Legal

Privacy Policy

Effective 2026-05-24. Operator: Sigmoid Technologies, Thiruvananthapuram, Kerala, India.

1. Who we are

This policy explains how Sigmoid Technologies ("we", "us") processes personal data when you visit or use AI Ascend (the "Service"). We act as the Data Fiduciary under India's Digital Personal Data Protection Act, 2023 ("DPDP Act"). For users in the European Economic Area or the United Kingdom, we act as the Data Controller under the GDPR / UK GDPR.

2. Data we collect

• Account data - name, email, hashed password, sign-up date, last-login timestamp, email-verification status, plan, theme preference.
• Payment data - Razorpay order/payment identifiers, plan purchased, amount, status. We do not store your card number, CVV, or full bank details; those are handled by Razorpay.
• Usage data - concepts you view and complete, flashcard reviews, study plans you create, mentor chat history, ML Playground job metadata, gamification stats (streak, XP).
• Content you provide - mentor chat messages, ML Playground CSV uploads, contact-form submissions, bookmarks.
• Technical data - IP address, user-agent, request paths, timestamps (in our application logs).
• Cookies - authentication cookies (HttpOnly, scoped to our domain) and a theme preference cookie. We do not use third-party tracking or advertising cookies.

3. Why we process it

• To provide the Service - account management, content access, mentor responses, payment processing, email delivery. (Contractual necessity.)
• To improve the Service - aggregated usage analysis, debugging, performance monitoring. (Legitimate interest.)
• To communicate with you - verification, password resets, transactional updates, and (if you opt in) product announcements. (Consent / contractual necessity.)
• To comply with law - accounting, tax, fraud prevention, responses to lawful requests. (Legal obligation.)

4. Sharing with third parties (processors)

The following providers process personal data on our behalf, only as needed to operate the Service:

• Anthropic, Inc. - receives your mentor prompts and ML model recommendation queries when you use premium AI features.
• Groq, Inc. - receives your free-tier mentor prompts, news summarisation inputs, and quick-suggestion queries.
• Resend, Inc. - receives your email address and the contents of transactional emails we send to you.
• Razorpay Software Pvt. Ltd. - receives the data necessary to process payments and issue invoices.
• Our hosting provider (currently Railway) - operates the servers that store and run the Service.

We do not sell or rent your personal data to anyone.

5. International transfers

Some of the providers listed above are located outside India. When personal data is transferred internationally we rely on the recipient's contractual obligations and, where applicable, standard contractual clauses or equivalent safeguards.

6. Retention

• Account data is retained while your account is active and for thirty (30) days after deletion, after which it is permanently removed (excluding records we must retain for legal or accounting reasons, such as payment history under Indian tax law - minimum seven years).
• Mentor chat history is retained for as long as you keep the conversation in your account. Deleted conversations are removed within thirty (30) days.
• ML Playground uploaded datasets are retained for the lifetime of the related job and may be deleted at any time on request.
• Application logs are retained for up to ninety (90) days.

7. Your rights

Subject to applicable law, you have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion ("right to erasure" / DPDP Act §12) - note that some records may be retained where law requires.
• Withdraw consent for any processing based on consent.
• Object to processing or request restriction (EEA / UK).
• Receive a copy of your data in a portable format (data export available via the admin team; user-facing self-service in roadmap).
• Lodge a complaint with the Data Protection Board of India or, if applicable, your local supervisory authority.

To exercise any of these rights, email sigmoidtechnologies@gmail.com.

8. Security

We use industry-standard measures including encrypted transit (HTTPS), bcrypt password hashing, parameterised database queries, environment-isolated secrets, and HttpOnly authentication cookies. No system is perfectly secure; if you suspect a breach affecting your account, contact us immediately.

9. Children

The Service is not directed at children under thirteen (13). We do not knowingly collect personal data from children under thirteen. If you believe a child has provided us personal data, contact us and we will delete it.

10. Changes

We may update this Privacy Policy from time to time. The "Effective" date above reflects the most recent change. Material changes will be communicated by email or via in-product notice.

11. Grievance Officer / Contact

For privacy concerns or to exercise any right above, contact our Grievance Officer at sigmoidtechnologies@gmail.com. Sigmoid Technologies, Thiruvananthapuram, Kerala, India. We respond to verified requests within thirty (30) days.