Privacy Policy

1. Purpose and Scope

Felamity Technologies LLP (“Felamity”, “the Company”, “we”, “our” or “us”) issues
this Privacy Policy (“Policy”) to articulate, in a transparent and comprehensive
manner, the principles that govern the collection, use, storage, disclosure,
transfer and other forms of processing of Personal Data obtained through (a) our
public website located at https://felamity.com and any sub-domains
(collectively, the “Site”); (b) our cloud-based, on-premise, or offline AI products,
software and related services (the “Services”); and (c) all offline interactions,
events, communications or transactions that reference or incorporate this Policy.
This document is designed to satisfy the disclosure obligations imposed by the
General Data Protection Regulation (Regulation EU 2016/679) (“GDPR”), the
Information Technology Act 2000 (India), the Information Technology
(Reasonable Security Practices and Procedures and Sensitive Personal Data or
Information) Rules 2011, and — upon its commencement — the Digital Personal
Data Protection Act 2023 (India) (collectively, “Applicable Law”). It applies to every
natural person (“Data Subject”, “you” or “your”) whose Personal Data we process,
regardless of nationality or place of residence.

2. Definitions

“Personal Data” means any information relating directly or indirectly to an
identified or identifiable natural person, including but not limited to name, email
address, identification number, location data, online identifier, or factors specific
to the physical, physiological, mental, economic, cultural or social identity of that
person.
“Processing” or “Process” means any operation or set of operations performed
on Personal Data, whether or not by automated means, such as collection,
recording, organisation, structuring, storage, adaptation, retrieval, consultation,
use, disclosure, dissemination, alignment, combination, restriction, erasure or
destruction.
“Data Fiduciary” denotes the entity that determines the purposes and means of
Processing Personal Data; “Data Processor” denotes any entity that Processes
Personal Data on the Controller’s behalf.
“Consent” refers to any freely given, specific, informed and unambiguous
indication of the Data Subject’s wishes, signified by a statement or clear
affirmative action, by which he or she agrees to the Processing of Personal Data.

“Sensitive Personal Data” (sometimes “Special Category Data”) encompasses
Personal Data revealing racial or ethnic origin, political opinions, religious or
philosophical beliefs, trade‐union membership, genetic data, biometric data
uniquely identifying a person, data concerning health or a person’s sex life or
sexual orientation, or, under Indian law, financial information and passwords.

3. Identity of the Data Fiduciary and Data Protection Officer

Felamity Technologies LLP, a limited liability partnership incorporated in India
with its principal office at 44 Beerangikula Street, Tiruchirapalli 620 008, Tamil
Nadu, India, is the Data Fiduciary for all Processing activities described herein.
We have provide the below details in responsibility for overseeing questions in
relation to this Policy, including the handling of Data Subject rights requests and
regulatory liaison.
Contact Details
Email: support@felamity.com | Tel: +91 6374005802
Postal: Attention – Felamity Technologies LLP, address as above.

4. Legal Bases for Processing

Contractual Necessity – where Processing is indispensable for performing a
contract to which you are a party or to take steps at your request prior to entering
into such contract (e.g. provisioning a SaaS subscription, fulfilling a support
ticket, invoicing).
Consent – for Processing activities that are neither strictly necessary for contract
performance nor compelled by law (e.g. sending promotional emails, enrolling you
in a beta programme). Consent may be withdrawn at any time without affecting
prior lawful Processing.
Legal Obligation – where Processing is required to comply with a legal mandate,
judicial order, or investigative demand (e.g. maintaining tax records, responding
to law‐enforcement requests, or satisfying Know‐Your‐Customer norms).
Legitimate Interests – where Processing is essential to our or a third party’s
genuine interests (e.g. ensuring network security, preventing fraud, improving
product functionality), provided such interests are not overridden by your
fundamental rights and freedoms.
Vital Interests – rarely, where Processing is necessary to protect life or physical
safety (e.g. notifying authorities about an imminent cyber‐threat endangering
public safety).
 

