PRIVACY POLICY

1. INTRODUCTION

1.1 Who We Are

RoadVision AI Private Limited ("RoadVision AI", "we", "us", or "our") is a technology company incorporated in India, specializing in autonomous AI-powered infrastructure management solutions. We are committed to protecting the privacy and security of personal data collected through our website, mobile applications, software platforms, APIs, and other services (collectively, the "Services").

Our registered office is located at:

1.2 What We Do

RoadVision AI builds autonomous AI agents that monitor, manage, and optimize road and transport infrastructure intelligently. Our technology platform integrates:

• Generative AI and Computer Vision for automated infrastructure inspection
• Digital twins and geospatial intelligence systems
• Predictive analytics for road maintenance and safety optimization
• Real-time monitoring systems for government agencies, smart cities, and highway operators

1.3 Purpose of This Policy

This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information when you interact with our Services. It also describes your privacy rights and how you can exercise them. By using our Services, you acknowledge that you have read and understood this Privacy Policy.

2. SCOPE AND APPLICABILITY

This Privacy Policy applies to:

• All users of our website (www.roadvision.ai)
• Users of our mobile applications and software platforms
• Clients and partners utilizing our APIs and technical services
• Individuals who provide contact information through forms, inquiries, or communications
• Visitors accessing any resources, documentation, or materials on our digital platforms

3. INFORMATION WE COLLECT

3.1 Personal Information Collected Directly

When you interact with our Services, we may collect the following personal information:

• Contact Information: Full name, email address, phone number, job title, organization name, and business address
• Account Information: Username, password, and authentication credentials for registered users
• Professional Information: Company details, industry sector, professional role, and project requirements
• Communication Data: Content of emails, messages, inquiries, feedback, and support requests
• Payment Information: Billing details, transaction records, and payment instrument information (processed through secure third-party payment gateways)

3.2 Location Data

With your consent, we collect location information to:

• Provide language customization based on your geographic region
• Display region-specific content, case studies, and service offerings
• Enhance user experience with localized features
• Provide geographic analytics for infrastructure management services
• Comply with regulatory requirements for data localization

You can control location permissions through your browser or device settings. Denying location access will not prevent you from using our Services, but some features may be limited.

3.3 Automatically Collected Information

When you access our Services, we automatically collect certain technical information:

• Device Information: IP address, device type, operating system, browser type and version, unique device identifiers
• Usage Data: Pages visited, time spent on pages, click-through rates, navigation paths, referral sources
• Cookies and Similar Technologies: Session cookies, persistent cookies, web beacons, and analytics tools to improve functionality and user experience
• Log Data: Server logs, error reports, crash data, and performance metrics
• Anonymisation of Personally Identifiable Information (PII): collected during the road surveys, such as License Plate Number, Photograph or Facial Features etc.

3.4 Information from Third Parties

We may receive information about you from third-party sources including:

• Business partners and affiliates who refer you to our Services
• Public databases and professional networking platforms (e.g., LinkedIn)
• Government agencies and regulatory bodies for compliance verification
• Analytics and marketing service providers

4. HOW WE USE YOUR INFORMATION

We explicitly commit that your personal data will never be sold, rented, or traded to third parties for marketing purposes. Your data will not be used for any purpose other than those specified in these Terms and our Privacy Policy, and we will not share your information with third parties except as required by law or with your explicit consent. All data processing activities are carried out in compliance with applicable data protection regulations.

Notwithstanding the above, nothing in this clause shall prevent the Company from using anonymized and aggregated data for research, analytics, model training, and other legitimate purposes necessary for the furtherance of its business interests, whether internally or in collaboration with partner organizations.

