Plain English Summary: This policy covers how the Servyn AI mobile app (Android & iOS) collects, uses, stores, and protects your personal data. We request only the permissions we genuinely need. We do not track your location. We do not sell your data. Your data stays in India. You can withdraw consent and request deletion at any time.
This Privacy Policy ("Mobile Privacy Policy") applies specifically to the Servyn AI mobile application ("App"), available for download on the Google Play Store (Android) and Apple App Store (iOS). It governs how Servyn AI collects, uses, stores, shares, and protects personal data through the App.
This Mobile Privacy Policy supplements our Web Application Privacy Policy and should be read alongside it. Where this policy and the Web Privacy Policy overlap or conflict on mobile-specific matters, this Mobile Privacy Policy takes precedence.
This policy applies to:
By downloading, installing, or using the App, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy. If you do not agree, please uninstall the App and contact your company administrator.
This policy complies with:
Under the DPDP Act 2023, Servyn AI is the Data Fiduciary — the entity that determines the purpose and means of processing your personal data. Our details are:
Address: 4A B.D.D. Chawl, Naigaon, Dadar, Mumbai – 400014, Maharashtra, India
Email: founder@servynai.in
Phone: +91 97684 46498
Website: servynai.in
Your employer (the company that has subscribed to Servyn AI) is also a Data Fiduciary in respect of data they enter about you into the platform. For employment-related data, your employer's own privacy policies may also apply.
| Term | Meaning |
|---|---|
| Personal Data | Any data about an individual who is identifiable by or in relation to such data (as per DPDP Act 2023) |
| Sensitive Personal Data (SPDI) | Passwords, financial data, health data, biometric data, and other categories defined under IT Rules 2011 |
| Data Fiduciary | An entity that determines the purpose and means of processing personal data (Servyn AI) |
| Data Principal | The individual to whom personal data relates (you, the App user) |
| Data Processor | An entity that processes personal data on behalf of the Data Fiduciary (e.g., Supabase, Cloudinary) |
| Processing | Any operation performed on personal data — collection, storage, use, sharing, transmission, or deletion |
| Consent | A free, specific, informed, unconditional, and unambiguous indication of your agreement to processing |
| App | The Servyn AI mobile application for Android and iOS |
The App collects the following categories of personal data:
| Data | Examples | When Collected |
|---|---|---|
| Account credentials | Email address, password (hashed, never stored in plain text) | At login |
| Profile information | Name, employee code, designation, department | Set by your employer |
| Job-related data | Job updates, work notes, site observations, completion remarks | When you update a job card |
| Photos & media | Job completion photos, document uploads you choose to submit | Only when you explicitly capture or select media |
| Support communications | Messages you send to our support team | When you contact support |
| Data | Examples | Purpose |
|---|---|---|
| Device information | Device model, manufacturer, OS version (Android/iOS), screen resolution | Session management, compatibility |
| App usage data | Screens visited, features used, time spent in app, actions performed | Product improvement, bug fixing |
| Network data | IP address at time of API requests, connection type (WiFi/mobile data) | Security monitoring, fraud prevention |
| Push notification token | FCM token (Android) or APNs token (iOS) assigned by Google/Apple | Delivering job alerts and notifications |
| Session & authentication data | Login timestamp, session duration, logout events | Security, audit trail |
| Crash & error data | Anonymous stack traces, error codes, app state at time of crash | Diagnosing and fixing bugs |
What we do NOT collect: GPS location or geolocation data, contact list or address book, call logs or SMS content, browsing history outside our App, microphone or audio recordings, health or fitness data, financial account details or card numbers.
Under the Information Technology (SPDI) Rules 2011, certain categories of data are classified as Sensitive Personal Data or Information (SPDI) and require additional protection.
The Servyn AI mobile app does not intentionally collect the following SPDI categories:
The only SPDI we process is your password, which is:
If the nature of the App's features changes in the future such that SPDI is collected, this policy will be updated and explicit consent obtained before such collection begins.