5. Categories of Personal Data Collected

We endeavour to collect only that Personal Data which is adequate, relevant and
limited to what is necessary for the stated purposes. The principal categories are
enumerated below; specific elements within each category may vary by user
interaction.
Identity & Contact Data – Full name, business postal address, job title, corporate
email, telephone number.
Business Profile Data – Organisation legal name, industry classification,
company size, purchase authority, intended use case.
Technical & Usage Data – IP address, MAC address, device ID, operating system,
browser type/version, screen resolution, referring URL, pages viewed, session
timestamps, error logs.
Communication Records – Email threads, chat transcripts, recorded voice calls,
meeting notes, feedback forms.
Financial & Transaction Data – Purchase orders, tax identification numbers,
billing address, partial payment‐card digits (tokenised), transaction history.
Sensitive Personal Data (processed only if absolutely required and consensually
provided) – Biometric identifiers for workstation access, government‐issued ID for
identity verification, health data in customised medical AI deployments.

6. Methods and Sources of Collection

Direct Interactions – You may furnish Personal Data by completing online forms,
initiating correspondence, creating an account, participating in a survey, or
uploading documents to the platform.
Automated Interactions – As you navigate the Site or utilise the Services, we
automatically gather Technical & Usage Data through cookies, server logs,
embedded scripts and similar technologies.
Third‐Party Sources – We may lawfully receive Personal Data from channel
partners, public databases, professional networking sites, conference organisers
or credit‐rating agencies, subject to those third parties’ representations of lawful
authority to share such data.
Device‐Based Processing – In certain offline deployments, data are collected
locally on your hardware; such data remain on‐premise unless you explicitly
synchronise with our cloud infrastructure.
 

7. Purposes of Processing

Service Provisioning and Administration – creating and managing user accounts,
authenticating log‐ins, deploying AI models, monitoring system performance,
enabling multi‐tenant separation, and providing user support.
Product Enhancement and R&D – analysing anonymised telemetry to identify
feature gaps, train internal models, benchmark performance, and develop new
offerings while applying robust pseudonymisation wherever feasible.
Security, Fraud Prevention and Compliance – detecting suspicious activity,
investigating security incidents, enforcing acceptable‐use terms, performing
access‐control audits, and conducting mandatory regulatory reporting.
Commercial Engagement – sending price quotations, negotiating contracts,
organising demos, managing partner programmes and affiliate referrals.
Marketing and Thought Leadership – distributing newsletters, white papers, case
studies, event invitations and satisfaction surveys, subject to opt‐in consents
where required.
Corporate Transactions – facilitating due‐diligence and integration activities in
the event of a merger, acquisition, restructuring, or sale of assets, subject to
confidentiality undertakings.

8. Cookies and Similar Technologies

Strictly Necessary Cookies – indispensable for Site operation (e.g. session
management, load balancing).
Preference Cookies – remembering choices and custom settings.
Analytics Cookies – compiling aggregated statistics to improve Site ergonomics
and performance.
Targeting Cookies – delivering customised content or ads, used sparingly and
only with consent where required by law.
You may disable cookies via your browser; however, certain Site features may
malfunction. Detailed cookie lifespan information is set out in our Cookie
Statement, which forms an integral part of this Policy.

9. Data Sharing and Disclosure

Intra‐Group Transfers – Affiliates and subsidiaries that perform shared corporate
functions operate under binding inter‐company agreements incorporating
standard contractual clauses and uniform security controls.

Authorised Service Providers – Third‐party vendors delivering cloud hosting,
email delivery, payment processing, penetration testing, legal counsel or auditing
services.
Business Counterparties – Where necessary in the context of a corporate
transaction. Personal Data will remain subject to this Policy or an equivalent
protective framework post‐transfer.
Competent Authorities – Governmental, regulatory, or judicial bodies when
compelled to do so by a lawful request, subpoena or court order.
Professional Advisers – Lawyers, bankers, auditors and insurers who provide
consultancy, banking, legal, insurance or accounting services under
confidentiality obligations.

