← Back to home

Privacy Policy

Effective Date: March 26, 2026

Last Updated: March 26, 2026

EkaVox ("we," "us," or "our"), operated from Bangalore, India, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered app development platform at ekavox.app and any related services (collectively, the "Platform").

Please read this Privacy Policy carefully. By using the Platform, you consent to the data practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Platform.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Full name
  • Email address
  • Password (stored in hashed form)
  • Profile information you choose to provide (avatar, display name, bio)
  • Authentication data if you sign in via third-party providers (e.g., Google, GitHub) -- we receive only the information authorized by the provider
  • Organization name and role, if applicable

1.2 Usage Data

We automatically collect information about how you interact with the Platform, including:

  • Pages visited, features used, and actions taken within the Platform
  • Timestamps and frequency of access
  • Credit consumption and transaction history
  • AI model selection, prompt length, and generation parameters (but see Section 1.3 for prompt content)
  • Error logs and performance metrics
  • Referral sources and navigation paths

1.3 AI Prompts and Generated Code

When you use the Platform's AI features, we process:

  • Prompts and instructions you provide to the AI models. These are transmitted to the relevant AI provider to generate responses and are stored in your project history to enable features such as version control and conversation continuity.
  • Generated code and outputs produced by the AI models. These are stored within your project workspace.
  • Context data such as existing project files that you provide as context for AI generation.

We do not use the specific content of your prompts or generated code to train our own models. However, the third-party AI providers may process this data according to their own privacy policies and data usage terms (see Section 4).

1.4 Payment Information

Payments are processed by Razorpay. We do not directly collect or store your full credit card number, debit card number, or bank account details. Razorpay provides us with:

  • Transaction identifiers and amounts
  • Payment status (success, failure, pending)
  • Partial payment instrument details (e.g., last four digits of a card) for your reference
  • Billing address, if provided

For details on how Razorpay handles your payment data, please refer to Razorpay's Privacy Policy.

1.5 Device and Browser Information

We collect technical information about your device and browser, including:

  • IP address
  • Browser type and version
  • Operating system
  • Device type (desktop, tablet, mobile)
  • Screen resolution
  • Language preferences
  • Time zone

1.6 API Keys (BYOK)

If you use the Bring Your Own Key (BYOK) feature, your API keys are encrypted at rest using AES-256 encryption and stored within the Platform. We access your API keys only to route requests to the respective AI provider on your behalf. We do not log, share, or use your API keys for any other purpose.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, maintain, and improve the Platform, including processing AI requests, managing credits, and enabling code export.
  • Account Management: To create and manage your account, authenticate your identity, and provide customer support.
  • Billing and Payments: To process transactions, manage subscriptions, and handle refund requests.
  • Communications: To send you service-related notifications, billing alerts, security warnings, and, where you have opted in, marketing communications.
  • Analytics and Improvement: To analyze usage patterns, diagnose technical issues, and improve Platform features and performance. We use aggregated and anonymized data for this purpose whenever possible.
  • Security and Fraud Prevention: To detect, prevent, and respond to fraud, abuse, security threats, and technical issues.
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

3. Legal Bases for Processing

We process your personal data on the following legal bases:

  • Contract Performance: Processing necessary to fulfill our contract with you, including providing the Platform services, managing your account, and processing payments.
  • Consent: Where you have given explicit consent, such as for marketing communications, non-essential cookies, or optional data collection. You may withdraw consent at any time.
  • Legitimate Interest: Processing necessary for our legitimate business interests, including Platform security, fraud prevention, analytics, and service improvement, provided these interests are not overridden by your data protection rights.
  • Legal Obligation: Processing necessary to comply with applicable laws, such as tax regulations and legal reporting requirements.

While EkaVox is operated from India and is primarily subject to Indian data protection laws (including the Digital Personal Data Protection Act, 2023), we are committed to respecting the data protection principles of the GDPR and other international privacy frameworks where applicable to our users.

4. Data Sharing and Disclosure

We do not sell your personal data. We share your information only in the following circumstances:

4.1 AI Providers (Platform Keys)

When you use EkaVox-provided credits (not BYOK), your prompts and context data are transmitted to the relevant AI provider (Anthropic, Google, or OpenAI) through EkaVox's API keys. These providers process your data to generate responses. Each provider has its own privacy policy and data handling practices:

4.2 AI Providers (BYOK)

When you use BYOK, your prompts and context data are sent directly to the AI provider using your own API key. In this case, your data relationship is directly with the provider, and their terms and privacy policies apply to that data. EkaVox facilitates the transmission but does not independently retain the AI provider's responses beyond displaying them to you and storing them in your project workspace.

