This Privacy policy (the “Privacy Policy”) describes how MASIN PROJECTS PRIVATE LIMITED (“MASIN,” “Company,” “we,” “us,” or “our”) collects, uses, discloses, retains, and protects Personal Data and User Data in connection with your use of the MASIN AI platform at [URL OF MASIN] and any related websites or web applications (collectively, the “Platform”), and our AI assistants, tools, and knowledge databases (the “Services”). This Privacy Policy is incorporated into, and forms part of, the MASIN Terms and Conditions. If our Services are provided to you under a separate Data Processing Agreement (“DPA”), those terms will govern to the extent of any inconsistency.

We may provide links to third-party websites or services we do not control. Their privacy practices are governed by their own policies.

1. Definitions

1.1 “Affiliates” means, with respect to MASIN, any entity that directly or indirectly controls, is controlled by, or is under common control with MASIN. For the purposes of this Privacy Policy, it includes Amazon Web Services, Inc. (AWS) and any licensor of MASIN, in each case solely in connection with the Services.

1.2 “Personal Data” shall have the meaning as mentioned under Article 1.14 of the Terms and Conditions.

1.3 “Processing” means a wholly or partly automated operation or set of operations performed on digital personal data, and includes operations such as collection, recording, organisation, structuring, storage, adaptation, retrieval, use, alignment or combination, indexing, sharing, disclosure by transmission, dissemination or otherwise making available, restriction, erasure or destruction. .

1.4 “User Data” shall have the meaning as mentioned under Article 1.5 of the Terms and Conditions.

1.5 “Telemetry” means data the platform automatically collects about how it works and how you use it (for example, event logs, crash reports, your device and browser type, pages and files viewed, searches, features used, and timestamps). Depending on the law and context, some Telemetry (such as your IP address or device identifiers) may be Personal Data.

1.6 “Third Party” means any entity other than MASIN or our affiliates, including partners, vendors, processors, and service providers.

1.7 “Core Services” shall have the meaning as mentioned under Article 2 of the Terms and Conditions.

1.8 “Child” means a person who has not completed eighteen years of age.

1.9 “Data Fiduciary” means any person who determines the purpose and means of Processing Personal Data.

1.10 “Data Processor” means any person who Processes Personal Data on behalf of the Data Fiduciary.

2. Scope and Relationship to Other Terms

This Privacy Policy applies to your use of the Platform and the services we provide, including any web application(s), AI-enabled features, knowledge databases, and related tools (collectively, the “Services”). Your use is also subject to the Terms & Conditions and any applicable data processing agreements for enterprise customers. Third-party websites and services linked or integrated with the Platform are governed by their own privacy policies.  We are not responsible for their privacy practices.

3. Personal Data We Collect

We collect personal data relating to you (“Personal Data”) as follows:

3.1 Personal Data You Provide: We collect Personal Data if you create an account to use our Services or communicate with us as follows:

1. Account Information: When you create an account with us, we will collect information associated with your account, including your name, contact information, account credentials, date of birth, payment information, and transaction history, (collectively, “Account Information”).
2. User Data: We collect Personal Data that you provide in the input to our Services (“Content”), including your prompts and other content you upload, such as files ⁠(opens in a new window), images⁠ (opens in a new window), and audio⁠ (opens in a new window), depending on the features you use.
3. Communication Information: If you communicate with us, such as via email or our pages on social media sites, we may collect Personal Data like your name, contact information, and the contents of the messages you send (“Communication Information”).
4. Other Information You Provide: We collect other information that you may provide to us, such as when you participate in our events or surveys or provide us with information to establish your identity or age (collectively, “Other Information You Provide”).

