Privacy Policy
Scientia AI Private Limited
Last Updated: March 29, 2026
Effective Date: March 29, 2026
1. Introduction
1.1. This Privacy Policy (“Policy”) describes how Scientia AI Private Limited, a company incorporated under the Companies Act, 2013, having its registered office at B803, Surya Landmark, Vesu Canal Road, Vesu, Surat, Gujarat 395007 (“Company,” “we,” “us,” or “our”), collects, uses, stores, shares, and protects your personal data in connection with your use of the Textile Designer AI platform available at textile-designer.ai (the “Platform” or “Service”).
1.2. This Policy is formulated in accordance with the Digital Personal Data Protection Act, 2023 (“DPDP Act”), the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“IT Rules”), and other applicable laws of India.
1.3. By accessing or using the Platform, you acknowledge that you have read and understood this Policy and consent to the collection, use, and processing of your personal data as described herein.
1.4. We are the Data Fiduciary (as defined under the DPDP Act) with respect to your personal data processed through the Platform.
1.5. Binding Effect on Organization. When any individual within an organization uses the Platform on behalf of that organization, this Privacy Policy applies to all personal data collected from all members of that organization who access the Platform. The organization and all its employees, contractors, and representatives are bound by the data practices described herein. The organization shall ensure that all its members who use the Platform are made aware of this Privacy Policy.
2. Data We Collect
2.1. Data You Provide Directly
| Category | Data Points |
|---|---|
| Account Information | Full name, email address, phone number (optional), organization name (optional), password (hashed) |
| Payment Information | Billing details, GST number (if provided), transaction records. Payment card data is processed directly by Razorpay and is not stored on our servers. |
| Design Files | All textile design files, images, patterns, sketches, and related content you upload to the Platform |
| Generated Outputs | All AI-generated designs, patterns, previews, and outputs created using the Platform |
| Support Communications | Emails, messages, feedback, and other communications with our support team |
| User Preferences | Language settings, tool preferences, saved palettes, and configuration choices |
2.2. Data Collected Automatically
| Category | Data Points |
|---|---|
| Device & Browser | Device type, operating system, browser type and version, screen resolution |
| Usage Data | Features used, tools accessed, actions performed, session duration, click patterns, error logs |
| Network Data | IP address, approximate geographic location (derived from IP), Internet Service Provider |
| Cookies & Tracking | Session cookies, authentication tokens, preference cookies, analytics cookies (see Section 8) |
2.3. Data from Third Parties
| Source | Data Points |
|---|---|
| Razorpay | Payment confirmation, transaction ID, payment status, refund records |
| Authentication Providers | If you sign in via third-party identity providers, we receive your name and email address as permitted by your provider settings |
3. How We Use Your Data
3.1. We process your personal data for the following purposes:
| Purpose | Legal Basis (DPDP Act) | Data Used |
|---|---|---|
| Providing the Service | Consent (Section 6) + Contractual necessity | Account info, design files, generated outputs, usage data |
| AI Model Training & Improvement | Consent (Section 6), explicit, informed | Design files, generated outputs, usage patterns |
| Payment Processing | Contractual necessity | Payment information (via Razorpay) |
| Account Management | Contractual necessity | Account information, authentication data |
| Communication | Consent + Legitimate interest | Email, phone, support communications |
| Security & Fraud Prevention | Legitimate interest + Legal obligation | IP address, device data, usage patterns, access logs |
| Analytics & Product Improvement | Legitimate interest | Anonymized/aggregated usage data |
| Legal Compliance | Legal obligation | As required by applicable law, tax authorities, or court orders |
| Marketing | Consent (opt-in) | Email address, name |
3.2. AI Training - Specific Disclosure
In compliance with Section 6(3) of the DPDP Act, we draw your specific attention to the following:
- We use all design files you upload and all outputs generated from your designs to train, test, validate, and improve our artificial intelligence and machine learning models.
- This means your designs become part of our training dataset and influence the behavior of AI models used by all users of the Platform.
- Trained AI model parameters retain statistical patterns from training data but do not store or reproduce your specific designs in verbatim form.
- Once used for training, individual designs cannot be extracted or removed from trained model parameters.
- Enterprise plan subscribers may opt out of AI training by contacting support@scientiaai.com before uploading any designs. This opt-out must be configured at the account level.
- If you do not consent to the use of your designs for AI training, you should not use the Platform (unless on an Enterprise plan with a configured opt-out).
