Home/Legal/Privacy Policy
Back to Legal

Privacy Policy

Last updated: January 21, 2026
Effective: January 21, 2026

Introduction

Welcome to Iris ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our AI agent platform and related services.

Iris is committed to protecting your privacy and complying with India's Digital Personal Data Protection Act, 2023 (DPDP Act). This policy describes your rights and our obligations regarding your personal data.

DPDP Act 2023 Compliance

This Privacy Policy has been prepared in accordance with the Digital Personal Data Protection Act, 2023. We are committed to protecting your personal data and respecting your rights as a data principal under Indian law.

Data We Collect

We collect different types of information to provide and improve our services:

1. Information You Provide Directly

  • Account Information: Name, email address, password, and organization details when you create an account.
  • Payment Information: Billing details, payment method information (processed securely through Razorpay), and transaction history.
  • Content & Files: Agent configurations, prompts, commands, files uploaded, and content generated through our AI services.
  • Communications: Messages you send to our support team, feedback, and survey responses.

2. Information Collected Automatically

  • Usage Data: Features used, actions performed, agent execution logs, API calls, and interaction patterns.
  • Device Information: IP address, browser type, operating system, device identifiers, and session information.
  • Geolocation Data: Approximate location based on IP address for service delivery and fraud prevention.
  • Cookies & Tracking: Session cookies, analytics cookies (with your consent), and similar technologies. See our Cookies section for details.

How We Use Your Data

We use your personal information for the following purposes:

  • Service Delivery: To provide, operate, and maintain our AI agent platform and execute your commands.
  • Account Management: To create and manage your account, authenticate users, and provide customer support.
  • Payment Processing: To process subscriptions, handle billing, and prevent fraud.
  • Service Improvement: To analyze usage patterns, improve our AI models, and develop new features.
  • Communications: To send service updates, security alerts, and respond to your inquiries (with your consent for marketing communications).
  • Legal Compliance: To comply with Indian laws, regulations, and legal processes.
  • Security: To detect and prevent fraud, abuse, and security incidents.

Legal Basis for Processing

Under the DPDP Act, we process your personal data based on your consent, contractual necessity (to provide our services), and legitimate interests (service improvement and security). You can withdraw consent at any time.

Your Rights Under DPDP Act 2023

DPDP Compliance

As a data principal under India's DPDP Act 2023, you have the following rights:

1. Right to Access

You can request a copy of all personal data we hold about you, including agent configurations and execution history.

2. Right to Correction

You can request correction of inaccurate or incomplete personal data at any time through your account settings or by contacting us.

3. Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data. We will delete your data within 30 days, except where retention is required by law.

4. Right to Data Portability

You can request your data in a structured, machine-readable format (JSON/CSV) to transfer to another service.

5. Right to Withdraw Consent

You can withdraw consent for data processing at any time. This may affect service availability.

6. Right to Nominate

You can nominate another individual to exercise your rights in the event of death or incapacity.

7. Right to Grievance Redressal

You can file a complaint with our Data Protection Officer or the Data Protection Board of India if you believe your rights have been violated.

How to Exercise Your Rights

To exercise any of these rights, please email us at privacy@irisvision.ai with your request.

We will respond to your request within 30 days as required by the DPDP Act. Some requests may require identity verification for security purposes.

Data Retention

We retain your personal data for the following periods:

  • Account Data: Retained while your account is active and for 90 days after account deletion.
  • Agent Configurations & Content: Retained while your account is active. Deleted within 30 days of account closure.
  • Payment Records: Retained for 7 years to comply with tax and financial regulations.
  • Usage Logs: Retained for 180 days for analytics and security purposes.
  • Support Communications: Retained for 3 years for quality assurance and dispute resolution.

After retention periods expire, we securely delete or anonymize your data unless required by law to retain it longer.

Third-Party Services

We share your data with trusted third-party service providers to operate our platform:

  • Supabase: Database and authentication services (data hosted on secure cloud infrastructure).
  • Razorpay: Payment processing for subscriptions (India-based payment gateway).
  • Anthropic/OpenAI: AI model providers for agent execution (content processing).
  • PostHog/Analytics: Usage analytics (with your consent, anonymized data).
  • Sentry: Error tracking and monitoring (anonymized error logs).
  • Email Service Provider: Transactional and service emails.

All third-party providers are contractually bound to protect your data and use it only for the purposes we specify. We conduct due diligence to ensure they meet security and privacy standards.

Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: TLS 1.3 for data in transit, AES-256 encryption for data at rest.
  • Access Controls: Role-based access, multi-factor authentication, and least-privilege principles.
  • Regular Audits: Security assessments, penetration testing, and code reviews.
  • Monitoring: 24/7 system monitoring, intrusion detection, and anomaly alerts.
  • Employee Training: Regular security and privacy training for all team members.

Despite our best efforts, no system is 100% secure. If you discover a security vulnerability, please report it to security@irisvision.ai.

Data Breach Notification

In the unlikely event of a data breach that may harm your rights, we will:

  • Notify affected users within 72 hours of discovering the breach (as required by DPDP Act).
  • Notify the Data Protection Board of India as required by law.
  • Provide details about the nature of the breach, data affected, and steps taken to mitigate harm.
  • Offer guidance on protective measures you can take.

Notifications will be sent via email to your registered email address and/or displayed as an in-app alert.

Cookies & Tracking

We use cookies and similar tracking technologies:

1. Essential Cookies

Required for authentication, security, and basic site functionality. These cannot be disabled.

2. Analytics Cookies (Optional)

Help us understand how you use Iris to improve the experience. These require your consent and can be disabled via cookie settings.

3. Marketing Cookies (Optional)

Used to show relevant content and ads (if applicable in the future). Requires explicit consent.

Cookie Consent

You can manage your cookie preferences at any time through the cookie banner or by clicking "Cookie Settings" in the footer. Disabling analytics cookies will not affect core functionality.

International Data Transfers

Your data may be processed on servers located outside India, including:

  • Supabase cloud infrastructure (multiple regions)
  • AI model providers (Anthropic/OpenAI servers)
  • CDN and cloud services for performance optimization

When transferring data internationally, we ensure adequate safeguards such as:

  • Standard contractual clauses approved by data protection authorities
  • Encryption during transfer and at rest
  • Vendor compliance with international privacy standards (GDPR, SOC 2)

Children's Privacy

Iris is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

If you are under 18, you may only use our services with the consent and supervision of a parent or legal guardian. The parent/guardian is responsible for all activity on the account.

If we discover that we have collected data from a child without proper consent, we will delete it immediately. Please contact us at privacy@irisvision.ai if you believe we have inadvertently collected such data.

Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements.

When we make material changes, we will:

  • Notify you via email at least 30 days before changes take effect
  • Display a prominent notice on our website
  • Update the "Last Updated" date at the top of this policy

Continued use of our services after the effective date constitutes acceptance of the updated policy. If you disagree with changes, you may close your account before they take effect.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Data Protection Officer

Iris AI Platform

Support Email: support@irisvision.ai
Response Time: Within 30 days (DPDP Act requirement)

If you believe your privacy rights have been violated and we have not adequately addressed your concerns, you may file a complaint with the Data Protection Board of India.

Related Documents

Privacy Policy
Terms of Service
Refund Policy

Table of Contents

Return to Home