Skip to content
Legal

Privacy Policy

Last updated: 26 May 2026

Who this applies to

This policy covers personal data Vihaya processes through vihaya.ai and through pre-pilot conversations (email, discovery calls, draft SOWs). Customer-tenant deployments are governed by the engagement-specific Data Processing Addendum (DPA), not this page.

What we collect

  • Contact details you send by email to hello@vihaya.ai— name, work email, role, organisation, the workflow you’re considering.
  • Discovery-call notes — your stated problem, constraints, and any internal materials you share with us during qualification.
  • Site analytics — anonymised page views and engagement signals via Vercel Analytics and Vercel Speed Insights. We do not run third-party ad trackers.
  • Server logs — standard request logs retained for security and reliability purposes only.

Why we process it

Strictly to evaluate pilot fit, respond to your inquiry, schedule discovery calls, and draft a SOW. We do not market unsolicited. We do not sell or share personal data with third parties for their own marketing.

Where data lives

Email and notes sit in standard operational tooling (productivity suite, document store, issue tracker). Site analytics sit with Vercel. We do not transfer your data outside India except through these standard sub-processors and their contractual data-protection terms. The full sub-processor list is available on request to hello@vihaya.ai.

Retention

Inquiry data is retained for as long as the qualification conversation is active, plus a reasonable follow-up period so we can re-engage if the timing shifts. On request we will delete sooner — see “Your rights” below.

Your rights (DPDP Act, 2023)

If you are a data principal whose personal data we hold, you have the right to:
  • Access — request a copy of the personal data we hold about you
  • Correction — request that we update inaccurate data
  • Erasure — request that we delete your data (subject to legal hold)
  • Grievance — write to hello@vihaya.ai with subject DPDP grievance.

Breach notification

In the event of a personal-data breach affecting you, we will notify the Data Protection Board of India and the affected data principals in line with DPDP and CERT-In obligations. Vihaya operates a six-hour internal-reporting target consistent with the CERT-In direction.

Cookies

vihaya.ai uses cookies for essential site functionality and for anonymised analytics via Vercel. We do not set advertising or cross-site tracking cookies.

Contact

For any privacy question, write to hello@vihaya.ai. For pilot-related data-protection terms (DPA, sub-processor list, breach playbook), we share the engagement DPA under NDA.

Changes

We’ll update this page when our practice changes. The “last updated” date at the top reflects the most recent material change.
Honest framing. Vihaya is pre-revenue with no paying customers. This policy therefore covers only the inquiry / pre-pilot stage. The full customer-tenant DPA, sub-processor list, and security white paper are shared under NDA as part of a pilot conversation.

See also: Security & compliance posture · DPDP Act 2023 explainer · Terms of use