

• Containment and remediation actions

• Documentation and investigation

14.2 User Notification

Timeline: Within 72 hours of discovery
Method: Email, SMS, or in-app notification
Content: Nature of breach, data affected, actions taken
Support: Dedicated support for affected users

15. COMPLIANCE AND CERTIFICATIONS

15.1 Legal Compliance

Indian Laws:

• Information Technology Act, 2000

• Information Technology (Reasonable Security Practices) Rules, 2011

• Personal Data Protection Bill (when enacted)

• Companies Act, 2013

International Standards:

• General Data Protection Regulation (GDPR)

• California Consumer Privacy Act (CCPA)

• ISO 27001 Information Security Management

15.2 Regular Audits

• Annual privacy compliance audits

• Security assessment and penetration testing

• Third-party certification renewals

• Regulatory compliance monitoring

16. UPDATES TO THIS POLICY

16.1 Change Notification

• 30 days advance notice for material changes

• Email notification to active users

• Website posting of updated policy

• Version history maintenance

16.2 Continued Use

Continued use of services after policy updates constitutes acceptance of changes. Users who disagree may terminate their accounts.

17. CONTACT INFORMATION

17.1 Privacy Inquiries

Data Protection Officer:
📧 Email: support@ciaraai.com
📞 Phone: +91-9781843933
🏢 Address: WeWork Prestige Atlanta, 80 Feet Main Road, Koramangala 1A Block, Industrial Layout, Bengaluru, Karnataka 560034

17.2 General Support

Customer Support:
📧 Email: support@ciaraai.com
📞 Phone: +91-9781843933

17.3 Business Hours

Privacy Team: Monday - Friday: 9:00 AM - 6:00 PM IST Response Time: Within 48 hours

Customer Support: 24/7 for Enterprise customers Business hours for other plans

18. SUPERVISORY AUTHORITY

For GDPR-related complaints, you may contact your local supervisory authority. For Indian privacy matters, you may contact the relevant data protection authorities as they become established.

Document Information:

• Version: 1.0

• Effective Date: January 1, 2025

• Last Updated: June 1, 2025

• Next Review: July 1, 2025

• Languages Available: English, Hindi (contact us for other languages)

Acknowledgment: By using CiaraAI services, you acknowledge that you have read, understood, and agree to this Privacy Policy and our data processing practices.