Legal Notice
This Privacy Policy is a legally binding document. By using our website or services, you consent to the practices described herein. If you do not agree, you must discontinue use immediately.
1. Introduction & Data Controller Identity
Autonex AI Technologies('Autonex', 'we', 'our', 'us') is the Data Controller for all personal data collected through our website and services. We are committed to protecting your personal data and processing it lawfully, fairly, and transparently in accordance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (DPDP Act).
Registered Business Name: Autonex AI Technologies
Data Controller Contact: hello@autonexai.org
Grievance Officer: hello@autonexai.org (Response within 30 days as required by law)
2. Definitions
For the purpose of this Policy, the following terms shall have the meanings set out below:
- "Personal Data" means any information relating to an identified or identifiable natural person.
- "Processing" means any operation performed on personal data, including collection, storage, use, disclosure, and deletion.
- "Data Principal" means the individual to whom the personal data relates (you, the user).
- "Data Fiduciary" means the entity that determines the purpose and means of processing (Autonex AI Technologies).
- "Consent" means a freely given, specific, informed, and unambiguous indication of agreement to the processing of personal data.
3. Information We Collect
We collect only the minimum personal data necessary for specified, explicit, and legitimate purposes. Categories of data collected include:
3.1 Data You Voluntarily Provide
- Full name and business email address (via contact and onboarding forms)
- Business name, industry, and size
- Project requirements and business bottlenecks
- Payment details (processed exclusively through secure third-party payment gateways; we do not store card data)
- Meeting and scheduling preferences (via Cal.com)
- Communications and correspondence with us
3.2 Data Collected Automatically
- IP address and approximate geographic location
- Browser type, version, and operating system
- Pages visited, time on site, and referral sources (via analytics tools where enabled)
- Device identifiers and cookie data
3.3 Data We Do Not Collect
We do not collect Sensitive Personal Data or Information (SPDI) as defined under the IT (SPDI) Rules, 2011 — including financial credentials, government ID numbers, medical information, or biometric data — unless explicitly required for a contracted service and with express written consent.
4. Legal Basis for Processing
We process your personal data only when we have a lawful basis to do so under the DPDP Act, 2023 and applicable Indian law:
- Consent: You have given explicit consent for a specific purpose (e.g., receiving marketing communications).
- Contractual Necessity: Processing is necessary to fulfil or prepare a contract with you (e.g., delivering a project) under the Indian Contract Act, 1872.
- Legal Obligation: We are required to process your data to comply with a legal obligation under Indian law.
- Legitimate Interests: Processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms.
You may withdraw consent at any time by contacting us at hello@autonexai.org. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.
5. How We Use Your Information
Your data is used exclusively for the following purposes:
- To respond to inquiries and provide quotes or proposals
- To onboard you as a client and deliver contracted services
- To process payments and maintain financial records
- To communicate project status, updates, and deliverables
- To schedule and manage calls, meetings, and milestones via Cal.com
- To comply with legal, regulatory, and tax obligations under Indian law
- To protect against fraud, identity misrepresentation, and misuse of services
- To improve our website, services, and internal processes
⚡ We will never use your data for purposes incompatible with those stated above without prior notification and, where required, fresh consent. We do not sell, rent, or trade your personal data to any third party for their marketing purposes.
6. Data Sharing & Third-Party Processors
We do not sell, rent, trade, or broker your personal data to any third party. We may share your data only with trusted sub-processors who assist in delivering our services, and only to the extent strictly necessary:
| Processor | Purpose | Data Shared |
|---|---|---|
| Formspree | Contact form submissions | Name, email, inquiry details |
| Cal.com | Meeting scheduling | Name, email, schedule preferences |
| Google Analytics | Website analytics (if enabled) | Anonymised usage data |
| Payment Gateway | Secure payment processing | Payment amount, transaction ID |
We ensure that all third-party processors are contractually bound to maintain confidentiality and implement appropriate security measures equivalent to Indian standards.
7. International Data Transfers
Some of our sub-processors may process your data outside India. Where such transfers occur, we ensure they are protected by appropriate safeguards including standard contractual clauses, adequacy decisions, or other legally recognised mechanisms in compliance with the DPDP Act, 2023. By using our services, you consent to such transfers where necessary for service delivery.
8. Data Retention
We retain your personal data only for as long as is necessary for the purpose it was collected or as required by applicable Indian law:
- Inquiry data (non-clients): 12 months from last contact
- Client project records: 7 years from project completion (statutory compliance under the Companies Act, 2013)
- Financial and payment records: 7 years (as required by the Income Tax Act, 1961 and GST law)
- Marketing consent records: Until consent is withdrawn plus 3 years
- Security and fraud prevention logs: 3 years
Upon expiry of the applicable retention period, data will be securely deleted or anonymised. Deletion includes removal from backup systems within 90 days of the scheduled deletion date.
