Infiniapps AI Logo
Privacy Policy

Your information, handled responsibly

How InfiniappsAI collects, uses, and protects your personal information

This Privacy Policy applies to visitors, customers, and end users of InfiniappsAI across our website, mobile applications, and related services.

Website visitorsProspective customersService customers
This policy covers our website and servers. Third-party websites or services linked from our site follow their own privacy practices.
01

Scope of This Notice

InfiniappsAI ("InfiniappsAI", "we", "us", or "our") is an AI software, SaaS, and agent development services company based in Gobichettipalayam, Tamil Nadu, India, operated by Infinijith Apps & Technologies Pvt. Ltd.

This Privacy Policy explains how we collect, use, store, and protect personal information when you visit our website, contact us, request information, or use any products, applications, or services made available by us.

It applies to visitors of our website, prospective customers, service customers, and end users of InfiniappsAI products or applications where those products or applications are made available.

This notice only covers activity on our website and servers. If you visit a third-party website that we host, mention, or link to, that third party may collect information under its own privacy policy.

For personal data collected for our own business operations, including website enquiries, sales communications, billing, analytics, support, and service administration, InfiniappsAI acts as the Data Controller under the EU and UK General Data Protection Regulation (GDPR / UK GDPR), where those laws apply.

Where we process customer or end-user data on behalf of a client in connection with a client SaaS product, AI project, or managed service, we generally act as a Data Processor or service provider and the client remains the Data Controller. In those cases, the client's privacy notice and our agreement with that client govern how the relevant customer or end-user data is handled.

A Data Controller is the entity that determines the purposes and means of processing personal data. A Data Processor is any party that processes data on behalf of a Data Controller. A Data Subject is any living individual whose personal data is processed.

02

How We Handle Your Data: Our Principles

We are committed to handling personal data responsibly. In accordance with Article 5 of the GDPR, we apply the following principles to all personal data we process:

  • Lawfulness, fairness, and transparency: we process personal data on a valid legal basis, treat individuals fairly, and are open about how their data is used.
  • Purpose limitation: we collect personal data for specified, explicit, and legitimate purposes only, and do not use it in ways incompatible with those purposes.
  • Data minimisation: we collect only the personal data that is adequate, relevant, and necessary for the purpose at hand.
  • Accuracy: we take reasonable steps to keep personal data accurate and up to date, and to erase or correct inaccurate data without delay.
  • Storage limitation: we retain personal data only for as long as necessary for the purposes for which it was collected. See the 'How Long We Keep Your Data' section for our retention criteria.
  • Integrity and confidentiality: we use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or destruction.
  • Accountability: we are responsible for, and can demonstrate compliance with, all of the principles above.
03

Information We Collect

We collect information only when it is necessary and relevant to our dealings with you.

  • Personal contact details such as name, email address, postal address, telephone number, and mobile number.
  • Account and login details, where account-based access is enabled for a product or service.
  • Demographic information, interests, market research responses, and customer feedback.
  • Technical and usage data such as Internet Protocol (IP) address, device information, and website or communication usage details.
  • Payment details or related billing information where needed for a transaction. Payment card information is processed directly by our third-party payment service providers, such as Razorpay where enabled, and is not stored on our systems.
  • Information received from third-party authentication or account providers, where that feature is enabled for a product or service, such as your name, email address, profile identifier, or profile image.
04

How We Use and Share Information

We use the information we collect to operate our website and services, communicate with you, process requests or transactions, improve user experience, perform analytics, and comply with legal obligations.

We do not rent, trade, or share your personal information with other companies for their marketing purposes without your consent.

We do not sell personal information or share personal information for cross-context behavioral advertising. We do not currently identify any marketing cookies in the website provider inventory. If optional marketing cookies or marketing tags are introduced in the future, they will be used only where permitted by applicable law and your cookie preferences, and you can disable them at any time through the 'Your Privacy Choices' link in the footer.

Where AI chat or generation features are enabled, we may share the prompt, conversation text, and necessary context with AI infrastructure providers, including OpenAI, solely to provide the requested AI output, maintain security, and support the operation of the relevant feature.

We may disclose personal information in response to a legally compliant request or when disclosure is otherwise required by law. Where we are legally compelled to disclose personal data, we will notify the affected individual to the extent permitted by law.

We will take reasonable care in handling information provided to us and will comply with our obligations under applicable data protection law, including India's Digital Personal Data Protection Act 2023 and, where applicable, the EU General Data Protection Regulation.

