Privacy Policy

At Ramco Systems Limited ("us", "we", or "our"), a company incorporated under the laws of India and operating globally, we respect and protect the privacy of visitors to our website and users of our Chia conversational AI platform. 

This policy is a comprehensive global policy to comply with India’s Digital Personal Data Protection Act, 2023 (DPDP Act), the EU General Data Protection Regulation (GDPR), California’s Consumer Privacy law (CCPA, as amended by the CPRA), and the California Online Privacy Protection Act (CalOPPA). This Privacy Policy governs your visit to Chia and explains how we collect, safeguard, and disclose information resulting from your use of our Service. By using the Service, you agree to the collection and use of information in accordance with this Policy. Nothing mentioned hereunder is legal advice. 

Our Terms and Conditions ("Terms") govern all use of our Service and, together with this Privacy Policy, constitute your agreement with us. 

1. Definitions 

Service: The Chia conversational AI platform and associated products available at https://www.ramco.com/ai/conversational-ai, operated by Ramco Systems Limited. 

Personal Data: Any data about a living individual who can be identified from that data — alone or in combination with other information in our possession. 

Usage Data: Data collected automatically, generated by the use of the Service or from the Service's infrastructure (e.g., page visit duration, interaction logs). 

Cookies: Small files stored on your device used to recognize and remember your preferences. 

Data Controller: The legal person who determines the purposes and means of processing personal data. For this Policy, Ramco Systems Limited is the Data Controller. 

Data Processor: Any natural or legal person who processes data on behalf of the Data Controller, including third-party service providers. 

Data Subject: Any living individual who is the subject of Personal Data — the User of the Service. 

2. Types of Data Collected 

Personal Data 

While using our Service, we may ask you to provide personally identifiable information ("Personal Data"), including but not limited to: 

• Email address 

• First name and last name 

• Phone number 

• Company name and job title 

• Transactional data: subscription status, payment method token (processed by our payment provider), invoices. 

We may use your Personal Data to contact you with newsletters, product updates, or promotional materials. You may opt out at any time by following the unsubscribe link in our emails or writing to chia-support@ramco.com. 

Our Services are not directed to children under the age specified by local law. Under India’s DPDP, we obtain verifiable parental consent before processing children’s personal data and do not conduct behavioural monitoring or targeted advertising directed at children. 

Usage Data 

We may collect information your browser sends when you visit our Service. This may include your IP address, browser type and version, pages visited, timestamps, time spent on pages, unique device identifiers, and other diagnostic data. 

AI Interaction Data 

When you use Chia's conversational AI features, we may collect interaction logs, conversation transcripts (subject to applicable enterprise agreements), and feedback signals to deliver, monitor, and improve AI agent performance. This data is processed in accordance with your enterprise Data Processing Agreement (DPA) where applicable. 

Tracking & Cookie Data 

We use cookies and similar tracking technologies to track activity on our Service. Types of cookies we use: 

• Session Cookies: Required to operate the Service during your visit. 

• Preference Cookies: Remember your settings and preferences across visits. 

• Security Cookies: Used for authentication and fraud prevention. 

• Analytics Cookies: Help us understand how users interact with the platform. 

Applicability of this Policy 

It covers personal data we process globally, including India and in other jurisdictions where our users are located. DPDP applies to any digital personal data processed within India; GDPR may apply to users in the EU if we offer services or monitor behaviour there; CalOPPA may apply if California residents access our Services; and CCPA may apply if we meet statutory thresholds while handling California residents’ data. In other words, the applicability of the privacy policy shall be dependent on a case-by-case basis, subject to your location and location where the data is hosted.  

3. Use of Data 

Ramco Systems Limited uses collected data for the following purposes: 

• To provide, operate, and maintain our Service 

• To notify you about changes to our Service 

• To allow you to participate in interactive features of the Service 

• To provide enterprise customer support and account management 

• To gather analytics so we can improve the Service 

• To monitor usage, performance, and security of the platform 

• To carry out obligations arising from contracts between you and us, including billing and collection 

• To send account and subscription notices, including renewal notifications 

• To detect, prevent, and address technical issues and security incidents 

• For any other purpose with your explicit consent 

• We do not make decisions based solely on automated processing that produce legal or similarly significant effects about you without meaningful human review, unless permitted by law and with appropriate safeguards (e.g., your explicit consent, contractual necessity). You may request human review, express your viewpoint, and contest a decision, where applicable. 