4.1 Primary Purposes

We use the collected information for the following purposes:

• Service Delivery: To provide, maintain, and improve our Services, including infrastructure monitoring, analytics, and reporting
• Business Communication: To contact you regarding potential business opportunities, partnerships, project collaborations, and service inquiries
• Customer Support: To respond to your questions, provide technical assistance, and resolve issues
• Product Development: To understand user needs, develop new features, and enhance our AI models and algorithms
• Marketing and Communications: To send newsletters, product updates, event invitations, and promotional materials (with your consent)
• Security and Fraud Prevention: To detect, prevent, and respond to security incidents, fraudulent activities, and unauthorized access
• Legal Compliance: To comply with applicable laws, regulations, legal processes, and government requests
• Analytics and Research: To conduct market research, analyze trends, and generate aggregated statistics (anonymized)

4.2 Legal Basis for Processing (GDPR & DPDPA)

We process personal data based on the following legal grounds:

• Consent: You have given clear, informed, and voluntary consent for specific processing purposes
• Contractual Necessity: Processing is necessary to fulfill contractual obligations or take pre-contractual steps
• Legal Obligation: Processing is required to comply with Indian or international legal requirements
• Legitimate Interests: Processing is necessary for our legitimate business interests, provided it does not override your fundamental rights

This information is collected only when voluntarily provided by you and is used to respond to your inquiries, share relevant information about our services, and manage our business relationship with you. We process such contact information in accordance with applicable data protection laws and take reasonable measures to ensure its confidentiality and security.

5. HOW WE SHARE YOUR INFORMATION

5.1 No Sale of Personal Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes. Your data is never used for commercial exploitation.

5.2 Authorized Third-Party Sharing

We may share your information with the following categories of recipients, subject to strict confidentiality and data protection agreements:

• Service Providers: Cloud hosting providers (AWS, Azure, Google Cloud), email service providers, analytics platforms, and payment processors who assist in delivering our Services
• Business Partners: Authorized partners, affiliates, and collaborators involved in joint projects or service delivery
• Professional Advisors: Legal counsel, auditors, accountants, and consultants bound by professional confidentiality
• Legal and Regulatory Authorities: Government agencies, courts, law enforcement, or regulatory bodies when required by law or legal process
• Corporate Transactions: In connection with mergers, acquisitions, asset sales, or restructuring (subject to continued privacy protection)

5.3 Data Processing Safeguards

All third-party processors are contractually obligated to:

• Process data only for specified purposes and according to our instructions
• Implement appropriate technical and organizational security measures
• Maintain confidentiality and comply with applicable data protection laws
• Delete or return data upon termination of services

6. DATA SECURITY AND PROTECTION

6.1 Security Measures

We implement industry-leading security practices to protect your personal information:

• Encryption: All data in transit is encrypted using TLS 1.3 protocols; data at rest is encrypted using AES-256 encryption
• Access Controls: Role-based access controls (RBAC), multi-factor authentication (MFA), and principle of least privilege
• Network Security: Firewalls, intrusion detection systems (IDS), and regular penetration testing
• Monitoring and Logging: Continuous security monitoring, audit trails, and anomaly detection systems
• Data Backup: Regular encrypted backups with geographic redundancy and disaster recovery protocols
• Employee Training: Mandatory security awareness training, confidentiality agreements, and background verification

6.2 Data Breach Notification

In the event of a data breach that may compromise your personal information, we will:

• Notify the Data Protection Board of India within 72 hours (as required under DPDPA)
• Inform affected individuals without undue delay if the breach poses a high risk to their rights and freedoms
• Provide information about the nature of the breach, potential consequences, and mitigation measures
• Take immediate remedial action to contain and rectify the breach

7. DATA RETENTION

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

7.1 Retention Periods

• Contact Information: Retained for 5 years from last interaction, unless you request earlier deletion
• Account Data: Retained for the duration of your account plus 3 years for audit and compliance purposes
• Transaction Records: Retained for 7 years to comply with tax and financial regulations
• Marketing Communications: Retained until you unsubscribe or request deletion
• Technical Logs: Retained for 12 months for security and troubleshooting purposes

7.2 Secure Deletion

When data is no longer required, we securely delete or anonymize it using irreversible methods including cryptographic erasure, data shredding, and multi-pass overwriting to prevent recovery.

