← Back to seaes.ai

Privacy Policy

Last updated: 19 March 2026  |  Effective: 19 March 2026

SEAES ("SEAES", "we", "us") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use the SEAES Platform and its Products. This policy is drafted in compliance with the Digital Personal Data Protection Act, 2023 (DPDPA) of India and applicable data protection regulations.

1. Data Fiduciary

The Data Fiduciary responsible for your personal data is:

• Entity: SEAES
• Address: Nagpur, Maharashtra, India
• Contact: hello@seaes.ai

2. Information We Collect

2.1 Account Data (all users)

Data	Purpose	Basis
Full name	Account identification, communications	Contract performance
Email address	Authentication, notifications, invoices	Contract performance
Phone number (optional)	OTP verification, SMS notifications	Consent
Company name (optional)	Invoice generation, account context	Consent
Password (hashed)	Authentication	Contract performance
IP address, browser, device	Security, fraud detection, session management	Legitimate interest

2.2 Product-Specific Data

Product	Data Collected	Purpose
SEAES Voice	Call recordings, call metadata (numbers, duration, timestamps)	Service delivery, quality assurance, AI agent improvement
SEAES WhatsApp/Ping	Message logs, contact lists, template content, delivery reports	Service delivery, compliance, analytics
SEAES ERP	Business data (invoices, inventory, payroll, contacts)	Service delivery as instructed by user
SEAES TaxGuard	Tally export files (XML/JSON), GST & IT computation data	AI red-flag analysis as instructed by user
SEAES Rank	Website URLs, SEO audit results, keyword data	Service delivery, monitoring

2.3 Billing Data

Wallet recharge amounts, transaction history, invoice records, and GST details. Payment card/UPI details are processed directly by Razorpay and are never stored on SEAES servers.

2.4 Usage & Analytics Data

Pages viewed, features used, session duration, click patterns, and error logs. Used for improving the Platform and resolving issues.

3. How We Use Your Data

• Service delivery: Providing, maintaining, and improving the Products you use.
• Authentication & security: Verifying identity, preventing fraud, detecting unauthorised access.
• Billing: Processing recharges, generating invoices, maintaining transaction records.
• Communications: Sending transactional notifications (billing alerts, trial expiry, security alerts). These cannot be opted out of.
• Product improvement: Analysing aggregated, anonymised usage patterns to improve features and performance.
• Legal compliance: Meeting obligations under Indian tax law (GST), telecom regulations (TRAI), and data protection law (DPDPA).

We do not sell your personal data to third parties. We do not use your Content to train AI models unless you explicitly opt in.

4. Third-Party Processors

We share data with the following categories of service providers, solely for the purposes described:

Provider	Purpose	Data Shared
Anthropic	AI model processing	Prompts and content submitted to AI features (processed, not stored for training)
Meta (WhatsApp Business API)	WhatsApp message delivery	Recipient phone numbers, message content
MSG91	SMS/OTP delivery	Phone numbers, OTP codes
Razorpay	Payment processing	Transaction amounts, email (for receipts)
Cloudflare	CDN, DDoS protection, DNS	IP addresses, request metadata

Each processor is contractually obligated to handle your data in accordance with applicable data protection laws.

5. Data Storage & Security

• Location: All primary data is stored on servers located in India.
• Encryption: Data is encrypted in transit (TLS 1.2+) and at rest (AES-256) for databases and backups.
• Access controls: Role-based access with multi-factor authentication for all internal systems.
• Monitoring: Continuous security monitoring, intrusion detection, and vulnerability scanning.
• Passwords: Stored using bcrypt hashing with salt. We cannot retrieve your plaintext password.

6. Data Retention

Data Category	Retention Period
Account data	Duration of account + 30 days after deletion request
Voice call recordings	90 days from call date, or as required by TRAI
WhatsApp message logs	180 days, or as required by Meta policies
ERP business data	Duration of account + 30 days post-deletion
TaxGuard Tally exports	Deleted within 30 days of scan completion unless user requests retention
Billing records & invoices	8 years (Indian tax law requirement)
Security logs	12 months

7. Your Rights (Data Principal Rights under DPDPA)

Under the Digital Personal Data Protection Act, 2023, you have the right to:

• Access: Request a summary of the personal data we hold about you and how it is processed.
• Correction: Request correction of inaccurate or incomplete personal data.
• Erasure: Request deletion of your personal data, subject to legal retention obligations.
• Consent withdrawal: Withdraw consent for data processing at any time. Note that withdrawing consent for essential processing may result in inability to use certain Products.
• Nomination: Nominate another person to exercise your data rights in the event of your death or incapacity.
• Grievance redressal: File a complaint with our Grievance Officer or the Data Protection Board of India.

To exercise any of these rights, contact us at hello@seaes.ai. We will respond within 30 days.

8. Consent

By creating an account and accepting our Terms of Service, you consent to the collection and processing of your data as described in this Privacy Policy. For optional data (phone number, company name) and marketing communications, separate consent is obtained and can be withdrawn at any time.

You can manage your notification preferences at accounts.seaes.ai/settings/notifications.

9. Cookies & Tracking

• Essential cookies: Session cookies (seaes_sso) for authentication. Required for the Platform to function. Cannot be opted out of.
• Analytics: We use privacy-focused analytics to understand usage patterns. No third-party advertising cookies are used.
• Cloudflare: Security cookies for bot detection and DDoS protection.

10. Children's Privacy

The Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will delete it promptly.

11. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights:

• We will notify the Data Protection Board of India in accordance with DPDPA requirements.
• We will notify affected users via email and dashboard notification within 72 hours of becoming aware of the breach.
• The notification will include the nature of the breach, data affected, steps taken, and recommended actions.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be notified via email and dashboard notification at least 15 days before taking effect. The "Last updated" date at the top of this page indicates the latest revision.

13. Grievance Officer

In accordance with the DPDPA 2023, our designated Grievance Officer is:

• Name: LAWYER_REVIEW — To be designated
• Email: hello@seaes.ai
• Response time: Within 30 days of receipt of grievance

If you are not satisfied with the resolution, you may file a complaint with the Data Protection Board of India as established under the DPDPA 2023.

14. Contact

• Privacy queries: hello@seaes.ai
• General support: hello@seaes.ai
• Address: SEAES, Nagpur, Maharashtra, India