Privacy Policy

This Privacy Policy ("Policy") governs the collection, processing, storage, and disclosure of personal data by InsightForge Analysis Systems ("InsightForge," "we," "our," or "us") in connection with the InsightForge AI Market Intelligence Platform and all associated services (collectively, the "Services"). This Policy is issued in compliance with the Digital Personal Data Protection Act, 2023 (DPDPA) of India and applicable international data protection frameworks.

By accessing or using the Services, you acknowledge that you have read and understood this Policy. Enterprise clients subject to a Master Service Agreement ("MSA") or Data Processing Agreement ("DPA") should refer to those instruments, which shall govern to the extent of any conflict with this Policy.

This Policy applies to all individuals and organizational users who access the Services, including authorized employees of enterprise licensees. InsightForge acts as the Data Fiduciary (as defined under the DPDPA) with respect to personal data submitted by users directly to the platform. Where InsightForge processes personal data on behalf of an enterprise client pursuant to a DPA, InsightForge acts as a Data Processor and the enterprise client is the Data Fiduciary.

Consent Mechanism. In accordance with the Digital Personal Data Protection Act 2023, InsightForge obtains explicit, informed, and specific consent from each user prior to the collection and processing of their personal data. Consent is obtained through an affirmative opt-in action at the point of account registration — specifically, a clearly labelled checkbox which the user must actively select to acknowledge and accept this Privacy Policy. Consent is not inferred from inaction, pre-ticked boxes, or continued browsing. Users may withdraw their consent at any time by submitting a written request to the Grievance Officer identified in Section 10, subject to InsightForge's legitimate legal and operational retention requirements as described in Section 05.

The Services are not directed at children under the age of 18. We do not knowingly collect personal data from minors.

InsightForge operates on a minimal data collection principle. We collect only the categories of personal data that are strictly necessary for the delivery of the Services.

We process the personal data described above for the following purposes, each of which is grounded in a lawful basis under applicable data protection law:

• Service Delivery: To authenticate your identity, generate AI-powered intelligence reports, and deliver PDF outputs to your account.
• Account Management: To maintain your user profile, manage subscription entitlements, and administer credit quotas.
• Billing & Payments: To generate corporate invoices, verify wire transfers, and maintain records of subscription history for financial and tax compliance purposes under Indian law.
• Platform Security: To detect, investigate, and prevent fraudulent activity, unauthorized access, and abuse of the Services.
• Service Improvement: To analyze aggregated and de-identified usage patterns for the purpose of improving platform performance, reliability, and feature development. The lawful basis for this processing is the legitimate interests of InsightForge in maintaining and enhancing a reliable, secure, and commercially viable service, which interests InsightForge has assessed as not overriding the fundamental rights and freedoms of affected data principals. De-identification is performed by removing all direct identifiers (name, email, IP address) and applying aggregation thresholds that prevent re-identification of any individual user's behaviour from published or internally analyzed outputs.
• Legal Compliance: To comply with applicable Indian law, including the DPDPA 2023, the Information Technology Act 2000, and applicable tax statutes.

The intelligence reports generated by the InsightForge platform are produced by analyzing publicly available information sourced from the open internet. To compile this source material, InsightForge programmatically fetches publicly accessible discussions, reviews, listings, and market commentary present across the internet as the primary input for its analysis pipeline.

The retrieved public data is processed through a self-contained external AI inference system engaged by InsightForge under commercial license, which generates structured analytical outputs from that source material. InsightForge engages this AI inference provider as a sub-processor under a binding Data Processing Agreement that requires the provider to apply data protection standards equivalent to those mandated under the DPDPA 2023. A current list of InsightForge's active sub-processors, including the identity of the AI inference provider, is made available to enterprise clients upon written request and is updated within 30 days of any material change to the sub-processor roster. The following commitments govern our AI processing practices:

• No Proprietary Training Data: Client-submitted query inputs and the reports generated therefrom are not used to train, fine-tune, or improve InsightForge's analytical systems or any third-party foundational models. Client data remains strictly within the scope of the transactional request.
• No Storage of Report Inputs for Training: Query content submitted by clients is treated as confidential and is not retained beyond the period necessary to fulfill the specific report request, except as required by law or as stipulated in a governing MSA.
• Public Data Disclaimer: While we strive for accuracy, InsightForge does not warrant the completeness or current accuracy of publicly sourced information. Reports constitute analytical intelligence, not verified factual assertions. Clients remain responsible for independent verification of material information prior to reliance in consequential decisions.

We retain personal data only for as long as is necessary to fulfill the purposes for which it was collected, or as required by applicable legal or regulatory obligations. In general:

• Account Data is retained for the duration of the active account relationship and for a period of 90 days following account termination, after which it is permanently deleted or anonymized.
• Billing Records are retained for a minimum of 7 years in accordance with Indian tax statutes (Income Tax Act 1961, GST Act).
• Usage & Log Data is retained for a rolling period of 12 months for security and audit purposes, and thereafter deleted.
• Generated Reports are stored for the period stated in the applicable service plan. Enterprise clients may configure custom retention periods under a governing DPA.

InsightForge implements technical and organizational measures designed to protect personal data against unauthorized access, disclosure, alteration, or destruction. These measures include, without limitation: encryption of data in transit (TLS 1.2+) and at rest; role-based access controls; and periodic security reviews. We rely exclusively on enterprise-grade cloud infrastructure that maintains internationally recognized security certifications.

Notwithstanding the foregoing, no method of electronic transmission or storage is completely secure. In the event of a personal data breach that is likely to result in harm to the rights and interests of affected Data Principals, InsightForge will: (a) notify the Data Protection Board of India as soon as reasonably practicable and within the timeframe prescribed under the DPDPA 2023 and any rules or directions issued thereunder; (b) notify affected Data Principals in the form and manner specified by the Board; and (c) maintain a written internal record of all personal data breaches, whether or not notification to the Board is required. InsightForge will not delay notification for the purpose of investigating the full scope of a breach where the DPDPA's notification threshold has been met.

Under the DPDPA 2023 and applicable law, you have the following rights with respect to your personal data:

• Right of Access: To obtain confirmation of whether we process your personal data and to receive a summary of the data held.
• Right to Correction: To request the correction of inaccurate or incomplete personal data.
• Right to Erasure: To request deletion of your personal data, subject to our legitimate legal and operational retention requirements.
• Right to Grievance Redressal: To lodge a complaint regarding our data processing practices with our designated Grievance Officer (see Section 10).
• Right to Nominate: To nominate another individual to exercise your rights on your behalf in the event of death or incapacity.

To exercise any of the above rights, submit a written request to the Grievance Officer at the contact details specified in Section 10, clearly identifying the right being exercised and the personal data to which the request relates. InsightForge may require reasonable verification of the requestor's identity before processing a rights request. We will respond within the timeframe required by applicable law, not exceeding 30 days from receipt of a complete and verified request, subject to any lawful extension permitted under the DPDPA 2023.

The operation of the Services may involve the transfer of certain personal data to service providers and technology partners located outside India. Such transfers are made on the basis of contractual data protection obligations which require those parties to apply protections equivalent to those under Indian law.

InsightForge will comply with any restrictions on international data transfers that may be enacted pursuant to the DPDPA 2023 and notified by the Government of India from time to time.

InsightForge reserves the right to amend this Policy at any time. Material changes will be communicated to registered users via the email address on file no fewer than 14 days prior to the effective date of the change. Continued use of the Services following the effective date constitutes acceptance of the revised Policy. The version history and effective dates are maintained at the top of this document.

Enterprise clients with active MSAs or DPAs will be notified directly by their designated account representative of any changes that may affect their contractual data protection arrangements.

For all inquiries, rights requests, or grievances relating to this Policy or to our data processing practices, please contact our designated Grievance Officer at the details below. As required under the DPDPA 2023, we will acknowledge receipt of grievances within 48 hours and resolve them within 30 days of receipt.

InsightForge uses cookies and similar tracking technologies on the Platform to support core functionality, session authentication, and security monitoring. Specifically, we use:

• Strictly Necessary Cookies: Session tokens and authentication cookies required for platform login and access control. These cannot be disabled as they are essential to the operation of the Services.
• Analytics Cookies: Aggregated, anonymized usage data collected to understand platform performance and user interaction patterns. These are only placed with your prior consent.

No third-party advertising cookies or cross-site tracking technologies are deployed on the InsightForge platform.

Users may manage non-essential cookie preferences through their browser settings or through the cookie preference centre accessible at first login. Withdrawal of consent for analytics cookies does not affect access to the Services.