Privacy Policy
Last Updated: 19 February 2026
1. Introduction
AIVO Technologies Private Limited ("AIVO", "we", "us", "our") operates MySmartAssistant ("MySA" or the "App").
This Privacy Policy explains:
- What personal data we collect
- How we use and process it
- What data is transmitted to third-party service providers
- How long we retain it
- Your rights and choices
We are a Data Fiduciary under the Digital Personal Data Protection Act, 2023 (India) and a Data Controller under applicable global laws including the GDPR where applicable.
2. Data Controller Information
AIVO Technologies Private Limited
Unit No. 1501, 15th Floor, Signature Tower, AIPL Joy Central,
Sector-65, Gurgaon 122101, Haryana, India
Data Protection Officer: Mr. Kushal Singh
Email: support@mysmartassistant.ai
3. Categories of Data We Collect
3.1 Identity & Account Information
- Name
- Phone number
- Email address
- Account credentials
3.2 User Content
Content you choose to upload or create, including:
- Documents
- Notes
- Reminders
- Tasks
- Calendar entries
- Uploaded files
This may include documents containing personal or sensitive information that you voluntarily upload.
3.3 Communication Data
- Support conversations
- Email correspondence
3.4 Payment Information
Subscription payments are processed through secure third-party payment processors. We do not store full card details on our servers.
3.5 Device & Usage Information
- IP address
- Device type
- Operating system
- App version
- Feature usage logs
- Crash diagnostics
3.6 Biometric Authentication
If you enable Face ID or fingerprint authentication:
- Biometric data remains stored and processed on your device only
- We do not collect or store biometric data on our servers
4. Third-Party AI Processing (Clear Disclosure Section)
To provide intelligent features, certain user data is transmitted to trusted third-party processors.
4.1 AI Providers
When you send a message, upload a document for summarization, or use AI features, the following data may be transmitted for processing:
Data transmitted may include:
- Text messages you send
- Extracted document text
- Images (if you upload image-based documents)
- Calendar metadata (if enabled)
- Voice input (if enabled)
This data may be transmitted to:
These providers:
- Process data solely to generate responses to your request
- Do not receive permission to use your data for independent advertising
- Are contractually required to maintain security protections
We do not sell personal data.
We do not use your content to train third-party AI models for general-purpose advertising.
5. Cloud Infrastructure & Storage
Your data is stored using secure cloud infrastructure providers, including:
- Amazon Web Services (AWS)
- Google Cloud (where applicable)
Data is encrypted:
- In transit using TLS 1.3
- At rest using AES-256 encryption
Access to production systems is restricted via role-based controls and multi-factor authentication.
6. Communication and Telephony Providers
If you enable WhatsApp reminders, SMS, voice calls, or call-related features, your phone number and required metadata may be processed by:
- Meta Platforms, Inc. (WhatsApp Business)
- Twilio Inc. (telephony and communication routing)
These providers process data only to deliver communications you requested.
Call metadata may include:
- Timestamp
- Duration
- Routing information
We do not retain audio recordings unless you explicitly enable a recording feature.
7. Google / Outlook Calendar Integration
If you connect your Google or Outlook account:
- We access calendar data solely to create, read, or modify events as authorized by you.
- Access is granted through official OAuth authentication.
- You may revoke access at any time through your Google or Outlook account settings.
- We only request the minimum permissions necessary.
8. Permissions Explained
Camera / File Access
Used to upload and manage documents you select.
Contacts
Used only if you explicitly activate contact-related features. Contacts are not permanently stored on our servers unless required for a feature you enable.
Notifications
Used to send reminders and system alerts.
Location
We do not collect precise location data.
9. Legal Basis for Processing
We process data based on:
- Your explicit consent
- Contractual necessity (to provide services)
- Legal compliance obligations
- Legitimate interests in securing and improving our service
You may withdraw consent at any time within App Settings.
10. Data Sharing
We do not sell or rent your personal data.
We share personal data only with:
- AI service providers (Google LLC, OpenAI, LLC)
- Cloud infrastructure providers (AWS, Google Cloud)
- Communication providers (Twilio Inc., Meta Platforms Inc.)
- Payment processors
- Legal authorities where required
All processors are bound by confidentiality and data protection obligations.
11. International Data Transfers
Data may be processed outside India in jurisdictions where our processors operate.
We implement appropriate safeguards, including:
- Contractual protections
- Security standards
- Encryption
12. Data Retention
Documents remain under your control.
Upon account deletion:
- Primary account data is deleted within 30 calendar days
- Minimal account identifiers may be retained for fraud prevention for up to 1 year
- Financial records retained per legal requirements
Communication logs are retained only as necessary and purged within 30 days unless legally required otherwise.
13. Your Rights
You may:
- Request access to your data
- Correct inaccurate data
- Delete your account
- Withdraw AI processing consent
- Revoke calendar or communication permissions
- File a grievance
Contact: support@mysmartassistant.ai
We respond within statutory timelines.
14. Security Safeguards
We implement:
- Encryption in transit and at rest
- Strict access controls
- Regular security audits
- Vulnerability testing
- Incident response procedures
If a data breach presents risk to users, we will notify affected users and authorities as required by law.
15. Updates to This Policy
We may update this policy as our services evolve.
Material changes will be communicated via in-app notification or email before taking effect.