05

Lawful Basis for Processing

We process your personal data only where we have a lawful basis to do so. Under the General Data Protection Regulation (GDPR) and India's Digital Personal Data Protection Act 2023 (DPDP Act), the basis depends on the specific processing activity:

  • Contract performance: processing contact details, account details where applicable, service requests, deliverables, support requests, and transactions needed to provide the services you have requested or subscribed to.
  • Consent: sending optional marketing communications, loading non-essential cookies or third-party tools, and processing any special category data. You may withdraw consent at any time by contacting us at privacy@infiniapps.ai — withdrawal does not affect the lawfulness of processing before it. Where we send optional marketing or promotional communications, each message will include a clear way to unsubscribe or opt out. You can also withdraw your consent to marketing communications at any time by emailing privacy@infiniapps.ai with the subject 'Unsubscribe' and we will stop sending marketing emails promptly.
  • Legitimate interests: improving our services through analytics, detecting and preventing fraud or security incidents, and administering our platform — where those interests are not overridden by your fundamental rights and freedoms.
  • Legal obligation: complying with applicable laws, regulations, court orders, tax and accounting requirements, and law-enforcement requests.
06

Your Rights

Depending on your location and applicable law, you have the following rights regarding your personal data. To exercise any of these rights, please contact us at privacy@infiniapps.ai. We will respond within the timeframe required by applicable law, generally within one month under GDPR. Where permitted by law, we may extend the response period for complex or multiple requests and will inform you within the required timeframe. We will not charge a fee for reasonable requests.

  • Right to access: you may request a summary or copy of the personal data we hold about you and how it is processed.
  • Right to rectification / correction: you may request that we correct inaccurate or incomplete personal data.
  • Right to erasure / deletion: you may request deletion of your personal data where it is no longer necessary for the purpose for which it was collected, or where you withdraw consent and no other lawful basis applies.
  • Right to data portability: you may request that we provide your personal data in a structured, commonly used, machine-readable format (such as CSV or JSON).
  • Right to restriction: you may request that we restrict processing of your personal data in certain circumstances (for example, while you contest the accuracy of data we hold).
  • Right to object: you may object to processing based on legitimate interests or for direct marketing purposes. We will stop processing for direct marketing immediately upon request.
  • Rights in relation to automated decision-making: you have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects on you, and to request human review of any such decision.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
  • Right to complain to a supervisory authority: if you are located in the EEA or UK and believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with your local data protection supervisory authority. For EEA residents this is typically the authority in your country of residence; for UK residents this is the Information Commissioner's Office (ICO) at ico.org.uk. For users in India, complaints may be directed to the Data Protection Board of India.
07

How Long We Keep Your Data

We retain personal data only for as long as is necessary for the purposes for which it was collected, for the period reasonably needed to manage our relationship with you, or as required by applicable law. The following criteria apply as a general guide:

  • Account and profile data: retained while the account or service relationship is active and for a reasonable period afterwards to handle post-service queries, enforce agreements, resolve disputes, or comply with legal obligations.
  • Transaction and billing records: retained for the period required by applicable tax, accounting, company, and audit laws.
  • Technical and log data, including IP addresses and usage logs: retained for the period reasonably needed for security, troubleshooting, fraud prevention, abuse prevention, service operation, and legal compliance. Where a specific law or lawful government or regulatory request requires a longer period, we retain the data for that required period.
  • Marketing consent and suppression records: retained while you remain subscribed and for a reasonable period afterwards to demonstrate consent, honour opt-outs, and avoid sending unwanted communications.
  • Support and correspondence records: retained for as long as needed to respond to the request and for a reasonable period afterwards for quality, dispute, and compliance purposes.
  • Cookie consent records: stored in your browser as a cookie for up to 180 days unless you update your preferences, clear browser cookies, or the consent version changes. Browser-side consent audit history is stored separately in localStorage and capped to the 20 most recent consent events. Dedicated server-side consent audit files are retained only where server audit logging is configured for the website.
08

International Data Transfers

InfiniappsAI is based in India and may process or store data using cloud infrastructure, service providers, or sub-processors located in other countries, including within the European Economic Area (EEA), the United Kingdom, and the United States.

Where personal data of EEA or UK residents is transferred outside those regions, we ensure an appropriate safeguard is in place. This may include the use of EU Standard Contractual Clauses (SCCs) as approved by the European Commission, or other lawful transfer mechanisms recognised under UK law.

Where personal data is transferred outside India, we act in accordance with the provisions of India's Digital Personal Data Protection Act 2023 and any restrictions notified by the Central Government.

