Privacy Policy

Vaimanasoft ("we," "us," or "our") operates the website vaimanasoft.com and provides a SaaS mobile app analytics platform designed for Android developers. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our dashboard, integrate our Android SDK, or interact with any of our services (collectively, the "Services").

This Privacy Policy applies to all users of our Services, including account holders (app developers), end-users of applications that integrate our SDK, and visitors to our website. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

Vaimanasoft is headquartered in Guntur, Andhra Pradesh, India, and our Services are governed by applicable Indian law, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023 (DPDPA). Where applicable, we also comply with the European Union General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

1. Introduction

Vaimanasoft provides a comprehensive mobile app analytics platform that enables Android developers to understand their users, measure app performance, run A/B tests, manage feature flags, send push notifications, and gain AI-powered insights. Our platform includes:

• A real-time analytics dashboard accessible via web browser
• An Android SDK for integration into mobile applications
• User segmentation capabilities across 11+ configurable segments
• An A/B testing framework and feature flag management system
• Push notification delivery via Firebase Cloud Messaging (FCM)
• AI-powered analytics insights powered by Claude AI (Anthropic)
• REST APIs and webhooks for programmatic access and integration

This Privacy Policy describes the types of information we may collect from you or that you may provide, and our practices for collecting, using, maintaining, protecting, and disclosing that information. It applies to information collected through our website, dashboard, SDK, APIs, and any related services.

2. Definitions

For the purposes of this Privacy Policy, the following terms have the meanings set out below:

• Personal Data means any information relating to an identified or identifiable natural person ("Data Subject"). An identifiable person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, email address, device identifier, or online identifier.
• Data Controller means the natural or legal person who determines the purposes and means of the processing of Personal Data. When you use our Services as an app developer, you are the Data Controller for your end-users' analytics data.
• Data Processor means a natural or legal person who processes Personal Data on behalf of the Data Controller. Vaimanasoft acts as a Data Processor when processing analytics data collected through our SDK on behalf of app developers.
• Data Fiduciary means, under the Indian Digital Personal Data Protection Act 2023, any person who alone or in conjunction with other persons determines the purpose and means of processing of personal data. This is the Indian equivalent of a Data Controller.
• Data Principal means, under the DPDPA 2023, the individual to whom the personal data relates.
• Processing means any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
• Services means the Vaimanasoft website, analytics dashboard, Android SDK, REST APIs, webhooks, and all related tools, features, and functionalities provided by Vaimanasoft.
• SDK means the Vaimanasoft Software Development Kit for Android, which app developers integrate into their mobile applications to collect analytics data.
• End-User means any individual who uses an application that has integrated the Vaimanasoft SDK.
• Account Holder means a developer or organization that has registered for a Vaimanasoft account to use our analytics platform.

3. Information We Collect

We collect several categories of information depending on how you interact with our Services. The following subsections describe each category in detail.

3.1 Account Data

When you register for a Vaimanasoft account, we collect:

• Name — Your full name as provided during registration
• Email address — Used for account verification, authentication, and communications
• Password — Stored securely using bcrypt hashing with salt; we never store plaintext passwords
• Organization name — If provided, for billing and identification purposes
• Account preferences — Dashboard settings, notification preferences, and configuration choices

3.2 Analytics Data (Collected as Data Processor)

Through our Android SDK, we collect the following data from end-users of applications that integrate Vaimanasoft, on behalf of the app developer (the Data Controller):

• Device information — Android ID, device brand, device model, Android OS version, app version name and code
• App events — Custom events defined by the app developer, including event names, parameters, timestamps, and associated metadata
• Country-level location — Derived from IP address geolocation; we do not collect precise GPS coordinates
• FCM tokens — Firebase Cloud Messaging device tokens used for push notification delivery
• User segments — Segment assignments based on device properties, behavior, and developer-defined criteria
• Session data — App session start/end times, session duration, and session frequency
• A/B test assignments — Which test variants an end-user has been assigned to and conversion events
• Feature flag states — Which feature flags are active for each end-user

3.3 Dashboard Usage Data

When you access the Vaimanasoft dashboard or website, we automatically collect:

