Privacy Policy

1. Who we are (Data Fiduciary)

For the purposes of the DPDP Act, the Data Fiduciary is:

• Legal Operator: Mahesh Shardul
• Trade Name: TrioLogic HUB
• Brand: Vyiral
• Address:Flat-504, T17, Jannadhar Shubha-II, Attibele, Bangalore – 562107, Karnataka, India
• Privacy contact: privacy@vyiral.com

For grievance redressal, please see Section 12 (Grievance Officer).

2. The personal data we collect

We collect the following categories of personal data:

2.1 Information you provide to us

• Account information. When you sign up using Google OAuth, we receive your name, email address, profile picture, and Google account identifier, as authorised by you through Google’s consent screen. We do not receive your Google password.
• Profile and preferences. Any details you add to your profile or settings.
• Content you submit.Prompts, text, images, files, links, and other materials you upload to or generate through the Services (“User Content”).
• Communications. Information you provide when you contact us for support, feedback, or other enquiries.

2.2 Payment information

Payments are processed by our payment partner Razorpay. When you make a payment, you provide your payment details directly to Razorpay. We do not store your full card numbers, UPI credentials, or banking passwords on our servers. We receive limited transaction information such as transaction ID, amount, payment status, and the masked/partial payment instrument details necessary to confirm your purchase and manage your subscription. Razorpay processes your data in accordance with its own privacy policy.

2.3 Information we collect automatically

• Usage data. Pages visited, features used, actions taken, and timestamps.
• Device and technical data. IP address, browser type, device type, operating system, and language settings.
• Cookies and similar technologies. As described in our Cookie Policy.

2.4 Information from third parties

• Authentication data from Google (via Google OAuth).
• Transaction and payment-status data from Razorpay.

3. How we use your personal data

We use your personal data for the following purposes:

• To create and manage your account and authenticate you via Google OAuth.
• To provide, operate, and maintain the Services, including AI-powered features.
• To process payments, subscriptions, invoices, and refunds via Razorpay.
• To process your prompts and User Content through third-party AI providers in order to generate the outputs you request.
• To respond to your support requests and communicate with you about your account or the Services.
• To personalise and improve the Services, fix bugs, and develop new features.
• To monitor usage, ensure security, detect and prevent fraud or abuse, and enforce our Terms.
• To send you service-related and, where you have consented, promotional communications.
• To comply with legal obligations and respond to lawful requests from authorities.

4. Legal basis for processing

We process your personal data on the basis of:

• Your consent, which you provide when you sign up, submit content, or otherwise use the Services, and which you may withdraw at any time (see Section 9).
• Performance of our agreement with you to deliver the Services you have requested.
• Legitimate uses permitted under the DPDP Act, such as responding to your requests, and legal obligations, such as tax, accounting, and regulatory requirements.

5. How AI features process your data

Vyiral provides features powered by third-party artificial intelligence providers, currently:

• OpenAI
• Anthropic
• Google Gemini

When you use an AI feature, your prompts and the User Content you submit for that feature are transmitted to one or more of these providers solely to generate the output you have requested. These providers act as processors for that specific task.

Important:

• Vyiral does not train its own AI models using your content. Your prompts and uploaded content are processed by third-party AI providers only as necessary to provide the requested AI features.
• Each AI provider processes data under its own terms and privacy policy. We encourage you to review them.
• Please do not submit sensitive personal data, confidential information, or anything you are not authorised to share when using AI features.

6. How we share your personal data

We do not sell your personal data. We share it only as described below:

• Service providers / processors who help us run the Services, including:
  • Google (authentication via Google OAuth)
  • Razorpay (payment processing)
  • OpenAI, Anthropic, and Google Gemini (AI processing)
  • Hosting, infrastructure, analytics, and customer-support providers
• Legal and safety reasons, where required to comply with law, enforce our Terms, protect our rights, or respond to lawful requests by public authorities.
• Business transfers, in connection with a merger, acquisition, restructuring, or sale of assets, subject to this Privacy Policy.

We require our processors to protect your personal data and to use it only for the purposes for which it was shared.

7. International data transfers

Some of our service providers, including AI providers, may process your personal data on servers located outside India. Where this happens, we take reasonable steps to ensure your data is handled in accordance with this Privacy Policy and applicable law, and that transfers are made only to jurisdictions not restricted under the DPDP Act.

8. Data retention

We retain your personal data for as long as your account is active or as needed to provide the Services, and thereafter only as long as necessary to:

• comply with our legal, tax, and accounting obligations,
• resolve disputes, and
• enforce our agreements.

When personal data is no longer required, we will delete or anonymise it. You may request deletion of your account and associated data as described in Section 9.

9. Your rights

Subject to applicable law, including the DPDP Act, you have the right to:

• Access the personal data we hold about you and a summary of how it is processed.
• Correct, complete, or update inaccurate or incomplete personal data.
• Erase your personal data where it is no longer required.
• Withdraw consent at any time. Withdrawing consent will not affect the lawfulness of processing carried out before withdrawal, and may limit your ability to use certain features.
• Nominate another individual to exercise your rights in the event of your death or incapacity.
• Grievance redressal by contacting our Grievance Officer (Section 12).

To exercise any of these rights, contact us at privacy@vyiral.com. We may need to verify your identity before acting on your request. We will respond within the timelines required by applicable law.

You also have the right to register a complaint with the Data Protection Board of India if you believe your rights under the DPDP Act have been infringed.

10. Children’s privacy

The Services are intended for users who are at least 13 years of age. If you are under the age of 18, you may use the Services only with the involvement and consent of a parent or legal guardian, as required by applicable law. Where required under the DPDP Act, we will obtain verifiable consent of a parent or lawful guardian before processing the personal data of a child.

We do not knowingly collect personal data from children in violation of applicable law. If you believe a child has provided us with personal data without appropriate consent, please contact privacy@vyiral.com and we will take appropriate steps to delete it.

11. Security

We implement reasonable security practices and procedures designed to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include access controls, encryption in transit where appropriate, and use of reputable third-party processors. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

In the event of a personal data breach, we will notify the Data Protection Board of India and affected users as required under applicable law.

12. Grievance Officer

In accordance with the Information Technology Act, 2000 and the rules made thereunder, the details of our Grievance Officer are:

• Grievance Officer: Priyabrata Satapathy
• Email: grievance@vyiral.com
• Address:Flat-504, T17, Jannadhar Shubha-II, Attibele, Bangalore – 562107, Karnataka, India

You may contact the Grievance Officer with any complaint or concern regarding your personal data or your use of the Services. We will acknowledge your complaint and endeavour to resolve it within the timelines prescribed under applicable law.

13. Third-party links and services

The Services may contain links to, or integrations with, third-party websites and services. This Privacy Policy does not apply to those third parties. We encourage you to review their privacy policies before providing them with your personal data.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you through the Services or by email. Your continued use of the Services after the changes take effect constitutes your acceptance of the revised Privacy Policy.

15. Contact us

For any questions about this Privacy Policy or our data practices:

• General support: support@vyiral.com
• Privacy matters: privacy@vyiral.com
• Grievance Officer: grievance@vyiral.com
• Address:Flat-504, T17, Jannadhar Shubha-II, Attibele, Bangalore – 562107, Karnataka, India