vitark.ai
Sign in Request access
— legal · vitark.ai —

Privacy Policy

Effective6 May 2026 Last updated6 May 2026

IMPORTANT NOTICE

This Privacy Policy ("Policy") describes how Vitark.ai ("Vitark", "we", "us", "our") collects, uses, stores, and discloses your personal data when you visit vitark.ai (the "Platform") or use our services. It is published in line with:

  • The Information Technology Act, 2000;
  • The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011; and
  • The Digital Personal Data Protection Act, 2023 (DPDP Act).

Capitalised terms not defined here have the meanings given in our Terms and Conditions.

1. The principles we are bound by

We have made the following commitments. They take precedence over any specific clause below; if any text in this Policy seems inconsistent with them, the principles win.

  1. Minimum-necessary collection. We collect only the data needed to operate the service.
  2. No sale of personal data. We do not sell, rent, or trade your personal data to third parties.
  3. No profiling for advertising. We do not build profiles for behavioural advertising.
  4. No training on your private content. We do not use your private queries, notes, or uploads to train shared models.
  5. Sensitive matters, elevated controls. Research queries on sensitive topics (sexual offences, family matters, mental health, juvenile cases, and similar) are handled with elevated confidentiality controls.
  6. Verifiable security posture. We follow reasonable security practices and procedures consistent with the IT Rules, 2011 and the DPDP Act, 2023.

2. What we collect, and why

CategoryExamplesPurpose
Account dataName, email, password hash (or Google account identifier)Create and operate your Account; sign you in
Payment metadataTransaction ID, amount, status, pack purchased — not card numbersProcess Transactions; reconcile Credits; provide invoices
Research-session dataQueries, prompts, notes, uploaded files, generated outputsProvide the research service; deliver answers; persist your sessions
Operational logsIP address, user agent, timestamps, error tracesSecurity, abuse prevention, debugging, service reliability
CommunicationsEmails to ask@vitark.ai or grievance@vitark.aiRespond to your queries and grievances

We do not collect: card numbers, CVVs, banking credentials, or biometric identifiers.

3. Sources of personal data

  • From you directly, when you create an Account, sign in, submit a query, upload a document, or write to us.
  • From our payment provider (Cashfree), which sends us transaction metadata after you complete a Transaction. Payment instrument data is collected and held by Cashfree under their privacy terms — we never see it.
  • From your device, in the form of cookies, local storage, and standard server logs (IP, user agent, request paths) used for security and analytics.

4. Cookies and similar technologies

We use a small number of cookies and local-storage entries:

  1. Strictly necessary — sign-in, session, and CSRF protection. Cannot be disabled if you want to use the Platform.
  2. Preferences — theme, recent queries, UI state. Helpful, not essential.
  3. Analytics — Google Analytics with IP anonymisation, used to understand which features get used and where users get stuck. We do not link analytics events to your Account identity for advertising purposes.

We do not run third-party advertising trackers.

5. How we use your data

We use your personal data to:

  1. Provide and operate the Platform — including processing your queries, retrieving authorities, generating cited answers and memos.
  2. Operate your Account — sign-in, password reset, profile, billing.
  3. Process Transactions — through our payment gateway; issue invoices and refunds.
  4. Communicate with you — service updates, security notices, replies to your messages, refund decisions.
  5. Maintain security and integrity — detect and prevent fraud, abuse, scraping, and unauthorised access; investigate complaints.
  6. Comply with law — respond to lawful requests from courts, regulators, and law-enforcement agencies; meet our tax, accounting, and audit obligations.
  7. Improve the service — measure feature performance, debug failures, and prioritise improvements. This does not include training shared models on your private content.

6. How we share your data

We share your personal data only with:

  1. Service providers acting on our instructions — for example, our cloud-hosting provider (Google Cloud), our email provider, our payment gateway (Cashfree), and customer-support tooling. These providers are contractually bound to use your data only for the purpose of serving you, to maintain reasonable security, and to delete or return it on request.
  2. Authorities, where we are legally required to disclose data — for example, in response to a court order, regulatory direction, or law-enforcement request that meets the requirements of the law.
  3. In a corporate transaction, if we sell or merge a part of the business, your data may be transferred to the buyer subject to confidentiality and continued application of this Policy.

