PRIVACY POLICY

1. LEGAL POLICY NAME

Platform Privacy and Personal Data Processing Policy

2. POLICY TITLE

Privacy Policy

3. PURPOSE OF THE POLICY

This Privacy Policy establishes the legally binding framework governing the collection, use, processing, storage, disclosure, and protection of personal and non-personal data in connection with the HeiBuddyAI platform.

The purpose of this policy is strictly to:

• comply with applicable data protection and privacy laws
• mitigate legal, regulatory, operational, security, and reputational risks
• provide legal clarity regarding data practices
• safeguard the Company, its affiliates, systems, and ecosystem participants

Nothing in this policy creates any assurance, representation, warranty, fiduciary duty, or obligation beyond what is expressly required under applicable law.

4. SHORT DESCRIPTION

This Privacy Policy explains how data is collected, processed, used, shared, retained, and protected when individuals or entities interact with the platform.

By accessing, browsing, registering, or using the platform in any manner, you acknowledge that you have read, understood, and agreed to be legally bound by this Privacy Policy, including any future updates.

5. DETAILED DESCRIPTION

This policy applies across all roles, services, devices, access methods, and jurisdictions, subject to applicable law.

The Company retains non-exclusive, lawful rights to process data for legitimate business purposes, compliance, security, analytics, risk management, and platform operations.

All data-handling decisions are exercised at the Company's discretion within the boundaries of applicable law.

No failure or delay in enforcing this policy shall operate as a waiver of any rights.

6. APPLICABILITY & COVERAGE

This Privacy Policy applies to:

• all users (registered, unregistered, guest, or trial)
• partners, vendors, merchants, advertisers, and service providers
• delivery agents, runners, contractors, and field personnel
• internal teams, consultants, and representatives
• all geographies, unless restricted by applicable law
• all platform interfaces including mobile applications, websites, APIs, dashboards, communications, and tools

7. KEY POINTS

a. Categories of Data Collected

Subject to legal permissibility, the Company may collect:

• identification and contact information
• account, transactional, and usage data
• device, log, and technical metadata
• location data (where enabled or legally required)
• communications and support records
• compliance, verification, or risk-related data

b. Purpose of Processing

Data may be processed for:

• platform access and functionality
• identity verification and fraud prevention
• legal and regulatory compliance
• security monitoring, audits, and risk mitigation
• analytics, performance measurement, and system improvement
• communications and support operations

c. Legal Bases for Processing

Processing may rely on one or more lawful bases, including:

• consent (where required)
• contractual necessity
• legal obligation
• legitimate business interests
• public interest or regulatory mandate

d. Obligations of Users, Partners & Agents

All parties must:

• submit lawful and accurate data
• avoid uploading unauthorized third-party data
• maintain confidentiality of credentials
• comply with applicable data protection laws

e. Monitoring, Audits & Enforcement

The Company may monitor, audit, and investigate data usage to ensure security, compliance, and lawful processing.

8. NO WARRANTY / NO GUARANTEE

Data processing services are provided on an "as-is" and "as-available" basis.

The Company makes no representations regarding uninterrupted availability, completeness, or accuracy of data handling beyond what is required by applicable law.

9. LIMITATION OF LIABILITY

To the maximum extent permitted by law:

• the Company shall not be liable for indirect, incidental, consequential, special, or punitive damages related to data processing
• any liability, if established, shall be limited to the minimum extent mandated by applicable law
• no liability arises from third-party actions, breaches, or failures outside the Company's reasonable control

10. DELAYS, FAILURES & FORCE MAJEURE

The Company shall not be responsible for data-related delays, disruptions, or failures caused by:

• technical or system issues
• network or infrastructure outages
• third-party service failures
• regulatory or governmental actions
• cyber incidents or security events
• natural disasters, pandemics, or force-majeure events

11. DATA RETENTION

Data is retained only for durations necessary to:

• meet legal and regulatory obligations
• support operational, security, and compliance needs
• resolve disputes, audits, or enforcement matters

Retention periods vary based on data category, jurisdiction, and applicable law.

12. DATA SHARING & DISCLOSURE

Data may be shared:

• with affiliates and service providers under contractual safeguards
• with regulators, courts, or law enforcement where legally required
• in connection with mergers, restructuring, or asset transfers

The Company does not sell personal data except where permitted or mandated by law.

13. THIRD-PARTY DEPENDENCIES

• third-party platforms operate independently
• the Company does not control or assume liability for third-party data practices
• engagement with third parties occurs entirely at the individual's or entity's own risk

14. USER RIGHTS (SUBJECT TO LAW)

Where applicable and subject to legal limitations, individuals may request:

• access, correction, or deletion of personal data
• withdrawal of consent
• restriction or objection to processing
• redress through applicable regulatory authorities

All requests are subject to verification and statutory exemptions.

15. REGULATORY & LEGAL COMPLIANCE

This policy is designed to align with:

• GDPR
• India Digital Personal Data Protection Act
• CCPA / CPRA
• other applicable global privacy frameworks

The Company may update its practices to remain compliant.

Users and partners remain responsible for their local compliance obligations.

16. AMENDMENTS & UPDATES

The Company reserves the unilateral right to modify this Privacy Policy at any time.

Updates take effect immediately unless stated otherwise.

Continued use of the platform constitutes acceptance of the revised policy.

17. DISCLAIMERS

• this policy does not constitute legal, financial, tax, or professional advice
• no employment, agency, partnership, or fiduciary relationship is created
• no exclusivity or ownership rights are granted beyond statutory entitlements

18. GOVERNING LAW & JURISDICTION

This Privacy Policy shall be governed by the laws of India.

Courts located in Bengaluru, Karnataka shall have jurisdiction unless otherwise required by applicable law.

19. SEVERABILITY & WAIVER

If any provision is held invalid or unenforceable, the remaining provisions shall continue in full force.

No waiver shall be effective unless expressly provided in writing by the Company.

20. POLICY UPDATE NOTICE

The Company reserves the right to update, amend, or replace this policy at any time without prior notice.

The Company does not undertake any obligation to notify individuals of such changes.

It is the sole responsibility of users, partners, agents, and other parties to periodically review this policy and seek clarification where required.

21. CONTACT & ESCALATION

All communications must be submitted through official platform contact mechanisms.

Response timelines are not guaranteed.

Any resolution remains subject to the Company's discretion and applicable law.