8. YOUR PRIVACY RIGHTS

8.1 Rights Under GDPR (For EU/EEA Users)

If you are located in the European Union or European Economic Area, you have the following rights:

• Right to Access: Request a copy of your personal data we hold
• Right to Rectification: Correct inaccurate or incomplete personal information
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restriction: Request limitation of processing under certain circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Right to Lodge a Complaint: File a complaint with your local data protection authority

8.2 Rights Under DPDPA (For Indian Users)

Under India's Digital Personal Data Protection Act, 2023, you have the following rights:

• Right to Access: Obtain a summary of personal data processed and details of processing activities
• Right to Correction: Request correction of inaccurate or misleading personal data
• Right to Erasure: Request deletion of personal data when no longer necessary for the stated purpose
• Right to Data Disclosure: Know the identities of other data fiduciaries and processors with whom your data is shared
• Right to Grievance Redressal: Lodge complaints with RoadVision AI or the Data Protection Board of India
• Right to Nominate: Nominate another individual to exercise rights on your behalf in case of death or incapacity

8.3 How to Exercise Your Rights

To exercise any of your privacy rights, please contact us at:

We will respond to your request within 30 days (GDPR) or as per timelines specified under DPDPA. If we cannot fulfill your request, we will explain the reasons and inform you of available remedies.

9. INTERNATIONAL DATA TRANSFERS

As a global technology company, we may transfer your personal data to countries outside India and the EEA for processing and storage. We ensure such transfers comply with applicable laws through:

• Adequacy Decisions: Transfers to countries recognized by the European Commission or Indian government as providing adequate data protection
• Standard Contractual Clauses: EU Standard Contractual Clauses (SCCs) approved by the European Commission
• Binding Corporate Rules: Internal policies ensuring consistent data protection standards across our organization
• Explicit Consent: Your informed consent for specific data transfers when required

10. CHILDREN'S PRIVACY

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. Under the DPDPA, individuals under 18 are considered children, and we require verifiable parental consent before processing any child's data.

If we become aware that we have inadvertently collected information from a child without proper consent, we will take immediate steps to delete such information from our systems. Parents or guardians who believe we may have collected information from their child should contact us immediately at office@roadvision.ai.

11. COOKIES AND TRACKING TECHNOLOGIES

11.1 What Are Cookies

Cookies are small text files placed on your device when you visit our website. They help us recognize your browser, remember your preferences, and improve your user experience.

11.2 Types of Cookies We Use

• Essential Cookies: Required for basic website functionality, navigation, and security
• Performance Cookies: Collect anonymous usage statistics to improve website performance
• Functional Cookies: Remember your preferences, language settings, and customization choices
• Analytics Cookies: Help us understand user behavior through Google Analytics and similar tools
• Marketing Cookies: Used to deliver relevant advertisements and measure campaign effectiveness (only with consent)

11.3 Managing Cookies

You can control and delete cookies through your browser settings. However, disabling cookies may affect the functionality of our Services. To opt-out of third-party analytics:

• Google Analytics: https://tools.google.com/dlpage/gaoptout
• Adjust cookie preferences through our website's cookie consent banner

12. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other operational needs. We will notify you of material changes by:

• Posting the updated policy on our website with a revised "Last Updated" date
• Sending email notifications to registered users
• Displaying prominent notices on our Services

Your continued use of our Services after the effective date of the updated Privacy Policy constitutes acceptance of the changes. We encourage you to review this policy periodically.

13. CONTACT INFORMATION AND COMPLAINTS

13.1 Data Protection Queries

For all privacy-related inquiries, requests, or complaints, please contact our Data Protection Officer:

13.2 Grievance Redressal

If you have a complaint about how we handle your personal data, we will:

• Acknowledge receipt of your complaint within 48 hours
• Investigate the matter thoroughly and provide a substantive response within 30 days
• Take corrective action where appropriate
• Maintain records of all complaints for regulatory compliance

13.3 Regulatory Authorities

If you are not satisfied with our response, you have the right to lodge a complaint with:

• For Indian Users: Data Protection Board of India (established under DPDPA).
• For EU/EEA Users: Your local data protection supervisory authority.
• For other users: Their local authorities as applicable.

14. CONSENT AND ACKNOWLEDGMENT

By using our Services, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your personal information as described in this Privacy Policy. Where required by law, we will obtain your explicit consent before processing your personal data. You have the right to withdraw your consent at any time by contacting us. However, withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal and may impact your ability to use certain features of our Services.