We do not share your personal data with advertising networks, data brokers, or unrelated third parties.

7. Where your data is stored

Personal data is stored on cloud infrastructure (currently Google Cloud) in regions we select for performance, reliability, and legal compliance. Where data is processed outside India, we ensure an equivalent standard of protection through contractual safeguards.

8. How long we keep your data

DataRetention
Account data (active)While your Account exists
Account data (after closure)30 days for recovery, then deletion or anonymisation, except where law requires longer
Research-session dataWhile your Account exists; you can delete a session from your Account at any time
Payment records8 years from the Transaction (tax/accounting law)
Refund and grievance records8 years from the request
Server logs90 days, except those flagged for security investigation

We will return to or delete your personal data sooner where you ask us to, subject to the legal-retention exceptions above.

9. Your rights

Subject to the IT Rules, 2011 and the DPDP Act, 2023, you have the right to:

  1. Access the personal data we hold about you.
  2. Correct inaccurate or incomplete personal data.
  3. Erase personal data, subject to the retention periods above and our other lawful bases.
  4. Withdraw consent for any processing based on consent (without affecting prior lawful processing).
  5. Object to specific kinds of processing.
  6. Port your data to another service in a structured, commonly-used format.
  7. Nominate another individual to exercise these rights on your behalf in the event of your death or incapacity (per the DPDP Act).
  8. Complain to the Data Protection Board of India where you believe we have not handled your data lawfully.

To exercise any of these, write to grievance@vitark.ai from your registered email. We acknowledge requests within 72 hours and respond within 30 days.

10. Security

We follow reasonable security practices and procedures, including:

  1. Encryption in transit (TLS) for all traffic between you and Vitark.
  2. Encryption at rest for stored personal data on our cloud provider.
  3. Access controls — production data is accessible only to a small set of personnel who need it for service operation, under audit logging.
  4. Network controls — firewalls, rate-limiting, and abuse-detection systems.
  5. Regular security review of our code, dependencies, and infrastructure.

No system is perfectly secure. If we ever suffer a personal-data breach that is likely to affect your rights, we will notify you and the Data Protection Board of India in line with the DPDP Act and IT Rules.

11. Children

The Platform is not directed at children under 18. If you are a minor, you may use the Platform only under the supervision of a parent or legal guardian who has accepted our Terms on your behalf, and refund and grievance requests must come from that parent or guardian.

If we become aware that we have collected personal data from a child without verifiable parental consent, we will delete it promptly.

12. Sensitive matters — elevated handling

We recognise that some research queries are sensitive — for example, queries on sexual offences, family matters, mental health, juvenile cases, and abuse. For such queries:

  1. We apply elevated confidentiality controls, including stricter access limits internally.
  2. We do not display identifying information about a User's research history publicly.
  3. We design the Platform to avoid retraumatising language and to allow private and login-free use of basic research where possible.
  4. If any feature feels unsafe or harmful to you, please reach the Grievance Officer (Section 14). Such feedback is taken seriously and reviewed by a human.

13. Changes to this Policy

We may update this Policy from time to time. Material changes — for example, changes that expand the categories of data we collect, the purposes for which we use them, or the parties with whom we share them — will be notified to you by email at least 15 days before they take effect.

The "Last Updated" date at the top reflects the most recent revision. Earlier versions are available on request.

14. Grievances and Contact

We have designated a Grievance Officer to receive complaints about Platform content, account issues, payment disputes, and personal-data handling.

Grievance Officer: Vitark Compliance Team (contactable at grievance@vitark.ai)

Email: grievance@vitark.ai

Postal Address: Vitark.ai, Innov8 Harsha Bhawan, 4th Floor, 13/29 E-Block, Connaught Place, New Delhi-110001

Acknowledgement timeline: Within 72 hours of receipt.

Resolution timeline: Within 1 month from the date of receipt of grievance.

For general queries, write to ask@vitark.ai.

By using vitark.ai, you confirm that you have read and understood this Privacy Policy.