We follow a minimum permissions principle — we request only what is strictly necessary for specific features. Every permission has a documented lawful basis.
| Permission | Platform | Feature It Enables | Lawful Basis | Optional? |
|---|---|---|---|---|
| CAMERA | Android & iOS | Capturing job completion photos or document photos directly within the App | Consent (you trigger the action; no background access) | ✅ Yes — App functions without it |
| READ_EXTERNAL_STORAGE / Photo Library | Android & iOS | Selecting existing photos from your device gallery to attach to a job | Consent (you choose which photos to share) | ✅ Yes — App functions without it |
| POST_NOTIFICATIONS | Android 13+ | Displaying push notifications for job alerts, status updates, and system messages | Consent (you approve the permission prompt) | ✅ Yes — in-app notifications still work |
| Notification permission | iOS | Displaying push notifications for job alerts, status updates, and system messages | Consent (you approve the iOS system prompt) | ✅ Yes — in-app notifications still work |
| INTERNET | Android | Connecting to Servyn AI servers to sync all data — core functionality | Contract performance (essential to provide the service) | ❌ No — required for core features |
| ACCESS_NETWORK_STATE | Android | Detecting connectivity status so the App can show offline mode gracefully | Legitimate interest (better user experience) | ❌ No — required for reliability |
| RECEIVE_BOOT_COMPLETED | Android | Re-registering push notification token after device restart | Legitimate interest (ensuring notifications continue working) | ❌ No — required for push continuity |
Revoking a permission disables the related feature but does not delete any data already submitted. It does not affect your account.
With your explicit permission, the App sends push notifications for the following purposes only:
We do not send marketing, promotional, or advertising push notifications.
Push notifications are delivered via:
Google (FCM) and Apple (APNs) receive only the minimum data required to route the notification to your device — specifically, a device token. They do not receive the notification content, your name, or any personally identifiable information beyond the token.
The push token stored by us is linked to your user account and company. It is deleted or invalidated when you log out, uninstall the App, or revoke notification permissions.
To provide a fast and reliable experience — including partial functionality when internet connectivity is unavailable — the App temporarily stores certain data locally on your device:
| Data Stored Locally | Purpose | Storage Method |
|---|---|---|
| Authentication token | Keeping you logged in between sessions | Encrypted secure storage (Keystore / Keychain) |
| Your profile (name, role, company) | Displaying your information without a server round-trip | Encrypted local database |
| Recently accessed job cards | Faster load times, offline viewing | Encrypted local cache |
| App preferences (theme, notifications) | Remembering your settings | Local shared preferences |
All locally stored data is:
When the App crashes or encounters an error, we may collect anonymous diagnostic data to help us identify and fix the problem. This may include:
Crash reports are anonymous — they do not include your name, email, job data, company name, or any personally identifiable information. They are used solely for the purpose of diagnosing and fixing software defects.
We do not use any third-party crash analytics SDK (such as Firebase Crashlytics, Sentry, or Bugsnag). Crash data is collected internally through our own error handling infrastructure.
Under the DPDP Act 2023 and SPDI Rules 2011, every act of processing personal data must have a lawful basis. The following table sets out our lawful basis for each processing activity:
| Processing Activity | Lawful Basis | Explanation |
|---|---|---|
| Authenticating your identity at login | Contract performance | Necessary to provide access to the service you or your employer contracted for |
| Displaying and updating job cards | Contract performance | Core service functionality |
| Storing your profile and role | Contract performance | Necessary to provide role-appropriate access |
| Sending push notifications | Consent | You expressly grant notification permission; you can withdraw at any time |
| Processing photos you upload | Consent | You initiate each upload — no background photo access |
| Collecting device & usage data | Legitimate interest | To maintain security, fix bugs, and improve the App |
| Collecting anonymous crash data | Legitimate interest | To diagnose and fix software defects |
| Retaining data after account closure | Legal obligation | Where required by Indian law (e.g. accounting records) |
| Sharing data with Data Processors | Contract performance + Legitimate interest | Necessary to operate our technical infrastructure |
⚠️ Withdrawing consent for processing that is necessary for contract performance (e.g., account authentication) will result in your inability to use the App. If your employer has subscribed to Servyn AI, you may need to contact your employer to discuss alternatives.
