Privacy Policy
How we collect, use, share, and protect your personal data.
1. Who we are
This Privacy Policy explains how Niravi Inc. ("Niravi", "we", "us", or "our") collects, uses, and protects your personal data when you use our marketing site (niravi.io), our web application (app.niravi.io), and our API (api.niravi.io) (together, the "Service"). Niravi is a video intelligence platform for search, recall, and analysis over video.
For the purposes of the EU/UK General Data Protection Regulation (GDPR), Niravi Inc. is the data controller of the personal data described in this policy.
Niravi Inc., a Delaware C-corporation.
Postal address: 1111B South Governors Ave, Ste 94007, Dover, DE 19904, USA
Privacy contact: [email protected]
2. What data we collect
We collect the following categories of personal data:
- Account data. When you sign up or sign in, authentication is handled by our identity provider, Auth0 (an Okta company). We receive your email address, name (where provided), and an account identifier. We do not store your password — credentials are managed by Auth0.
- Content you upload for processing. Videos, audio, images, and related metadata that you (or your organisation) submit to the Service so that we can index, search, transcribe, and analyse them on your behalf, together with the analysis outputs we generate from that content.
- Usage data. Information about how you interact with the Service, such as features used, queries run, and actions taken.
- Technical and log data. IP address, browser and device type, and server log information generated when you access the Service, used for security, debugging, and service reliability.
- Cookies. Strictly-necessary authentication and session cookies. See our Cookie Policy for details. We do not set advertising or third-party tracking cookies.
3. Purposes and legal bases
We process your personal data for the following purposes, relying on the legal bases in Article 6 GDPR:
- To provide the Service — creating and maintaining your account, processing the content you submit, and returning analysis and search results. Legal basis: performance of a contract (Art. 6(1)(b)).
- To secure and improve the Service — preventing abuse, maintaining reliability, debugging, and improving features. Legal basis: our legitimate interests (Art. 6(1)(f)) in running a secure, functional service.
- To communicate with you — service announcements and responses to your requests. Legal basis: performance of a contract and/or legitimate interests.
- Where you give consent — for any processing that requires it (for example, optional future analytics or marketing communications). Legal basis: consent (Art. 6(1)(a)), which you can withdraw at any time.
- To comply with the law — where we are subject to a legal obligation. Legal basis: legal obligation (Art. 6(1)(c)).
4. Cookies
We minimise cookies. The Service sets only strictly-necessary authentication and session cookies (via Auth0). We currently use no analytics, advertising, or social-media tracking cookies. Fonts are self-hosted, so no font data is transferred to a third party. For full details, see our Cookie Policy.
5. Sub-processors and infrastructure providers
We use a small number of trusted infrastructure providers ("sub-processors") to operate the Service. Some of these providers may process data outside the European Economic Area (EEA); see Section 7 for the safeguards we apply.
| Provider | Purpose | Processing location |
|---|---|---|
| Auth0 (Okta) | Authentication and session management | Outside the EEA may apply |
| Cloudflare | Static hosting (Cloudflare Pages), CDN, and DNS | Global edge network |
| Microsoft Azure | Storage and compute for content processing | Azure regions including Central India and East US 2 |
We may update this list as our infrastructure evolves; material changes will be reflected in this policy.
6. Data retention
We retain personal data only for as long as necessary to provide the Service and to meet our legal, accounting, and security obligations. Account data is retained for the life of your account. Content you upload is retained until you delete it or close your account, after which it is removed from active systems within a reasonable period, subject to routine backup cycles. Technical and log data is retained for a limited period for security and debugging. After you close your account, we delete or anonymise your personal data within 90 days, except where we are required to retain it longer to comply with legal, tax, accounting, or security obligations, or to resolve disputes.
7. International transfers and safeguards
Because our providers (Microsoft Azure, Cloudflare, and Auth0/Okta) operate globally, your personal data may be transferred to and processed in countries outside the EEA, including India and the United States. Where we transfer personal data outside the EEA/UK, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses (SCCs) and equivalent UK mechanisms, together with any supplementary measures required to ensure an adequate level of protection.
8. Your rights
Subject to applicable law, you have the right to access your personal data, request rectification of inaccurate data, request erasure, obtain data portability, object to certain processing, and request restriction of processing. Where we rely on consent, you may withdraw it at any time. You also have the right to lodge a complaint with your local data protection authority.
To exercise any of these rights, contact us at [email protected]. We will respond within the timeframe required by applicable law.
California residents (CCPA/CPRA) and residents of India under the Digital Personal Data Protection Act, 2023 (DPDP Act) have analogous rights, including rights of access, correction, and deletion. You can exercise these rights using the same contact above; we do not "sell" personal data as that term is defined under California law.
9. Security
We take reasonable technical and organisational measures to protect personal data against unauthorised access, loss, or misuse, including encryption in transit, access controls, and use of reputable infrastructure providers. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
10. Children
The Service is not directed to children. We do not knowingly collect personal data from anyone under the age of 18. If you believe a child has provided us with personal data, please contact us and we will take appropriate steps to delete it.
11. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you. Your continued use of the Service after an update constitutes acceptance of the revised policy.
12. Contact
Questions about this policy or our data practices? Contact us at [email protected], or write to us at: Niravi Inc., 1111B South Governors Ave, Ste 94007, Dover, DE 19904, USA.