4.3 Payment Processor

We share billing-related information with Razorpay to process payments, manage subscriptions, and handle refunds. This includes your name, email address, transaction amounts, and payment instrument details you provide to Razorpay.

4.4 Infrastructure Providers

The Platform is hosted on cloud infrastructure (including Railway). Your data is stored on and transmitted through these providers' servers. We select infrastructure providers that maintain appropriate security certifications and data protection practices.

4.5 Legal Requirements

We may disclose your information if required to do so by law, in response to a valid court order, government request, or other legal process, or when we believe in good faith that disclosure is necessary to: (a) comply with the law; (b) protect the rights, property, or safety of EkaVox, our users, or the public; (c) detect, prevent, or address fraud, security, or technical issues; or (d) enforce our Terms of Service.

4.6 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your personal data may be transferred to the acquiring entity. We will notify you via email or a prominent notice on the Platform before your personal data is transferred and becomes subject to a different privacy policy.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on the Platform:

  • Essential Cookies: Required for the Platform to function properly. These include session cookies, authentication tokens (JWT), and CSRF protection tokens. These cannot be disabled.
  • Functional Cookies: Used to remember your preferences, such as theme settings and language selection.
  • Analytics Cookies: Used to understand how users interact with the Platform, identify popular features, and diagnose issues. We may use third-party analytics providers for this purpose.

You can control non-essential cookies through your browser settings. Disabling certain cookies may affect Platform functionality.

6. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

  • Account Data: Retained for the duration of your account and for 30 days after account deletion to facilitate recovery requests.
  • Project Data and Generated Code: Retained for the duration of your account. After account deletion, project data is permanently deleted within 30 days, subject to backup retention cycles.
  • AI Prompts and Conversation History: Retained within your project workspace for the duration of your account.
  • Billing and Transaction Records: Retained for a minimum of 7 years to comply with tax and financial reporting requirements under Indian law.
  • Usage Logs and Analytics: Aggregated and anonymized data may be retained indefinitely. Identifiable usage logs are retained for up to 12 months.
  • BYOK API Keys: Deleted immediately upon removal by the user or account deletion.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right of Access: You may request a copy of the personal data we hold about you.
  • Right to Correction: You may request that we correct inaccurate or incomplete personal data.
  • Right to Deletion: You may request that we delete your personal data, subject to legal retention obligations and legitimate business needs.
  • Right to Data Portability: You may request a copy of your data in a structured, commonly used, machine-readable format. For Generated Code, you can export your projects at any time through the Platform.
  • Right to Object: You may object to our processing of your personal data based on legitimate interests.
  • Right to Restrict Processing: You may request that we restrict the processing of your personal data in certain circumstances.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at legal@ekavox.app. We will respond to your request within 30 days. We may require verification of your identity before processing your request.

If you are located in the European Economic Area (EEA) and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection authority.

8. Children's Privacy

The Platform is not intended for children under the age of 18 (or the age of legal majority in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will take steps to delete that data promptly. If you believe a child has provided us with personal data, please contact us at legal@ekavox.app.

9. International Data Transfers

EkaVox is operated from India. If you are accessing the Platform from outside India, your data will be transferred to and processed in India and potentially other countries where our infrastructure providers and AI partners operate (including the United States).

These countries may have data protection laws that are different from those in your jurisdiction. By using the Platform, you consent to the transfer of your data to India and other countries as described in this Privacy Policy.

Where required by applicable law (such as the GDPR for users in the EEA), we implement appropriate safeguards for international data transfers, including standard contractual clauses or other legally recognized transfer mechanisms.

10. Security Measures

We implement technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption: Data is encrypted in transit using TLS 1.2 or higher. Sensitive data, including BYOK API keys, is encrypted at rest using AES-256 encryption.
  • Authentication: We use JSON Web Tokens (JWT) for session management with appropriate expiration times. Passwords are hashed using industry-standard algorithms.
  • Access Control: We implement Role-Based Access Control (RBAC) to ensure that users and team members can only access data and features appropriate to their role.
  • Infrastructure Security: Our hosting infrastructure employs firewalls, intrusion detection, and regular security patching.
  • Monitoring: We monitor for suspicious activity and security incidents and have incident response procedures in place.

While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security. We are currently pursuing SOC 2 certification to further strengthen our security posture.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will: (a) update the "Last Updated" date at the top of this page; (b) notify you by email or through a prominent notice on the Platform; and (c) where required by applicable law, obtain your consent before the changes take effect.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your data.

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

EkaVox
Bangalore, Karnataka, India

We will endeavor to respond to all privacy-related inquiries within 30 days of receipt.

Skip to main content