Nexren ("we", "us", or "our") operates the website nexren.ai and provides a comprehensive suite of AI-powered enterprise solutions — including Voice AI, Note AI, Drawing AI, Agentic AI, AI for CCTV, AI for Sales, AI for Quality, AI for Operations, and AI for Knowledge Management — to businesses and enterprises across India and internationally (collectively, the "Services").

This Privacy Policy explains how we collect, use, store, share, and protect personal information when you visit our website or use any of our Services. It is drafted in compliance with the Digital Personal Data Protection Act, 2023 (DPDPA), the IT (SPDI) Rules 2011, and, where applicable, the General Data Protection Regulation (GDPR).

Please read this Policy carefully. If you do not agree with its terms, please stop using our website and Services.

1. Who We Are & How to Contact Us

Nexren Technologies Pvt. Ltd. is an AI-powered enterprise solutions company registered in India. We provide the following Services to business and enterprise clients:

• Voice AI: Industrial speech recognition, voice command processing, multilingual transcription, and conversational AI for manufacturing and operational environments
• Note AI: AI-driven transcription, smart note-taking, automatic meeting summaries, and structured knowledge capture
• Drawing AI: Automated extraction of dimensions, tolerances, material specifications, and production estimates from technical drawings and engineering blueprints
• Agentic AI: Autonomous AI agents for multi-step task execution, workflow orchestration, and intelligent enterprise automation
• AI for CCTV: Smart video surveillance, real-time AI detection (people counting, ANPR, PPE compliance, perimeter security, fire detection), event-based recording, and centralized video management via the Servelens platform
• AI for Sales: AI-assisted pipeline management, lead scoring, conversation intelligence, and conversion optimisation
• AI for Quality: Automated visual defect detection, inline quality inspection, and AI-driven quality assurance for production lines
• AI for Operations: Workflow automation, process monitoring, activity tracking, and productivity analytics for industrial environments
• AI for Knowledge Management: Enterprise knowledge base creation, intelligent document search, semantic retrieval, and institutional memory tools

For all privacy-related matters, please contact our Grievance Officer (see Section 17).

2. Scope of This Policy

This Privacy Policy applies to:

• Visitors to our website nexren.ai
• Business clients and organisations that subscribe to any Nexren AI solution or service
• Employees, contractors, or authorised representatives of our clients who access our platforms, dashboards, or APIs
• Third parties whose images, movements, voice, or other personal data may be captured or processed through any Nexren solution deployed by a client (e.g., individuals on camera premises, meeting participants, or individuals whose documents are processed)

3. Information We Collect

3.1 Information You Provide Directly

We collect information you voluntarily provide when you fill in a contact, demo-request, or inquiry form; register for or use our software platform; subscribe to newsletters; or contact our support team. This includes your name, work email address, phone number, company name, job title, and any message or inquiry content you submit.

3.2 AI-Processed Data (Platform Clients)

As a core part of our Services, we process different categories of data depending on the solutions you use:

• Video & Camera Data (AI for CCTV): Live video streams, recorded footage, still images, and metadata. Our AI systems may derive people count, movement patterns, vehicle detection, facial recognition data (where enabled), PPE compliance status, and anomaly detection event logs from video footage.
• Voice & Audio Data (Voice AI / Note AI): Audio recordings, spoken commands, meeting recordings, and transcripts. Our AI processes audio to produce transcriptions, summaries, command outputs, and structured notes.
• Documents & Technical Drawings (Drawing AI / Knowledge Management): Uploaded files including engineering drawings, CAD files, PDFs, Word documents, spreadsheets, and other business documents. Our AI extracts dimensions, specifications, text, metadata, and semantic content from these files.
• Operational & Workflow Data (Agentic AI / AI for Operations / AI for Sales / AI for Quality): Process data, task inputs and outputs, sales pipeline data, quality inspection images and results, workflow logs, and productivity metrics generated through use of our solutions.

3.3 Automatically Collected Website Data

Log data, device information, usage data, and cookies or similar technologies are collected automatically when you visit our website. This includes IP address, browser type, pages visited, time spent, and referral source.

