Privacy Policy

Effective Date: February 02, 2025

This Privacy Policy (“Policy”) describes how Kanta King Technologies Pvt Ltd, operating under the brand name ihiva, collects, uses, stores, processes, transfers, and protects personal and business information through:

www.ihiva.ai
ihiva (AI native Revenue Intelligence platform)
ihiva Weighbridge Software
All related SaaS platforms, APIs, dashboards, integrations, and enterprise services (collectively referred to as the “Services”).

Registered Office:
Kanta King Technologies Pvt Ltd
Ashok Vihar, New Delhi – 110052, India
‍
Contact Email: agent@ihiva.ai

By accessing or using our Services, you acknowledge that you have read and understood this Policy.

1. APPLCABLE LEGAL FRAMEWORK

This Privacy Policy is structured to comply with:

Information Technology Act, 2000
IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
Digital Personal Data Protection Act, 2023 (as notified and applicable)
Applicable Indian contract and regulatory laws
Industry-standard SaaS data protection practices

Where international data transfer occurs, the Company shall comply with applicable lawful transfer requirements.

2. SCOPE OF THIS POLICY

This Policy applies to:

Website visitors
Registered Users
Enterprise Customers
Authorized personnel of Customer organizations
Individuals whose data is processed through Customer usage of the Platform

This Policy does not apply to:

Data processed entirely offline by Customers
Third-party platforms not controlled by the Company

3. CATEGORIES OF INFORMATION COLLECTED

We collect information in the following categories:

3.1 BUISNESS INFORMATION

We may collect business-related data such as:

Company name and registration details
Site/plant/depot information
Weighbridge location details
Transaction data (gross/tare/net weights)
Operational logs
Inspection records
Audit trail entries
Compliance and stamping records
Shift logs and attendance metrics
Revenue and throughput analytics

This data is typically provided by Customer organizations for operational management.

3.2 Personal Data

We may collect personal data including:

Name
Email address
Phone number
Designation
Login credentials
Geolocation data (for attendance modules)
Selfie/image data (for attendance verification where enabled)
CCTV-related metadata (where integrated by Customer)

Sensitive personal data, where applicable under Indian law, is processed strictly in accordance with legal requirements.

3.3 Technical & Device Data

We may automatically collect:

IP address
Browser type and version
Device identifiers
Operating system
Access timestamps
Usage logs
Error logs
Session duration

This data supports security monitoring and performance optimization.

3.4 Cookies and Tracking Technologies

We may use:

Essential cookies
Performance cookies
Security cookies
Analytics tools

Users may disable cookies via browser settings; however, this may affect functionality.

4. SOURCES OF DATA

We collect data from:

Direct user input
Customer system integrations
API connections
Automated system logging
Third-party ERP integrations
Cloud hosting providers
Website forms

We do not purchase personal data from data brokers.

5. PURPOSE OF DATA PROCESSING

We process data for the following purposes:

5.1 Service Delivery

We may automatically collect:

Enabling SaaS functionality
Weight capture and processing
Attendance verification
Vehicle inspection logging
Report generation
Operational monitoring

5.2 Authentication & Security

Identity verification
Access control management
Fraud detection
Deviation monitoring
Anti-theft alerting
Tenant isolation

5.3 Compliance & Regulatory Requirements

Audit trail maintenance
Legal reporting obligations
Government compliance requests
Financial reconciliation support

5.4 Platform Improvement

AI model training (anonymized)
Feature optimization
Usage pattern analysis
Performance tuning

No identifiable Customer data is publicly disclosed during such processing.

5.5 Communication

Service updates
Security notifications
Billing communications
Product announcements
Regulatory disclosures

We do not sell personal data.

6. LEGAL BASIS FOR PROCESSING

Under Indian law and DPDP Act 2023 principles, processing may be based on:

Contractual necessity
Legitimate business interests
Legal obligations
Consent (where required)

Where consent is required, it shall be obtained in a clear and lawful manner.

7. ROLE OF THE COMPANY

Depending on context:

The Company acts as a Data Processor for Customer business data.
The Company acts as a Data Fiduciary (Controller) for website visitor data.

Customers are responsible for ensuring they have lawful authority to upload and process personal data of their employees or operators.

8. DATA RETENTION

Data is retained:

For the duration of active subscription
As required by applicable laws
For audit or dispute resolution
Operating system
For security investigation purposes

Upon termination:

Customers may request export of data within a defined period.
Data may be archived or securely deleted after retention window.
Certain logs may be retained for compliance.

9. DATA SECURITY MEASURES

We implement reasonable security practices including:

Encryption in transit (TLS/SSL)
Role-Based Access Control (RBAC)
Multi-tenant isolation architecture
Secure cloud hosting
Audit logging
Intrusion monitoring
Observability tools (e.g., Prometheus/OpenTelemetry where applicable)
Secure API access controls

Despite these measures, no system guarantees absolute security.

10. DATA SHARING & DISCLOSURE

We may share data with:

Cloud hosting providers
Infrastructure partners
Analytics service providers
ERP integration partners
Payment processors
Government authorities when legally required

All third-party processors are contractually bound to maintain confidentiality and security.

We do not sell personal data.

11. CROSS-BORDER DATA TRANSFER

Where cloud infrastructure requires, data may be processed outside India.

Such transfers shall comply with:

Applicable Indian regulations
Government notifications under DPDP Act
Lawful transfer mechanisms

12. RIGHTS OF DATA PRINCIPALS

Under the Digital Personal Data Protection Act, 2023, individuals may have rights including:

Right to access information
Right to correction
Right to erasure (subject to legal limits)
Right to grievance redressal
Right to nominate

Requests may be submitted to:
agent@ihiva.ai

The Company will respond within reasonable timelines as per law.

13. CHILDREN'S DATA

Our Services are designed for industrial and enterprise use.
‍
We do not knowingly collect data of minors under 18 years.
‍
If such data is identified, it shall be deleted promptly.

14. AUTOMATED DECISION-MAKING

ihiva may generate automated analytics, signals, or insights.

However:

Final operational decisions remain with Customers.
AI outputs should be independently validated by Customer personnel.

15. GRIEVANCE REDRESSAL MECHANISM

In compliance with Indian IT Rules:

Grievance Officer:
Kanta King Technologies Pvt Ltd
Ashok Vihar, New Delhi – 110052
Email: agent@ihiva.ai

Grievances will be acknowledged and addressed within reasonable statutory timelines.

16. DATA BREACH NOTIFICATION

In the event of a confirmed data breach:

Impacted Customers will be notified where required by law.
Authorities will be informed if legally mandated.
Mitigation steps will be undertaken promptly.

17. THIRD-PARTY LINKS

Our website may contain links to third-party sites.

We are not responsible for their privacy practices.

18. CHANGES TO THIS POLICY

This Privacy Policy may be updated periodically.

Material changes shall be communicated via:

Website notice
Email notification (where appropriate)

Continued use of Services constitutes acceptance.

19. CONTACT INFORMATION

For privacy-related concerns:

Kanta King Technologies Pvt Ltd
Ashok Vihar, New Delhi – 110052
Email: agent@ihiva.ai
Website: www.ihiva.ai