Einblick Privacy Policy

1. Scope and Our Role in Your Data

einblick brings together two core capabilities: a Research module (surveys and AI-moderated interviews with research participants, whom we refer to as "respondents") and a Monitor module(analytics on social and digital presence using authorised platform integrations). Our role under the DPDP Act depends on whose data we are handling:

• For our direct platform users (an individual user, or staff associated with an organisation that subscribes to einblick), we act as a Data Fiduciary and determine how their account data is processed.
• For respondents participating in research that a platform user commissions, the commissioning user is the Data Fiduciary and we act as a Data Processor, processing respondent data on their documented instructions. We additionally process limited respondent data as a Data Fiduciary for narrowly defined purposes such as fraud prevention, identity verification, and improving the integrity and safety of the platform, as described below.

This policy applies to all digital touchpoints where einblick and Innodrive services are rendered.

2. Information We Collect

3. AI Processing and Sub-Processors

einblick relies on artificial intelligence to generate research questionnaires, moderate interviews, validate responses, analyse connected content, and synthesise insights. To do this, relevant content is processed by trusted AI service providers acting as our sub-processors:

• Google Gemini (Google LLC) — used for questionnaire generation, interview moderation, validation, and synthesis.
• Sarvam AI (Sarvam, India) — used for language and India-specific processing.

We apply data-minimisation and PII-filtering safeguards before content is sent for AI processing, and we instruct our providers, by contract, not to use your content to train their general-purpose models except as necessary to deliver the service to us. We only engage AI providers who offer appropriate confidentiality and security commitments.

4. Data Hosting and International Transfers

• Primary Storage in India: Your account data, research responses, and platform records are stored in our primary database, which is hosted in India.
• Processing by Sub-Processors: Certain processing — in particular AI processing (Section 3) and the third-party APIs you connect (Section 2.D) — is performed by service providers via their APIs. This may involve transferring limited, relevant content outside India for the sole purpose of delivering the requested feature.
• Safeguards: Where data is transferred outside India, we rely on contractual safeguards and the providers' published security and privacy commitments, and we limit transfers to what is necessary to provide the service.

5. How We Use Information

We use collected information strictly to fulfil our research and intelligence objectives:

• Consulting-Led Intelligence: Synthesising diverse data points into anonymised, semantic models of market behaviour for our corporate clients.
• Platform Optimisation: Using aggregated respondent data to refine our internal response-validation algorithms and improve efficiency and user experience.
• Digital Presence Monitoring: Aggregating authenticated performance data to provide clients with a unified view of their own digital engagement and market positioning.
• Service Delivery, Security, and Improvement: Delivering requested features, verifying identity, preventing fraud and abuse, maintaining operations, and meeting legal obligations.

6. Cookies

We use only essential cookies — those strictly necessary to operate the platform, such as maintaining your authenticated session and keeping the service secure. We do not use advertising cookies, and we do not deploy third-party tracking or advertising pixels for behavioural marketing on the platform. Because these cookies are essential to providing the service you request, they are set without requiring separate consent; you can block cookies via your browser, but parts of the platform may not function correctly.

7. Your Rights, Data Retention, Deletion, and Revocation

We adhere to strict data-minimisation policies and respect your right to control your data. Subject to applicable law, you may access, correct, or request deletion of your personal data, and withdraw consent.

• Right to Deletion: You may request deletion of your account and associated data by contacting our privacy team. Upon a verified request, we revoke authentication secrets, purge personal identifiers from active systems, and anonymise historical data, except where we are required to retain records (for example, tax and accounting records — see Section 8).
• Meta Data-Deletion Requests: If you connected a Meta (Facebook/Instagram) account, you can request deletion of the data we obtained through Meta either by removing our app from your Meta account settings (which triggers our automated data-deletion process) or by contacting us directly. Our Meta Data Deletion Request callback processes these requests in line with Meta's Platform Terms.
• Revoking Third-Party Access: You can revoke our platform's access at any time:
  • For Google and YouTube, revoke access via the Google Security Settings page.
  • For Meta, Facebook, and Instagram, remove our app via your account's Business Integrations or App Settings.
• Retention: We retain personal data only for as long as necessary for the purposes described in this policy or as required by law, after which it is deleted or anonymised.
• Contact for Data Rights: Please reach out to Info@innodrive.in. We process verified requests within a standard 30-day window.

8. Payments and Billing Data

For users on paid subscription plans, we process billing information to fulfil orders, issue tax-compliant invoices, and maintain our financial records.

• Payment Processing via Razorpay: All payments are securely processed by our payment partner, Razorpay. Sensitive payment-instrument data (such as full card numbers, CVV, UPI credentials, and net-banking logins) is handled directly by a PCI-DSS-compliant processor — this data is never collected, seen, or stored on einblick servers.
• What We Store: We retain your billing profile (name, billing address, email, phone, and — where provided — legal name and GSTIN), a non-sensitive transaction reference/order identifier returned by Razorpay, the amount and currency, the applicable tax (GST), and the resulting invoice records. We retain these records as required by applicable tax and accounting law.
• Purpose: This data is used solely to process your subscription, generate GST invoices, support refunds or disputes, and meet statutory record-keeping obligations. By making a payment, you also agree to Razorpay's own privacy policy and terms.

9. AI-Powered Processing and Accuracy

• AI Can Make Mistakes: AI-generated outputs may be incomplete, inaccurate, or misleading. We strongly encourage you to review all AI-generated content thoroughly before relying on it for any decision. AI assistance does not replace professional judgement.
• Data Used for AI Processing: We process the content you and respondents provide to deliver these features and to improve the quality and safety of our service, as described in Sections 2 and 3. We apply aggregation and de-identification where feasible.

10. Plans, Credits and Usage Records

To operate our subscription and credit system, we maintain records of your current plan, your credit balance, and how credits are consumed across studies and respondents.

• Usage Records: We log credit grants, deductions, and the activity that consumes them (such as study creation and respondent collection) so we can display your balance accurately and prevent abuse.
• A detailed explanation of how credits relate to respondent counts and study limits is being finalised and will be published shortly.

11. Children

einblick is intended for users aged 18 and above. We do not knowingly collect personal data from children. In line with the DPDP Act, where processing of a child's data would be required, it would only be undertaken with verifiable parental consent and never for tracking, behavioural monitoring, or targeted advertising.

12. Third-Party Terms Compliance

By connecting third-party accounts, you acknowledge that your data is also governed by the privacy policies of those respective platforms. We strongly encourage you to review them:

• Google Privacy Policy
• YouTube Terms of Service
• Meta Privacy Policy