4. How We Use Your Information

We use your information for the following purposes:

• Service Delivery: Providing, configuring, operating, and improving the specific Nexren solutions you have subscribed to — including video analytics, voice transcription, document processing, agentic task execution, and industry-specific AI functions
• Business Operations: Responding to inquiries, managing accounts, processing payments, invoicing, and sending service-related communications
• Marketing Communications: Sending updates, product news, or promotional content where you have provided consent or where a legitimate interest applies; you may opt out at any time
• Security & Fraud Prevention: Monitoring for unauthorized access, detecting security threats, and protecting the integrity of our platform and client data
• Product Improvement: Using anonymised and aggregated data only — never identifiable client data — to improve AI model performance, platform features, and user experience
• Legal & Compliance: Meeting our obligations under applicable law, responding to lawful requests, and enforcing our Terms & Conditions

5. Legal Basis for Processing

5.1 Under India's DPDPA 2023

We process personal data under the following bases as defined under the Digital Personal Data Protection Act 2023: Consent (where obtained from you or the data principal), Legitimate Uses (for service delivery, legal compliance, and fraud prevention), and Legal Obligation (where required by applicable Indian law).

5.2 Under GDPR (for EU/UK Clients or Data Subjects)

For EU/UK clients or where our processing involves EU/UK data subjects, we rely on: Contract Performance (processing necessary to deliver the Services), Legitimate Interests (security, fraud prevention, analytics using anonymised data), Consent (marketing communications and sensitive data), and Legal Obligation.

5.3 Client Responsibility

Clients deploying any Nexren solution — whether for surveillance, voice recording, document processing, or otherwise — are independently responsible for identifying and maintaining a valid legal basis for processing personal data of their employees, customers, or third parties. This includes conducting Data Protection Impact Assessments (DPIAs) where required by applicable law.

6. Data Sharing & Disclosure

We do not sell, rent, or trade your personal data or any client-submitted data. We may share data only in the following circumstances:

• Client Authorised Users: Access to your data is restricted to your designated administrators and authorised users within our platform
• Service Providers & Subcontractors: Trusted infrastructure and technology partners (e.g., cloud hosting, security) who are bound by strict data processing agreements and may not use your data for any other purpose
• Law Enforcement & Regulatory Bodies: Where we are required by a valid legal order, court order, or applicable law to disclose data; we will notify the affected Client where legally permissible
• Business Transfers: In the event of a merger, acquisition, or sale of assets, client data may be transferred subject to equivalent privacy protections and advance notice
• With Your Consent: For any purpose not described above, only with your explicit prior consent

7. Data Retention

7.1 Video & Surveillance Data (AI for CCTV)

• Live video feed: Real-time access only; not archived unless an event trigger activates recording
• Standard recorded footage: 30-day rolling retention by default
• Event-triggered recordings: 90 days, or as specified in the Service Order
• AI analytics logs and event metadata: 12 months
• Biometric data: Deleted within 30 days of service termination

7.2 Voice & Audio Data (Voice AI / Note AI)

• Raw audio recordings: Deleted within 7 days of transcription processing by default, unless configured otherwise
• Transcripts and summaries: Retained for the duration of your subscription, or as configured in your plan
• Voice command logs: 90 days, or as specified in the Service Order

7.3 Documents & Drawing Data (Drawing AI / Knowledge Management)

• Uploaded documents and drawings: Retained for the duration of your subscription; deleted within 30 days of account termination
• Extracted data and AI-generated outputs: Retained for the subscription period, or as configured by the client administrator
• Knowledge base content: Retained until deleted by the client or upon account termination

7.4 Operational & Workflow Data

• Task logs and AI agent outputs (Agentic AI): 12 months, or as specified in the Service Order
• Quality inspection results and images: 12 months by default; configurable per plan
• Sales and operations analytics data: Duration of subscription plus 90 days for export

7.5 Client & Account Data

• Account and contract data: Duration of contract plus 7 years for legal compliance
• Support communications: 3 years from closure of ticket
• Marketing data: Until you withdraw consent or opt out

8. Cookies & Tracking Technologies

Our website uses the following categories of cookies and tracking technologies:

• Strictly Necessary Cookies: Essential for the website and platform to function correctly; cannot be disabled
• Analytics Cookies: Help us understand how visitors interact with our website; used in anonymised, aggregated form
• Functional Cookies: Enable enhanced functionality such as saved preferences and personalised experiences
• Marketing Cookies: Used only with your explicit consent to deliver relevant communications and measure campaign effectiveness

You may manage your cookie preferences at any time through your browser settings or our cookie consent tool.

9. Data Security

We implement industry-standard technical and organisational measures to protect all data processed through our platform, regardless of solution type:

• Encryption in transit: TLS 1.2/1.3 for all data communications including video streams, audio uploads, API calls, and document transfers
• Encryption at rest: AES-256 for all data stored in cloud infrastructure
• Role-based access controls (RBAC) and multi-factor authentication (MFA) for all platform access
• Regular vulnerability assessments and penetration testing
• Formal incident response procedures and breach notification processes
• Logical separation of client data to prevent cross-client access

In the event of a data breach affecting your data, we will notify the affected Client within 72 hours of becoming aware of the incident.

10. International Data Transfers

Nexren's primary data processing and storage infrastructure is located within India. Where subcontractor arrangements — such as cloud providers or specialist AI infrastructure — involve data centres outside India, we ensure appropriate contractual safeguards including Standard Contractual Clauses (SCCs) and equivalent protections. Clients will be notified of any cross-border transfer arrangements relevant to their data at the time of onboarding or upon any change.

11. Your Rights

11.1 Rights Under India's DPDPA 2023

• Right to Access: Request a summary of personal data being processed and the purposes of processing
• Right to Correction & Erasure: Request correction of inaccurate data or erasure of data no longer required for the purpose it was collected
• Right to Grievance Redressal: Lodge a complaint with Nexren's Grievance Officer or the Data Protection Board of India
• Right to Nominate: Nominate another individual to exercise rights on your behalf in the event of death or incapacity

11.2 Additional Rights Under GDPR (EU/UK Clients)

• Right to Restriction: Request that we restrict processing of your personal data in certain circumstances
• Right to Portability: Receive your personal data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time without affecting the lawfulness of prior processing
• Right Against Automated Decisions: Not to be subject to solely automated decisions producing significant legal effects
• Right to Lodge a Complaint: With your local supervisory authority

To exercise any of these rights, please contact our Grievance Officer at [email protected]. We will respond within 30 days.

12. Biometric & Sensitive Personal Data

Certain Nexren solutions may involve the processing of sensitive personal data as defined under applicable law. This includes biometric data (facial recognition, voice prints) captured through AI for CCTV or Voice AI, health and safety data captured through PPE compliance monitoring, and any other data classified as sensitive under the DPDPA 2023 or GDPR.

Where our Services involve such sensitive data, Nexren will:

• Only process it where the Client has obtained explicit written consent from the relevant individuals or holds another valid legal basis
• Ensure it is encrypted at all times, both in transit and at rest
• Not share it with any third party except as strictly necessary for service delivery and under contractual protections
• Delete all sensitive and biometric data within 30 days of service termination
• Provide Clients with the technical controls necessary to limit, anonymise, or delete such data at any time

13. CCTV Surveillance — Client Obligations

Clients who deploy Nexren's AI for CCTV solution via the Servelens platform are the Data Fiduciary / Data Controller for all individuals captured on camera at their premises. Clients are solely responsible for:

• Displaying clear CCTV warning signage at all monitored premises
• Providing adequate notice to employees, visitors, and contractors that surveillance is in operation
• Obtaining required consents for any biometric processing such as facial recognition
• Conducting Data Protection Impact Assessments (DPIAs) where required by applicable law
• Ensuring surveillance is limited to lawful areas and does not extend to spaces where individuals have a reasonable expectation of privacy
• Complying with all applicable surveillance regulations, employment laws, and data protection legislation in their jurisdiction

Similarly, clients using Voice AI or Note AI are responsible for informing and obtaining consent from all meeting participants or individuals whose voice is being recorded, where required by applicable law. Clients using Drawing AI or Knowledge Management solutions are responsible for ensuring they hold appropriate rights over any documents or intellectual property uploaded to the platform.

14. Children's Privacy

Our Services are directed exclusively to businesses and enterprise clients and are not intended for use by or directed to individuals under the age of 18. We do not knowingly collect personal data directly from children under 18. Where Nexren solutions are deployed in environments where minors may be incidentally captured (e.g., CCTV at public-facing premises), the Client bears full responsibility for compliance with applicable regulations regarding the processing of children's data. If you believe we have inadvertently collected such information, please contact our Grievance Officer immediately.

15. Third-Party Links

Our website and platform may contain links to or integrations with third-party websites, tools, or services (such as ERP systems, WMS platforms, or productivity tools). We do not control those services and are not responsible for their privacy practices. We encourage you to read the privacy notice of every external service you connect or visit.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our Services, data practices, or applicable law. When we make material changes, we will post the updated Policy on nexren.ai with a revised "Last Updated" date and notify existing clients via email or dashboard notification at least 30 days prior to material changes taking effect. Your continued use of the Services after the effective date of any update constitutes your acceptance of the revised Policy.

17. Grievance Officer & Complaints

In accordance with the Digital Personal Data Protection Act, 2023 and the IT (SPDI) Rules 2011, Nexren has appointed a Grievance Officer to address all privacy concerns, data access requests, and complaints relating to any of our solutions.

We aim to acknowledge all privacy-related requests within 48 hours and respond fully within 30 days. If you are not satisfied with our response, you may escalate your complaint to the Data Protection Board of India (once constituted) or your local supervisory authority.