In short
We collect only what we need to run the website and the Ajuni platform. Your contact details when you give them to us. Telemetry that keeps the platform alive. Anonymised analytics about how this site is used.
We do not train models on customer data. We do not sell personal information. Data your agents process inside your environment belongs to you, and the DPA covers it, not this policy.
Who we are
Ajuni is built by Webority Technologies Pvt. Ltd. We are headquartered at 629-634, Sixth Floor, Vipul Trade Centre, Sohna Road, Sector 48, Gurugram, Haryana 122018, India.
This policy explains how we handle personal information when you visit ajuni.io, sign up for the Ajuni platform, or contact us. It covers data we hold as a controller. If you are already a customer, your customer data is governed by your Subscription Agreement and the Data Processing Addendum, not this policy.
What we collect
Information you give us. Your name, work email, company, role, and anything else you type when you contact sales, book a demo, sign up, or write in.
Platform telemetry. Operational logs, performance metrics, error reports, and audit-trail entries from the Ajuni platform. This is what lets us keep the platform running and meet the SLA in your contract.
Website analytics. Aggregated and anonymised data about how visitors use ajuni.io. Page views, referrers, approximate region. IP addresses are truncated before storage.
We do not collect the data your agents process inside your environment. That data is yours.
How we use it
We use this information to run the platform, answer your questions, deliver what we promised in the contract, fix what breaks, and meet the law.
We do not sell personal information to anyone, for any price, ever. We do not train models on customer data. We do not use customer data, assistant transcripts, or platform telemetry to fine-tune sub-models, run evaluation benchmarks, or red-team the platform. The DPA spells out the contractual version of these commitments.
Legal basis for processing
Where the GDPR applies, our legal basis is contract performance (Article 6(1)(b)) for customer relationships, legitimate interest (Article 6(1)(f)) for security telemetry and fraud prevention, consent (Article 6(1)(a)) for analytics cookies and marketing emails, and legal obligation (Article 6(1)(c)) where a law tells us to keep or disclose data.
Under the DPDP Act, processing is on the basis of consent or for legitimate use as defined in Section 7, and the consent register that records what you agreed to and when is available to you on request.
We do not make solely automated decisions that produce legal or similarly significant effects on individuals through the website or sales process. Where customers configure Ajuni agents to support automated decisions about their own end users, the customer is the controller for that decision under Article 22 and the DPA documents the safeguards.
Consent: how we ask, how you withdraw
When we rely on consent, we ask in plain language at the point we collect the data. Each purpose is separated, so you can agree to one and refuse another. We log what you agreed to, when, and how, in a consent register tied to your record.
To withdraw any consent, click the unsubscribe link in any marketing email, change your cookie preferences from the footer, or write to [email protected]. Withdrawal applies prospectively and does not affect the lawfulness of processing carried out before withdrawal.
Marketing emails
If you opt in to marketing emails, we send platform updates, security advisories, and occasional product news. No more than two marketing emails per month.
Every email has a one-click unsubscribe link. Unsubscribe takes effect immediately and applies across all marketing categories. Transactional emails about your account, billing, and security continue regardless, because the law requires them.
Children
The Ajuni platform and ajuni.io are not directed at children under the age of 18. We do not knowingly collect personal data from children. We do not run behavioural monitoring or targeted advertising directed at children.
If you believe a child has provided us personal data, write to [email protected] and we will delete it without asking the child for further identification.
How long we keep it
Contact information stays in our CRM for as long as you are a customer or an active prospect, and for 24 months after the last interaction.
Platform telemetry is kept for 90 days for operational use, then aggregated. Audit-trail entries follow the retention period in your contract, which defaults to 7 years for regulated workloads.
Website analytics roll up to monthly aggregates after 13 months. Raw events are deleted.
AI chat assistant
The AI assistant on ajuni.io uses a model hosted by Anthropic to draft replies. Your messages are sent to Anthropic for that purpose and are not used by Anthropic to train models.
We do not log assistant conversations in our own databases. If you choose to share your contact details inside a chat, the transcript is recorded in our CRM and an inline disclosure on the chat tells you that. The email copy sent to the sales team is automatically deleted from inboxes after 30 days, with the CRM record as the system of truth.
Your rights
Under the Digital Personal Data Protection Act, 2023 you can ask us to show you the personal information we hold, correct it, erase it, or transfer it. You can also withdraw consent and complain to the Data Protection Board of India.
If the GDPR applies to you, the same rights apply, plus the right to object to processing and to restrict it. You can also complain to your local supervisory authority.
To use any of these rights, write to [email protected]. We acknowledge within 2 business days and resolve within 30 days. If the request is unusually complex we may extend by a further 30 days, and we tell you why before we do.
Where your data lives
Data your agents process lives in the region your contract names. India regions stay in India. EU regions stay in the EU. The DPA carries the specifics.
Data about visitors to this website is processed in our HQ region, India. If you are reading from outside India, that transfer relies on the Standard Contractual Clauses or the equivalent transfer mechanism for your country, plus the technical controls in our Trust page.
Security
Our information security management system is certified to ISO/IEC 27001:2022. Data is encrypted at rest with AES-256-GCM and in transit with TLS 1.3. Keys are managed in FIPS 140-2 Level 3 HSMs. Access is granted on a least-privilege basis, requires FIDO2 hardware-key MFA for privileged operations, and is reviewed every quarter. The Trust page has the full posture.
Significant Data Fiduciary commitments
We are not currently notified as a Significant Data Fiduciary under Section 10 of the DPDP Act. We commit to operating to Significant Data Fiduciary standards regardless. Our Data Protection Officer is reachable at [email protected]. We conduct Data Protection Impact Assessments for any new processing that touches sensitive personal data, biometric data, or large-volume children-adjacent data, and the DPIA records are available to regulators and to enterprise customers under NDA.
If we are subsequently notified as a Significant Data Fiduciary, we will update this section within 30 days and publish the additional measures we have taken.
Changes to this policy
If we change anything material in this policy, we update the effective date at the top and notify customer admins by email at least 30 days before the change takes effect. Older versions are available on request so you can see what changed and when.
Contact
Write to us at [email protected], or by post to Webority Technologies Pvt. Ltd., 629-634, Sixth Floor, Vipul Trade Centre, Sohna Road, Sector 48, Gurugram, Haryana 122018, India.
If your question is urgent, mark the email subject URGENT and we will route it the same day.
Questions about this document?
We'd rather you ask than guess. Reach us at the address below. A real person reads every email.