Privacy Policy

This Privacy Policy describes how 7Mentoris ("Brand, Company", "we", "us", or "our") collects, uses, discloses, and protects your information when you use our platform ("Service"), which provides ISO-related document management, AI-assisted content generation, and process excellence tools.

By using our Service, you consent to the practices described in this Privacy Policy.

We try our best to comply with:

• Information Technology Act, 2000 (India) and the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
• Digital Personal Data Protection Act (DPDP) 2023 (India)
• General Data Protection Regulation (GDPR, EU)
• California Consumer Privacy Act (CCPA, US); and other applicable data protection laws

We collect and process the following categories of information:

(a) Personal Information

• Name, email address, company name, role, billing and contact details
• Account credentials and authentication data (hashed passwords)

(b) Usage Data

• Log data (IP address, browser type, OS, session duration, activity logs)
• Clickstream data, API usage, and document creation patterns

(c) Technical and Device Data

• Cookies, local storage, analytics scripts, and device identifiers
• Error logs and diagnostic reports to improve performance

(d) Document Content and Uploads

• Files, templates, and text content you upload, generate, or store on the platform
• AI-generated content processed via OpenAI APIs or equivalent LLM providers

(e) Payment Data

• Processed through third-party payment gateways (e.g., PayPal, Razorpay, etc)
• We do not store card or banking information on our servers

We process information to:

• Deliver and maintain our Services
• Generate documents via AI models (Various AI Models, like GPT-4, Gemini, etc.)
• Authenticate users and manage subscriptions
• Improve accuracy and performance through usage analytics
• Notify you about updates, outages, and security incidents
• Detect and prevent fraud, abuse, and misuse
• Comply with legal obligations, court orders, or regulatory requirements

• AI outputs are produced using third-party APIs (e.g., OpenAI)
• While we do not use your data to train these external AI models, processing occurs through their APIs
• Users are responsible for reviewing AI-generated content before using it for business or compliance purposes
• We disclaim liability for any inaccuracies or compliance violations arising from reliance on AI output

We implement industry-standard technical and organizational measures to safeguard data:

• End-to-end encryption (TLS 1.2 or higher) for data in transit
• AES-256 encryption for data at rest
• Role-based access control (RBAC) and multi-factor authentication (MFA) for admin access
• Regular vulnerability scans, penetration testing, and audits
• Business continuity and incident response plans for data breaches

If a data breach occurs, we will notify affected users and relevant authorities within 72 hours (as per GDPR/DPDP standards).

We process your data based on:

• Consent: You provide consent during registration and usage
• Contractual necessity: To deliver services you subscribed to
• Legitimate interest: To improve performance, prevent fraud, and analyze trends
• Legal obligation: Where required under applicable laws

• We retain data only for as long as necessary to fulfill the purpose for which it was collected or as required by law
• Account data and AI-generated files are deleted within 30 days of account closure, unless longer retention is required by tax or regulatory compliance
• Backup copies may persist temporarily (up to 90 days) for disaster recovery

We may share limited data with:

• Service providers: Google, AWS, Supabase (hosting/database), Vercel (frontend), AI Models and LLMs (AI processing), and analytics tools
• Payment processors: PayPal, Razorpay, etc for billing and refunds
• Regulators or law enforcement: If legally required

We never sell, rent, or trade personal data to third parties.

Your information may be transferred to and processed in countries outside your own.

We ensure protection through:

• Standard Contractual Clauses (SCCs) for cross-border transfers
• Adequacy decisions and contractual safeguards under GDPR and DPDP frameworks

We use cookies and similar technologies for:

• Authentication and session management
• Analytics and usage metrics (Google Analytics, Supabase metrics)
• Performance optimization and personalization

You may control cookie preferences via your browser settings.

You have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete information
• Erasure ("Right to be Forgotten"): Request deletion of personal data
• Portability: Obtain data in a machine-readable format
• Objection: Object to processing for marketing or profiling
• Restriction: Request limits on how we use your data
• Withdraw consent: At any time, without affecting prior processing

To exercise these rights, contact support@7mentoris.com.com.

Our Services are not intended for individuals under 18.

We do not knowingly collect personal data from minors. If you believe a minor has submitted data, contact us for prompt deletion.

• 7Mentoris acts as Data Controller for user accounts and billing
• Third-party vendors (Supabase, OpenAI, etc.) act as Data Processors on our behalf under strict contractual obligations

In the event of:

• Database corruption, deletion, or unauthorized access, we will immediately investigate, isolate affected systems, and notify impacted users
• Users are responsible for maintaining backups of uploaded data and AI-generated files where necessary

We may revise this Privacy Policy periodically.

All updates will be posted on our website with the "Last Updated" date. Continued use of the Service constitutes acceptance of the revised policy.