• Session cookies — To maintain your authenticated session
• JWT tokens — JSON Web Tokens used for API authentication
• IP address — For security monitoring, rate limiting, and approximate geolocation
• Browser information — Browser type, version, operating system, language preferences, and screen resolution
• Referral source — The URL from which you arrived at our website
• Pages visited — Which pages and features of the dashboard you access

3.4 Payment Data

Payments for our Services are processed by Stripe. When you subscribe to a paid plan:

• Your payment card information is collected and processed directly by Stripe
• We do not store, process, or have access to your full credit card numbers
• We receive from Stripe only: the last four digits of your card, card brand, expiration date, billing country, and transaction confirmation details
• We store your Stripe customer ID to manage your subscription

4. How We Collect Information

4.1 Information You Provide Directly

We collect information that you voluntarily provide when you:

• Register for a Vaimanasoft account
• Subscribe to a paid plan or update your billing information
• Contact us via email or through our contact forms
• Respond to surveys or participate in promotions
• Configure your analytics dashboard, create segments, or set up experiments

4.2 Information Collected via the SDK

Our Android SDK is integrated into mobile applications by developers. Once integrated, the SDK automatically collects device information, app events, and other analytics data as configured by the app developer. The SDK transmits this data to our servers via encrypted HTTPS connections. The SDK does not collect data until it is initialized by the app developer with a valid API key.

4.3 Information Collected Automatically

When you access our website or dashboard, we automatically collect certain information through cookies, log files, and similar technologies. This includes your IP address, browser type, operating system, referring URLs, pages viewed, and timestamps. Our servers also generate log data that may include request details, error reports, and performance metrics.

4.4 Information from Third Parties

We may receive limited information from third-party services, including:

• Firebase — Crash reporting data and notification delivery status
• Stripe — Subscription status and payment confirmation
• Google Analytics — Aggregated website usage statistics

5. Legal Basis for Processing

We process Personal Data based on the following legal bases, as applicable under the GDPR and other data protection laws:

5.1 Performance of a Contract

We process your account data and usage data as necessary to perform our contractual obligations to you when you sign up for and use our Services. This includes providing access to the dashboard, processing analytics data, delivering push notifications, and managing your subscription.

5.2 Legitimate Interests

We process certain data based on our legitimate interests, provided these interests are not overridden by your fundamental rights and freedoms. Our legitimate interests include:

• Improving and optimizing our Services and user experience
• Ensuring the security and integrity of our platform
• Preventing fraud, abuse, and unauthorized access
• Analyzing usage patterns to develop new features
• Communicating with you about your account and our Services

5.3 Consent

Where required by applicable law, we rely on your consent to process certain data. You may withdraw your consent at any time by contacting us at info@vaimanasoft.com. Withdrawal of consent does not affect the lawfulness of processing performed prior to withdrawal. Specifically, we rely on consent for:

• Sending you marketing or promotional communications
• Processing data through optional AI-powered features
• Setting non-essential cookies on your device

5.4 Legal Obligations

We may process your data to comply with applicable legal obligations, such as responding to valid legal processes, maintaining records for tax and accounting purposes, or complying with data protection authority requests.

6. How We Use Your Information

We use the information we collect for the following purposes:

• Providing and maintaining our Services — Including operating the analytics dashboard, processing SDK data, delivering push notifications, running A/B tests, and managing feature flags
• Account management — Creating and managing your account, authenticating access, and processing subscription payments
• Analytics processing — Aggregating and analyzing data collected through the SDK to generate reports, charts, user segments, and insights for app developers
• AI-powered insights — Processing aggregated analytics data through Claude AI (Anthropic) to generate intelligent recommendations and insights for account holders
• Push notification delivery — Using FCM tokens to deliver targeted push notifications on behalf of app developers to their end-users
• Service improvement — Analyzing how our platform is used to improve features, performance, and user experience
• Security and fraud prevention — Monitoring for suspicious activity, preventing unauthorized access, and enforcing rate limits
• Communication — Sending you account-related notifications, service updates, security alerts, and (with your consent) marketing communications
• Legal compliance — Meeting our legal obligations, resolving disputes, and enforcing our terms of service
• Technical support — Diagnosing issues, responding to support requests, and troubleshooting problems

7. Data Controller vs. Data Processor Role

Understanding the distinction between our roles as Data Controller and Data Processor is critical to understanding how your data is handled within our platform.

