Privacy Policy

Who We Are

Aquorio Infolabs Private Limited ("Aquorio", "we", "us", or "our") is an enterprise technology company offering AI agents, CRM implementation, data intelligence, and conversational commerce solutions. Our registered office is at:

AWFIS ZEN, 8, Square EON, Plot No. 9, Sector 142, Noida, Uttar Pradesh – 201305, India.

For the purposes of the DPDPA 2023 and SPDI Rules, Aquorio acts as the Data Fiduciary in respect of personal data collected through our website, products, and services.

Data We Collect

We collect only the data that is necessary to provide our services. The categories of data we may collect include:

How We Collect Data

We collect personal data through the following means:

• Directly from you — when you fill a contact form, book a call, send an enquiry, or engage with us via WhatsApp or email.
• Automatically — through cookies, log files, and analytics tools when you visit aquorio.com.
• From third parties — such as LinkedIn or Google if you interact with our business profiles on those platforms, subject to their respective privacy policies.
• During service delivery — when we deploy or manage platforms for enterprise clients, data may flow through our systems as part of contracted services.

Purpose of Processing

We process your personal data only for the following defined purposes:

• To respond to your enquiries, requests, and support queries
• To provide, manage, and improve our services and platform
• To send you relevant updates, proposals, and service communications you have requested
• To conduct business development and follow-up communications where you have expressed interest
• To maintain records for legal and compliance obligations
• To analyse website usage and improve user experience (anonymised and aggregated where possible)
• To detect and prevent fraud, unauthorised access, and security incidents
• To fulfil contractual obligations under enterprise service agreements

We do not process your personal data for any purpose beyond those listed above without your explicit consent.

Legal Basis for Processing

Under the DPDPA 2023, we process personal data on the following lawful grounds:

• Consent — you have given free, informed, specific, and unambiguous consent (e.g., submitting a contact form).
• Legitimate Use — processing is necessary for legitimate purposes including employment, service delivery, and compliance, as recognised under Section 7 of the DPDPA 2023.
• Legal Obligation — processing is required under Indian law or orders from competent authorities.
• Contractual Necessity — processing is necessary to perform a contract with you or your organisation.

You have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.

We Do Not Sell Your Data

Any sharing of data with third parties is strictly limited to service delivery purposes (see Section 7 below) and is always governed by contractual data protection obligations.

Data Sharing & Disclosure

We may share your personal data with the following categories of parties, only to the extent necessary:

• Technology Service Providers — cloud infrastructure, CRM tools, analytics, and communication platforms that support our operations, bound by data processing agreements.
• Professional Advisors — legal, financial, and compliance consultants acting under confidentiality obligations.
• Regulators and Law Enforcement — where required by law, court order, or directive from a competent Indian authority under the IT Act or DPDPA 2023.
• Business Transfers — in the event of a merger, acquisition, or restructuring, your data may be transferred as part of business assets, subject to this policy continuing to apply.

All third-party recipients are required to maintain equivalent or higher standards of data protection. We enter into Data Processing Agreements (DPAs) with all processors who handle personal data on our behalf.

Data Security

We implement robust, multi-layered security measures in accordance with the SPDI Rules 2011 and industry best practices, including:

• Encryption in transit — all data transmitted between your browser and our servers is encrypted via TLS 1.2 or higher (HTTPS).
• Encryption at rest — sensitive data stored on our systems is encrypted using AES-256 or equivalent standards.
• Access controls — role-based access control (RBAC) ensures only authorised personnel access personal data on a need-to-know basis.
• Audit logging — all data access and modifications are logged and reviewed periodically.
• Vulnerability management — regular security assessments, penetration testing, and patch management processes are in place.
• Incident response — we maintain a documented data breach response procedure and will notify affected individuals and relevant authorities as required under applicable law.

Data Retention

We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law:

• Enquiry and contact data — retained for up to 3 years from the date of last interaction.
• Client and contractual data — retained for 7 years post-contract termination (as required by Indian financial and tax regulations).
• Website usage and analytics data — retained in anonymised or aggregated form for up to 2 years.
• Legal and compliance data — retained as long as required by the relevant statute of limitations or regulatory guidance.

Upon expiry of the retention period, personal data is securely deleted or anonymised in a manner that it can no longer identify an individual.

Your Rights

Under the DPDPA 2023 and SPDI Rules, you have the following rights as a Data Principal:

To exercise any of the above rights, please contact our Grievance Officer (see Section 13). We will respond to verified requests within 30 days, unless a shorter or longer period is specified by applicable law.

Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies to operate correctly and to understand how visitors use our site. The categories of cookies we use are:

• Essential Cookies — necessary for the website to function. These cannot be disabled.
• Analytics Cookies — help us understand page performance and visitor behaviour in an aggregated, anonymised manner.
• Preference Cookies — remember your settings and preferences to improve your experience.

We do not use advertising or behavioural profiling cookies. You may control or disable non-essential cookies through your browser settings. Disabling certain cookies may affect site functionality.

Children's Privacy

Our services are designed for enterprise and business clients and are not directed at individuals below the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it promptly.

Grievance Officer

In compliance with the IT Act 2000 and DPDPA 2023, we have designated a Grievance Officer to address your privacy concerns. You may raise a grievance within 30 days of the incident or concern, and we will acknowledge it within 48 hours and resolve it within 30 days.

If your grievance is not resolved to your satisfaction, you may approach the Data Protection Board of India once constituted under the DPDPA 2023, or the adjudicating officer under the IT Act 2000.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or our data practices. Any material changes will be communicated via a prominent notice on our website or directly to you via email where you have provided contact details.

The date at the top of this page reflects the most recent version. We encourage you to review this policy periodically. Continued use of our website or services after changes are posted constitutes acceptance of the revised policy.

Previous versions of this policy are available upon request from our Grievance Officer.