4. Retention of Data 

We retain your Personal Data only for as long as necessary for the purposes set out in this Privacy Policy, including to comply with legal obligations, resolve disputes, and enforce our agreements. 

Usage Data is generally retained for a shorter period, except where used to strengthen security or improve functionality, or where legally obligated to retain it longer. 

For enterprise customers, data retention periods may be governed by your specific Data Processing Agreement. 

5. Deletion of User Data 

Ramco is committed to honoring your right to erasure in accordance with applicable data protection laws, including GDPR Article 17, the California Consumer Privacy Act (CCPA), and India’s Digital Personal Data Protection Act (DPDP Act 2023). This section describes how user data is deleted, the timelines we adhere to, and the limited exceptions that apply. 

Scope of Deletion 

A deletion request covers all personal data associated with your account and interactions with the Service, including: 

• Account registration data (name, email address, contact information) 

• Conversation logs and AI interaction history generated through Chia 

• Uploaded knowledge base content and documents linked to your account 

• Usage data, session logs, and device identifiers tied to your identity 

• Preferences, configuration settings, and customisation data 

• Any derived analytics or reports that directly identify you 

How to Request Deletion 

You may request deletion of your personal data through any of the following channels: 

• Self-serve: Account holders may delete their account and associated data directly from the account settings dashboard. 

• Email request: Submit a written request to chia-support@ramco.com with the subject line “Data Deletion Request” and include your registered email address and account identifier. 

• Enterprise accounts: Deletion of end-user data within an enterprise deployment must be initiated by the authorised enterprise account administrator via the admin console or through the Data Processing Agreement (DPA) process. 

We will acknowledge your request within 72 hours and complete the deletion within 30 calendar days, consistent with GDPR, CCPA, and DPDP Act obligations. Where identity verification is required, the 30-day period commences upon successful verification. 

Deletion vs. De-identification 

In most cases, personal data will be permanently deleted from our active systems. However, in limited circumstances, data may be de-identified (anonymised) rather than deleted outright — specifically: 

• Aggregated, statistical, or anonymised analytics where your identity cannot be re-established 

• AI model evaluation logs stripped of all personally identifiable information 

• Aggregated usage metrics used solely for platform performance analysis 

De-identified data that cannot be re-linked to any individual is not considered personal data under GDPR, CCPA, or the DPDP Act, and is therefore retained for legitimate operational purposes.  

Exceptions — Data We Are Required to Retain 

Certain categories of data may be exempt from deletion where retention is required by applicable law or legitimate business necessity: 

• Financial and billing records: Invoice data, payment transaction records, and tax documentation may be retained for up to 7 years in accordance with applicable tax and accounting regulations. 

• Active legal disputes: Data relevant to pending litigation, regulatory investigations, or disputes involving you or your organisation will be retained until the matter is fully resolved. 

• Legal holds and court orders: Data subject to a valid legal hold, subpoena, or court order cannot be deleted until the hold is lifted. 

• Fraud prevention and security records: Logs related to suspected fraudulent activity, security incidents, or platform abuse may be retained for investigation and prevention purposes. 

• Contractual obligations: Data that must be retained to fulfil the terms of an active enterprise agreement will be retained for the duration of that agreement. 

Where an exception applies, we will inform you of the specific reason and the expected retention period for the data that cannot be deleted. 

Third-Party and Sub-Processor Deletion 

Upon receiving a valid deletion request, Ramco will instruct all relevant sub-processors and third-party service providers that have received your personal data to delete it in accordance with our Data Processing Agreements. This includes, but is not limited to, analytics providers and infrastructure partners. 