9. Cookies & Tracking Technologies
Our website may use cookies and similar tracking technologies. In accordance with applicable Indian regulations, we obtain consent for non-essential cookies. We use:
- Strictly Necessary Cookies: Required for the website to function. These cannot be disabled.
- Analytics Cookies: Used to understand how visitors interact with our website (e.g., Google Analytics). These are only activated with your consent.
- Preference Cookies: Used to remember your settings and preferences (1-year duration).
You may control and manage cookies through your browser settings. Disabling essential cookies may affect website functionality.
10. Data Security
We implement and maintain industry-standard technical and organisational security measures as required under Rule 8 of the IT (Reasonable Security Practices and Procedures and SPDI) Rules, 2011. Measures include:
- Encrypted data transmission (SSL/TLS) and encryption at rest for all sensitive data stores
- Multi-factor authentication (MFA) for all internal system access
- Access controls limited to authorised personnel on a strict need-to-know basis
- Audit logging of all access to personal data systems
- Regular security assessments, vulnerability scanning, and penetration testing
- Secure data disposal using approved data destruction methods
In the event of a personal data breach, we will notify CERT-In within 6 hours of becoming aware, as mandated by the CERT-In Directions (April 2022). Affected Data Principals will be notified within 72 hours where feasible, and the incident will be reported to the Data Protection Board of India as required by the DPDP Act, 2023.
11. Your Rights as a Data Principal
Under the Digital Personal Data Protection Act, 2023 and applicable Indian data protection law, you have the following rights:
- Right to Access: You may request a summary of the personal data we hold about you and how it is processed.
- Right to Correction: You may request correction of inaccurate or incomplete personal data.
- Right to Erasure: You may request deletion of your personal data, subject to our legal obligations to retain certain records.
- Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
- Right to Grievance Redressal: You may raise a grievance with our Grievance Officer or escalate to the Data Protection Board of India once constituted under the DPDP Act, 2023.
- Right to Nominate: You may nominate another individual to exercise your rights on your behalf in the event of death or incapacity.
To exercise any of these rights, submit a written request to hello@autonexai.org. We will respond within 30 days as required by the DPDP Act, 2023. We may require identity verification before processing your request.
12. Children's Privacy
Our services are directed exclusively at businesses and individuals aged 18 years and above. We do not knowingly collect personal data from minors. In accordance with the DPDP Act, 2023, if we become aware that a minor has provided us with personal data, we will delete it promptly and implement appropriate parental consent mechanisms. If you believe a minor has provided us with their data, please contact us immediately at hello@autonexai.org.
13. AI Data Processing
As an AI technology company, we process certain client data through AI models and automated systems as part of delivering contracted services. We expressly confirm that:
- Client data is processed by AI models solely for the purpose of delivering the contracted services
- Your data will not be used to train, fine-tune, or improve any publicly available AI model without your explicit prior written consent
- AI-processed outputs are governed by the same data protection standards applicable to all other processing activities under this Policy
- Where third-party AI APIs are used (e.g., OpenAI, Google), only the minimum data necessary is shared, and such providers are reviewed for compliance with data protection standards before use
14. Anti-Fraud & Misrepresentation
Fraud Prevention Notice
Any person who provides false, misleading, or fabricated identity or business information to obtain services from Autonex AI Technologies may be subject to: immediate termination of services, forfeiture of all payments made, civil recovery proceedings under the Code of Civil Procedure, 1908, and referral to law enforcement under the Indian Penal Code, 1860 (Sections 415–420 on cheating and fraud) and the IT Act, 2000 (Section 66D on identity impersonation by using a communication device).
We reserve the right to verify the identity and credentials of any client or prospective client through reasonable means, including requesting government-issued identification, GST registration, or business registration documents, prior to or during any engagement.
15. Updates to This Policy
We may update this Privacy Policy from time to time to reflect changes in law, technology, or our practices. When we make material changes, we will post the updated Policy on our website with a revised effective date and, where practicable, notify existing clients by email. Your continued use of our services after the effective date of any update constitutes acceptance of the revised Policy.
16. Grievance Officer & Contact
If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact our Grievance Officer. In accordance with the Information Technology Act, 2000 and the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021:
Organisation: Autonex AI Technologies
Grievance Officer Email: hello@autonexai.org
Address: Hyderabad, Telangana, India
Response Time: Grievances acknowledged within 24 hours; resolved within 30 days as required by the DPDP Act, 2023
If your grievance is not resolved satisfactorily, you may approach the Data Protection Board of India in accordance with the DPDP Act, 2023, or the competent Consumer Forum in Hyderabad, Telangana under the Consumer Protection Act, 2019.