7.1 Vaimanasoft as Data Controller

Vaimanasoft acts as the Data Controller for:

• Account data of our registered users (app developers and organizations)
• Dashboard usage data and website visitor data
• Payment and billing data
• Communications and correspondence data
• Data collected through cookies on our website and dashboard

As Data Controller, we determine the purposes and means of processing this data, and we are directly responsible for complying with data protection laws in relation to this data.

7.2 Vaimanasoft as Data Processor

Vaimanasoft acts as a Data Processor for:

• Analytics data collected through our Android SDK from end-users of third-party applications
• Push notification delivery data (FCM tokens and notification content)
• A/B test data and feature flag assignments for end-users
• User segment data for end-users

7.3 Data Processing Agreement

For customers who require it (particularly those subject to GDPR), we offer a Data Processing Agreement (DPA) that outlines the specific terms under which we process data on your behalf as a Data Processor. To request a DPA, please contact us at contact@vaimanasoft.com.

8. Analytics SDK Data Collection

This section provides detailed information about the data collected by the Vaimanasoft Android SDK, how it is transmitted, and the obligations of developers who integrate it.

8.1 What the SDK Collects

When initialized by an app developer, the Vaimanasoft SDK collects the following data from end-user devices:

• Android ID — A unique device identifier used to distinguish individual devices. This is not a hardware-level identifier and can be reset by the end-user.
• Device brand and model — For device segmentation and compatibility analysis (e.g., "Samsung Galaxy S24")
• Android OS version — The operating system version running on the device
• App version — The version name and version code of the integrated application
• Custom events — Events defined and triggered by the app developer, including event names, custom parameters, and timestamps
• Country-level location — Derived server-side from the device's IP address; the SDK does not access GPS, Wi-Fi, or cell tower location data
• FCM token — The Firebase Cloud Messaging registration token for push notification delivery
• Language and locale — The device's configured language and regional settings
• Network type — Whether the device is connected via Wi-Fi or mobile data (no carrier information is collected)

8.2 How the SDK Transmits Data

All data transmitted by the SDK is sent over encrypted HTTPS connections to Vaimanasoft's servers. The SDK batches events to minimize network requests and battery consumption. Data is sent using authenticated API endpoints that require a valid API key tied to the developer's account.

8.3 What the SDK Does Not Collect

The Vaimanasoft SDK does not collect:

• Contact lists, call logs, or SMS messages
• Photos, videos, or files stored on the device
• Precise GPS coordinates or fine-grained location data
• Audio recordings or microphone data
• Passwords, financial information, or government-issued identifiers
• Data from other applications on the device
• IMEI, SIM serial number, or phone number

8.4 Developer Obligations

Developers who integrate the Vaimanasoft SDK into their applications must:

• Include a clear and comprehensive privacy policy in their application that discloses the collection of analytics data through Vaimanasoft
• Obtain any consents required by applicable laws (including GDPR, CCPA, and the DPDPA 2023) before initializing the SDK
• Comply with Google Play Store policies regarding data collection and privacy disclosures
• Not use the SDK to collect sensitive personal data (such as health data, religious beliefs, or sexual orientation) without proper legal basis and additional safeguards
• Promptly notify Vaimanasoft and their end-users in the event of any suspected data breach involving analytics data
• Respond to data subject requests from their end-users and coordinate with Vaimanasoft when necessary to fulfill those requests

9. AI-Powered Features

Vaimanasoft offers AI-powered analytics insights using Claude AI, developed by Anthropic. This section describes how data is used in connection with these features.

9.1 What Data Is Sent to Claude AI

When you use AI-powered features (such as natural-language analytics queries, automated insight generation, or trend analysis), we send the following data to the Anthropic API:

• Aggregated analytics summaries — Statistical summaries of app events, user counts, session metrics, and trend data. These are pre-aggregated and do not include individual user records.
• Segment metadata — Names and descriptions of user segments, along with aggregate counts and behavioral statistics
• Query context — Your natural-language questions and the context necessary for the AI to generate relevant insights
• Experiment results — Aggregated A/B test outcomes and conversion metrics

9.2 Data Minimization

We apply strict data minimization principles when using AI features:

• We send only aggregated or summarized data to the AI service, never individual user records or raw event logs
• Individual device identifiers (such as Android IDs) are never sent to Claude AI
• FCM tokens, IP addresses, and other directly identifying information are excluded from AI processing
• Data sent to the AI is used solely to generate the requested insight and is not used to train Anthropic's models

9.3 Anthropic's Data Handling

Per Anthropic's API terms of service, data submitted through the Claude API is not used to train or improve Anthropic's models. For more information, please review Anthropic's Privacy Policy and their API Terms of Service.