Under the DPDP Act 2023, personal data must be used only for the specific, stated purpose for which it was collected. We commit to the following:
We share data with the following Data Processors — entities that process data on our behalf under our instructions. We do not sell, rent, or share your personal data with any party for their own commercial use.
| Processor | Role | Data Shared | Location | Safeguards |
|---|---|---|---|---|
| Supabase | PostgreSQL database hosting | All app data (accounts, jobs, photos, logs) | AWS ap-south-1 (Mumbai, India) | Contractual DPA, encryption at rest and in transit |
| Vercel | API and backend application hosting | API requests (including auth tokens, job data) | Global CDN (primary: US-East, data in transit only) | TLS 1.3, SOC 2 Type II, data processing agreement |
| Cloudinary | Media and image storage | Photos and documents you upload | Global (media stored on nearest CDN node) | Contractual DPA, encryption at rest |
| Google (Firebase Cloud Messaging) | Android push notification delivery | FCM device token, notification payload | Google infrastructure (global) | Google's Terms of Service & Data Processing Addendum |
| Apple (APNs) | iOS push notification delivery | APNs device token, notification payload | Apple infrastructure (global) | Apple Developer Program Agreement |
All Data Processors are contractually bound to:
We do not share data with advertising networks, data brokers, analytics companies (beyond those listed), or any government authority except where legally required.
The Servyn AI App is distributed through the Google Play Store and the Apple App Store. These platforms operate independently and have their own privacy practices:
Our primary data storage is located in India (AWS ap-south-1, Mumbai). However, some of our Data Processors operate infrastructure outside India:
Where data is transferred outside India, we ensure:
As the DPDP Act 2023 cross-border transfer framework is notified by the Government of India, we will update our practices to comply with any additional requirements introduced.
We implement a layered security architecture to protect your personal data:
⚠️ While we implement industry-standard security measures, no system is 100% secure. We cannot guarantee absolute security of data transmitted over the internet or stored on any system. We recommend you use a strong, unique password and log out of the App when using shared devices.
In the event of a personal data breach that is likely to result in risk to the rights and freedoms of affected individuals, we will:
If you suspect a security breach involving your account, contact us immediately at founder@servynai.in with the subject line "Security Incident Report".
| Data Type | Retention Period | Deletion Trigger |
|---|---|---|
| Account & profile data | Duration of active subscription | 30 days after subscription ends or account deactivation |
| Job records & operational data | Duration of active subscription | 30 days after subscription ends |
| Uploaded photos & media | Duration of active subscription | 30 days after subscription ends |
| Trial account data | 7 days after trial ends | Automatic — 3-day advance warning sent |
| Push notification tokens | Until invalidated | Within 7 days of logout, uninstall, or permission revocation |
| Authentication logs & session data | 90 days | Automatic rolling deletion |
| Crash & error reports | 90 days | Automatic purge after 90 days |
| Support communications | 12 months | Automatic purge after 12 months |
| Database backups | 30 days rolling | Automatic overwrite on 30-day cycle |
After the applicable retention period, data is permanently deleted from our active database and will be excluded from all subsequent backups. Deletion is irreversible.
Certain data may be retained for longer periods where required by Indian law (e.g., financial records under the Companies Act or GST Act). We will inform you of any such retention where legally permitted.
