Privacy Policy
Data Fiduciary: ConsciousPresenceAI, a sole company registered as ConsciousPresenceAI Private Limited
Registered Address: Hyderabad, Telangana, India
Grievance Officer: the designated Grievance Officer — privacy@consciouspresenceai.com
1. Introduction
ConsciousPresenceAI (“CPAI,” “we,” “us,” or “our”) operates an AI-powered personal branding platform that serves professionals, product brands, and authors across India and internationally. This Privacy Policy explains how we collect, use, store, protect, and share your personal data when you use our services, mobile application, website, or interact with us via WhatsApp or other communication channels.
This Privacy Policy is published in compliance with:
- The Digital Personal Data Protection Act, 2023 (DPDP Act)
- The Digital Personal Data Protection Rules, 2025
- The Information Technology Act, 2000
- The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
2. What Personal Data We Collect
2.1 Data You Provide Directly
| Data Category | Specific Data | Purpose |
|---|---|---|
| Identity Data | Full name, professional title, qualifications, clinic/firm name | Brand profile creation |
| Contact Data | Email, phone number, WhatsApp number, address | Communication, service delivery |
| Professional Data | Profession, specialty, years of practice, certifications | Content strategy, compliance |
| Brand Data | Tone preferences, content topics, avoid topics, brand colours | Content production |
| Voice Data | Voice recording (2-5 minute sample) | Voice cloning for content narration |
| Visual Data | Video recording of your face and upper body | AI avatar creation |
| Financial Data | GST number (optional), billing address | Invoicing, tax compliance |
2.2 Data We Collect Automatically
| Data Category | Source | Purpose |
|---|---|---|
| Platform Analytics | Connected social media accounts (via OAuth) | Performance reporting |
| Lead Data | Connected social media accounts | Lead capture and CRM |
| App Usage Data | CPAI mobile app | Service improvement |
| Call Data | AI Reception (Vapi.ai), if enabled | Service delivery, quality |
| Payment Data | Razorpay / Stripe | Billing management |
2.3 Data We Generate
We generate brand profiles (NIP/BIP), content (scripts, captions, images, videos), performance insights, health scores, voice models, and avatar models — all derived from data you provide and used exclusively for your service delivery.
2.4 Data We Do NOT Collect
- Passwords to your social media accounts (we use OAuth tokens only)
- Your patients'/clients' medical records, case files, or confidential professional data
- Biometric data beyond voice and facial likeness
- Financial data beyond billing needs (handled by Razorpay/Stripe)
3. How We Use Your Data
3.1 Primary Purposes (with your consent)
- Create your brand profile and content strategy
- Produce content (scripts, images, videos)
- Publish content to your social media accounts
- Manage your community (DMs, comments)
- Answer calls via AI Reception (if enabled)
- Generate performance reports
- Process payments and issue invoices
- Communicate with you about your account
3.2 We Will NEVER Use Your Data For
- Selling your personal data to any third party
- Marketing unrelated products or services to you
- Training general-purpose AI models on your personal data
- Sharing your brand strategy with competitors or other clients
- Political campaigning, election influence, or propaganda
4. Data Sharing and Third-Party Processors
We share your data with the following categories of service providers, solely for delivering the Services:
AI and Content Production
| Provider | Country | Purpose |
|---|---|---|
| Anthropic (Claude AI) | USA | Script writing, strategy, compliance |
| Resemble AI | USA/EU | Voice model creation and synthesis |
| HeyGen | USA | Avatar model creation and video |
| Runway ML | USA | AI video B-roll generation |
| AssemblyAI | USA | Speech-to-text for subtitles |
Infrastructure
| Provider | Country | Purpose |
|---|---|---|
| Supabase (AWS) | India (ap-south-1) | Primary database and file storage |
| Cloudflare | Global | CDN delivery |
| Railway | USA | Gateway hosting |
| Razorpay / Stripe | India / USA | Payment processing |
All data transfers are governed by Data Processing Agreements (DPAs) ensuring equivalent protection standards as required under the DPDP Act.
5. Data Storage and Security
5.1 Where Your Data is Stored
Your primary data is stored in India (AWS ap-south-1 Mumbai region via Supabase). Voice models are stored on Resemble AI servers. Avatar models are stored on HeyGen servers.
5.2 Security Measures
- All data encrypted at rest (AES-256) on Supabase
- All data encrypted in transit (TLS 1.2+)
- OAuth tokens encrypted with AES-256-GCM before storage
- Supabase Row Level Security (RLS) policies on all client-facing tables
- JWT-based authentication for app access
- Automated system health monitoring every hour
- Webhook signature validation on all inbound requests
5.3 Data Breach Response
In the event of a personal data breach, we will notify affected clients within 72 hours, report to the Data Protection Board of India as required, and take immediate remedial action.
6. Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| Client account data | Subscription + 30 days | Service delivery + export |
| Voice model | Deleted within 30 days of termination | Service delivery |
| Avatar model | Deleted within 30 days of termination | Service delivery |
| Invoice records | 7 years | GST Act compliance |
| Consent records | 8 years | Indian Limitation Act |
| AI Reception recordings | 90 days | Quality assurance |
| Anonymised patterns | Indefinite | System improvement (non-identifiable) |
7. Your Rights (Data Principal Rights)
Under the DPDP Act 2023, you have the following rights:
- Right to Access (Section 11): Request a summary of your personal data. Available via the CPAI mobile app.
- Right to Correction (Section 12): Request correction of inaccurate data within 7 days.
- Right to Erasure (Section 12): Request deletion — voice model and avatar deleted within 30 days.
- Right to Withdraw Consent (Section 6(6)): Withdraw any consent at any time through the app.
- Right to Grievance Redressal (Section 13): Contact the designated Grievance Officer at privacy@consciouspresenceai.com. Response within 7 days, resolution within 30 days.
- Right to Nominate (Section 14): Nominate another individual to exercise your data rights.
8. Children's Data
CPAI's Services are designed for professionals aged 18 and above. We do not knowingly collect personal data from individuals under the age of 18.
9. Cookies and Tracking
Website: Essential cookies only (session management, security). Analytics cookies require your consent via our cookie banner. No advertising cookies.
Mobile App: Does not use cookies. Stores authentication tokens locally. Does not track your location or access contacts without explicit permission.
10. Automated Decision-Making
CPAI uses AI for content generation, quality scoring, lead scoring, churn prediction, and community management. All content is ultimately approved by YOU before publication. You may request human review of any AI-generated decision by contacting support.
11. Changes to This Privacy Policy
Material changes will be notified via WhatsApp and/or email at least 30 days before they take effect. The current version is always available at consciouspresenceai.com/privacy.
12. Contact Us
General Privacy Queries: privacy@consciouspresenceai.com
Grievance Officer: the designated Grievance Officer — Response within 7 days, resolution within 30 days.
Data Protection Board of India: If your grievance is not resolved, you may file a complaint at dataprotection.gov.in