Privacy Policy

Last Updated: 13 Feb 2026

1. Introduction

At AIVO Technologies Private Limited ("AIVO", "we", "our" or "us"), we believe that your privacy is not just a right but a fundamental trust. This Privacy Policy reflects our deep commitment to safeguarding your personal data and ensuring that you retain full control over the information you choose to share with us.

This Policy governs the use of our AI-powered Productivity Assistant, MySmartAssistant ("MySA" or the "App"), and our associated websites and services. It outlines the types of personal data we collect, the purposes for which we process such data, and your rights under applicable data protection laws including the Digital Personal Data Protection Act, 2023 (DPDP Act) and the General Data Protection Regulation (EU) 2016/679 ("GDPR").

2. Scope

This Privacy Policy applies to all users of our App and Services globally, whether accessed through a web interface, mobile application, desktop application, or integrated APIs.

3. Data Controller

AIVO Technologies Private Limited is the Data Controller for all personal data collected through the App.

Data Protection Officer (DPO):

  • Name: Mr. Kushal Singh
  • Email: support@mysmartassistant.ai

4. Information We Collect

4.1 Information You Provide

We collect personal information that you voluntarily provide to use the Services:

  • Identity & Profile: Full name, phone number, email address, and account credentials.
  • User Content: Documents, notes, reminders, and tasks uploaded by you. This may include sensitive files such as identity documents (e.g., Aadhaar, PAN, Passport), property records, bills, or medical documents.
  • Communications: Records of your interactions with customer support.
  • Financial Data: Subscription and billing information (processed via secure payment gateways).

4.2 Automatically Collected Information

  • Device Data: IP address, device identifiers, browser type, operating system, and crash logs.
  • Usage Data: Time of access, duration, feature usage, and interaction logs.

4.3 Sensitive Personal Data

  • Biometric Data: If you enable biometric lock (fingerprint/Face ID), this is processed strictly on-device for authentication and is never transmitted to our servers.

4.4 Information from Third Parties

  • We may receive information from third-party partners, integrations, and service providers when you choose to connect their services with MySA.

5. AI and Machine Learning Usage

MySA incorporates Artificial Intelligence (AI) to streamline document management. We prioritize Privacy by Design.

5.1 AI Providers & Processing

  • We use advanced AI models, including proprietary internal models and trusted third-party providers such as OpenAI and Google (Gemini), to process your queries, summaries, and document classifications.
  • Data transmitted may include uploaded files, document text, images, and user-entered content.
  • This data is used solely to provide document organization, summarization, and smart storage features.
  • MySA does not sell personal data.
  • All third-party providers implement security protections equal to or greater than our own standards.
  • Data sent to these providers is encrypted and processed solely to generate the response.
  • We do not use AI to profile users, build behavioral models, or infer personal characteristics for advertising.

5.2 User Control

  • Opt-In/Opt-Out: AI features (like auto-classification or summarization) are optional. You can toggle these features in settings.
  • Transparency: You have the right to know when AI is being used to process your data.

6. Access Permissions

MySA requests specific permissions to enable core features. These are optional and can be revoked at any time:

  • Camera and File Access: To scan, upload, and manage documents and files. All data is encrypted before transmission and securely processed.
  • Biometric Authentication (Face ID/Fingerprint): Used as an optional login method to enhance account security. Biometric data is stored only on your device and is not accessed or stored by MySA.
  • Contacts Access: Used solely for specific in-app functionalities. Contact information is not stored on MySA servers.
  • Location Access: MySA does not collect, track, or store precise location data.
  • Google/Outlook Calendar Access: Required only if you choose to enable calendar synchronization. Access is managed through secure authorization protocols, limited to the minimum required permissions, and may be revoked at any time through your Google/Outlook account settings or within the App.
  • WhatsApp Communication: Requires your explicit consent to receive service-related messages or automated reminder calls on your registered number. No promotional or marketing communications are sent without separate and explicit consent.
  • Notifications: Used to deliver reminders, alerts, and important service updates. Notification preferences can be customized within the App.

