Legal

Privacy Policy

This policy explains what personal data AI&Humn collects, why, how we use and share it, how long we keep it, and the rights you have over it.

Last updated: 5 June 2026

Draft for review. This document is being finalised and is pending review by legal counsel. We're publishing it for transparency while we launch; wording may change. Questions? contact@aiandhumn.com.

1. Who we are

This site and the AI&Humn voice-assistant platform are operated by AI & Humn Technologies Pvt Ltd ("AI&Humn", "we", "us"), a company incorporated in Mumbai, Maharashtra, India. We are the data controller for personal data processed about our account holders and visitors to this website. For the voice-interaction data processed on behalf of our customers (see §3.3), we act as a data processor and the customer is the controller.

Contact us about privacy at contact@aiandhumn.com.

2. Scope

This policy covers our marketing website, the customer dashboard, and the embeddable voice widget. It does not cover third-party websites that embed our widget — those sites have their own privacy policies governing how they use the widget and any data their visitors share through it.

3. Information we collect

3.1 Information you give us

  • Account data — your name and email address when you sign up. Passwords are stored only as a one-way hash (Argon2id); we never store your password in plain text.
  • Authentication data — if you sign in with Google or LinkedIn, we receive your basic profile (name, email, and the provider's account identifier) to create or link your account. We never receive your Google or LinkedIn password.
  • Widget configuration & knowledge content — the settings, FAQs, and documents you upload to train your voice assistant.
  • Billing data — your billing country, tax details (e.g. GSTIN for Indian businesses), and the card metadata our payment processors return (brand and last four digits only — see §3.4). We never see or store full card numbers.
  • Communications — messages you send us by email or through support.

3.2 Information we collect automatically

  • Approximate location for currency — to show prices in your local currency, we map your IP address to a country using an offline geolocation database bundled with our server (MaxMind GeoLite, via geoip-lite). This lookup happens in-memory during the request; we do not send your IP to any third-party geolocation service, and we do not store your IP beyond the lifecycle of the request that needed it.
  • Currency preference cookie — when prices are shown or you use the currency switcher, we set a cookie named aih_currency storing only your chosen currency (e.g. INR orUSD). It lasts one year, is SameSite=Lax, and is marked Secure over HTTPS. It contains no identifier and is used solely to remember your display preference.
  • Authentication token — after you log in, your browser stores a signed session token (JWT) so you stay logged in. It is removed when you log out.
  • Server logs — standard request logs (timestamp, requested path, status, and a truncated user-agent) for security and reliability. We do not use these for advertising or profiling.

We do not use third-party advertising or cross-site tracking cookies on this site.

3.3 Voice-interaction data (on behalf of our customers)

When a visitor uses a voice assistant our customer has embedded on their site, the call produces a transcript and audio recording, and may capture contact details (such as an email, phone number, or name) that the visitor provides. This data is processed on behalf of the customer who operates that assistant; that customer is the controller and is responsible for obtaining any consent required to record or process it. AI&Humn processes it to provide the service, and our voice provider (see §3.4) stores it on our behalf.

3.4 Sub-processors we share data with

We use a small set of trusted providers to deliver the service:

  • Retell — real-time voice processing, transcription, and call recording/storage.
  • Razorpay — payment processing for INR (India) transactions.
  • Paddle — payment processing and Merchant of Record for international (e.g. USD) transactions; Paddle handles applicable international sales tax/VAT.
  • Google & LinkedIn — optional single sign-on (only if you choose to use it).
  • Email delivery — our outbound email provider, for verification, billing, and account notices.
  • Hosting — our cloud/server host, where the application and database run.

We share only what each provider needs to perform its function, under contractual confidentiality and data-protection obligations. We do not sell personal data.

4. How we use information

  • To create and operate your account and provide the service.
  • To process payments, prevent fraud, and issue tax-compliant invoices.
  • To display localised pricing in your currency.
  • To send transactional messages (verification, receipts, renewal, payment-failure, and other account/billing notices). These are not marketing and are necessary to provide the service.
  • To provide support and respond to your enquiries.
  • To secure, debug, and improve the service.
  • To comply with legal, tax, and accounting obligations.

5. Legal bases (where GDPR / UK GDPR applies)

  • Contract — to provide the service you sign up for.
  • Legitimate interests — to secure the service, prevent abuse, and remember your currency preference.
  • Legal obligation — to retain billing/tax records.
  • Consent — where specifically requested; you may withdraw it at any time.

6. International data transfers

We are based in India and use providers that may process data in other countries. Where we transfer personal data internationally, we rely on appropriate safeguards (such as standard contractual clauses or an equivalent mechanism) as required by applicable law.

7. How long we keep data

  • Account & billing records — for the life of your account, plus any statutory retention period for tax records (in India this is typically several years).
  • Call transcripts & audio — retained while the customer's subscription is active and for a limited period after cancellation, then deleted, unless the customer configures otherwise or the law requires longer.
  • Server logs — retained for a short period for security and then rotated out.

8. Your rights

Depending on where you live, you may have rights to access, correct, delete, or receive a copy of your personal data, to object to or restrict certain processing, and to withdraw consent. To exercise any of these, email contact@aiandhumn.com. We will respond within the timeframe the applicable law requires.

If your data was provided through a customer's embedded assistant (§3.3), please contact that customer (the controller); we will assist them in responding.

India (DPDP Act 2023): you may contact our grievance officer for data-protection concerns at contact@aiandhumn.com.

9. Security

We protect data with encryption in transit, hashed passwords, per-tenant isolation, and PCI-clean payment handling (we never store full card data). See our Security page for detail. No system is perfectly secure, but we work to protect your information and will notify you of a breach as required by law.

10. Children

The service is not directed to children and is intended for business use. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

11. Changes to this policy

We may update this policy from time to time. We will revise the "last updated" date above and, for material changes, provide additional notice. Continued use of the service after an update means you accept the revised policy.

12. Contact

AI & Humn Technologies Pvt Ltd, Mumbai, India. Email contact@aiandhumn.com.

Questions about this document? Email contact@aiandhumn.com. See also our Privacy Policy, Terms of Service, and Security pages.