Privacy Policy

This Privacy Policy describes how Dheemai Inc. ("Dheemai", "we", "us", or "our"), a Delaware corporation, collects, uses, shares, and protects information about you when you use our website (www.dheemai.com) and our products and services.

This Privacy Policy is compliant with the Information Technology Act 2000 and associated rules, and other applicable Indian and international data protection laws.

1. Information We Collect

We collect information you provide directly to us and information collected automatically when you use our services.

1.1 Information You Provide

• Contact information: Name, email address, phone number, company name, job title when you fill our contact forms, request demos, or subscribe to communications.
• Account information: Username, password, and profile details when you create an account to use our products.
• Payment information: Billing address and payment details (processed by our payment provider; we do not store full card details).
• Communications: Content of emails, support tickets, and other communications you send us.
• Product usage data: Data you upload or input when using our products (e.g., documents for TamperCheck, identity data for KYC Verifier) processed in accordance with our Data Processing Agreement.

1.2 Automatically Collected Information

• Usage data: Pages visited, features used, time spent, click patterns, and navigation paths.
• Device information: IP address, browser type and version, operating system, device type.
• Cookies and similar technologies: As described in Section 8 below.
• Log data: Server logs recording access time, request type, and error codes.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, and improve our products and services
• To process transactions and manage your account
• To respond to your enquiries, support requests, and communications
• To send you product updates, security alerts, and administrative messages
• To send you marketing communications (where you have provided consent or we have a legitimate interest)
• To personalise your experience and provide relevant content
• To monitor and analyse usage patterns to improve our services
• To detect, investigate, and prevent fraudulent activity and abuse
• To comply with legal obligations, including tax, audit, and regulatory requirements
• To enforce our Terms of Service and protect our rights

3. Legal Basis for Processing

Under applicable laws, we process your personal data on the following legal bases:

• Consent: Where you have given us explicit consent, such as for marketing communications.
• Contract performance: To fulfil our contractual obligations to you as a customer or user.
• Legal obligation: Where processing is necessary to comply with applicable laws.
• Legitimate interests: For purposes like fraud prevention, security, and improving our services, where these interests are not overridden by your rights.

4. Sharing of Your Information

We do not sell your personal data. We may share your information with:

• Service providers: Third-party vendors who provide services on our behalf (cloud hosting, analytics, payment processing, email delivery), subject to appropriate data processing agreements.
• Business partners: With your consent, for co-marketing or partnership purposes.
• Legal requirements: When required by law, court order, or government authority, or to protect our rights, safety, or property.
• Business transfers: In connection with a merger, acquisition, or sale of assets, with notice to you.

5. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including:

• Account data: For the duration of your account plus 3 years after closure
• Contract and billing records: 7 years for tax and legal compliance
• Marketing consent records: Until withdrawn plus 3 years
• Support communications: 3 years from the date of the last communication
• Log and security data: 12 months

After the applicable retention period, we securely delete or anonymise your personal data.

6. Your Rights

Under applicable laws, you have the following rights regarding your personal data:

• Right to access: Request a summary of personal data we hold about you and how it is being processed.
• Right to correction: Request correction of inaccurate or incomplete personal data.
• Right to erasure: Request deletion of your personal data, subject to legal retention obligations.
• Right to withdraw consent: Withdraw consent for processing where consent is the legal basis, without affecting prior lawful processing.
• Right to grievance redressal: Lodge a complaint with our Grievance Officer (details below).
• Right to nominate: Nominate another person to exercise your rights in the event of your death or incapacity.

To exercise these rights, contact our Grievance Officer at privacy@dheemai.com. We will respond within 72 hours of receipt.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction, including:

• Encryption of data in transit (TLS 1.3) and at rest (AES-256)
• Access controls, multi-factor authentication, and role-based permissions
• Regular security assessments, penetration testing, and vulnerability management
• ISO 27001-aligned information security management practices
• Employee training on data protection and security
• Incident response procedures with timely breach notification

In the event of a personal data breach affecting your rights, we will notify you and the relevant regulators as required by applicable law.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience on our website. Categories of cookies we use:

• Essential cookies: Necessary for the website to function; cannot be disabled.
• Analytics cookies: Help us understand how visitors use our site (e.g., page views, session duration).
• Marketing cookies: Used to show you relevant advertising; activated only with your consent.
• Preference cookies: Remember your settings and preferences.

You can manage cookie preferences through the cookie consent banner on our website or your browser settings. Disabling certain cookies may affect functionality.

9. International Data Transfers

The location where your personal data is stored and processed is configurable per customer. Dheemai supports three deployment models: hosted in a cloud region of your choice (AWS or GCP), deployed into your own cloud environment, or run on-premise on infrastructure you control. The specific region or facility is determined by your contract with us. Where data is transferred across jurisdictions, we apply appropriate safeguards (such as Standard Contractual Clauses, adequacy decisions, or equivalent mechanisms permitted under applicable law).

10. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by email (where we have your email address) or by posting a prominent notice on our website with a revised date. Your continued use of our services after the effective date constitutes acceptance of the updated policy.

12. Contact Us & Grievance Officer

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact our Grievance Officer:

If you are not satisfied with our response, you may lodge a complaint with the relevant data protection authority under applicable law.