If you would like further information about the transfer safeguards we rely on, or copies of relevant documentation, please contact us at privacy@infiniapps.ai.

09

AI and Automated Processing

InfiniappsAI provides AI software and development services. Where our website, products, or client projects include AI chat or generation features, we are committed to transparency about how those features handle personal data.

We do not make decisions that produce legal or similarly significant effects on you based solely on automated processing without a human review mechanism being available. Where our platform includes automated recommendations or AI-generated outputs, a human remains responsible for any decision that materially affects you.

When an AI chat feature uses the OpenAI API, the text you submit, the conversation context, and the AI-generated output may be transmitted to OpenAI to generate and return the requested response and to support safety, security, and abuse monitoring.

We do not use customer personal data submitted through AI chat features to train or fine-tune InfiniappsAI models, and we do not opt in to OpenAI using API inputs or outputs to train OpenAI models.

OpenAI states that data sent to the OpenAI API is not used to train or improve OpenAI models unless the API customer explicitly opts in, and that abuse monitoring logs for API usage may be retained for up to 30 days unless longer retention is required by law or needed to protect the services or third parties from harm.

Please avoid entering sensitive personal data, confidential business information, or third-party personal data into AI chat features unless it is necessary for the requested service and you have the right to provide it.

For more information about how AI features in a specific product or client project work and what data they use, please refer to the relevant product documentation, client agreement, or contact us directly.

10

Protection and Access to Collected Information

We maintain information security controls across people, processes, and technology on a risk-management basis to provide a safer experience on our website and services.

We do not send sensitive information such as credit card numbers by email, instant message, or other unsecured channels. Payment card information is handled by third-party payment service providers and we do not directly store that data.

No method of transmission or electronic storage is 100% secure. We encourage you to follow safe internet practices. If you suspect any unauthorised use of your account or a security incident, please contact us immediately at privacy@infiniapps.ai.

This Privacy Policy does not extend to websites linked from our site. Please review the privacy policy of any linked website you visit.

11

Cookies and Analytics

We use cookies and similar browser technologies to enable core site features, remember consent choices, and support website functionality.

We use Google reCAPTCHA v3 in contact and lead flows for spam, fraud, and abuse prevention. reCAPTCHA may set a necessary _GRECAPTCHA cookie or use related Google resources when it is executed.

Our website may also load Zoho SalesIQ as an optional support chat tool when preference cookies are enabled for the visitor's region and choice. Related Zoho cookies or identifiers may then be used as part of that support functionality.

The current cookie preferences flow supports separate preference and analytics categories, plus a marketing control category for any consent-managed advertising, remarketing, or campaign-measurement tags if configured.

Where analytics technologies are configured through Google Tag Manager or similar tooling, including Google Analytics and Microsoft Clarity, those providers may collect usage, device, and interaction data under their own service terms and privacy policies when the relevant category is enabled for the visitor's region and choice. If marketing technologies are introduced through Google Tag Manager or similar tooling, they are intended to respect the marketing control category, regional defaults, and user choices.

We store consent preferences in the browser as a cookie named infiniapps-cookie-consent so your choices can be respected on later visits, typically for up to 180 days unless you update your choices, clear browser cookies, or the consent version changes.

We also keep a browser-side consent audit history named infiniapps-cookie-consent-audit, capped to the 20 most recent consent events, and may send consent audit events to /api/privacy/consent-audit for operational compliance records.

For more detailed information about cookie categories, providers, and durations, please refer to our Cookies Policy.

12

Personal Data of Children

We do not intentionally collect or process personal data from children under the age of 18. For EEA residents, the applicable age threshold may differ by member state. In accordance with India's Digital Personal Data Protection Act 2023, processing of personal data belonging to a child (a person under 18 years of age) requires verifiable consent from the child's parent or lawful guardian before any collection begins.

If you believe we have inadvertently collected personal data from a child without appropriate parental consent, please contact us immediately at privacy@infiniapps.ai and we will take prompt steps to delete that data.

13

Compliance with Laws and Law Enforcement

We process personal data as needed to comply with applicable laws, regulations, court orders, and law-enforcement requirements. Where we are legally compelled to disclose personal data, we will notify the affected individual to the extent permitted by law.

14

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect operational, legal, or regulatory changes. When we make material changes, we will update the effective date shown on this page.

We recommend that you review the version published on this page periodically to stay informed about how we handle your information.

Contact information

Questions or concerns about privacy?

If you have questions about this Privacy Policy or how your information is handled, contact our team and we will direct your request appropriately.