Privacy Policy

We prioritise your privacy and are committed to protecting your personal data in compliance with GDPR, the DPDP Act, and other applicable laws.

Last Updated: July 20, 2025

Introduction

At Nara Virtual, we prioritise your privacy and are committed to protecting your personal data in compliance with GDPR, the DPDP Act, and other applicable laws. This Privacy Policy explains how we collect, use, store, and protect your information when you use our AI-powered services.

Information We Collect

We collect the following categories of information:

Personal Data

  • Name, email address, and contact details provided during account creation or subscription
  • Payment information (e.g., credit/debit card details, billing address) for processing subscriptions
  • Account credentials (e.g., username, password)
  • Profile information (e.g., preferences, user settings)

Usage Data

  • Interactions with our AI services, including chat prompts, responses, and generated images
  • Service usage statistics (e.g., frequency of use, features accessed)
  • Device and browser information (e.g., IP address, device type, operating system, browser type)

AI Training Data

  • Anonymised conversation data and prompts
  • Anonymised image generation prompts and results
  • User feedback and interactions to improve our AI models

How We Use Your Information

We use your information for the following purposes:

  • Service Delivery: To provide and personalise AI-powered services, including chat assistance, image generation, and summarisation
  • Payment Processing: To manage subscriptions and process payments securely
  • AI Improvement: To train and enhance our AI models using anonymised data
  • Communication: To send service-related updates, respond to inquiries, or provide promotional offers (with your consent, where required)
  • Security: To detect and prevent fraud, abuse, or security threats
  • Legal Compliance: To comply with legal obligations under GDPR, DPDP Act, and other applicable laws

Legal Basis for Processing (GDPR)

Under GDPR, we process personal data based on:

  • Consent: Where you explicitly consent to data processing (e.g., for promotional communications)
  • Contract: To fulfil our obligations under your subscription or service agreement
  • Legitimate Interests: For improving our services, ensuring security, or preventing fraud, where such interests do not override your rights
  • Legal Obligation: To comply with applicable laws or regulations

Data Storage and Security

Storage: Personal data is stored on secure servers with restricted access, located in jurisdictions compliant with GDPR and DPDP Act requirements.

  • Security Measures: We implement encryption, access controls, and regular security assessments to protect your data from unauthorised access, loss, or alteration
  • Retention: Data is retained only for as long as necessary to fulfil the purposes outlined in this policy or as required by law. Anonymised data may be retained indefinitely for AI training

Data Sharing

We may share your information with:

  • Service Providers: Third-party vendors (e.g., payment processors, hosting providers) who assist in delivering our services, bound by strict data protection agreements
  • Legal Authorities: When required by law or to protect our rights, in compliance with GDPR and DPDP Act
  • With Consent: Third parties, where you have provided explicit consent

We do not sell your personal data to third parties.

AI-Specific Privacy Considerations

  • Anonymisation: Chat data and image generation prompts are anonymised before use in AI training to prevent identification
  • Generated Content: Images and other AI-generated content are securely stored and linked to your account. You may request deletion of such content, subject to legal retention periods

Your Rights (GDPR & DPDP Act)

You have the following rights regarding your personal data:

  • Access: Request access to the personal data we hold about you
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data, subject to legal obligations
  • Restriction: Restrict processing of your data in certain circumstances
  • Data Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests or for direct marketing
  • Withdraw Consent: Withdraw consent for data processing at any time, where applicable

To exercise these rights, contact us at [email protected]. We will respond within 30 days, as required by GDPR and DPDP Act.

Cookies and Tracking

We use cookies and similar technologies to enhance user experience, analyse usage, and personalise services.

  • Types of Cookies: Essential (for site functionality), analytical (for usage statistics), and marketing (with consent)
  • Control: You can manage cookie preferences via your browser settings or our cookie consent tool

Children's Privacy

We do not knowingly collect or process data from children. If we become aware of such data, it will be deleted promptly.

International Data Transfers

For users in the European Economic Area (EEA), data may be transferred to servers outside the EEA, subject to GDPR-compliant safeguards, such as Standard Contractual Clauses (SCCs), to ensure adequate protection.

Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Significant changes will be communicated via email or a website notice. Continued use of our services after such updates constitutes acceptance of the revised policy.

Contact Information

For privacy-related inquiries or to exercise your data rights, please contact:
Email: [email protected]
Address: HAL 3rd Stage, Kodihalli, Indiranagar, Bengaluru, Karnataka-560008, India
Data Protection Officer: For GDPR-related concerns, contact our Data Protection Officer at [email protected].