Privacy
Policy

This Privacy Policy ("Policy") governs the collection, processing, storage, and disclosure of personal data by Aelvra ("we", "us", or "our") — a technology services company operating at aelvra.in that provides custom application development and technology partnership services to businesses across India.

This Policy applies to:

• Website Visitors: Any individual who browses or accesses aelvra.in.
• Business Partners (SaaS Model): Any business that engages Aelvra as a technology partner — where Aelvra builds, owns, and operates the application on the partner's behalf in exchange for a commission and recurring fees.
• Clients (Custom Build Model): Any business or individual that commissions Aelvra to build a fully custom application which, upon fulfilment of agreed conditions, becomes the client's own property.

Aelvra acts as the Data Controller for data collected through aelvra.in and within applications operated under the SaaS / Technology Partner model. For applications transferred to clients under the Custom Build model, the respective client becomes the Data Controller for their application's end-users from the point of handover.

Aelvra operates under two distinct service models, each with different implications for data ownership and responsibility:

• Service Delivery: To design, develop, deploy, and operate applications as agreed under the applicable service model.
• Partnership Management: To manage ongoing SaaS partnerships — including commission tracking, server cost billing, performance monitoring, and maintenance operations.
• Client Communication: To communicate project updates, technical information, invoices, and support matters.
• Enquiry Response: To respond to prospective client and partner enquiries received via email.
• Billing & Compliance: To issue invoices, track payments, and maintain financial records as required under Indian accounting and GST regulations.
• Security & Infrastructure: To maintain the integrity, availability, and security of Aelvra's platform and hosted applications.
• Website Analytics: To understand general usage of aelvra.in through anonymised, aggregated data. No individual visitor profiling occurs.

Aelvra does not use personal data for advertising, third-party marketing, or sale to any external party.

Aelvra does not sell, rent, or trade personal data. Limited disclosure occurs only in the following circumstances:

• Infrastructure Providers: Cloud and server providers used to host aelvra.in and partner applications. These providers operate under contractual data processing obligations.
• Payment Processors: Payment gateway providers for processing invoices and fee transactions. Aelvra does not store payment card details.
• Legal Obligations: Where required by applicable Indian law, court order, or lawful government authority request.
• Handover to Client (Custom Build): Upon project completion under the Custom Build model, all project assets and relevant data are transferred to the client as agreed. Aelvra retains no copies beyond legal compliance requirements.

All data is stored on servers located within the Republic of India, on ISO 27001 certified infrastructure in Mumbai, India.

• Encryption in Transit: All data transmitted between users, partners, and Aelvra's servers is encrypted via HTTPS/TLS.
• Access Controls: Access to partner and client data is restricted to authorised Aelvra personnel on a strict need-to-know basis.
• Data Isolation: Each partner's application data is maintained in logically isolated environments to prevent cross-partner exposure.
• Breach Notification: In the event of a data breach affecting personal data, Aelvra will notify affected parties as required under applicable Indian law.

• Confidentiality: All business information, project assets, branding, and data shared by partners or clients is treated as strictly confidential and will not be disclosed to any third party without explicit written consent.
• SaaS Model — Ongoing Data Custody: Under the Technology Partnership model, Aelvra retains custody of application data for the duration of the active partnership. Data is used solely to operate, maintain, and improve the partner's application.
• Custom Build — Data Transfer: Upon full handover under the Custom Build model, the client assumes complete responsibility for all data within the application. Aelvra's data obligations for that application cease from the point of handover.
• Post-Handover (Custom Build): Once an application has been handed over under the Custom Build model and the client has engaged a third party for maintenance, Aelvra has no access to, responsibility for, or obligation regarding data within that application.

Aelvra integrates third-party services into the applications it builds. Their use within specific applications is governed by that application's own Privacy Policy.

• No Advertising Cookies: aelvra.in does not use advertising cookies, retargeting pixels, or cross-site tracking technologies.
• Analytics: Anonymised, aggregated analytics may be used to understand general traffic patterns on aelvra.in. No individual visitor profiling occurs.
• Essential Only: Any technical cookies used on aelvra.in are strictly necessary for website functionality.

As a Data Principal under the Digital Personal Data Protection Act, 2023, you are entitled to exercise the following rights regarding personal data held by Aelvra:

• Website Visitor Enquiries: Retained for up to 2 years from last communication, unless an engagement begins.
• Active Partner / Client Data: Retained for the full duration of the active engagement.
• Post-Engagement Records: Billing, invoice, and legal records retained for a minimum of 3 years post-engagement as required under Indian law.
• Project Assets (Custom Build): Returned or deleted within 90 days of handover or on written request by the client, whichever is earlier.
• Application End-User Data (SaaS): Retained for the duration of the active partnership. Upon partnership termination, data handling follows the terms of the individual application's Privacy Policy.

Aelvra's services are directed at businesses and adult individuals (18 years and above). Aelvra does not knowingly collect personal data from individuals below 18 years of age. If you believe a minor has submitted personal data to Aelvra, please notify us at support@aelvra.in and we will take prompt steps to delete such information.

Aelvra reserves the right to revise this Policy at any time. Updated versions will be published at aelvra.in/privacy-policy.html with a revised effective date. Material changes affecting active partners or clients will be communicated via email prior to the effective date. Continued engagement with Aelvra's services after any revision constitutes acceptance of the updated Policy.

For any privacy-related queries, data requests, or grievances regarding this Policy, please contact Aelvra at: