GGuptAI

Privacy Policy — GuptAI

Last updated: 23 June 2026

This Privacy Policy explains what data GuptAI ("we", "us", "our") collects and how we handle it. GuptAI is operated from India by the operator reachable at getdeaddictedllc@gmail.com. We've written this in plain English because the most important point is simple and unusual:

The GuptAI product does not process your documents on our servers. The AI model runs entirely on your own computer. Your contracts, case files, patient notes, ledgers, prompts, and AI outputs never reach us.

This policy is written to be aware of India's Digital Personal Data Protection (DPDP) Act, 2023 and the EU's GDPR.

1. The two kinds of data — and why the distinction matters

(a) Your working data (documents, prompts, AI outputs) — we NEVER receive this. When you use GuptAI to draft a contract, summarise a case file, or query a ledger, all of that happens locally on your machine via Ollama and a local model. None of it is uploaded to us. We have no copy, no log, and no access. This is by design — it's the whole point of the product. Under the DPDP Act, this means we are not a Data Processor for your client data, because we never process it.

(b) Lead and account data — a minimal amount we DO hold. To run the business (sign-ups, billing, support, newsletters), we hold a small amount of data you give us directly. This is described below.

2. Lead/account data we collect

We collect only what we need:

  • Identity & contact: name, email address, phone/WhatsApp number, firm name (when you provide them).
  • Plan & billing: which plan you're on, and payment records. Card/bank details are processed by our payment gateway (Razorpay), not stored by us.
  • Support communications: the contents of emails/messages you send us for support.
  • Website analytics: basic, privacy-respecting usage of our website (e.g. page visits, referrer) to improve it. We do not track your in-product activity.
  • Optional, opt-in product signal: if (and only if) you explicitly opt in, anonymous, non-identifying pings (e.g. "an install happened") to help us improve. This is off by default and never includes your documents or prompts.

3. How we use this data

  • To create and manage your account and provide the Service.
  • To process payments (via Razorpay) and send invoices/receipts.
  • To provide support and respond to your messages.
  • To send onboarding emails and, with your consent, product news. You can unsubscribe anytime.
  • To comply with legal and tax obligations.

We do not sell your data. We do not use your data to train AI models. (We couldn't train on your documents even if we wanted to — we never receive them.)

4. Legal bases (DPDP Act 2023 / GDPR)

  • Consent for marketing emails and the optional product signal.
  • Contract / legitimate interest for account, billing, and support data needed to deliver the Service you asked for.
  • Legal obligation for tax and compliance records.

Under the DPDP Act, you are the Data Fiduciary for your own clients'/patients' personal data on your machine; we are not, because that data never reaches us.

5. Sharing with third parties

We share the minimal lead/account data only with service providers needed to run the business:

  • Razorpay — payment processing (subject to their privacy policy).
  • Email/CRM provider — to send onboarding and support emails.
  • Website hosting/analytics — to operate the website.

These providers act under contract and process only what's needed. We do not otherwise share, rent, or sell your data. We may disclose data if legally required (e.g. valid court order).

6. International transfers

We operate from India. Some business tools (email, analytics, payments) may process lead/account data outside India under appropriate safeguards. Your working data is never transferred anywhere — it stays on your machine. This local-only architecture is what makes GuptAI a clean fit for DPDP and GDPR concerns around cross-border transfer of client data.

7. Data retention

  • Account and billing records: kept while your account is active and as long as required by law (e.g. tax records).
  • Support messages: kept as long as useful for support, then deleted.
  • Marketing data: until you unsubscribe or request deletion.
  • Your working data: not applicable — we never hold it.

8. Your rights

Subject to the DPDP Act 2023 and, where applicable, the GDPR, you can:

  • Access the lead/account data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data ("right to erasure").
  • Withdraw consent for marketing or the optional product signal.
  • Lodge a grievance with us, and escalate to the Data Protection Board of India (under the DPDP Act) or your local supervisory authority (under GDPR).

To exercise any of these, email getdeaddictedllc@gmail.com. We'll respond within the timelines required by applicable law.

9. Security

We protect the lead/account data we hold using reasonable technical and organisational measures. For your working data, security rests on your own machine — we recommend you keep your device protected and backed up, since that's where your documents live.

10. Children

GuptAI is a business tool not intended for children. We do not knowingly collect data from children. Under the DPDP Act, processing of children's data requires verifiable parental consent; GuptAI is not designed or marketed for such use.

11. Grievance / Data Protection contact

For privacy questions, requests, or grievances under the DPDP Act 2023 or GDPR, contact: Email: getdeaddictedllc@gmail.com Operator location: India Website: https://gupt.aiskillhub.info

12. Changes

We may update this policy. Material changes will be notified by email or on the website, with a new "Last updated" date.