Privacy Policy

1. Introduction and Scope

Gatim AI Tech Innovations Private Limited ("Company," "we," "us," or "our") respects the privacy of individuals who visit our website, submit demo requests, and apply for employment opportunities ("you" or "User"). This Privacy Policy ("Policy") governs the collection, use, processing, storage, and disclosure of Personal Information (as defined herein) obtained through our website located at www.gatiai.com (the "Website"), including but not limited to our demo request system and career portal.

This Policy does not apply to the platforms operated at gatim.ai (AI Legal Assistant) or dashboard.gatim.ai (Practice Management Platform), which are governed by separate privacy policies. This Policy is applicable solely to the Website and related services as described herein.

By accessing or using the Website, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree with the terms of this Policy, you must not access or use the Website.

2. Information We Collect

2.1 Personal Information

"Personal Information" means any information that identifies or can be used to identify an individual. We collect the following categories of Personal Information:

Demo Request Information

When you submit a demo request through our Website, we collect:

• First name and last name
• Email address
• Firm name and organization details
• Team size (optional)
• Message content (optional)
• IP address (for rate limiting and security purposes)
• Timestamp of submission

Job Application Information

When you submit an employment application through our career portal, we collect:

• First name and last name
• Email address and telephone number
• Current location
• Resume/Curriculum Vitae (stored on Amazon Web Services S3)
• Cover letter (optional)
• LinkedIn profile URL (optional)
• Portfolio website URL (optional)
• Current role and years of experience (optional)
• Expected salary and notice period (optional)
• Selected skills and qualifications
• IP address (for rate limiting and security purposes)

2.2 Automatically Collected Information

We automatically collect certain information when you access or use the Website:

• IP Address: Collected for rate limiting, security monitoring, and prevention of distributed denial-of-service (DDoS) attacks. IP addresses are stored temporarily in volatile memory and automatically purged within five (5) minutes.
• Browser Information: Browser type, version, and language preferences.
• Device Information: Device type, operating system, and screen resolution.
• Usage Data: Pages visited, time spent on pages, and navigation patterns.

2.3 Cookies and Similar Technologies

The Website uses only essential cookies necessary for basic functionality, including session management and user preference storage (e.g., theme selection). We do not deploy advertising, tracking, or analytics cookies. You may disable cookies through your browser settings; however, certain features of the Website may not function properly without cookies enabled.

3. How We Use Your Information

We process Personal Information for the following purposes:

3.1 Demo Requests

• To respond to your demo request and schedule product demonstrations
• To contact you regarding our products and services
• To facilitate customer onboarding and account setup
• To maintain records of sales inquiries for business purposes
• To analyze demand patterns and improve our services

3.2 Job Applications

• To evaluate your qualifications and suitability for employment
• To conduct the recruitment and interview process
• To communicate with you regarding your application status
• To comply with employment laws and regulations
• To maintain a database of potential candidates for future opportunities

3.3 Security and Fraud Prevention

• To implement rate limiting and prevent abuse of our systems
• To detect and prevent fraudulent activities
• To protect against DDoS attacks and other security threats
• To enforce our Terms of Service

3.4 Legal Compliance

• To comply with applicable laws, regulations, and legal processes
• To respond to lawful requests from government authorities
• To enforce our legal rights and protect against legal liability

4. Data Storage and Security

4.1 Storage Infrastructure

Personal Information is stored using the following infrastructure:

• Database: PostgreSQL database with encryption at rest. Demo requests and application data are stored in separate database tables with appropriate access controls.
• File Storage: Resume files are stored on Amazon Web Services (AWS) Simple Storage Service (S3) in a private bucket with restricted access. Files are uploaded using presigned URLs with ten (10) minute expiration periods.
• Rate Limiting Data: IP addresses used for rate limiting are stored temporarily in volatile memory (RAM) and are automatically purged within five (5) minutes. This data is not persisted to permanent storage.

4.2 Security Measures

We implement industry-standard security measures to protect Personal Information, including:

• Transport Layer Security (TLS) encryption for data transmission via HTTPS
• Encryption at rest for database storage
• Access controls and authentication mechanisms
• Regular security audits and vulnerability assessments
• Rate limiting (5 demo requests per hour per IP address; 10 job applications per hour per IP address)
• Employee access restrictions on a need-to-know basis

Notwithstanding the foregoing, no method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your Personal Information, we cannot guarantee absolute security.