9.4 Opting Out of AI Features

AI-powered insights are optional. You are not required to use them to access the core analytics, segmentation, A/B testing, or push notification features. If you prefer not to have any data processed through AI, simply do not use the AI insight features in the dashboard.

10. Third-Party Service Providers

We engage the following third-party service providers to support the operation of our Services. Each provider has access only to the data necessary to perform their designated function and is contractually obligated to protect your information.

10.1 Firebase (Google)

Purpose: Push notification delivery via Firebase Cloud Messaging (FCM) and crash reporting.

Data shared: FCM device tokens, notification content, and crash log data.

Privacy Policy: https://firebase.google.com/support/privacy

10.2 Google AdMob

Purpose: Advertisement delivery within mobile applications that use AdMob in conjunction with Vaimanasoft.

Data shared: Advertising ID, device information, and ad interaction data (managed by the app developer's AdMob integration).

Privacy Policy: https://policies.google.com/privacy

10.3 Stripe

Purpose: Payment processing for subscription plans.

Data shared: Billing name, email address, and payment card details (collected directly by Stripe).

Privacy Policy: https://stripe.com/privacy

10.4 Claude AI / Anthropic

Purpose: AI-powered analytics insights and natural-language query processing.

Data shared: Aggregated analytics summaries, segment metadata, and user queries (see Section 9 for details).

Privacy Policy: https://www.anthropic.com/privacy

10.5 Google Analytics

Purpose: Website traffic analysis and visitor behavior tracking for vaimanasoft.com.

Data shared: IP address (anonymized), browser information, pages visited, and referral sources.

Privacy Policy: https://policies.google.com/privacy

11. Data Sharing and Disclosure

We do not sell, rent, or trade your Personal Data to third parties. We may share your information only in the following circumstances:

11.1 With Service Providers

We share data with third-party service providers who assist us in operating our platform, as described in Section 10. These providers are bound by contractual obligations to process data only as instructed and to implement appropriate security measures.

11.2 With App Developers (for Analytics Data)

Analytics data collected through the SDK is made available to the app developer (Data Controller) who integrated the SDK. This data is presented through the dashboard, APIs, and webhooks as configured by the developer.

11.3 For Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order, government agency request, or regulatory inquiry). This includes:

• Complying with a legal obligation or judicial proceeding
• Protecting and defending the rights or property of Vaimanasoft
• Preventing or investigating possible wrongdoing in connection with the Services
• Protecting the personal safety of users of the Services or the public
• Protecting against legal liability

11.4 Business Transfers

If Vaimanasoft is involved in a merger, acquisition, asset sale, corporate restructuring, or bankruptcy, your Personal Data may be transferred as part of that transaction. We will provide notice before your Personal Data is transferred and becomes subject to a different privacy policy. In such cases, we will ensure the receiving entity maintains at least the same level of data protection as described in this policy.

11.5 With Your Consent

We may share your information for any other purpose with your explicit consent.

12. International Data Transfers

Vaimanasoft is based in India, and our primary servers are located in India. If you access our Services from outside India, please be aware that your information may be transferred to, stored, and processed in India.

When we transfer data internationally (for example, when data is processed by our third-party providers such as Stripe, Firebase, or Anthropic, whose servers may be located in the United States or other countries), we ensure that appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) — Where required under GDPR, we rely on European Commission-approved Standard Contractual Clauses for data transfers to countries that have not received an adequacy decision
• Contractual protections — Our agreements with third-party providers include data protection obligations that ensure your data is treated securely and in accordance with this Privacy Policy
• Data minimization — We limit the data transferred internationally to what is strictly necessary for the relevant processing purpose

By using our Services, you acknowledge and consent to the transfer and processing of your data in India and other countries where our service providers operate. If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction with data transfer restrictions, you have the right to ask us about the specific safeguards we have in place by contacting us at contact@vaimanasoft.com.

