How InfiniappsAI collects, uses, and protects your personal information

InfiniappsAI ("InfiniappsAI", "we", "us", or "our") is an AI-powered SaaS Platform and Agent development company based in Gobichettipalayam, Tamil Nadu, India, operated by Infinijith Apps & Technologies Pvt. Ltd.

This Privacy Policy explains how we collect, use, store, and protect personal information when you visit our website, use our mobile applications, or access any products and services made available by us.

It applies to end users of InfiniappsAI products, services, and applications, as well as anyone visiting our website.

This notice only covers activity on our website and servers. If you visit a third-party website that we host, mention, or link to, that third party may collect information under its own privacy policy.

For the purposes of the EU and UK General Data Protection Regulation (GDPR / UK GDPR), InfiniappsAI acts as the Data Controller for personal data collected through its website and services. A Data Controller is the entity that determines the purposes and means of processing personal data. A Data Processor is any party that processes data on our behalf. A Data Subject is any living individual whose personal data we process.

We are committed to handling personal data responsibly. In accordance with Article 5 of the GDPR, we apply the following principles to all personal data we process:

• Lawfulness, fairness, and transparency: we process personal data on a valid legal basis, treat individuals fairly, and are open about how their data is used.
• Purpose limitation: we collect personal data for specified, explicit, and legitimate purposes only, and do not use it in ways incompatible with those purposes.
• Data minimisation: we collect only the personal data that is adequate, relevant, and necessary for the purpose at hand.
• Accuracy: we take reasonable steps to keep personal data accurate and up to date, and to erase or correct inaccurate data without delay.
• Storage limitation: we retain personal data only for as long as necessary for the purposes for which it was collected. See the 'How Long We Keep Your Data' section for specific retention periods.
• Integrity and confidentiality: we use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or destruction.
• Accountability: we are responsible for, and can demonstrate compliance with, all of the principles above.

We collect information only when it is necessary and relevant to our dealings with you.

We do not generally process sensitive personal data in the ordinary course of our business. If we ever need to process such data, we do so only with your prior express consent and in compliance with applicable law.

• Personal contact details such as name, email address, postal address, telephone number, and mobile number.
• Account and login details used to access our services.
• Demographic information, interests, market research responses, and customer feedback.
• Technical and usage data such as Internet Protocol (IP) address, device information, and website or communication usage details.
• Payment details or related billing information where needed for a transaction. Payment card information is processed directly by our third-party payment service providers (such as Razorpay or Stripe) and is not stored on our systems.
• Information made available through third-party social networks (such as Google or LinkedIn), including your name, profile picture, and email address, used to register or access our services.

We use the information we collect to operate our website and services, communicate with you, process requests or transactions, improve user experience, perform analytics, and comply with legal obligations.

We do not rent, trade, or share your personal information with other companies for their marketing purposes without your consent.

We may disclose personal information in response to a legally compliant request or when disclosure is otherwise required by law. Where we are legally compelled to disclose personal data, we will notify the affected individual to the extent permitted by law.

We will take reasonable care in handling information provided to us and will comply with our obligations under applicable data protection law, including India's Digital Personal Data Protection Act 2023 and, where applicable, the EU General Data Protection Regulation.

We process your personal data only where we have a lawful basis to do so. Under the General Data Protection Regulation (GDPR) and India's Digital Personal Data Protection Act 2023 (DPDP Act), the basis depends on the specific processing activity:

• Contract performance: processing your account details, delivering the services you have subscribed to, and handling transactions. This covers the core operation of your InfiniappsAI account.
• Consent: sending optional marketing communications, loading non-essential cookies or third-party tools, and processing any special category data. You may withdraw consent at any time by contacting us at contact@infiniapps.ai — withdrawal does not affect the lawfulness of processing before it.
• Legitimate interests: improving our services through analytics, detecting and preventing fraud or security incidents, and administering our platform — where those interests are not overridden by your fundamental rights and freedoms.
• Legal obligation: complying with applicable laws, regulations, court orders, tax and accounting requirements, and law-enforcement requests.

Depending on your location and applicable law, you have the following rights regarding your personal data. To exercise any of these rights, please contact us at contact@infiniapps.ai. We will respond within 30 days (or within such shorter period as required by applicable law). We will not charge a fee for reasonable requests.

• Right to access: you may request a summary or copy of the personal data we hold about you and how it is processed.
• Right to rectification / correction: you may request that we correct inaccurate or incomplete personal data.
• Right to erasure / deletion: you may request deletion of your personal data where it is no longer necessary for the purpose for which it was collected, or where you withdraw consent and no other lawful basis applies.
• Right to data portability: you may request that we provide your personal data in a structured, commonly used, machine-readable format (such as CSV or JSON).
• Right to restriction: you may request that we restrict processing of your personal data in certain circumstances (for example, while you contest the accuracy of data we hold).
• Right to object: you may object to processing based on legitimate interests or for direct marketing purposes. We will stop processing for direct marketing immediately upon request.
• Rights in relation to automated decision-making: you have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects on you, and to request human review of any such decision.
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
• Right to complain to a supervisory authority: if you are located in the EEA or UK and believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with your local data protection supervisory authority. For EEA residents this is typically the authority in your country of residence; for UK residents this is the Information Commissioner's Office (ICO) at ico.org.uk. For users in India, complaints may be directed to the Data Protection Board of India.

