Privacy Policy

Last updated: May 20, 2026

Version 1.0

1. Data Collection Practices

We collect information you provide directly and automatically when using Ask Aydo. This section details what data we collect and why.

Documents and Content:

  • Documents you upload via WhatsApp (images, PDFs, files)
  • Text content extracted from documents via OCR
  • Metadata generated by our AI systems (categories, tags, dates)
  • Voice messages sent to our service
  • Search queries and natural language requests
  • Document annotations and user-added tags

Account Information:

  • WhatsApp phone number (primary identifier)
  • Display name and profile information
  • Subscription tier and billing information
  • Emergency contact details (Family plans)
  • Account preferences and settings

Usage and Technical Data:

  • Service usage patterns and feature interactions
  • Device information (type, OS, browser)
  • IP address and general location (country/region)
  • Session data and authentication tokens
  • Error logs and performance metrics

Communication Data:

  • WhatsApp messages sent to our service
  • Customer support interactions
  • Feedback and survey responses
  • Notification preferences and delivery status

Data We Don't Collect:

We don't access your other WhatsApp conversations, contacts, or any data not explicitly sent to our service. We don't collect biometric data, precise location, or browse your device files.

2. Data Usage and Processing

We use your data exclusively to provide and improve Ask Aydo's services:

Primary Service Functions:

  • Document storage and organization in your secure document library
  • AI-powered search and retrieval of your documents
  • Natural language query processing and response generation
  • Document classification and intelligent tagging
  • OCR (Optical Character Recognition) for text extraction
  • PII detection and protection mechanisms

Account Management:

  • User authentication and account security
  • Subscription billing and payment processing
  • Customer support and technical assistance
  • Service usage analytics for optimization

Legal Basis for Processing:

We process your data to provide the service you have signed up for, to keep it secure and reliable, and - for optional features - with your consent.

3. Data Retention Policies

We retain your data only as long as necessary to provide the service and to comply with legal obligations:

Documents and Account Data:

  • While your account is active, your documents are retained so you can access them at any time
  • Cancelling or downgrading a paid subscription does not delete your data - your account moves to the Free plan and your documents are retained
  • When you delete your account, your documents and personal data are permanently deleted within 30 days
  • We may close and delete accounts after a prolonged period of inactivity, after giving you advance notice

Logs and Analytics:

  • Aggregated, anonymized usage data may be retained to operate and improve the service
  • Operational, error, and security logs are retained for a limited period for debugging, security, and compliance

Legal and Compliance Data:

  • Payment and transaction records are retained as required by applicable tax and accounting law
  • Records required for legal compliance are retained for as long as the law requires

4. Your Privacy Rights

You have rights regarding your personal data under the DPDP Act and other applicable privacy laws:

Access Rights:

  • Request a copy of all personal data we hold about you
  • View document metadata and AI-generated classifications
  • Access your account activity and usage history
  • Download your data in a portable format

Correction and Update Rights:

  • Correct inaccurate personal information in your account
  • Update document tags and classifications
  • Modify emergency contact information
  • Change subscription and billing details

Deletion Rights (Right to be Forgotten):

  • Delete individual documents from your document library
  • Request complete account deletion with data purge
  • Remove specific personal information from our systems
  • Opt out of non-essential data processing

Data Portability:

  • Export all documents in original formats
  • Download structured data (metadata, tags, search history)
  • Transfer data directly to another service (where technically feasible)

How to Exercise Your Rights: Contact us at privacy@askaydo.ai or use the data management tools in your account settings. We respond to requests within 30 days and verify your identity before processing.

5. Third-Party Data Sharing

We share your data only in limited circumstances and never sell your personal information:

Service Providers:

  • Cloud infrastructure and hosting providers for secure storage
  • Third-party AI providers for document OCR, classification, and content embeddings
  • Our payment processor for subscription billing
  • Email service providers for account notifications
  • Security monitoring services for threat detection

WhatsApp Integration:

  • WhatsApp Business API for message delivery
  • Messages are end-to-end encrypted by WhatsApp
  • We only access message content you send to our service
  • WhatsApp's privacy policy also applies to messaging interactions

Legal Requirements:

  • Court orders, subpoenas, or legal process
  • Law enforcement requests with proper legal authority
  • Protection of our rights, property, or safety
  • Prevention of fraud or illegal activities

Emergency Access (Family Plans):

  • Designated emergency contacts after prolonged inactivity
  • Verification process required before access is granted
  • Limited to documents you've specifically designated for emergency access

Data Protection Agreements: All third-party service providers sign data processing agreements ensuring they protect your data according to our standards and applicable privacy laws.

6. International Data Transfers

Your data may be processed in more than one country. Where we transfer personal data across borders, we rely on legally recognised safeguards such as contractual protections, encryption, and other mechanisms permitted under applicable privacy law.

Processing Locations:

  • Documents uploaded by Indian users are stored in India by default
  • AI processing may occur in other regions; see the DPDP Act section below for details
  • Backup and disaster recovery may occur across jurisdictions with appropriate protections

Your Rights: You may request information about where your data is processed and, where legally permitted, object to transfers to specific countries.

7. Cookies and Tracking Technologies

We use minimal tracking technologies, primarily for essential service functions and security:

Essential Cookies:

  • Authentication tokens to keep you logged in
  • Session management for secure interactions
  • Security cookies to prevent fraud and attacks
  • Load balancing for optimal performance

Functional Cookies:

  • User preferences and settings
  • Language and region preferences
  • Accessibility settings

Analytics:

  • Aggregated usage statistics (anonymized)
  • Performance monitoring and error tracking

Your Choices: You can disable non-essential cookies through your browser settings. Essential cookies cannot be disabled as they are required for the service to function.

