Sign Up

Privacy Policy

Our privacy policy and how we use your data

Last updated: 17 April 2026

This Privacy Policy explains what personal data PingAura AI Technologies Private Limited ("PingAura," "we") collects when you use our platform, website, APIs, and MCP server (the "Services"), how we use and share it, and what choices you have. For information on cookies, see our Cookie Policy.

1. Who is the controller

PingAura AI Technologies Private Limited is the controller of the personal data you provide directly to us (account, billing, support). When you use the Services to process personal data about your own customers or visitors, you are the controller and PingAura is a processor acting on your instructions under these Terms and any data processing agreement we sign with you.

2. What we collect

  • Account data: name, work email, password hash, account preferences, role within a team.
  • Billing data: billing name, address, tax ID, plan, invoices, and last four digits of the payment method. Card details are collected and stored directly by Paddle; we do not see or store them.
  • Product data: the domains, brands, prompts, briefs, articles, audits, chats, and files you create or upload.
  • Integration data: OAuth tokens and data you authorise from Google Search Console, Google Analytics 4, WordPress, Razorpay, Bing Webmaster Tools, and similar connectors.
  • Usage data: pages visited, features used, requests made, referral URL, approximate location derived from IP, device and browser, error and performance events.
  • Communications: messages you send to support, survey responses, and newsletter subscriptions.

We do not knowingly collect personal data from anyone under 18 and we do not ask for sensitive categories such as biometric, health, or government ID data. Do not submit that data to the Services.

3. How we use data

  • Provide, operate, and secure the Services.
  • Run AI visibility scans, site audits, article generation, the AI Coworker, and other product features you request.
  • Authenticate users, bill for usage, and apply plan entitlements.
  • Respond to support requests and send service communications (e.g., receipts, security alerts, material changes).
  • Detect and prevent fraud, abuse, and violations of our Terms.
  • Improve the Services using aggregated, de-identified metrics.
  • Send product updates and marketing emails where permitted; you can unsubscribe from the footer of any marketing email.
  • Comply with legal obligations.

4. Legal basis for processing

  • Contract: to provide the Services you signed up for and to take pre-contract steps at your request.
  • Legitimate interests: to secure the Services, prevent abuse, measure product usage, and develop new features, balanced against your rights and freedoms.
  • Consent: for analytics cookies, marketing emails, and optional integrations; you can withdraw consent at any time without affecting processing already carried out.
  • Legal obligation: to meet tax, accounting, and other regulatory requirements.

5. AI models and your content

The Services send prompts, source material, and related context to AI providers (including OpenAI, Anthropic, Google, Perplexity, DeepSeek, and xAI) to generate the outputs you ask for.

We use business tiers that contractually prohibit providers from using your content to train their general-purpose models, and we do not use your content to train our own models. Providers may retain prompts and outputs briefly for abuse monitoring, as set out in their own policies.

See our AI Usage Policy for more detail.

6. Google Workspace APIs

If you connect a Google account, our use and transfer of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.

We access Google Analytics (GA4) and Search Console data only to power the features you have enabled. We do not sell Google user data, do not use it for advertising or profiling, and do not use it to train or improve general-purpose AI/ML models. We do not retain Google user data beyond transient processing for the requested features; OAuth tokens are stored encrypted so we can refresh the connection. You can revoke access in your Google account permissions at any time.

7. Sub-processors

We engage a small number of third-party providers to help us operate the Services, grouped broadly into infrastructure, billing, AI model providers, and operations. Each provider is bound by a data processing agreement and appropriate security and confidentiality obligations. For the current, itemised list see our Sub-Processors page. We will update that page when we add, replace, or remove a sub-processor that processes personal data; if you reasonably object to a new sub-processor, contact us and we will work in good faith to address your concerns.

8. International transfers

The Services are operated from India and use sub-processors located in India, the European Economic Area, the United Kingdom, the United States, and other jurisdictions. When personal data moves across borders, we put appropriate contractual safeguards in place with our sub-processors, including Standard Contractual Clauses and equivalent transfer mechanisms, so that the data continues to receive a comparable level of protection.

9. Retention

  • Account and product data: kept while your account is active. On closure we delete account data within 30 days, except where we must retain it for legal, tax, or security reasons.
  • AI Coworker chats and turn logs: kept for up to 12 months, then deleted or anonymised.
  • Billing records: retained for 8 years to meet Indian tax and audit requirements.
  • Support messages: retained for 3 years for quality and reference.
  • System logs: retained for up to 90 days for security and debugging.

10. Your rights

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you and receive a copy in a portable format.
  • Correct inaccurate or incomplete personal data.
  • Delete your personal data, subject to limited exceptions where we are required or permitted to retain it.
  • Restrict or object to certain processing, including processing based on legitimate interests and direct marketing.
  • Withdraw consent at any time where processing is based on consent, without affecting processing already carried out.
  • Opt out of the "sale" or "sharing" of personal information. We do not sell personal information and we do not share it for cross-context behavioural advertising.
  • Lodge a complaint with the data protection authority in your jurisdiction.

To exercise these rights, email [email protected]. We will verify your identity and respond within 30 days, or sooner if required by applicable law. We will not discriminate against you for exercising any of these rights.

11. Security

We operate an information security programme with role-based access controls, encryption in transit (TLS) and at rest (AES-256-GCM for sensitive fields), audit logging on administrative actions, and regular vendor due diligence. No system is perfectly secure; we will notify affected users and regulators of a personal data breach within the timeframes required by applicable law.

12. Automated decision-making

The Services produce AI-generated scores, summaries, and recommendations. These are decision-support outputs; we do not make legal or similarly significant decisions about you purely by automated means. You remain responsible for any decisions you take based on Outputs.

13. Changes to this policy

We may update this policy from time to time. For material changes we will give at least 30 days' notice by email or in-product notice before they take effect. The "Last updated" date at the top shows when the policy was last revised.

14. Contact

  • Entity: PingAura AI Technologies Private Limited
  • Registered office: Devi Nagar, Panchkula, Haryana 134109, India
  • Email (privacy, grievance, support): [email protected]

For complaints under applicable Indian law, including the Information Technology Act, 2000 and rules made under it, please write to the same address and we will route your message to the responsible officer.