4. Data Storage and Security
4.1. Data Localization
4.1.1. All personal data and design files are stored on servers located in India (AWS Mumbai Region, ap-south-1).
4.1.2. We do not transfer your personal data outside India, except as may be required for:
- (a) Payment processing by Razorpay (which operates in compliance with RBI data localization requirements);
- (b) Integration with third-party AI model providers, where only the prompt/task data (not your stored designs) is transmitted for real-time processing and is not retained by such providers beyond the processing duration.
4.1.3. If any cross-border transfer becomes necessary in the future, we will update this Policy and obtain your consent before such transfer, as required under the DPDP Act.
4.2. Security Measures
- Encryption in transit: TLS 1.2+ for all data transmitted between your browser and our servers;
- Encryption at rest: AES-256 encryption for stored data;
- Access controls: Role-based access control (RBAC) with principle of least privilege;
- Authentication: Secure password hashing (bcrypt/argon2), session management, optional multi-factor authentication;
- Infrastructure security: AWS security groups, network ACLs, VPC isolation, regular vulnerability scanning;
- Audit logging: Comprehensive access and modification logs for all data operations;
- Incident response: Documented incident response plan with designated response team.
4.2.2. These measures comply with the IT Rules, 2011 (Rule 8 - Reasonable Security Practices) and align with ISO 27001 principles.
4.2.3. Despite our efforts, no method of electronic storage or transmission over the internet is completely secure. We cannot guarantee absolute security of your data.
4.3. Data Retention
| Data Category | Retention Period |
|---|---|
| Account Information | Duration of account + 90 days after deletion/termination |
| Design Files | Duration of account + 90 days after deletion/termination |
| Generated Outputs | Duration of account + 90 days after deletion/termination |
| AI Training Derivatives | Indefinitely (as embedded in model parameters; anonymized and non-reversible) |
| Payment Records | 8 years from transaction date (as required under the Income Tax Act, 1961 and GST laws) |
| Usage Analytics | 24 months (anonymized after 12 months) |
| Support Communications | 3 years from last communication |
| Access & Security Logs | 180 days |
| Cookie Data | As specified in cookie settings (see Section 8) |
4.3.1. Upon account deletion, we will delete all identifiable personal data within ninety (90) days, except:
- Payment records retained for legal compliance;
- AI training derivatives (which are anonymized and non-reversible);
- Data required for pending legal proceedings or regulatory requirements.
5. Data Sharing and Disclosure
5.1. We Do Not Sell Your Data. We do not sell, rent, or trade your personal data to any third party for their independent marketing or commercial purposes.
5.2. Categories of Recipients
| Recipient Category | Purpose | Data Shared | Safeguards |
|---|---|---|---|
| Razorpay | Payment processing | Name, email, billing details, transaction amount | PCI-DSS compliant; RBI regulated |
| AWS (India) | Cloud hosting & storage | All data stored on Platform | AWS security certifications; data stored in India |
| Analytics Providers | Platform usage analytics | Anonymized usage data, device info | Data anonymized; no personal identifiers shared |
| Email Service Providers | Transactional & marketing emails | Name, email address | Data Processing Agreement in place |
| AI Model Providers | Real-time AI processing | Prompt/task data only (not stored designs) | Data transmitted for processing only; not retained by provider |
5.3. Legal Disclosures
We may disclose your personal data if required by law, regulation, court order, or governmental directive, including but not limited to:
- Compliance with the DPDP Act, IT Act, or any other applicable law;
- Response to lawful requests from the Data Protection Board of India;
- Compliance with tax and financial regulatory requirements;
- Protection of our legal rights, property, or safety.
5.4. Business Transfers
In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your personal data may be transferred to the successor entity. We will notify you via email and/or platform notice before your data becomes subject to a different privacy policy.
6. Your Rights Under the DPDP Act
6.1. As a Data Principal (as defined under the DPDP Act), you have the following rights:
6.1.1. Right to Access (Section 11)
You may request a summary of the personal data being processed and the identities of third parties with whom your data has been shared.
How to exercise: Email support@scientiaai.com with subject line “Data Access Request.”
6.1.2. Right to Correction (Section 12)
You may request correction of inaccurate or misleading personal data, or completion of incomplete data.
How to exercise: Update directly in your account settings, or email support@scientiaai.com.
6.1.3. Right to Erasure (Section 12)
You may request deletion of your personal data. Note: erasure is subject to legal retention requirements (see Section 4.3) and does not apply to AI training derivatives.
How to exercise: Email support@scientiaai.com with subject line “Data Erasure Request.”