10. International Data Transfers

Where Personal Data originating from the European Economic Area (“EEA”),
United Kingdom, or any jurisdiction with cross‐border transfer restrictions is
transferred to a country deemed “non‐adequate” by the European Commission or
other relevant authority, Felamity ensures that at least one of the following
safeguards is in place:
Execution of Standard Contractual Clauses or International Data Transfer
Addenda;
Adoption of Binding Corporate Rules approved by a competent supervisory
authority;
Reliance on an Adequacy Decision or other derogations permitted under
Article 49 GDPR (e.g. explicit Consent, performance of a contract);
Technical measures such as strong end‐to‐end encryption with keys retained
solely within the origin jurisdiction.
Transfers to or from India additionally observe the restrictions and conditions set
forth in the DPDP Act and any rules framed thereunder.

11. Information Security

Felamity implements a multi‐layered security architecture that aligns with
ISO/IEC 27001:2022 and NIST SP 800‐53 standards. Controls include, inter alia:
Physical Controls – biometric access to data centres, CCTV surveillance, visitor
logs.

Technical Controls – role‐based access permissions, least‐privilege principles,
MFA, encrypted databases, secure software‐development lifecycle (including code
reviews and threat modelling).
Administrative Controls – background checks, security awareness programs,
incident‐response playbooks, mandatory NDA execution for all personnel.
Monitoring & Testing – real‐time SIEM, quarterly vulnerability scans, annual
third‐party penetration tests, regular back‐up and restore drills.
Any confirmed data breach triggering a risk to your rights and freedoms will be
notified to the competent supervisory authority within 72 hours (where required)
and to affected Data Subjects without undue delay, together with remedial steps
undertaken.

12. Data Retention

We store Personal Data only for as long as is necessary to achieve the stated
purposes or to satisfy legal, accounting or reporting requirements, subject to the
following indicative timelines:
Data Type Retention Period Rationale / Disposal Method
Contractual records, invoices 8 years after termination Statutory limitation and

taxation

Support logs & telemetry 3 years from event Diagnostic analysis,
product improvement
Marketing consent logs For the duration of Demonstrating lawful basis

consent + 2 years

Backup snapshots 30 days rolling window Disaster recovery;
automatic overwrite
Upon expiry of the retention period, data are irreversibly anonymised or securely
destroyed using industry‐accepted sanitisation techniques (e.g. NIST SP 800‐88
purge methods).

13. Data‐Subject Rights and Exercise Procedure

You are entitled, subject to statutory conditions and verification of identity, to:
Access – obtain confirmation whether we Process your Personal Data and receive
a copy thereof;
Rectification – correct inaccurate or incomplete Personal Data;
Erasure – request deletion where Processing is unnecessary or unlawful;

Restriction – suspend Processing under certain circumstances (e.g. contesting
accuracy);
Portability – receive Personal Data in a structured, commonly used,
machine‐readable format and transmit it to another Controller;
Objection – object at any time to Processing based on legitimate interests or for
direct marketing;
Withdraw Consent – withdraw at any time where Processing is based solely on
Consent;
Lodge Complaints – approach the relevant supervisory authority (e.g. the Indian
Data Protection Board when constituted, or the competent EU authority).
To exercise these rights, please submit a written request to dpo@felamity.com
clearly identifying yourself, the right you intend to invoke, and the Processing
activity in question. We will acknowledge receipt within two (2) business days and
endeavour to respond substantively within one (1) calendar month, extendable
by a further two (2) months for complex or voluminous requests, in accordance
with Article 12 GDPR.

14. Marketing Communications

We send electronic marketing only to recipients who have provided verifiable
opt-in Consent or where we are otherwise legally permitted to do so. Each
marketing email includes an unsubscribe link enabling you to opt out
immediately. Opt-out requests are honoured within a maximum of five (5)
business days. Service-related emails (e.g. transactional notices, security alerts)
are not subject to opt-out as they are integral to the Services.

15. Third-Party Websites and Services

The Site may contain links to external sites or integrate third-party widgets
beyond Felamity’s control. Clicking such links may allow third parties to collect
or share data about you. We do not endorse, monitor or control the privacy
practices of these parties and accept no responsibility for their content or data
handling. You are encouraged to read the privacy statements of every external
website you visit.

16. Children’s Privacy

Felamity’s Site and Services are intended exclusively for business professionals
aged 18 years or older. We do not knowingly solicit or collect Personal Data from
minors. Should we discover that we have inadvertently processed data from a

person under 18, we will promptly delete such data and, where appropriate,
disable the associated account.

17. