Legal & Compliance

Privacy Policy
For OtonomiQ AI

Effective Date: 21 May 2026 Last Updated: 21 May 2026

HIPAA Compliant certification badge

HIPAA Compliant

SOC Certified certification badge

SOC Certified

ISO 27001 Lead Auditor certification badge

ISO 27001

GDPR Proactive certification badge

GDPR Proactive

At OtonomiQ AI, Your Trust Is The Foundation Of Everything We Do. This Privacy Policy Is Written In Plain Language — Not Legalese — Because We Believe You Deserve To Clearly Understand How Your Data Is Handled When You Use Our Platform, Visit Our Website, Or Interact With Us In Any Capacity. If You Have Questions After Reading This, Please Reach Out. We Are Happy To Help.

Who We Are

OtonomiQ AI Is An Enterprise AI Automation Platform Headquartered In Chennai, India. Our Platform Helps Businesses Coordinate Customer Interactions, Automate Workflows, And Manage Operations Consistently Across Channels Including WhatsApp, Email, Web, Instagram, Facebook, Telegram, And Slack, All Within A Secure And Governed Environment.

For The Purposes Of This Privacy Policy, "OtonomiQ AI", "We", "Us", Or "Our" Refers To The Company And Its Services. "You" Refers To Any Individual Who Visits Our Website, Uses Our Platform, Or Interacts With Our Services, Whether As An Enterprise Client, An End-User Of A Client's Deployment, Or A Visitor To Our Website.

What We Collect

We Are Thoughtful About The Data We Collect. We Only Gather Information That Genuinely Helps Us Deliver And Improve Our Services.

CategoryExamplesHow Collected
Identity & ContactName, Business Email, Phone Number, Job TitleRegistration Forms, Contact Inquiries, Demo Bookings
Account & Usage DataLogin Credentials, Configuration Settings, Feature Usage, Conversation LogsPlatform Interactions, API Calls
Communication DataMessages Sent Via Integrated Channels Processed Through Our PlatformChannel Integrations Configured By Enterprise Clients
Technical DataIP Address, Browser Type, Device Identifiers, Session TimestampsAutomatic Collection Via Cookies And Server Logs
Business Operations DataWorkflow Configurations, CRM/ERP Integration Data, Audit Trail RecordsClient-Configured Integrations And Platform Use
Support & FeedbackSupport Ticket Content, Survey Responses, Product FeedbackDirect Communication With Our Team

Important Note On End-User Data: When Enterprise Clients Deploy OtonomiQ AI To Serve Their Own Customers, OtonomiQ Processes That Communication Data Solely On Behalf Of The Enterprise Client, Under Their Instructions And Applicable Data Processing Agreements. The Enterprise Client Remains The Data Controller For Their Customers' Data.

How We Use Your Data

We Use The Information We Collect To Run Our Platform Responsibly And To Keep Improving It. Here Is Exactly What That Looks Like:

  • Providing, Operating, And Maintaining Our Platform And Its Features
  • Processing And Fulfilling Service Requests, Including Demo Bookings And Onboarding
  • Personalising Your Experience Based On Your Organisation's Configurations And Preferences
  • Sending Important Service Communications Such As Updates, Security Notices, And Support Responses
  • Generating Anonymised, Aggregated Analytics To Understand Platform Usage And Improve It
  • Maintaining Complete Audit Trails For Operational Accountability And Compliance Reporting
  • Enforcing Our Terms Of Service And Protecting The Security And Integrity Of The Platform
  • Complying With Applicable Legal Obligations, Including Regulatory Requests Where Required By Law

We Do Not Use Your Data To Train External AI Models Without Your Explicit, Informed Consent. We Do Not Sell Your Personal Data Ever.

Legal Basis For Processing

Where The General Data Protection Regulation (GDPR) Or Similar Privacy Laws Apply, We Rely On The Following Legal Bases To Process Your Personal Data:

Legal BasisWhen We Use It
Identity & ContactTo Deliver The Services You Or Your Organisation Have Subscribed To
Legitimate InterestsFor Platform Security, Fraud Prevention, Service Improvement, And Internal Analytics
Legal ObligationWhere Processing Is Required To Comply With Applicable Laws Or Regulatory Requirements
ConsentFor Marketing Communications And Any Optional Data Uses Where We Ask For Your Permission

Data Sharing & Third Parties

We Do Not Sell, Rent, Or Trade Your Personal Data With Any Third Party For Commercial Purposes. We Only Share Data In The Limited Circumstances Described Below:

Trusted Service Providers:

We Work With Carefully Vetted Sub-Processors Who Process Data Strictly On Our Behalf Under Binding Data Processing Agreements.

Enterprise Client Instructions:

When Your Organisation's Administrators Configure Integrations With External Tools (CRM, ERP, PMS, Etc.), Data May Be Shared With Those Systems As Directed By Your Organisation.

Legal Requirements:

We May Disclose Information When Required By Law, Court Order, Or To Protect The Rights, Property, Or Safety Of OtonomiQ AI, Our Clients, Or The Public.

Business Transfers:

In The Event Of A Merger, Acquisition, Or Sale Of Assets, Personal Data May Be Transferred. You Will Be Notified In Advance.

How Long We Keep Your Data

We Retain Your Data Only For As Long As Necessary To Fulfil The Purposes Described In This Policy, Or As Required By Applicable Law.

Data TypeRetention Period
Active Account DataDuration Of The Contractual Relationship
Conversation And Audit LogsAs Configured By The Enterprise Client (Default: 12 Months)
Support Records3 Years From Case Closure
Financial And Billing Records7 Years (As Required By Applicable Tax Law)
Website Analytics (Anonymised)26 Months Rolling

When Data Is No Longer Needed, It Is Securely Deleted Or Anonymised In Accordance With Our Data Lifecycle Policy.

