Privacy Policy
1. Introduction & Scope
This Privacy Policy describes how Indoeu Systems (OPC) Private Limited (“PrimedinAI”, “we”, “us”, “our”) collects, uses, shares, and protects personal information in connection with the PrimedinAI service (the “Service”).
This policy applies to:
- visitors to our website;
- users who have been invited to the pre-beta Service and hold a PrimedinAI account;
- end-viewers who watch videos that our account holders have embedded or shared using the Service.
For your own account and marketing interactions with us, PrimedinAI is the data fiduciary (under the Digital Personal Data Protection Act, 2023) and controller (under the EU General Data Protection Regulation, where applicable).
Where our account holders use the Service to process data about their own viewers, PrimedinAI acts as a data processor on their behalf. In that case, the account holder is responsible for providing appropriate notice to, and obtaining consent from, their viewers.
2. Pre-Beta Notice
The Service is currently offered as a pre-beta, invite-only release. During this period, data structures and retention practices may change. We will give reasonable notice of any material change affecting data you have uploaded, and you may delete your data at any time.
3. Personal Data We Collect
We collect the following categories of personal data:
- Account data — name, business email address, organisation, role, phone number, and password (stored as a one-way hash).
- Access-request data — information submitted through our “Request Early Access” form, including office email, organisation, phone number, an optional business-case description, and the IP address of the submission.
- User Content — video files you upload, the metadata associated with them, and the AI-generated artefacts we produce from them (transcripts, subtitles, summaries, thumbnails, and similar).
- Usage data — feature usage, API calls, timestamps, log identifiers, and error diagnostics.
- Viewer data (processor role) — when an account holder embeds or shares a PrimedinAI-hosted video, we may process anonymous or pseudonymous viewer signals on their behalf, such as IP address, device class, coarse geography, play events, referrer, and session identifiers.
- Technical data — cookies and similar identifiers (see Section 6), browser type, operating system.
- Support data — the content of any enquiry, ticket, or feedback you submit to us.
The Service does not currently process payment card data. No payment processor is integrated in this version.
4. How We Use Personal Data
We use personal data for the following purposes:
- providing, operating, and securing the Service (performance of contract);
- generating AI outputs from your User Content on your behalf (performance of contract);
- authenticating you and authorising access;
- responding to access requests, support enquiries, and legal notices;
- detecting, preventing, and investigating fraud, abuse, and security incidents (legitimate interest);
- understanding feature usage and improving the Service (legitimate interest, with opt-out where required);
- complying with legal and regulatory obligations.
5. AI Processing Disclosure
AI features of the Service are powered by foundation models, invoked from infrastructure hosted within India. Your uploaded content and the prompts we generate from it are transmitted to third-party models solely so that the requested AI feature can be performed (e.g. transcription, summarization, thumbnail generation).
- We do not use your User Content to train our own or any third-party foundation model.
- The system does not store your prompts or content for the purpose of training foundation models, under PrimedinAI's data-handling commitments.
- AI outputs are written back to your account storage within the PrimedinAI system and are visible only to your account (and any users you have explicitly granted access to).
6. Cookies & Similar Technologies
We use a small number of cookies and similar technologies. No advertising or cross-site tracking cookies are used.
- Strictly necessary cookies — used for authentication, session continuity, and security (e.g. CSRF protection). These cannot be disabled without impairing the Service.
- Functional cookies — used to remember UI preferences.
- Product analytics — aggregated, privacy-respecting metrics about how the Service is used, so that we can improve it. Where required by law, we will ask for your consent before collecting these.
- CDN signed cookies — issued temporarily so your browser can stream private video content securely. They do not track you across other websites.
7. Analytics
We collect aggregated viewer analytics (play events, device class, coarse geography, referrer) through an intelligent data system and store them under our scalable file systems, to be queried for insights and performance metrics. Where we collect these metrics as a processor on behalf of an account holder, the account holder is the controller of that data and is responsible for viewer-facing disclosures.
8. Sharing & Sub-processors
We share personal data only as described below:
- Infrastructure sub-processors — all of our servers and third-party infrastructure are primarily hosted within India.
- Legal disclosures — where required by applicable law, valid legal process, or to protect our rights, property, or safety, or those of our users or the public.
- Business transfers — in connection with a merger, acquisition, or asset sale, subject to reasonable confidentiality protections and onward obligations consistent with this policy.
We do not sell personal data. We do not share personal data with advertising networks.
9. International Data Transfers
Personal data and User Content are primarily hosted within data centres in India. Where limited cross-border transfers occur (for example, model inference that is unavailable in-region, or support operations), we rely on lawful transfer mechanisms, including standard contractual clauses where applicable.
10. Data Retention
We retain personal data only as long as needed for the purposes described in this policy:
- Account data — for the duration of your account, plus a reasonable period to meet statutory record-keeping obligations.
- User Content and AI outputs — until you delete them from the Service; automated backups are purged within ninety (90) days thereafter.
- Access-request submissions — up to twenty-four (24) months from submission, unless you become an account holder.
- Viewer analytics — raw events for up to ninety (90) days; aggregated metrics may be retained longer in non-identifying form.
- Support tickets — up to three (3) years after closure.
- Server logs — up to one hundred and eighty (180) days, consistent with the IT Rules, 2021.
11. Your Rights
Depending on your location, you may have the following rights in relation to your personal data:
- Under the Digital Personal Data Protection Act, 2023 (India) — the right to access and obtain a summary of personal data we process about you, the right to correction and erasure, the right to nominate a representative in the event of death or incapacity, and the right to grievance redressal.
- Under the EU/UK GDPR (where applicable) — the rights of access, rectification, erasure, restriction, objection, portability, withdrawal of consent, and to lodge a complaint with a supervisory authority.
To exercise any of these rights, email legal@indoeu.in. We may need to verify your identity before acting on a request.
12. Security
We apply reasonable technical and organizational safeguards, including encryption in transit (TLS 1.2 or better), encryption at rest, least-privilege access permissions, multi-factor-capable authentication, and signed-cookie protection for video delivery. No system is perfectly secure; we commit to notifying users and authorities of reportable breaches in accordance with applicable law.
13. Children's Privacy
The Service is not directed to individuals under the age of 18 and we do not knowingly collect personal data from such individuals. If you believe we have inadvertently collected data from a minor, please contact us to have it removed.
14. Grievance Officer (IT Rules, 2021)
In accordance with the Information Technology Act, 2000 and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, you may contact our Grievance Officer for any grievance related to your personal data or the Service:
Grievance Officer · Indoeu Systems (OPC) Private Limited · Email: legal@indoeu.in
We will acknowledge complaints within twenty-four (24) hours and aim to resolve them within fifteen (15) days.
15. Privacy Contact
For general privacy enquiries, write to legal@indoeu.in.
16. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email or in-app notice. The “Effective date” at the top of this document will be updated whenever changes are made.