Please note that certain third-party processors may be subject to their own independent legal retention obligations. For example, Stripe (our payment processor) retains transaction records as required by financial regulations, irrespective of a deletion request made to Ramco. In such cases, we will notify you that deletion from the third party’s systems falls outside our direct control. 

Backup and Residual Copies 

Following deletion from our active systems, residual copies of your data may persist in encrypted backup storage for up to 90 days, after which they are purged as part of our regular backup rotation cycle. These backup copies are not accessible for operational use and are protected by the same security controls as live data. 

Deletion Confirmation 

Once deletion of your personal data is complete, we will send a written confirmation to your registered email address. If deletion could not be completed in full due to a legal exception, the confirmation will specify which data was retained, the applicable legal basis, and the expected retention period. 

Effect on Service Access 

Deletion of your account and personal data is irreversible. Upon completion, you will lose access to all features, history, and configurations associated with your account. This action cannot be undone. If you are an enterprise customer, account-level deletion should be coordinated with your Ramco account manager to avoid unintended disruption to your organisation’s deployment. 

Google API and OAuth Data 

If you have connected your account to Google services via OAuth or the Google Cloud Console, the following additional deletion commitments apply in accordance with Google API Services User Data Policy: 

• Chia will delete all Google user data obtained via Google APIs within 30 days of a verified deletion request or account termination. 

• Google user data is used only for the purposes explicitly disclosed at the time of authorisation and is not shared with third parties for advertising or unrelated purposes. 

• You may revoke Chia’s access to your Google account at any time via your Google Account Permissions page (https://myaccount.google.com/permissions), which will immediately halt any further data access. Revocation does not automatically delete data already collected; a separate deletion request to chia-support@ramco.com is required for that. 

• Chia does not store Google user data beyond what is strictly necessary to provide the connected service features you have authorised. 

Regulatory Alignment 

This section fulfils and should be read in conjunction with the following rights and obligations set out elsewhere in this Policy: 

• GDPR Article 17 (Right to Erasure / Right to be Forgotten): EU and EEA residents may invoke this right as described in Section 8. 

• CCPA Deletion Rights: California residents may invoke deletion rights as described in Section 10. 

• DPDP Act 2023 (India): Data Principals have the right to erasure of personal data under the Digital Personal Data Protection Act 2023, and Ramco as Data Fiduciary will comply within the prescribed timelines. 

6. Transfer of Data 

Your information, including Personal Data, may be transferred to and maintained on servers located outside your state, province, country, or other governmental jurisdiction where data protection laws may differ. 

Ramco Systems Limited is headquartered in India and operates infrastructure globally. Your consent to this Privacy Policy, followed by submission of your information, constitutes your agreement to that transfer. We take all reasonable steps to ensure your data is treated securely and in accordance with this Policy. 

• India (DPDP): Cross-border transfers are generally permitted except to countries/territories that the Government of India may prohibit by notification (a “blacklist” approach).  

• EU/EEA (GDPR): When transferring personal data outside the EEA, we rely on lawful transfer mechanisms (e.g., adequacy, Standard Contractual Clauses, or other appropriate safeguards) and implementing supplementary measures where required. 

We do not sell, rent, or trade your Personal Data to third parties for their marketing purposes. 

7. Disclosure of Data 

We may disclose personal information in the following circumstances: 

• Law Enforcement: Where required by law or in response to valid requests by public authorities (e.g., a court or government agency). 

• Business Transactions: If Ramco or its subsidiaries are involved in a merger, acquisition, or asset sale, your Personal Data may be transferred. We will provide notice before your data is transferred. 

• Service Fulfillment: To fulfill the purpose for which you provide it, or for any other purpose disclosed by us at the time you provide the information. 

• With Consent: With your consent in any other case not described above. 

We do not sell your personal data. If we ever plan to “sell” or “share” personal information for cross-context behavioural advertising as defined under California law, we will provide required notices and opt-out mechanisms in advance. 

8. Security of Data 

The security of your data is of paramount importance to us. We implement appropriate technical and organizational safeguards including encryption at rest and in transit, access controls, and regular security reviews. 

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security. 

