Privacy Policy

1. Information We Collect

We collect the following categories of information:

• Account data: Your email address and password (hashed and stored securely) when you sign up.
• Company data: Your company name and IEC (Importer Exporter Code) number, which you provide in Settings.
• Invoice data: Supplier invoice PDFs and their extracted contents (line items, values, descriptions, HS codes) that you upload for pre-check analysis. These are stored securely in our cloud infrastructure, tied to your account.
• Analysis results: The output of each AI pre-check analysis — extracted line items, indicative MaxNOM percentage, compliance worksheet data, and origin determination — saved to your account history.
• Usage and device data: IP addresses, browser type and version, user-agent strings, operating system, pages visited, and timestamps of interactions — used for security, audit logging, and debugging.
• Compliance disclaimer acceptance: When you accept the compliance disclaimer, we log your IP address, user-agent string, and timestamp for audit and legal record-keeping purposes.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Pre-check analysis: To process your uploaded invoices through our AI engine and return indicative compliance worksheets.
• Audit logging: To maintain records of analyses performed, disclaimer acceptances, and account activity for compliance and dispute resolution.
• Service improvement: To improve our analysis accuracy, fix bugs, and enhance the platform based on aggregated, anonymised usage patterns.
• Account operations: To manage your account, process payments, and send transactional emails (e.g., password reset, billing receipts).
• Security: To detect and prevent unauthorised access, fraud, and abuse.

We do not sell, rent, or share your personal data or uploaded documents with third parties for marketing purposes.

3. Data Storage

All data is stored on Supabase cloud infrastructure. Access controls ensure your data is only accessible by your authenticated account. We use HTTPS/TLS for all data in transit and encryption at rest for stored data.

While we take reasonable security measures, no system is 100% secure. We encourage you to use a strong, unique password and enable any available account protection features.

4. Third-Party Services

To operate the platform, we use the following third-party service providers. Each processes your data only as instructed and maintains appropriate security standards:

• Anthropic (Claude):Invoice contents are transmitted to Anthropic's Claude AI model for text extraction and compliance analysis. Document content is processed transiently and is not used by Anthropic to train their AI models. Please do not upload documents containing sensitive personal data (e.g., Aadhaar numbers, bank account details) beyond what is necessary for trade compliance analysis.
• Razorpay: Payment processing for credit purchases and subscription management. Razorpay processes your payment card details directly; we do not store your full card number on our servers.
• Supabase: Authentication, database, and file storage infrastructure.
• Vercel: Application hosting and edge delivery.

We do not share your data with any third party for advertising or marketing purposes.

5. Data Retention

We retain different categories of data for different periods:

• Account data: Retained for as long as your account is active, plus 30 days after deletion request.
• Analysis history: Retained for as long as your account is active. Deleted within 30 days of account deletion.
• Uploaded invoices: Retained for as long as your account is active. Permanently deleted within 30 days of account deletion.
• Audit logs (disclaimer acceptance, analysis timestamps): Retained for a minimum of 3 years for legal and compliance purposes, even after account deletion.
• Aggregated analytics: Anonymised, aggregated data may be retained indefinitely for service improvement.

6. Cookies

We use strictly necessary cookies to maintain your authenticated session. We do not use advertising or tracking cookies.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate data.
• Deletion: Request deletion of your data ("right to be forgotten"), subject to legal retention requirements.
• Restriction: Object to or restrict certain processing activities.
• Portability: Receive your data in a machine-readable format (JSON or CSV export).

To exercise any of these rights, please email us at founder.nexdutyai@gmail.com. We will respond to your request within 30 days.

8. Compliance Disclaimer Logging

Before performing each pre-check analysis, users are required to acknowledge a compliance disclaimer confirming they understand the nature and limitations of our outputs. We log the following information each time a user accepts this disclaimer:

• User ID and email address
• IP address at the time of acceptance
• User-agent string (browser and device information)
• Timestamp of acceptance (UTC)
• Version of the disclaimer text accepted

This information is retained for audit and legal purposes for a minimum of 3 years and cannot be deleted upon user request due to regulatory requirements.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on the platform or sending an email to your registered address. Continued use of NexDuty AI after changes constitutes acceptance of the updated policy.

10. Contact Us

For any privacy-related questions or requests, contact us at founder.nexdutyai@gmail.com.