Legal

Privacy Policy

Last updated: 19 March 2025

1. Introduction

Bachao.AI ("we", "us", or "our") is a cybersecurity SaaS platform operated by Shouvik Mukherjee, based in India. We provide AI-powered vulnerability assessment and penetration testing (VAPT), DPDP compliance tools, cloud security audits, API security testing, dark web monitoring, phishing simulation, and incident response services to businesses.

This Privacy Policy explains how we collect, use, store, and protect your information when you use our website and services at www.bachao.ai.

By using our services, you consent to the practices described in this policy. If you do not agree, please discontinue use of the platform.

2. Data We Collect

We collect the following categories of data:

Account and Authentication Data

Company email address, company name, and OTP (one-time password) verification data used for authentication. We use OTP-based authentication and do not store passwords.

Scan and Service Data

URLs and domains you submit for security scanning, scan results, vulnerability reports, compliance assessment data, and any configuration details provided for cloud security or API security testing.

Payment Data

Payment transactions are processed through Cashfree. We do not store your credit/debit card numbers or UPI details on our servers. Cashfree handles payment data in accordance with PCI-DSS standards. We retain transaction IDs, payment amounts (in INR), and invoice records.

Consent Records

Records of consent you provide, including consent to our terms, consent for scanning specific domains, and marketing preferences.

Usage and Technical Data

IP addresses, browser type, device information, and pages visited — collected automatically for security monitoring and service improvement.

3. How We Use Your Data

We use the data we collect for the following purposes:

Security scanning and assessments: To perform VAPT scans, DPDP compliance checks, cloud security audits, API testing, and dark web monitoring on the domains and URLs you authorise.
Report generation: To generate and deliver security reports and compliance assessments to your account.
Payment processing: To process subscription payments and one-time charges via Cashfree.
Communication: To send scan completion notifications, security alerts, invoices, and service updates via email.
Authentication: To verify your identity through OTP-based login.
Service improvement: To analyse usage patterns and improve our scanning accuracy and platform features.
Legal compliance: To comply with applicable laws, including the Digital Personal Data Protection Act, 2023.

4. Third-Party Service Providers

We share data with the following third-party processors, strictly for the purposes described:

Cashfree: Payment processing. Cashfree receives payment instrument details necessary to complete transactions. See Cashfree's Privacy Policy.
Resend: Transactional email delivery. Resend receives your email address to send OTPs, scan reports, and service notifications.

We do not sell, rent, or trade your personal data to any third party. We do not share your data with advertising networks or data brokers.

5. Data Retention

Account data: Retained for as long as your account is active. Upon account deletion, we remove your personal data within 30 days, except where retention is required by law.

Scan reports: Retained for 12 months from the date of generation. You may download your reports at any time during this period.

Payment records: Retained for a minimum of 8 years as required under the Indian Income Tax Act and GST regulations.

Consent records: Retained for 3 years from the date of collection, or as required under the DPDP Act, 2023.

6. DPDP Act, 2023 Compliance

As an Indian company, Bachao.AI is committed to compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act). In accordance with the Act:

We process personal data only for lawful purposes and with your informed consent.
You have the right to access, correct, and request erasure of your personal data by contacting us.
You may withdraw consent at any time by writing to us. Withdrawal of consent may result in discontinuation of services.
We implement reasonable security safeguards to protect your data against unauthorised access, alteration, disclosure, or destruction.
In the event of a data breach, we will notify affected individuals and the Data Protection Board of India as required under the Act.
We do not process data of children (individuals under 18 years of age). Our services are intended for business use only.

7. Cookie Policy

We use the following types of cookies:

Essential cookies: Required for authentication (session tokens) and platform functionality. These cannot be disabled.
Analytics cookies: Used to understand how visitors interact with our website, helping us improve the user experience. These are anonymised where possible.

We do not use third-party advertising or tracking cookies. You may manage cookie preferences through your browser settings.

8. Data Security

We employ industry-standard security measures to protect your data, including encryption in transit (TLS) and at rest, access controls, regular security audits, and secure development practices. As a cybersecurity company, we hold ourselves to the highest standards of data protection.

However, no method of electronic storage or transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or through a prominent notice on our platform. The "Last updated" date at the top of this page reflects the most recent revision.

10. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or need to report a concern, please contact us:

ceo@bachao.ai

Bachao.AI | Shouvik Mukherjee, Founder & CEO

Loading…