Privacy Policy

Information You Provide

• Account information: Name, email address, phone number, and password when you create an account
• Purchase information: Billing address, shipping address, and payment details (processed securely by Razorpay — we do not store your full card details)
• Communication data: Messages you send us via email, WhatsApp, phone, or contact forms
• Service requests: Project requirements, consultation details, and installation preferences

Information Collected Automatically

• Device information: Device type, operating system, browser type, screen resolution, and unique device identifiers
• Usage data: Pages visited, features used, time spent, click patterns, and referring URLs
• Location data: Approximate location based on IP address (we do not collect precise GPS location via our websites)
• Log data: IP address, access times, and server logs

Information from Mobile Apps

Our mobile applications (WellVoye and AIPhoneBook) may collect:

• Contacts data (AIPhoneBook — with your explicit permission, for the core functionality of the app)
• Health and wellness data (WellVoye — processed on-device where possible)
• App usage analytics and crash reports
• Push notification tokens (if you opt in to notifications)

Both apps are designed with a privacy-first architecture. Sensitive data is processed on your device whenever possible and is not transmitted to our servers unless explicitly required for a feature you have chosen to use.

We use your personal data for the following purposes:

• Service delivery: To provide, maintain, and improve our websites, apps, and services
• Order fulfilment: To process store purchases, arrange shipping, and handle returns
• Communication: To respond to your enquiries, send order updates, and provide customer support
• Account management: To create and manage your account, authenticate your identity, and maintain security
• Analytics: To understand how our platforms are used and to improve user experience
• Legal compliance: To comply with applicable laws, regulations, and legal processes
• Safety and security: To detect, prevent, and address fraud, abuse, or technical issues

We do not sell your personal data. We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.

We may share your personal data with the following categories of recipients:

• Payment processors: Razorpay processes payments on our behalf. Your payment information is handled directly by Razorpay under their privacy policy.
• Cloud infrastructure: We use Google Cloud Platform and Firebase for hosting, authentication, and analytics. Data is processed in accordance with Google's data processing terms.
• Shipping partners: Delivery addresses and contact details are shared with courier services to fulfil store orders.
• App distribution: Apple App Store and Google Play Store receive app analytics and crash data as part of their platform services.
• Legal requirements: We may disclose information if required by law, court order, or governmental regulation.

We require all third-party service providers to respect the security of your data and to treat it in accordance with applicable law. We do not allow them to use your data for their own marketing purposes.

Our websites use cookies and similar technologies to:

• Essential cookies: Enable core functionality such as authentication and cart management
• Analytics cookies: Help us understand how visitors interact with our websites (via Firebase Analytics)
• Preference cookies: Remember your settings such as currency preference

You can control cookies through your browser settings. Disabling essential cookies may affect the functionality of our websites. We do not use third-party advertising cookies or cross-site tracking.

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Account data: Retained while your account is active and for a reasonable period after deletion to comply with legal obligations
• Transaction data: Retained for a minimum of 8 years as required by Indian tax and accounting regulations
• Communication records: Retained for up to 3 years from the date of last interaction
• Analytics data: Aggregated and anonymised data may be retained indefinitely for statistical purposes

When data is no longer required, it is securely deleted or anonymised so that it can no longer be associated with you.

We implement reasonable security practices and procedures as required under the Information Technology Act, 2000 (Section 43A) and its associated rules. These include:

• Encryption of data in transit (TLS/HTTPS) and at rest
• Access controls and authentication for all internal systems
• Regular security assessments and monitoring
• Secure payment processing via PCI-DSS compliant payment gateways (Razorpay)
• On-device processing for sensitive app data where possible

While we strive to protect your personal data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security but are committed to maintaining industry-standard protections.

Under the Digital Personal Data Protection Act, 2023 (DPDPA) and other applicable laws, you have the following rights as a data principal:

• Right to access: You may request a summary of your personal data that we process and the processing activities related to it
• Right to correction: You may request correction of inaccurate or incomplete personal data
• Right to erasure: You may request deletion of your personal data, subject to legal retention requirements
• Right to grievance redressal: You have the right to file a complaint about how your data is handled
• Right to nominate: You may nominate another person to exercise your rights in the event of your death or incapacity
• Right to withdraw consent: You may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing done prior to withdrawal.

To exercise any of these rights, please contact our Grievance Officer using the details provided in the Contact section below. We will respond to your request within 30 days.

Our platforms are not directed at children under the age of 18. We do not knowingly collect personal data from children. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us and we will take steps to delete such information.

In accordance with the DPDPA 2023, we will obtain verifiable parental consent before processing any personal data of a child, should such processing become necessary.

Our platforms may contain links to third-party websites, apps, or services (including Apple App Store, Google Play Store, and product manufacturer websites). We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing them with your personal data.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by posting the updated policy on our websites with a revised "Last updated" date. Your continued use of our platforms after such changes constitutes your acceptance of the updated policy.

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

• Entity: InSynapse Technologies India Private Limited
• Email: [email protected]
• Phone: +91 70689 68970
• Address: Pune, Maharashtra, India

The Grievance Officer designated under the DPDPA 2023 and the Information Technology Act, 2000 can be reached at the email address above. We will acknowledge your grievance within 24 hours and resolve it within 30 days.