3.2 Personal Data We Receive from Your Use of the Services: When you visit, use, or interact with the Services, we receive the following information about your visit, use, or interactions (“Technical Information”):

1. Log Data: We collect information that your browser or device automatically sends when you use our Services. Log data includes your Internet Protocol address, browser type and settings, the date and time of your request, and how you interact with our Services.
2. Usage Data: We collect information about your use of the Services, such as the types of content that you view or engage with, the features you use and the actions you take, as well as your time zone, country, the dates and times of access, user agent and version, type of computer or mobile device, and your computer connection.
3. Device Information: We collect information about the device you use to access the Services, such as the name of the device, operating system, device identifiers, and browser you are using. Information collected may depend on the type of device you use and its settings.
4. Location Information: We may determine the general area from which your device accesses our Services based on information like its IP address for security reasons and to make your product experience better, for example to protect your account by detecting unusual login activity or to provide more accurate responses. In addition, some of our Services allow you to provide more precise location information from your device, such as location information from your device’s GPS.
5. Cookies and Similar Technologies: We use cookies and similar technologies to operate and administer our Services, and improve your experience. For details about our use of cookies, please read our Cookie Policy [INSERT URL OF COOKIE POLICY].

4. How We Use Data

4.1 We process Personal Data to:

1. provide, operate, secure, and maintain the MASIN AI Platform and Services;
2. verify your identity and contact details as part of account creation, login, and account security measures;
3. personalise and improve the Services such as tailoring content relevance, optimising UI/UX, and enhancing feature performance and, for events tracking;
4. communicate with you regarding the Services, including service notices, updates, product changes, and where permitted information about opportunities and events;
5. process transactions, subscriptions, and payments;
6. diagnose, prevent, and investigate fraud, abuse, security incidents, and other prohibited or illegal activities;
7. conduct internal analytics related to performance, reliability, security, and product improvement for Core Services;
8. respond to queries, support requests, bug reports, and complaints;
9. comply with legal obligations, regulatory requirements, and enforce our terms.

4.2 We may also aggregate or de-identify Personal Data so that it no longer identifies you and use this information for the purposes described above, such as to analyse the way our Services are being used, to improve and add features to them, and to conduct research. We will maintain and use de-identified information in de-identified form and not attempt to reidentify the information, unless required by law.

5. How We Do NOT Use your Data

5.1 We do not sell, rent, or lease your Personal Data or User Data to third parties. We do not aggregate, distribute, or otherwise commercially exploit your Personal Information or User Data outside the delivery and improvement of the Services as described herein.

5.2 When you use our Services, your User Data is only loaded temporarily into our AI systems to generate responses for your session. We do not use it to train our models. For third‑party models we access via API including services provided by Amazon Web Services (AWS), we only use providers that contractually commit to equivalent privacy protections and not to train on Customer Content sent through their APIs.

6. Disclosure of Personal Data

6.1 We may disclose your Personal Data in the following circumstances:

1. Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we may disclose Personal Data to vendors and service providers, including providers of hosting services, customer service vendors, cloud services, content delivery services, support and safety monitoring services, email communication software, web analytics services, payment and transaction processors, and other information technology providers. Pursuant to our instructions, these parties will access, process, or store Personal Data only in the course of performing their duties to us.
2. Government Authorities or Other Third Parties: We may share your Personal Data, including information about your interaction with our Services, with government authorities, industry peers, or other third parties in compliance with the law (i) if required to do so to comply with a legal obligation, or in the good faith belief that such action is necessary to comply with a legal obligation, (ii) to protect and defend our rights or property, (iii) if we determine, in our sole discretion, that there is a violation of our terms, policies, or the law; (iv) to detect or prevent fraud or other illegal activity; (v) to protect the safety, security, and integrity of our products, employees, users, or the public, or (vi) to protect against legal liability.
3. Affiliates: We may disclose Personal Data to our affiliates. Our affiliates may use this Personal Data in a manner consistent with this Privacy Policy.

6.2 We maintain an up‑to‑date internal register of key processors and sub‑processors and will provide a summary upon request where required by law or by contract.

7. Hosting and Security Posture

7.1 We host and run the MASIN AI Platform on reputable cloud providers. We store User Data in encrypted form and protect it with multiple layers of security, including encryption in transit and at rest, strong authentication and access controls, network segmentation, and role‑based permissions. Only authorised staff can access administrative systems, following the principle of least privilege, and all such access is monitored and logged. We follow secure development and change‑management practices and maintain vulnerability management and incident response procedures that match the risk and sensitivity of the data we process.

7.2 While no Internet transmission or electronic storage is completely secure, we use widely accepted industry standards to protect Personal Data during transmission and after it is received.

