Privacy Policy

1. Identity of the Data Fiduciary

Under the Digital Personal Data Protection Act, 2023 (DPDPA), Kensara AI acts as a Data Fiduciary — the entity that determines the purpose and means of processing your personal data.

Entity: Kensara AI

Registered in: Guwahati, Assam, India

Website: www.kensara.in

Privacy Contact: contact@kensara.in

2. Personal Data We Collect

We collect only the minimum personal data necessary for the specific, lawful purpose for which it is sought — consistent with the principle of data minimisation under the DPDPA.

Data collected through the Book a Demo form:

• Full Name — Identity verification and personalised communication (Basis: Consent)
• Work Email Address — Responding to demo requests and service communication (Basis: Consent)
• Phone Number — Follow-up communication regarding your enquiry (Basis: Consent)
• Company Name & Industry — Contextualising compliance work plan generation (Basis: Consent)
• Company Size — Tailoring service recommendations appropriately (Basis: Consent)
• Compliance Needs — Generating an AI-assisted compliance work plan (Basis: Consent)

Note: No sensitive personal data is knowingly collected through this website. If you believe you have inadvertently shared such data, contact us immediately at contact@kensara.in.

3. Lawful Basis for Processing

Under Section 4 of the DPDPA, 2023, personal data may only be processed for a lawful purpose with the free, specific, informed, unconditional, and unambiguous consent of the Data Principal (you). Our lawful bases are:

• Consent — Obtained when you voluntarily submit the "Book a Demo" form on our website. You may withdraw consent at any time.
• Legitimate use — To fulfil the purpose for which data was provided, including responding to your enquiry and generating a compliance work plan.

Right to Withdraw Consent: You have the right to withdraw consent at any time. Withdrawal will not affect the lawfulness of processing based on consent given before withdrawal. Upon withdrawal, we will cease processing your data and delete it unless retention is required by law.

4. How We Use Your Personal Data

We use personal data solely for the stated purpose at the time of collection and will not process it for any incompatible secondary purpose without obtaining fresh consent.

• Responding to and fulfilling demo requests submitted through our website
• Understanding your organisation’s compliance needs and context
• Generating an AI-assisted, high-level compliance work plan specific to your requirements
• Communicating with you about our services, updates, and related information

We do not use personal data for profiling, targeted advertising, or any purpose unrelated to the services you have requested.

5. Use of Artificial Intelligence

Kensara AI uses artificial intelligence to generate a high-level compliance work plan based on the information you provide in the demo request form.

• AI is used solely as an assistive tool to produce a contextualised compliance output
• Your personal data and submitted information are not used to train, fine-tune, or evaluate any AI or machine learning model
• No automated decision-making that produces legal effects or similarly significant consequences is carried out in relation to you

DPDPA Note: In accordance with the DPDPA’s principles of purpose limitation and accountability, we ensure all AI-assisted processing is transparent, limited to stated purposes, and subject to human oversight.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We may share personal data only in the limited circumstances below:

• Website hosting providers — Serving and maintaining our website infrastructure — subject to a Data Processing Agreement
• Form processing services — Receiving and routing demo request submissions — subject to a Data Processing Agreement
• Legal or regulatory authorities — Compliance with applicable laws or court orders — as required by statutory obligation

Cross-border transfers: Where personal data is transferred outside India, we ensure appropriate contractual and technical protections are in place in accordance with Sections 16 and 20 of the DPDPA and applicable rules notified by the Central Government.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. In alignment with the DPDPA’s storage limitation principle:

• Demo request data is retained for the duration of our engagement with you and for a reasonable period thereafter to manage any follow-up or legal obligations
• Once the purpose is fulfilled and no legal obligation requires retention, your data will be erased or anonymised
• You may request earlier erasure by exercising your right to erasure outlined in Section 8 of this policy

8. Your Rights as a Data Principal

The DPDPA, 2023 confers the following rights on you as a Data Principal. You may exercise these rights by contacting us at contact@kensara.in.

• Right to Access — Obtain a summary of the personal data we hold about you and how it has been processed.
• Right to Correction — Request correction of inaccurate, incomplete, or outdated personal data.
• Right to Erasure — Request deletion of personal data where it is no longer necessary for the purpose for which it was collected.
• Right to Grievance Redressal — Lodge a complaint with us and receive a timely, meaningful response regarding your personal data.
• Right to Nominate — Nominate an individual to exercise your rights in the event of your death or incapacity.
• Right to Withdraw Consent — Withdraw consent at any time, after which we will cease processing and erase your data unless legally required otherwise.

Escalation: If you are unsatisfied with our response, you have the right to escalate your complaint to the Data Protection Board of India in accordance with the DPDPA, 2023.

9. Security of Personal Data

We implement reasonable and appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction — consistent with our obligations under Section 8(5) of the DPDPA.

• Encryption of data in transit using industry-standard protocols
• Access controls restricting personal data to authorised personnel only
• Regular review of our data handling and security practices

In the event of a personal data breach that is likely to result in harm to you, we will notify the Data Protection Board of India and affected individuals as required by law.

10. Children’s Privacy

Our website and services are directed exclusively at businesses and professionals. We do not knowingly collect personal data from children (individuals under 18 years of age). In compliance with Section 9 of the DPDPA, we will not process personal data of a child without verifiable parental consent.

If we become aware that we have inadvertently collected data from a minor, we will delete it promptly.

11. Updates to This Policy

We may amend this Privacy Policy from time to time to reflect changes in law, our practices, or service offerings. Material changes will be communicated by updating the effective date at the top of this page. We encourage you to review this policy periodically.

Continued use of our website after a change constitutes acceptance of the revised policy. Where required by law, we will seek fresh consent.