Privacy Policy

• Email address, full name, and business name provided on registration
• Uploaded data files (CSV, Excel, Parquet, JSON) stored on our servers and processed in-memory
• Query history: every natural-language question you ask, the SQL generated, and results returned
• IP address and browser fingerprint for security, abuse detection, and debugging
• Payment metadata (plan, order ID, status) — card numbers and bank details are handled exclusively by Razorpay and never stored by us
• Notebook content, saved queries, workspace membership, and audit trail entries

• Provide and operate the Workliq AI service (analysis, forecasting, ML, alerts)
• Process subscription payments and enforce plan limits
• Send anomaly alerts and scheduled reports to WhatsApp or email (only if you opt in)
• Debug issues, monitor performance, and prevent abuse
• Maintain immutable audit logs for compliance (CA firms, regulated industries)
• Comply with legal obligations under Indian law

We do not sell your data, use it to train AI models, or share it with advertisers.

• Primary storage: Mumbai region (DigitalOcean BLR1) — data does not leave India by default
• All data is encrypted in transit using TLS 1.3
• Data at rest is encrypted using AES-256
• Query text and schema metadata (not raw row data) may be sent to Groq API (US-based) solely for LLM SQL generation

Your data is never sold. We share data only with the following sub-processors under Data Processing Agreements (DPAs):

• Razorpay — payment processing (India)
• Twilio — WhatsApp alert delivery (US, DPA in place)
• Groq — LLM query processing; schema + question text only, no raw data (US, DPA in place)
• DigitalOcean — infrastructure hosting (India region)

We may disclose data when required by Indian law, court order, or a competent regulatory authority.

As a Data Principal under the Digital Personal Data Protection Act 2023, you have the following rights:

• Access — request a summary of personal data we hold about you
• Correction — ask us to update inaccurate or incomplete data
• Erasure — delete your account; we complete erasure within 30 days (grace period for payment records)
• Grievance — raise a complaint with our Grievance Officer within 30 days of any data concern
• Nomination — nominate another individual to exercise rights on your behalf in case of incapacity

Grievance Officer: privacy@workliq.me · Response within 30 days as required under DPDP Act 2023.

• Uploaded datasets: retained until you delete them from your account
• Query history and audit logs: 365 days (immutable — cannot be deleted by users)
• Account and profile data: deleted within 30 days of account deletion request
• Payment records: retained for 7 years as required by Indian financial regulations (Income Tax Act, GST laws)

• Authentication cookies (strictly necessary) — maintain your login session
• Preference cookies (functional) — store theme and UI preferences

We do not use advertising, tracking, or analytics cookies. No third-party tracking scripts are loaded.

The Workliq AI service is not directed at individuals under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact privacy@workliq.me and we will delete it immediately.

Material changes to this Privacy Policy will be notified via email to your registered address and via a banner in the dashboard at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.

For privacy requests, corrections, or complaints, contact us at privacy@workliq.me

WorkLiq AI · India