Privacy Policy
Last updated: February 28, 2026
1. Overview
BaahiAI ("we", "our", "us") is committed to protecting your privacy and personal data in accordance with the Digital Personal Data Protection Act, 2023 (DPDPA) and other applicable Indian laws. This Privacy Policy explains how we collect, use, store, and protect your information.
2. Data We Collect
We collect the following categories of data:
- Account Information: Business name, owner name, email address, username, and encrypted password.
- Financial Data: Transaction records (amounts, dates, descriptions, categories) that you enter into the Service.
- Voice Data: Audio recordings submitted through the voice entry feature are processed by Sarvam AI for speech-to-text conversion. We do not permanently store raw audio files — only the resulting text transcripts.
- AI Interaction Data: Chat messages, briefing requests, and AI-generated responses for feature improvement.
- Payment Data: Razorpay handles payment processing. We store transaction references, plan details, and payment amounts — never your card or bank details.
- Usage Data: Feature usage counts, AI credit consumption, and login timestamps.
3. How We Use Your Data
- To provide and maintain the Service
- To process subscriptions and payments
- To deliver AI features (voice entry, chat, briefings)
- To send essential service emails (password resets, account notifications)
- To track and enforce credit limits per your subscription plan
- To improve our AI models and service quality
- To comply with legal obligations
4. Third-Party Processors
We share data with the following trusted service providers:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database & authentication | All account and financial data |
| Razorpay | Payment processing | Email, plan selection, payment details |
| Sarvam AI | Voice/language processing | Audio recordings, text for translation |
| Vercel | Application hosting | Server logs, IP addresses |
| Gmail SMTP | Email delivery | Email address, email content |
5. Data Retention
- Active accounts: Data is retained for as long as your account is active.
- Deleted accounts: Data is permanently deleted within 30 days of account deletion.
- Payment records: Retained for 7 years as required by Indian tax regulations.
- Voice recordings: Processed in real-time and not permanently stored.
6. Your Rights under DPDPA 2023
As a data principal under Indian law, you have the right to:
- Access: Request a copy of all personal data we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Erasure: Request deletion of your personal data and account
- Portability: Export your data in a machine-readable format
- Grievance Redressal: File a complaint with our Data Protection Officer
- Nominate: Nominate another person to exercise your rights in case of death or incapacity
To exercise any of these rights, email us at vaibhavtalekar87@gmail.com. We will respond within 30 days.
7. Data Security
- All data is encrypted in transit (TLS/HTTPS)
- Database access is restricted through Row-Level Security (RLS) policies
- Passwords are hashed using industry-standard algorithms (bcrypt via Supabase Auth)
- API endpoints are protected with rate limiting
- Payment data is handled by PCI-DSS compliant Razorpay
8. Children's Privacy
BaahiAI is designed for business use and is not intended for children under 18 years of age. We do not knowingly collect data from minors.
9. Changes to This Policy
We may update this Privacy Policy periodically. We will notify registered users of material changes via email. The "Last updated" date at the top reflects the most recent revision.
10. Contact — Data Protection Officer
For privacy-related queries, data requests, or complaints:
Email: vaibhavtalekar87@gmail.com
Subject line: "DPDPA Request — [Your Name]"