6.1.4. Right to Grievance Redressal (Section 8)
You have the right to access a readily available means of grievance redressal provided by the Data Fiduciary.
How to exercise: Contact the Grievance Officer (see Section 10).
6.1.5. Right to Nominate (Section 14)
You may nominate any other individual who, in the event of your death or incapacity, shall exercise your rights under the DPDP Act.
How to exercise: Email support@scientiaai.com with subject line “Data Nomination” and provide the nominee's name, relationship, and contact details.
6.2. Response Timeline
We will respond to all rights requests within fifteen (15) days of receipt, as required under the DPDP Act. Complex requests may require up to an additional fifteen (15) days, in which case we will notify you of the extension.
6.3. Right to Withdraw Consent
You may withdraw your consent to data processing at any time. Withdrawal of consent does not affect the lawfulness of processing conducted prior to withdrawal. Note: withdrawal of consent for AI training does not retroactively remove data already used for training (as it becomes embedded in model parameters).
7. Children's Privacy
7.1. The Platform is not intended for use by individuals under the age of eighteen (18) years. Under the Indian Contract Act, 1872, minors cannot enter into binding contracts.
7.2. We do not knowingly collect personal data from individuals under 18 years of age.
7.3. If we become aware that we have inadvertently collected personal data from a person under 18, we will take steps to delete such data promptly.
7.4. If you are a parent or guardian and believe your child has provided personal data to us, please contact us at support@scientiaai.com.
8. Cookies and Tracking Technologies
8.1. Types of Cookies Used
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Authentication, session management, security | Session / 30 days |
| Functional | Language preference, theme settings, tool preferences | 1 year |
| Analytics | Usage patterns, feature popularity, error tracking | 1 year |
| Performance | Page load optimization, caching | Session |
8.2. Cookie Control
- You can control cookies through your browser settings;
- Disabling strictly necessary cookies will prevent you from using the Platform;
- We do not use third-party advertising cookies.
8.3. Do Not Track
The Platform does not respond to “Do Not Track” browser signals, as there is no universally accepted standard for such signals.
9. Data Breach Notification
9.1. In the event of a personal data breach that is likely to cause harm to Data Principals, we will:
9.1.1. Notify the Data Protection Board of India within the timeframe prescribed under the DPDP Act;
9.1.2. Notify affected users without unreasonable delay via email and/or platform notification, including:
- Nature of the breach;
- Types of data affected;
- Likely consequences;
- Measures taken or proposed to mitigate the breach;
- Steps you can take to protect yourself.
9.2. We maintain a documented incident response plan and conduct regular security assessments to minimize breach risk.
10. Grievance Officer
In accordance with the DPDP Act, 2023 and the Information Technology Act, 2000, we have designated the following Grievance Officer:
Grievance Officer
Scientia AI Private Limited
B803, Surya Landmark, Vesu Canal Road
Vesu, Surat, Gujarat 395007
India
Email: support@scientiaai.com
Response Time: Within fifteen (15) days of receipt of grievance
For grievances related to data protection, privacy, or this Policy, please contact the Grievance Officer directly. If you are not satisfied with the resolution, you may approach the Data Protection Board of India as provided under the DPDP Act.
11. Changes to This Policy
11.1. We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
11.2. Material changes will be communicated at least thirty (30) days before they take effect, via:
- Email notification to your registered email address;
- Prominent notice on the Platform (banner or notification).
11.3. Non-material changes (typographical corrections, formatting, clarifications) may be made without advance notice.
11.4. Your continued use of the Platform after the effective date of revised terms constitutes acceptance of the updated Policy.
11.5. The “Last Updated” date at the top of this Policy indicates when it was most recently revised.
12. Governing Law and Jurisdiction
12.1. This Policy is governed by and construed in accordance with the laws of India, including the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, and the rules framed thereunder.
12.2. Any disputes arising out of or relating to this Policy shall be subject to the exclusive jurisdiction of the courts in Surat, Gujarat, India.
12.3. Disputes may also be referred to arbitration in accordance with the Terms of Service.
13. Contact Us
For questions, concerns, or requests related to this Privacy Policy or our data practices:
Scientia AI Private Limited
B803, Surya Landmark, Vesu Canal Road
Vesu, Surat, Gujarat 395007
India
General Inquiries: support@scientiaai.com
Data Protection Queries: support@scientiaai.com (subject: “Privacy Inquiry”)
Grievance Officer: support@scientiaai.com (subject: “Grievance”)
© 2026 Scientia AI Private Limited. All rights reserved.