1. Overview
AISOLO Technologies Private Limited ("AISOLO", "we", "us") operates explainx.ai and is incorporated under the laws of India. As an Indian company processing personal data of Indian citizens ("Data Principals"), we are subject to India's Digital Personal Data Protection Act, 2023 ("DPDP Act") and applicable rules made thereunder.
This page explains how we operate under the DPDP Act — what data we collect, the legal bases we rely on, your rights as a Data Principal, and how to exercise them. This page should be read together with our full Privacy Policy.
We are committed to complying with the DPDP Act as it comes into force and as rules are notified by the Government of India. Where specific rules have not yet been notified, we apply the Act's principles in good faith.
2. Who is the Data Fiduciary?
For the purposes of the DPDP Act, the Data Fiduciary is:
AISOLO Technologies Private Limited
1003, Kamdhenu Commerz, Sector 14, Kharghar
Navi Mumbai 410210, Maharashtra, India
Email: [email protected]
3. Personal data we process
We process personal data as described in our Privacy Policy (Section 2). Key categories include:
- Account data: Email address, name, authentication information.
- Transaction data: Payment amounts, order records (card details are processed by Stripe and not stored by us).
- Usage data: Pages visited, features used, analytics events (PostHog).
- Communications: Newsletter subscriptions (only with consent), support correspondence.
- User-submitted content: Skills, descriptions, and metadata submitted for the public registry.
We do not process sensitive personal data as defined under the DPDP Act (such as health data, financial data beyond what is necessary for payments, biometric data, caste/tribe data, or similar categories).
4. Grounds for processing (consent and legitimate uses)
Under the DPDP Act, personal data may be processed on the basis of consent or for legitimate uses (including performance of a contract, compliance with law, and other purposes notified by the government).
- Consent: Where we request your consent (e.g. for marketing newsletters, analytics cookies where required), we will do so with a clear, plain-language notice and obtain your explicit agreement. You may withdraw consent at any time.
- Contract performance: Processing your account data, processing payments, delivering workshops and courses, and managing your membership is necessary to fulfill the contract between you and AISOLO.
- Legal obligation: We may process data where required by Indian law, including tax records, regulatory requirements, and responses to lawful government requests.
- Legitimate interest: Security monitoring, fraud prevention, and aggregated product analytics where these do not override your rights.
We will not use your personal data for purposes incompatible with those for which it was originally collected without obtaining fresh consent or identifying a new legitimate ground.
5. Notice at collection
We provide notice of data collection at the point of collection — at account registration, newsletter signup, checkout, and other data-collection touchpoints. This notice includes:
- What personal data is being collected.
- The purpose for which it is being processed.
- How to exercise your rights as a Data Principal.
Our Privacy Policy serves as a consolidated notice document.
6. Your rights as a Data Principal
Under the DPDP Act, you have the following rights regarding your personal data processed by us:
6.1 Right to access information (Section 11)
You may request a summary of the personal data we process about you and information about the Data Processors with whom we have shared your data.
6.2 Right to correction and erasure (Section 12)
You may request correction of inaccurate or incomplete personal data. You may also request erasure of personal data where it is no longer necessary for the purpose for which it was collected, or where you have withdrawn consent and there is no other ground for processing. We may retain data required by law (e.g. billing records) even after an erasure request.
6.3 Right to grievance redressal (Section 13)
If you believe we have not complied with the Act in processing your personal data, you may raise a grievance with us. We will respond within the timeframe prescribed by the Act (currently anticipated to be 30 days or as notified). If your grievance is not resolved to your satisfaction, you may approach the Data Protection Board of India once it is constituted.
6.4 Right to nominate (Section 14)
You may nominate another individual to exercise your data rights on your behalf in the event of your death or incapacity. Contact us at [email protected] to submit a nomination.
How to exercise your rights
Email [email protected] with the subject "DPDP Rights Request — [right type]". Include your name, registered email address, and the nature of your request. We will acknowledge within 7 days and resolve within 30 days (or as prescribed by applicable rules). We may ask you to verify your identity before processing your request.
7. Our duties as a Data Fiduciary
Under the DPDP Act, we are committed to:
- Purpose limitation: Processing personal data only for the purposes notified at collection or for which consent was given.
- Data minimisation: Collecting only the personal data necessary for the stated purpose.
- Accuracy: Ensuring that personal data is accurate and up to date, particularly where it is used to make decisions that affect you.
- Storage limitation: Not retaining personal data beyond the period necessary for the purpose for which it was collected, subject to legal retention requirements.
- Security safeguards: Implementing reasonable technical and organisational measures to prevent personal data breaches.
- Breach notification: Notifying the Data Protection Board and affected Data Principals of any personal data breach in the manner prescribed by the Act and applicable rules.
8. Data Processors we use
We engage third-party service providers ("Data Processors") to process personal data on our behalf. Key processors include Stripe (payments), Vercel (hosting), PostHog (analytics), Anthropic (AI inference), and Google/GitHub (OAuth). We require processors to process data only on our instructions and in accordance with applicable law. A full list is in our Privacy Policy and GDPR page.
9. Cross-border transfers
Some of our Data Processors are located outside India. Transfers to countries notified by the Government of India as approved destinations will occur only after notification. For transfers to other countries, we rely on contractual safeguards with our processors and the necessity of the transfer for contract performance with you. We will comply with any rules notified by the Government of India regarding cross-border data transfers under the DPDP Act.
10. Grievance Officer
For DPDP Act grievances and requests, contact our designated point of contact:
Name: Yash Thakker
Organisation: AISOLO Technologies Private Limited
Email: [email protected]
Address: 1003, Kamdhenu Commerz, Sector 14, Kharghar, Navi Mumbai 410210, Maharashtra, India
We aim to acknowledge grievances within 7 days and resolve them within 30 days of receipt.