13. Data Retention

We retain your data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

13.1 Account Data

We retain your account data for as long as your account is active. If you delete your account, we will delete or anonymize your account data within 30 days, except where we are required to retain certain information for legal, tax, or compliance purposes (in which case we may retain it for up to 5 years).

13.2 Analytics Data Retention by Plan

Analytics data collected through the SDK is retained based on your subscription plan tier:

• Free plan: 30 days from the date of collection
• Starter plan: 90 days from the date of collection
• Pro plan: 1 year from the date of collection
• Enterprise plan: 2 years from the date of collection

After the applicable retention period, analytics data is permanently deleted from our active systems. Backups containing expired data are purged within 30 days following the retention period expiration.

13.3 Dashboard Usage Data

Server logs and dashboard usage data are retained for up to 90 days for security monitoring and debugging purposes, after which they are automatically purged.

13.4 Payment Data

Transaction records are retained for as long as required by applicable tax and financial regulations (typically 7 years in India under the Income Tax Act). Stripe retains payment card information in accordance with their own retention policies.

14. Data Security

We take the security of your data seriously and implement industry-standard technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction.

14.1 Encryption

• In transit: All data transmitted between your device/browser and our servers is encrypted using HTTPS/TLS (Transport Layer Security)
• At rest: Sensitive data stored in our databases is encrypted using AES-256 encryption
• SDK communication: All SDK data transmissions use encrypted HTTPS connections with certificate pinning where supported

14.2 Authentication and Access Control

• Password hashing: User passwords are hashed using bcrypt with a cost factor that ensures computational resistance against brute-force attacks; plaintext passwords are never stored
• JWT authentication: Dashboard and API access is authenticated using JSON Web Tokens with appropriate expiration times and secure token handling
• API key authentication: SDK endpoints require valid API keys tied to registered developer accounts
• Role-based access: Internal access to user data is limited to authorized personnel on a need-to-know basis

14.3 Infrastructure Security

• Rate limiting: API endpoints implement rate limiting to prevent abuse and denial-of-service attacks
• Input validation: All user inputs are validated and sanitized to prevent injection attacks
• Regular updates: Server software and dependencies are regularly updated to patch known vulnerabilities
• Monitoring: We maintain security monitoring and logging to detect and respond to potential threats

While we strive to use commercially acceptable means of protecting your Personal Data, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to promptly addressing any security incidents that may occur.

15. Your Rights Under GDPR

If you are located in the European Economic Area (EEA) or the United Kingdom, the General Data Protection Regulation (GDPR) grants you specific rights regarding your Personal Data. You may exercise any of the following rights by contacting us at contact@vaimanasoft.com.

• Right of Access (Article 15) — You have the right to request a copy of the Personal Data we hold about you, along with information about how it is processed
• Right to Rectification (Article 16) — You have the right to request correction of inaccurate Personal Data and completion of incomplete data
• Right to Erasure (Article 17) — You have the right to request deletion of your Personal Data under certain circumstances, such as when the data is no longer necessary for its original purpose or when you withdraw consent
• Right to Data Portability (Article 20) — You have the right to receive your Personal Data in a structured, commonly used, machine-readable format and to transmit that data to another controller
• Right to Restriction of Processing (Article 18) — You have the right to request that we restrict the processing of your Personal Data in certain situations, such as while we verify the accuracy of your data
• Right to Object (Article 21) — You have the right to object to the processing of your Personal Data based on legitimate interests or for direct marketing purposes
• Right to Withdraw Consent (Article 7) — Where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal
• Right to Lodge a Complaint — You have the right to lodge a complaint with a supervisory authority in the EU member state where you reside, work, or where the alleged infringement occurred

We will respond to your request within 30 days. In certain circumstances, we may extend this period by an additional 60 days, in which case we will inform you of the extension and the reasons for the delay.

16. Your Rights Under CCPA

If you are a California resident, the California Consumer Privacy Act (CCPA) and its amendment, the California Privacy Rights Act (CPRA), provide you with specific rights regarding your Personal Information. This section applies to you.