7. Purposes of Data Processing

We process your data strictly for the following purposes:

  1. Service Delivery: To securely upload, classify, search, and retrieve your documents.
  2. Notifications: To send WhatsApp messages or automated calls that you have opted in to receive.
  3. Security: To verify identity, prevent fraud, and enforce our Terms.
  4. Improvement: To analyze performance and improve the AI engine (only when enabled).
  5. Compliance: To comply with legal obligations, tax laws, or judicial requirements.

8. Data Security

We employ a Zero-Trust and Security-by-Design architecture.

8.1 Technical Measures

  • Encryption: All documents are encrypted locally before transmission (TLS 1.3) and stored using AES-256 encryption at rest.
  • Zero-Knowledge Principle: Our systems are designed so that unauthorized personnel cannot view your document content in a readable format.
  • Access Control: Strict role-based access control (RBAC) and Multi-Factor Authentication (MFA) are enforced for internal staff.
  • Audits: We conduct regular third-party penetration testing and vulnerability assessments.

8.2 Incident Response

In the event of a data breach likely to risk your rights:

  • We will notify you without undue delay.
  • We will report the incident to relevant supervisory authorities (within 72 hours where required by GDPR/DPDP).

9. Data Sharing and Third Parties

MySA does not sell or rent your personal data. We disclose data only to trusted Data Processors bound by strict confidentiality agreements:

  • Cloud Infrastructure: Hosting providers (e.g., AWS, Google Cloud) located in GDPR-compliant data centers.
  • AI Service Providers: OpenAI and Google (for processing intelligence features).
  • Communication: Meta/WhatsApp/telephony (for delivering reminders you requested).
  • Legal Compliance: We may disclose data if required by law, court order, or to protect the safety of our users.

10. International Data Transfers

Our services are primarily hosted in India. However, some third-party integrations (e.g., AI processing or Cloud storage) may process data globally.

  • We ensure all transfers comply with the Digital Personal Data Protection Act, 2023.
  • Where applicable, we rely on Standard Contractual Clauses or adequacy decisions to ensure your data receives a level of protection equivalent to that in your home country.

11. Data Retention

  • All stored documents and user data remain in your control.
  • You may delete any document at any time from within the App.
  • Upon account deletion, your data is deleted within 7 calendar days, except:
    • Basic user details (email/phone) retained for up to 1 year to prevent impersonation or repeated fraud attempts.
    • Financial records retained as per applicable laws.
  • Formal confirmation of deletion will be sent post-completion.
  • Calendar and communication logs generated for reminder purposes are retained only as long as necessary to deliver or verify the notification and are automatically purged within 30 days.
  • WhatsApp reminder messages and call metadata are not stored beyond this period, except where legally required for audit or dispute resolution.

12. Your Rights

You have the right to:

  • Access & Correction: Request a copy of your data or correct inaccuracies.
  • Deletion: Request the erasure of your data (Right to be Forgotten).
  • Withdraw Consent: Revoke permissions for AI processing, WhatsApp, or Calendar sync at any time.
  • Grievance Redressal: Contact our DPO regarding any privacy concerns.

To exercise these rights, email support@mysmartassistant.ai. We aim to respond within statutory timelines.

13. Changes to This Policy

We may update this Policy to reflect changes in technology, law, or service enhancements. When we do, we will:

  • Notify you through in-app alerts or email (if material changes are made)
  • Update the "Effective Date" and "Last Updated" dates at the top

In particular, any future introduction of new integrations (such as messaging or scheduling tools) will be notified through in-app communication prior to activation, and users will have the option to opt in before any data exchange occurs. Your continued use of our Services after such updates signifies your acceptance of the revised Policy.

14. Contact Information

For questions, concerns, or legal notices:

AIVO Technologies Private Limited
Address: MGE-TW09-21D, Fairwaywest, M3M Golf Estate Sector-65, Badshahpur, Gurgaon- 122101, Haryana
Email: support@mysmartassistant.ai

AIVO Technologies Private Limited — MGE-TW09-21D, Fairwaywest, M3M Golf Estate Sector-65, Badshahpur, Gurgaon- 122101, Haryana

© 2026 MySmartAssistant. Powered by AIVO Technologies Pvt Ltd. All Rights Reserved

Back to Home | Terms & Conditions