Under the Digital Personal Data Protection Act 2023, you have the following rights in respect of your personal data:
| Right | What It Means | How to Exercise |
|---|---|---|
| Right to Access | Obtain a summary of personal data we hold about you and how it is being processed | Email founder@servynai.in — subject: "Data Access Request" |
| Right to Correction | Request correction of inaccurate, incomplete, or outdated personal data | Email founder@servynai.in or contact your company admin |
| Right to Erasure | Request deletion of personal data that is no longer necessary for the purpose it was collected, subject to legal obligations | Email founder@servynai.in — subject: "Data Deletion Request" |
| Right to Grievance Redressal | Lodge a complaint with our Grievance Officer if you believe your data rights are being violated | Contact Grievance Officer (see Section 26) |
| Right to Nominate | Nominate another individual to exercise your data rights in the event of your death or incapacity | Email founder@servynai.in with nomination details |
| Right to Withdraw Consent | Withdraw consent for consent-based processing activities at any time | Device settings (permissions) or email founder@servynai.in |
We will respond to all data rights requests within 30 days of receipt. In complex cases, we may extend this to 60 days with prior notification.
Note for Employees: If your account is managed by your employer, certain rights (such as correction of your job designation) may need to be exercised through your company administrator first, as they are the Data Fiduciary for employment-related data they enter about you.
If you are not satisfied with our response, you may escalate to the Data Protection Board of India once it is constituted under the DPDP Act 2023.
The Servyn AI App is a professional business software tool intended exclusively for use by adults in an employment capacity. It is not directed at, designed for, or intended to be used by individuals under the age of 18.
Under the DPDP Act 2023, children are defined as individuals below 18 years of age. We do not knowingly process personal data of children. The App is listed on app stores with a business/professional category rating and is not available to child-directed accounts.
If we become aware that we have inadvertently collected personal data of a minor, we will:
If you are a parent or guardian and believe your child has accessed this App, please contact us immediately at founder@servynai.in.
Company administrators are responsible for ensuring that user accounts are created only for adult employees. Creating an account for a minor on this platform violates our Terms of Service.
The App may display or link to third-party content or services in limited contexts, such as:
When you follow such links or interact with third-party services, you leave the Servyn AI App environment. Servyn AI has no control over and assumes no responsibility for the privacy practices, content, or data collection of any third-party services.
We strongly recommend reviewing the privacy policies of any third-party service before interacting with it. The presence of a link in our App does not constitute our endorsement of that service's privacy practices.
If you are using the Servyn AI App as an employee of a company that has subscribed to the platform, the following additional considerations apply:
This Privacy Policy is governed by and construed in accordance with the laws of India, including but not limited to:
Any dispute arising out of or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of Mumbai, Maharashtra, India.
Before initiating legal proceedings, you agree to first attempt resolution by contacting our Grievance Officer and allowing 30 days for resolution.
We may update this Mobile Privacy Policy from time to time to reflect changes in our practices, the App's features, or applicable law. When we make changes:
The latest version of this policy is always available at servynai.in/privacy-mobile and within the App under Settings > Legal.
Continued use of the App after the effective date of an updated policy constitutes your acceptance of the changes. If you do not agree with any changes, you must stop using the App and contact your company administrator.
As required under the Digital Personal Data Protection Act 2023 and the Information Technology (SPDI) Rules 2011, Servyn AI has appointed a Grievance Officer to address privacy-related complaints and data rights requests.
Name: Rahul Birwadkar
Designation: Founder & Grievance Officer
Organisation: Servyn AI
Address: 4A B.D.D. Chawl, Naigaon, Dadar, Mumbai – 400014, Maharashtra, India
Email: founder@servynai.in
Phone: +91 97684 46498
Response Time: Within 30 days of receipt of a grievance
Hours: Monday to Saturday, 10:00 AM – 6:00 PM IST
When submitting a grievance, please include:
If you are not satisfied with the resolution provided by the Grievance Officer, you may escalate your complaint to the Data Protection Board of India once constituted under the DPDP Act 2023.
For any questions, concerns, or requests related to this Privacy Policy or your personal data:
💬 WhatsApp: +91 97684 46498
📍 4A B.D.D. Chawl, Naigaon, Dadar, Mumbai – 400014, Maharashtra, India
⏰ Monday – Saturday, 10:00 AM – 6:00 PM IST