5. Third-Party Services and Data Sharing

5.1 Third-Party Service Providers

We engage third-party service providers to facilitate our operations. These service providers have access to Personal Information only to perform specific tasks on our behalf and are obligated to protect the confidentiality and security of such information:

• Amazon Web Services (AWS): Cloud infrastructure provider for resume file storage (S3). AWS is bound by its Privacy Notice and complies with applicable data protection regulations.
• Database Hosting Providers: For PostgreSQL database hosting and management.
• Email Service Providers: For sending communications related to demo requests and job applications.

5.2 Artificial Intelligence Services (Platform-Specific)

The Website does not utilize artificial intelligence services for processing visitor data. However, our platforms (gatim.ai and dashboard.gatim.ai) utilize AI services from Azure OpenAI, Perplexity AI, Google Gemini, and DeepSeek for document processing and legal research. These AI services are governed by separate platform privacy policies.

Important Notice: We do not use your Personal Information submitted via the Website (demo requests or job applications) to train artificial intelligence models. Your data submitted through the Website remains confidential and is used solely for the purposes stated in this Policy.

5.3 No Sale of Personal Information

We do not sell, rent, or trade your Personal Information to third parties for marketing purposes.

6. Data Retention

We retain Personal Information for the following periods:

• Demo Requests: Retained indefinitely for sales and customer relationship management purposes. You may request deletion of your demo request data at any time by contacting privacy@gatiai.com.
• Job Applications: Retained for a minimum of six (6) months or for the duration of the recruitment process, whichever is longer. Applications may be retained beyond this period if you consent to be considered for future opportunities. You may request deletion of your application data at any time by contacting privacy@gatiai.com.
• Rate Limiting Data: IP addresses collected for rate limiting purposes are stored in volatile memory and are automatically deleted within five (5) minutes. This data is not persisted to permanent storage.
• Website Analytics: Usage data and browser information are retained for twelve (12) months for website improvement purposes.

Upon expiration of the applicable retention period, Personal Information will be deleted or anonymized in accordance with our data retention policies and applicable law.

7. Your Rights Under Applicable Law

Subject to applicable law, including Indian data protection legislation and the Information Technology Act, 2000, you have the following rights with respect to your Personal Information:

• Right to Access: You have the right to request confirmation of whether we process your Personal Information and to obtain a copy of such information.
• Right to Correction: You have the right to request correction of inaccurate or incomplete Personal Information.
• Right to Deletion/Erasure: You have the right to request deletion of your Personal Information, subject to legal retention requirements and legitimate business purposes.
• Right to Data Portability: You have the right to receive your Personal Information in a structured, commonly used, and machine-readable format and to transmit such data to another controller.
• Right to Object: You have the right to object to the processing of your Personal Information for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw such consent at any time.

To exercise any of these rights, please submit a written request to our Privacy Officer at privacy@gatiai.com. We will respond to your request within thirty (30) days of receipt, subject to verification of your identity.

8. Cookies and Tracking Technologies

The Website utilizes only essential cookies necessary for core functionality:

• Session Cookies: Temporary cookies that expire when you close your browser. Used to maintain your session while navigating the Website.
• Preference Cookies: Used to store your preferences, such as theme selection (light or dark mode).

We do not use advertising cookies, tracking cookies, or third-party analytics cookies. You may disable cookies through your browser settings; however, disabling cookies may impair certain functionality of the Website.

9. Children's Privacy

The Website is not directed to individuals under the age of eighteen (18) years. We do not knowingly collect Personal Information from children. If we become aware that we have inadvertently collected Personal Information from a child under 18 without parental consent, we will take steps to delete such information promptly.

If you are a parent or guardian and believe that your child has provided Personal Information to us, please contact us at privacy@gatiai.com.

10. Changes to This Privacy Policy

We reserve the right to modify this Policy at any time, in our sole discretion. Any changes to this Policy will be effective upon posting of the revised Policy on the Website with an updated "Last Updated" date.

Material changes to this Policy will be communicated to registered users via email notification sent to the email address associated with your demo request or job application. Your continued use of the Website following the posting of changes constitutes your acceptance of such changes.

We recommend that you review this Policy periodically to remain informed of our privacy practices.

11. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy Officer:

For general inquiries, you may also contact us at sales@gatiai.com