We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by applicable law. The following periods apply as a general guide:

• Account and profile data: retained for the duration of your account and for up to 3 years after account closure, to handle any post-termination queries or disputes.
• Transaction and billing records: retained for 7 years to comply with Indian accounting and tax law (Companies Act 2013, Income Tax Act 1961).
• Technical and log data (IP addresses, usage logs): retained for a minimum of 180 days as required by India's Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and for such longer period as may be required by applicable law or a lawful request from a government or regulatory authority, after which they are securely deleted or anonymised.
• Marketing consent records: retained for as long as you remain a subscriber, plus 3 years to demonstrate compliance with consent obligations.
• Support and correspondence records: retained for 2 years from the date of the last interaction.
• Cookie consent records: stored in your browser for up to 180 days unless you update your preferences or the consent version changes.

InfiniappsAI is based in India and may process or store data using cloud infrastructure, service providers, or sub-processors located in other countries, including within the European Economic Area (EEA), the United Kingdom, and the United States.

Where personal data of EEA or UK residents is transferred outside those regions, we ensure an appropriate safeguard is in place. This may include the use of EU Standard Contractual Clauses (SCCs) as approved by the European Commission, or other lawful transfer mechanisms recognised under UK law.

Where personal data is transferred outside India, we act in accordance with the provisions of India's Digital Personal Data Protection Act 2023 and any restrictions notified by the Central Government.

If you would like further information about the transfer safeguards we rely on, or copies of relevant documentation, please contact us at contact@infiniapps.ai.

InfiniappsAI is an AI-powered SaaS platform. Where our services involve automated processing of your data, we are committed to transparency about how that works.

We do not make decisions that produce legal or similarly significant effects on you based solely on automated processing without a human review mechanism being available. Where our platform includes automated recommendations or AI-generated outputs, a human remains responsible for any decision that materially affects you.

If your data is used to train, fine-tune, or evaluate AI models operated by InfiniappsAI, we will inform you of this at the time of collection and obtain your consent where required by applicable law. You may withdraw consent for such use at any time by contacting contact@infiniapps.ai.

For more information about how AI features in our platform work and what data they use, please refer to the product documentation or contact us directly.

We maintain technical and organisational security measures designed to protect your personal data against unauthorised access, disclosure, alteration, or loss.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant data protection authority within the timeframe required by applicable law — for example, within 72 hours under GDPR or as required under the DPDP Act.

Where a breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, providing information about the nature of the breach and steps you can take to protect yourself.

All personal data breaches are recorded in our internal breach register regardless of whether external notification is required.

We maintain information security controls across people, processes, and technology on a risk-management basis to provide a safer experience on our website and services.

We do not send sensitive information such as credit card numbers by email, instant message, or other unsecured channels. Payment card information is handled by third-party payment service providers and we do not directly store that data.

No method of transmission or electronic storage is 100% secure. We encourage you to follow safe internet practices. If you suspect any unauthorised use of your account or a security incident, please contact us immediately at contact@infiniapps.ai.

This Privacy Policy does not extend to websites linked from our site. Please review the privacy policy of any linked website you visit.

We use cookies and similar browser technologies to enable core site features, remember consent choices, and support website functionality.

Our website may also load Zoho SalesIQ as an optional support chat tool when preference cookies are enabled for the visitor's region and choice. Related Zoho cookies or identifiers may then be used as part of that support functionality.

The current cookie preferences flow supports separate preference, analytics, and marketing categories, and optional tags or scripts are intended to respect both regional defaults and user choices.

Where analytics or marketing technologies are configured through Google Tag Manager or similar tooling, those providers may collect usage, device, and interaction data under their own service terms and privacy policies when the relevant category is enabled for the visitor's region and choice.

We store a consent record in the browser so your cookie preferences can be respected on later visits, typically for up to 180 days unless you update your choices or the consent version changes.

For more detailed information about cookie categories, providers, and durations, please refer to our Cookies Policy.

We do not intentionally collect or process personal data from children under the age of 18. In accordance with India's Digital Personal Data Protection Act 2023, processing of personal data belonging to a child (a person under 18 years of age) requires verifiable consent from the child's parent or lawful guardian before any collection begins.

If you believe we have inadvertently collected personal data from a child without appropriate parental consent, please contact us immediately at contact@infiniapps.ai and we will take prompt steps to delete that data.

We process personal data as needed to comply with applicable laws, regulations, court orders, and law-enforcement requirements. Where we are legally compelled to disclose personal data, we will notify the affected individual to the extent permitted by law.

We may update this Privacy Policy from time to time to reflect operational, legal, or regulatory changes. When we make material changes, we will update the effective date shown on this page and, where appropriate, notify you by email or by a prominent notice on our website.

We recommend that you review the version published on this page periodically to stay informed about how we handle your information.