How We Protect Your Data

Security Is Not A Feature For Us, It Is A Core Design Principle. OtonomiQ AI Is Built From The Ground Up For Compliance-Sensitive Environments, Including Healthcare And Financial Services, Where Data Protection Is Non-Negotiable.

  • Encryption In Transit (TLS 1.2+) And At Rest For All Stored Data
  • Role-Based Access Controls Ensuring Only Authorised Personnel Can Access Specific Data
  • Full Audit Trails That Log Every Automated Decision And Human Action Within The Platform
  • Regular Vulnerability Assessments And Penetration Testing
  • Enterprise-Grade Guardrails Built Into Every AI Interaction To Prevent Data Leakage
  • Incident Response Protocols With Defined Escalation And Notification Procedures

Our Compliance Commitments

OtonomiQ AI Is Designed And Operated To Meet The Expectations Of Regulated Industries Worldwide. Our Current Compliance Posture Includes:

CertificationWhat It Means For You
HIPAA CompliantOur Platform Meets The Requirements Of The Health Insurance Portability And Accountability Act For Healthcare And Lab Environments Handling Protected Health Information.
GDPR ProactiveWe Follow The Principles Of The EU General Data Protection Regulation, Including Data Minimisation, Purpose Limitation, And Your Right To Be Forgotten.
ISO 27001 AlignedOur Information Security Management Practices Follow The Internationally Recognised ISO/IEC 27001 Standard For Systematic Risk Management.
SOC CertifiedWe Maintain SOC-Level Controls To Provide Verifiable Assurance That Our Systems Meet Security, Availability, And Confidentiality Commitments.

Your Rights

Depending On Where You Are Located And The Applicable Laws In Your Jurisdiction, You May Have Some Or All Of The Following Rights Regarding Your Personal Data:

  • Right To Access:  Request A Copy Of The Personal Data We Hold About You
  • Right To Correction:  Ask Us To Correct Inaccurate Or Incomplete Information
  • Right To Erasure:  Request Deletion Of Your Personal Data, Subject To Legal Obligations
  • Right To Restrict Processing:  Ask Us To Pause How We Use Your Data In Certain Situations
  • Right To Data Portability:  Receive Your Data In A Structured, Machine-Readable Format
  • Right To Object:  Object To Processing Based On Legitimate Interests Or For Direct Marketing
  • Right To Withdraw Consent:  Where Processing Is Based On Consent, Withdraw It At Any Time

To Exercise Any Of These Rights, Please Email Us At Tabrez@Otonomiq.Ai. We Will Respond Within 30 Days (Or Sooner, Where Required By Law). There Is No Charge For Making A Request Unless It Is Manifestly Unfounded Or Excessive.

If You Are An End-User Of An OtonomiQ-Powered Service Operated By An Enterprise Client, Please Direct Your Data Rights Requests To That Organisation Directly, As They Are The Data Controller For Your Information.

Cookies & Tracking Technologies

Our Website Uses Cookies And Similar Technologies To Keep The Site Working Properly And To Understand How Visitors Use It. Here Is What We Use And Why:

Cookie TypePurposeCan You Opt Out?
EssentialRequired For Core Functionality, Login Sessions, Security Tokens, Load BalancingNo (Necessary For The Site To Work)
AnalyticsHelp Us Understand Visitor Behaviour To Improve The Site (Anonymised Data)Yes, Via Cookie Settings
FunctionalRemember Your Preferences For A Smoother ExperienceYes, Via Cookie Settings
MarketingUsed Only If You Have Opted In; Help Us Show Relevant Content About Our ServicesYes, Via Cookie Settings Or Opt-Out Links

You Can Manage Your Cookie Preferences At Any Time Through Your Browser Settings. Note That Disabling Essential Cookies May Affect Platform Functionality.

Children's Privacy

OtonomiQ AI Is An Enterprise Platform Designed Exclusively For Business Use By Adults. Our Services Are Not Directed At, And Are Not Intended For Use By, Children Under The Age Of 18. We Do Not Knowingly Collect Personal Data From Minors. If You Believe A Child Has Provided Us With Personal Information Without Appropriate Consent, Please Contact Us Immediately And We Will Delete That Data Promptly.

International Data Transfers

OtonomiQ AI Serves Enterprise Clients Across Multiple Countries And Regions. Data May Be Processed And Stored In Locations Outside Of Your Country Of Residence. When We Transfer Data Internationally, We Ensure Appropriate Safeguards Are In Place, Which May Include:

  • Standard Contractual Clauses (SCCs) Approved By The European Commission
  • Data Processing Agreements With Sub-Processors That Meet Equivalent Standards
  • Transfers To Countries Recognised As Providing An Adequate Level Of Data Protection

If You Have Questions About The Specific Safeguards Applicable To Your Organisation's Data, Please Reach Out To Us Directly.

Changes To This Policy

We May Update This Privacy Policy From Time To Time As Our Platform Evolves, As Regulations Change, Or As We Improve How We Explain Our Practices. When We Make Meaningful Changes, We Will:

  • Update The "Last Updated" Date At The Top Of This Page
  • Notify Enterprise Clients Via Email At Least 14 Days Before Significant Changes Take Effect
  • Maintain A Version History Summary Available Upon Request

We Encourage You To Review This Page Periodically. Continued Use Of Our Services After Changes Take Effect Constitutes Acceptance Of The Updated Policy.

Questions? Talk To Us

Privacy Is A Conversation, Not A Checkbox. If You Have Any Questions About This Policy, Want To Exercise Your Rights, Or Just Want To Understand Something Better, Our Team Is Here For You.

Phone

+91 75500 51204

Address

Chennai, India