Privacy Policy

Last updated: April 22, 2026

Elehua AI (“we”, “our”, or “us”) is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our platform at elehuaai.com (“Service”). This policy complies with the Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable Indian laws.

1. Information We Collect

1.1 Information You Provide

  • Account information: Name, email address, and password when you register.
  • Profile information: Any details you add to your profile settings.
  • Content you submit: Text, documents, or data you provide to our AI tools for processing.
  • Payment information: Billing details processed securely by Razorpay. We do not store your card numbers or bank details.
  • Support communications: Messages you send us via email or the contact form.

1.2 Information Collected Automatically

  • Usage data: Number of AI generations, tools used, timestamps, and feature interactions.
  • Log data: IP address, browser type, device information, and pages visited.
  • Cookies: Session cookies for authentication and preference cookies for theme/language settings. We do not use third-party advertising cookies.

2. How We Use Your Information

  • To create and manage your account.
  • To process your AI requests using NVIDIA AI inference infrastructure.
  • To manage subscriptions and billing via Razorpay.
  • To enforce usage limits per your subscription plan.
  • To send transactional emails (account verification, receipts, password resets).
  • To improve our AI tools and service quality.
  • To comply with legal obligations under the DPDP Act, 2023.

We do not sell your personal data. We do not use your submitted content to train AI models.

3. Legal Basis for Processing (DPDP Act, 2023)

Under the Digital Personal Data Protection Act, 2023, we process your personal data on the following bases:

  • Consent: You provide consent when you create an account and accept these terms.
  • Contract performance: Processing necessary to provide the Service you have subscribed to.
  • Legitimate interests: Service improvement, fraud prevention, and security monitoring.
  • Legal obligation: Compliance with Indian laws and regulatory requirements.

4. Data Sharing

We share your data only with trusted service providers who help us operate the Service:

  • Supabase: Authentication and database hosting (encrypted at rest, row-level security).
  • NVIDIA: AI model inference for processing your tool requests. Input data is processed and not retained by NVIDIA beyond the inference call.
  • Razorpay: Payment processing for subscriptions. Subject to Razorpay's Privacy Policy.
  • Vercel: Application hosting and edge network delivery.

We do not share your data with advertisers, data brokers, or any party for commercial purposes.

5. Data Security

  • All data is encrypted in transit using TLS 1.3.
  • Data at rest is encrypted using AES-256 in our Supabase database.
  • Row-level security (RLS) ensures users can only access their own data.
  • Access to production systems is restricted to authorized personnel only.
  • We conduct regular security reviews of our codebase and infrastructure.

6. Data Retention

  • Account data: Retained for the duration of your account. Deleted within 30 days of account deletion request.
  • AI-generated outputs: Stored as long as your account is active. You can delete individual outputs at any time from your history.
  • Payment records: Retained for 7 years as required by Indian financial regulations.
  • Log data: Retained for 90 days for security and debugging purposes.

7. Your Rights Under DPDP Act, 2023

As a Data Principal under the DPDP Act, you have the right to:

  • Access: Request a summary of personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal data.
  • Erasure: Request deletion of your personal data (subject to legal retention requirements).
  • Grievance redressal: Lodge a grievance with our Data Protection Officer.
  • Nomination: Nominate another individual to exercise your rights on your behalf.

To exercise your rights, contact us at privacy@elehuaai.com. We will respond within 72 hours and resolve requests within 30 days.

8. Cookies and Tracking

We use only essential cookies necessary to operate the Service:

  • Authentication cookies: To keep you logged in securely.
  • Preference cookies: To remember your theme (light/dark) setting.

We do not use Google Analytics, Facebook Pixel, or any third-party tracking scripts.

9. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us data, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email or a notice on the Service. Continued use after changes constitutes acceptance.

11. Contact & Grievance Officer

For privacy-related queries or to exercise your rights under the DPDP Act, 2023:

You also have the right to lodge a complaint with the Data Protection Board of India if you are dissatisfied with our response.