We implement reasonable and appropriate technical and organizational measures to protect personal data from unauthorized access, disclosure, alteration, or destruction, consistent with DPDP/GDPR requirements. 

9. Your Privacy Rights 

GDPR 

If you are a resident of the EU or EEA, you have certain data protection rights under GDPR. To inquire about or request removal of Personal Data we hold, please email chia-support@ramco.com. 

• Right to Access: Access, update, or delete the information we hold about you. 

• Right to Rectification: Have inaccurate or incomplete information corrected. 

• Right to Object: Object to our processing of your Personal Data. 

• Right to Restriction: Request limitation of how we process your personal information. 

• Right to Portability: Receive a copy of your data in a structured, machine-readable format. 

• Right to Withdraw Consent: Withdraw consent at any time where processing is consent-based.  

We may ask you to verify your identity before responding. You also have the right to complain to a Data Protection Authority in your country of residence. 

India (DPDP) 

Access to a summary of personal data and processing activities; correction and erasure of inaccurate/misleading data; grievance redressal; and the right to nominate another person to exercise rights in case of death/incapacity. Provide requests via the channels listed below. 

California 

California residents have the rights to know, delete, correct, opt-out of sale or sharing, limit the use/disclosure of sensitive personal information, and non-discrimination. We will also provide required notices at collection and opt-out methods, including honoring opt-out preference signals where mandated. 

In accordance with the California Online Privacy Protection Act, we agree to the following: 

• Users can visit our site anonymously. 

• Our Privacy Policy link is clearly accessible from our homepage and includes the word "Privacy". 

• Users will be notified of any privacy policy changes on this Policy page. 

• Users may update their personal information by contacting chia-support@ramco.com. 

Do Not Track:  CalOPPA requires us to disclose how we respond to “Do Not Track” (DNT) signals: at present, many browsers’ DNT signals are not standardized; we therefore do not respond to traditional DNT signals, but we honor applicable opt-out mechanisms required by law.

10. Your Rights Under CCPA 

If you are a California resident, you are entitled to know what personal data we collect, ask us to delete your data, and opt out of any sale of your data. 

What personal information we hold 

We will disclose the categories of data collected, sources, business purposes, and categories of third parties with whom it is shared. You may make this request up to twice in any rolling 12-month period. 

To delete your personal information 

We will delete the personal information we hold from our records and direct service providers to do the same. Deletion may impact your ability to use certain features of the Service. 

To stop selling your personal information 

We do not sell or rent your personal information to any third party. We will never discriminate against you for exercising your rights. To make a request, email  chia-support@ramco.com. 

We may engage third-party companies and individuals to facilitate the Service ("Service Providers"), provide the Service on our behalf, or help us understand how the Service is used. These third parties have access to your Personal Data only to perform these tasks and are contractually obligated not to disclose or use it for any other purpose. 

13. Analytics 

We may use third-party Service Providers to monitor and analyze use of our Service, including: 

• Google Analytics: A web analytics service by Google that tracks and reports website traffic. See https://policies.google.com/privacy 

• Segment.io: A customer data platform for analytics. See https://segment.com/legal/privacy/ 

14. CI/CD Tools 

We may use third-party development and deployment tools to build, test, and release our Service — including GitHub for code hosting and project management. For more information, see the GitHub Privacy Statement at https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement. 

15. Payments 

Where we offer paid products or services, we use PCI-DSS compliant third-party payment processors. We do not store or collect your payment card details. The payment processor we work with is: 

Razorpay: https://razorpay.com/privacy-policy/ 

16. Links to Other Sites 

Our Service may contain links to third-party websites that are not operated by us. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. 

17. Changes to This Policy 

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Policy on this page and, where appropriate, via email or a prominent in-product notice prior to the change becoming effective. 

You are advised to review this Privacy Policy periodically. Continued use of the Service after changes are posted constitutes your acceptance of the updated Policy. 

18. Contact Us 

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us: 

Ramco Systems Limited Email:  chia-support@ramco.com Website: https://www.ramco.com/ai/conversational-ai