8. Data Breach Notification Procedures

We maintain security measures and have clear procedures for handling security incidents:

Detection and Response:

  • Continuous security monitoring and automated threat detection
  • Incident response procedures activated on detection
  • Analysis to determine the scope and impact of an incident
  • Containment and remediation as quickly as possible

User Notification: If a breach is likely to affect you, we notify you without undue delay through channels such as email, WhatsApp, and in-app notifications, with a clear explanation of what happened and what data was affected.

Regulatory Reporting:

  • We notify the Data Protection Board of India and affected users within the timelines prescribed by the DPDP Act and its Rules
  • We notify other regulators where required by applicable law
  • We cooperate with law enforcement where appropriate

Remediation Support:

  • Clear guidance on protective steps affected users can take
  • A dedicated channel for breach-related questions
  • Regular updates on investigation progress

Prevention Measures: We continuously improve our security based on threat intelligence and conduct regular security testing.

9. Privacy Contact Information

For privacy-related questions, requests, or complaints, you can contact us at the addresses below. We respond to privacy requests within 30 days, or sooner where applicable law requires.

Data Protection / Grievance Officer:

  • Email: privacy@askaydo.ai

Legal & Registered Office:

Aydo Technologies Private Limited
715-A, 7th Floor, Spencer Plaza, Suite #1618
Mount Road, Anna Salai
Chennai 600002, India
Email: legal@askaydo.ai

Data Protection Authority: If your concern is unresolved, you may lodge a complaint with the Data Protection Board of India, or with your local data protection authority where applicable.

10. Age Restrictions

Ask Aydo is intended only for individuals aged 18 or older. We do not knowingly collect personal data from anyone under 18.

If we become aware that we have collected personal data from a person under 18, we will delete the account and the associated data. If you believe a minor has provided us with personal data, contact us at privacy@askaydo.ai.

11. AI Processing and Automated Decision-Making

We use AI systems, including third-party AI providers operating under data processing agreements, to process your documents for OCR, classification, content analysis, and query processing. Document content is transmitted to these providers solely to provide service features and is not retained by them beyond what is necessary for processing.

Automated Decisions:

  • Document rejection: Non-documents are automatically excluded
  • PII detection and protection: Sensitive information is automatically identified and protected
  • Security scanning: Malicious files are automatically quarantined
  • Content filtering and categorization based on document type

Your Rights:

  • Right to request human review of automated decisions affecting you
  • Ability to correct or dispute AI-generated classifications
  • Access to explanation of how automated decisions are made
  • Option to opt out of optional AI features

Your documents are not used to train, fine-tune, or benchmark any AI model. Aggregated, anonymized usage patterns may be used to improve our service; you may opt out of this processing.

12. Security Measures

We implement industry-standard security measures to protect your documents and personal data:

  • AES-256 encryption for data at rest; TLS 1.3 for data in transit
  • Optional two-factor authentication (2FA) for added account security
  • Security practices designed in line with recognised standards such as SOC 2 and ISO 27001
  • Continuous security monitoring and automated threat detection
  • Regular security audits and penetration testing
  • Employee background checks and confidentiality agreements; access to user data is logged and restricted

For detailed information about our security infrastructure and trust commitments, visit our Trust & Security page.

13. Regulatory Compliance

We comply with India's Digital Personal Data Protection Act, 2023, which is our primary data-protection framework (see the section below). Where other privacy laws apply to you - such as the GDPR in the European Union or the CCPA in California - we honour the rights and obligations they grant.

For international data transfers, we rely on encryption and other safeguards permitted under applicable privacy law.

14. DPDP Act 2023 Compliance (India)

Ask Aydo is a data fiduciary under India's Digital Personal Data Protection Act, 2023 (DPDP Act). This section outlines our obligations and your rights as a data principal.

Our Obligations:

  • We process personal data only for lawful purposes with your free, informed, specific, and unconditional consent
  • We maintain this privacy notice describing data collected, processing purposes, and your rights
  • We notify the Data Protection Board of India and affected data principals of personal data breaches within the timeline prescribed by the DPDP Rules
  • We appoint a Data Protection Officer and provide a grievance redressal mechanism
  • We do not transfer personal data of Indian users to jurisdictions notified as restricted by the Central Government

Your Rights as a Data Principal:

  • Right of Access: Obtain a summary of personal data we hold and processing activities
  • Right of Correction and Erasure: Correct inaccurate data or request deletion where processing is no longer necessary
  • Right to Grievance Redressal: Lodge a complaint with our Data Protection Officer; escalate to the Data Protection Board of India if unresolved within 30 days
  • Right to Nominate: Designate a nominee to exercise your data rights in case of death or incapacity

Data Residency (India):

  • Documents uploaded by Indian users are stored in India by default
  • AI processing (OCR, classification) may occur outside India with your consent; extracted metadata is returned and stored in India
  • We will comply with any data localization directions issued by the Central Government

For DPDP-specific complaints, contact our Data Protection Officer at privacy@askaydo.ai.

Contact Information

Email: legal@askaydo.ai

Address:
Aydo Technologies Private Limited
715-A, 7th Floor, Spencer Plaza, Suite #1618
Mount Road, Anna Salai
Chennai - 600002, India