This is a beta product. We are building transparently. Questions? founder.eve.ai@gmail.com
Legal

Privacy Policy

Effective date: June 2026
Applies to: uvilox.ai and all Uvilox AI products
Jurisdiction: India

This policy is written in plain language on purpose. If something is unclear, email us at founder.eve.ai@gmail.com and we will explain it directly.

1. Who we are

Uvilox AI is an early-stage product being built to provide real-time Indian Sign Language (ISL) interpretation for deaf and hard-of-hearing users in India. We are currently in community beta.

For the purposes of this policy, “we”, “us”, and “Uvilox AI” refers to the founders and operators of the Uvilox AI product.

2. Legal framework this policy operates under

DPDP Act 2023IT Act 2000SPDI Rules 2011

This Privacy Policy is written in compliance with:

  • Digital Personal Data Protection Act, 2023 (DPDP Act)— India's primary data protection law governing collection, processing, and storage of personal data of Indian citizens.
  • Information Technology Act, 2000— India's foundational law governing electronic records and data.
  • IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules) — Governs the handling of sensitive personal data including biometric data and health information.

We do not claim compliance with HIPAA (a US law), GDPR (an EU law), or any other foreign jurisdiction's data protection law. We are an Indian product building for Indian users under Indian law.

3. What data we collect

We collect only what is necessary to provide and improve our service. During beta, this includes:

  • Registration data:Your name, email address, and self-described role (e.g. deaf user, ASL interpreter, developer) — collected when you sign up for beta access.
  • Camera/video data: Frames from your device camera when you use the sign recognition feature. These are processed in real time and are not stored on our servers by default unless you explicitly opt in to help improve the model.
  • Location data: Only when you activate the emergency SOS feature. We do not collect location data passively or in the background.
  • Usage data: Basic app usage logs (which features were used, error reports). No keystroke logging, no behavioural profiling.
  • Feedback: Any text you submit through our feedback forms.

We do not collect financial data, identity documents, or any data beyond what is listed above.

4. Why we collect it

DPDP Act 2023 — Section 6 (Consent)

We collect your data only for specific, stated purposes:

  • To provide you with beta access and communicate updates
  • To run sign language recognition on your device in real time
  • To send emergency location data when you explicitly trigger SOS
  • To improve our ISL recognition model — only if you separately consent to this
  • To understand how the product is being used and where it fails

We will not use your data for advertising, profiling, or any purpose not listed here without asking for your explicit consent first.

5. Sensitive personal data (biometric and health-adjacent)

SPDI Rules 2011 — Rule 3

Under the SPDI Rules 2011, biometric data and health information are classified as Sensitive Personal Data or Information (SPDI). Video frames of your hands and face may qualify as biometric data.

We handle this data as follows:

  • Video frames used for sign recognition are processed in real time and not stored on our servers by default
  • We obtain your explicit written consent before collecting any sensitive data
  • We do not transfer sensitive personal data to any third party except where required by law
  • We apply AES-256 encryption for any sensitive data that is stored
  • We apply TLS 1.3 for all sensitive data transmitted over the internet

6. Your rights under the DPDP Act 2023

DPDP Act 2023 — Sections 11–14

As a data principal (a person whose data we hold), you have the following rights under the Digital Personal Data Protection Act 2023:

  • Right to information: Know what personal data we hold about you
  • Right to correction: Ask us to correct inaccurate data
  • Right to erasure: Ask us to delete your data entirely
  • Right to grievance redressal: Raise a complaint and receive a response within a reasonable time
  • Right to withdraw consent: Withdraw any consent you have given at any time. Withdrawal does not affect anything done before withdrawal.

To exercise any of these rights, email founder.eve.ai@gmail.com. We will respond within 30 days.

7. Data storage and retention

We store data for as long as needed to provide the service or as required by law. Specifically:

  • Beta registration data — retained until you request deletion or 2 years after your last activity, whichever is earlier
  • Video frame data — not stored by default. If you opt in to model improvement, frames are retained for a maximum of 6 months then permanently deleted
  • Emergency SOS location data — deleted within 24 hours of the SOS event
  • Usage logs — retained for 90 days for debugging purposes, then deleted

8. Data sharing

We do not sell your data. Ever. We do not share your data with advertisers, data brokers, or marketing companies.

We may share data only in these limited circumstances:

  • With service providers who help us operate (e.g. cloud hosting) — under strict data processing agreements
  • With emergency services (Police/Ambulance/Fire via 112) — only when you trigger SOS, and only the data you pre-approved in your emergency profile
  • When required by Indian law or a valid court order

9. Security measures

SPDI Rules 2011 — Rule 8

We implement reasonable security practices as required under Rule 8 of the SPDI Rules 2011. Current security measures include:

  • AES-256 encryption for data at rest
  • TLS 1.3 for all data in transit
  • Access controls limiting who can access user data internally
  • No third-party analytics scripts that collect user data without disclosure

We are a beta-stage product. Our security architecture is actively being built and improved. We will update this section as new measures are implemented.

10. Children's data

Under the DPDP Act 2023, users under 18 are considered children and require verifiable parental consent before we can process their data. We do not knowingly collect data from users under 18 without parental consent. If you believe we have collected data from a minor without appropriate consent, contact us immediately at founder.eve.ai@gmail.com.

11. Changes to this policy

We will update this policy as the product evolves. When we make material changes, we will notify beta members by email and update the effective date at the top of this page. Continued use of the product after changes means acceptance of the updated policy.

12. Grievance Officer

SPDI Rules 2011 — Rule 5(9)

Under Rule 5(9) of the SPDI Rules 2011, we are required to designate a Grievance Officer to address complaints. You can raise any privacy complaint with:

Grievance Officer — Uvilox AI

Email: founder.eve.ai@gmail.com
Response time: Within 30 days of receiving your complaint
Escalation: If unresolved, you may approach the Data Protection Board of India once constituted under the DPDP Act 2023.