• Right to Know — You have the right to request that we disclose the categories and specific pieces of Personal Information we have collected about you, the categories of sources from which the information was collected, the purposes for collecting the information, and the categories of third parties with whom we share the information
• Right to Delete — You have the right to request that we delete Personal Information we have collected from you, subject to certain exceptions (such as when the information is needed to complete a transaction or comply with a legal obligation)
• Right to Opt-Out of Sale or Sharing — Vaimanasoft does not sell your Personal Information. We do not share your Personal Information for cross-context behavioral advertising. If this practice changes in the future, we will update this policy and provide a "Do Not Sell or Share My Personal Information" link
• Right to Non-Discrimination — We will not discriminate against you for exercising any of your CCPA rights. We will not deny you Services, charge different prices, provide a different level of service, or suggest that you will receive a different quality of service for exercising your rights
• Right to Correct — You have the right to request correction of inaccurate Personal Information that we maintain about you
• Right to Limit Use of Sensitive Personal Information — If we collect sensitive Personal Information, you have the right to limit its use to what is necessary to provide the Services

To exercise your CCPA rights, please submit a verifiable consumer request by emailing contact@vaimanasoft.com. We will verify your identity before processing your request. You may also designate an authorized agent to make a request on your behalf.

We will respond to verifiable consumer requests within 45 days. If we require more time, we will inform you of the reason and the extension period, which shall not exceed an additional 45 days.

17. Your Rights Under India DPDPA 2023

If you are an Indian resident, the Digital Personal Data Protection Act, 2023 (DPDPA) grants you the following rights as a "Data Principal":

• Right to Information — You have the right to obtain a summary of the personal data being processed by us, along with information about the processing activities, including the identities of all Data Processors and Data Fiduciaries with whom your personal data has been shared
• Right to Correction and Erasure — You have the right to request the correction of inaccurate or misleading personal data, the completion of incomplete personal data, the updating of personal data, and the erasure of personal data that is no longer necessary for the purpose for which it was collected
• Right to Grievance Redressal — You have the right to have readily available means of registering a grievance with us regarding any act or omission of Vaimanasoft regarding your personal data. Our Grievance Officer details are provided in Section 24 of this policy
• Right to Nominate — You have the right to nominate another individual who shall, in the event of your death or incapacity, exercise your rights as a Data Principal
• Right to Withdraw Consent — Where processing is based on your consent, you have the right to withdraw consent at any time, with the ease of doing so being comparable to the ease with which consent was given

Under the DPDPA 2023, as a Data Principal, you also have the following duties:

• To comply with applicable laws when exercising your rights
• Not to register a false or frivolous complaint with the Data Protection Board of India
• To furnish only verifiable and authentic information when exercising your right to correction
• Not to impersonate another person when providing personal data

Vaimanasoft acts as a Data Fiduciary under the DPDPA 2023 for the personal data of its account holders and website visitors. We are committed to processing personal data only for lawful purposes and in compliance with the provisions of the Act.

To exercise your rights under the DPDPA 2023, please contact our Grievance Officer at contact@vaimanasoft.com. We will respond to your request within the timeframe prescribed by the Act and any rules framed thereunder.

18. Cookies and Tracking Technologies

18.1 What Are Cookies

Cookies are small text files that are placed on your device by websites you visit. They are widely used to make websites work efficiently, remember your preferences, and provide reporting information.

18.2 Cookies We Use

We use the following types of cookies on our website and dashboard:

• Strictly Necessary Cookies — These cookies are essential for the functioning of our website and dashboard. They enable core features such as user authentication, session management, and security. These cookies cannot be disabled without impacting the functionality of the Services. Examples include session cookies and CSRF protection tokens.
• Functional Cookies — These cookies remember your preferences and settings, such as language, timezone, and dashboard layout choices, to provide a personalized experience.
• Analytics Cookies — We use Google Analytics cookies to understand how visitors interact with our website. These cookies collect information such as pages visited, time spent on pages, and referral sources. This data is aggregated and anonymized. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

18.3 Managing Cookies

Most web browsers allow you to control cookies through their settings. You can set your browser to refuse cookies, delete existing cookies, or alert you when a cookie is being set. Please note that disabling essential cookies may affect the functionality of our Services.