8. Roles: Data Fiduciary and Data Processor

We act as the Data Fiduciary in respect of any Personal Data that we collect and for which we determine the purposes and means of Processing, as described in this Privacy Policy. For enterprise customers, we may act as a Data Processor pursuant to a Data Processing Agreement (DPA), Processing Personal Data strictly in accordance with the documented instructions provided therein. In the event of any inconsistency between this Privacy Policy and an enterprise customer’s privacy policy in the context of our role as a Processor, the DPA shall prevail for such Processing.

9. Legal Bases for Processing

Where required under applicable law, we rely on consent and other permissible grounds for Processing, including compliance with legal obligations and orders issued by courts or competent authorities.

10. AI Features and Data Handling

10.1 Our AI features process your inputs and outputs (including prompts and uploaded files) to provide the Services. We may use de-identified or aggregated data to test, improve, and ensure the quality and safety of our AI. We may fine-tune models using de-identified, aggregated, or synthetic data derived from usage to improve functionality, guardrails, and relevance.

10.2 When we use Third Party AI models, we do so under contracts that protect your data. We do not allow those providers to train on your identifiable content for their own purposes.

11. Service Communications

We may send you service-related communications necessary to operate your account. Transactional and other service notices will continue as needed for your account and the Services.

12. Product Telemetry and Service Analytics

We may perform limited product telemetry and service analytics to ensure reliability, security, and performance; measure feature adoption and quality; and support debugging and service improvement. Where such analytics involve third parties, they act as processors bound by contractual and technical safeguards. We avoid collecting more Personal Data than necessary for these purposes and, where feasible, aggregate or de-identify data.

13. Data Deletion

Shall have the meaning as mentioned under Article 10.8 of the Terms and Conditions.

14. Do Not Track

We do not currently respond to Do Not Track signals. Some Third Parties may collect information about your online activities over time and across different websites when you use the Platform. Their practices are governed by their privacy policies.

15. Your Rights

15.1 Under the DPDP Act, you may have certain rights regarding your Personal Data, such as:

1. Access: the right to know whether we process your Personal Data and to access or receive a copy of it.
2. Correction and updating: the right to correct inaccurate or incomplete Personal Data.
3. Erasure: the right to request deletion of Personal Data, subject to applicable exceptions.
4. Grievance redressal: the right to have grievances addressed by our Grievance Officer within timelines prescribed by law.
5. Withdrawal of consent: where processing is based on consent, you may withdraw your consent at any time, including via a registered Consent Manager, where available.
6. Complaint: the right to escalate a complaint to the Data Protection Board of India, subject to applicable law.
7. Nomination: the right to nominate another individual to exercise rights on your behalf in the event of death or incapacity, as permitted by applicable law.

15.2 You may exercise your rights by contacting us using the details in Article 21 or through a registered Consent Manager, where available. We may need to verify your identity before responding. We will respond within the timelines required by applicable law. Some rights may be limited or unavailable depending on the circumstances and our legal obligations.

16. Third-Party Links and Integrations

Shall have the meaning as mentioned under Article 1.20 of the Terms and Conditions.

17. Children’s Privacy

Shall have the meaning as mentioned under Article 10.11 of the Terms and Conditions.

18. Records and Assessments

We maintain records of processing activities and, where required by law, conduct data protection impact assessments for high-risk processing, including certain AI-related use cases. We implement measures aimed at data minimisation, purpose limitation, and privacy by design and default.

19. Security Incidents and Breach Notification

Shall have the meaning as mentioned under Article 10.10 of the Terms and Conditions.

20. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes are effective when posted on the Platform. If we make material changes, we will provide additional notice as required by law. We encourage you to review this Privacy Policy periodically to stay informed about our practices.

21. Contact Us and Grievance Redressal

If you have questions or concerns about this Privacy Policy or our data practices, or if you wish to exercise your rights, please contact:

Data Protection and Privacy Office
MASIN PROJECTS PRIVATE LIMITED
[Insert Registered Office Address]
[Insert Corporate Office Address]
Email: [Insert Privacy/Support Email]
Phone: [Insert Phone Number]

Grievance Officer (India): [Insert Name]
Contact: [Insert Email and Phone]
Address: [Insert Address]

We will acknowledge and resolve grievances within the timelines prescribed by applicable law.