For more information about cookies and how to manage them, visit www.allaboutcookies.org.

18.4 Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals to websites. There is currently no universally accepted standard for how to respond to DNT signals. At this time, our website does not respond to DNT signals, but we respect your privacy choices and encourage you to manage your preferences through cookie settings and the opt-out mechanisms described above.

19. Children's Privacy

Our Services are not directed to individuals under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect Personal Data from children under 13 years of age, in compliance with the Children's Online Privacy Protection Act (COPPA) and similar laws.

If we become aware that we have collected Personal Data from a child under 13 without verification of parental consent, we will take immediate steps to delete that information from our servers.

If you are a parent or guardian and believe your child has provided us with Personal Data, please contact us at info@vaimanasoft.com. We will promptly investigate and take appropriate action.

20. Push Notification Data

Vaimanasoft provides push notification functionality through Firebase Cloud Messaging (FCM). This section describes how push notification data is handled.

20.1 FCM Tokens

When an end-user installs an application that uses the Vaimanasoft SDK with push notifications enabled, a unique FCM device token is generated by Firebase and stored on our servers. This token is used solely for the purpose of delivering push notifications to the device.

20.2 Notification Content

Push notification content (titles, messages, images, and action URLs) is created by the app developer through the Vaimanasoft dashboard or API. We transmit this content to Firebase for delivery. Notification content is stored on our servers for the duration of the analytics data retention period applicable to the developer's plan.

20.3 Targeted Notifications

App developers can send push notifications to specific user segments based on device properties, behavioral data, and custom criteria. This targeting is performed on our servers, and only the relevant FCM tokens are sent to Firebase for delivery. The targeting criteria and segment definitions remain on our platform and are not shared with Firebase.

20.4 Opting Out of Push Notifications

End-users can disable push notifications at the device level through their Android system settings for the specific application. App developers can also implement in-app opt-out mechanisms. When an FCM token becomes invalid (e.g., when the app is uninstalled), it is automatically removed from our active notification targets.

21. Links to Other Sites

Our Services may contain links to third-party websites, applications, or services that are not operated by us. These links are provided for your convenience and do not signify our endorsement of the linked content.

If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the privacy policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies, data practices, or security measures of any third-party sites or services. This includes, but is not limited to, the websites and services of our third-party providers listed in Section 10.

22. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes:

• We will update the "Last updated" date at the top of this page
• For material changes that significantly affect how we process your Personal Data, we will provide notice through one or more of the following methods:
  • A prominent notice on our website and/or dashboard
  • An email notification to account holders at the email address associated with their account
  • An in-dashboard banner or alert
• For non-material changes (such as formatting or clarification edits), we may update the policy without additional notice

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our Services after any changes to this policy constitutes your acceptance of the updated terms.

If you do not agree with the revised policy, you should discontinue your use of our Services and contact us to delete your account.

23. Data Breach Notification

In the event of a data breach that results in unauthorized access to, or disclosure of, Personal Data, Vaimanasoft will take the following steps:

23.1 Internal Response

• Immediately investigate the scope, cause, and impact of the breach
• Take all reasonable steps to contain the breach and mitigate its effects
• Document the breach, including the facts, its effects, and the remedial actions taken

23.2 Notification to Authorities

• Under GDPR: We will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals
• Under DPDPA 2023: We will notify the Data Protection Board of India and the affected Data Principals in the manner and within the timeframe prescribed by the Act and applicable rules
• Under CCPA: We will comply with California's breach notification requirements under Civil Code Section 1798.82
• Under Indian IT Act: We will comply with the breach notification requirements under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011

23.3 Notification to Affected Individuals

If the breach is likely to result in a high risk to the rights and freedoms of affected individuals, we will notify them without undue delay. This notification will include:

• A description of the nature of the breach
• The categories and approximate number of data records affected
• The likely consequences of the breach
• The measures taken or proposed to be taken to address the breach and mitigate its possible adverse effects
• Contact details of our team for further information

23.4 Notification to App Developers

If a breach affects analytics data processed on behalf of app developers (where we act as Data Processor), we will notify the affected app developers without undue delay so they can fulfill their own notification obligations to their end-users and relevant authorities.

24. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy, your Personal Data, or our data processing practices, please do not hesitate to contact us using the information below.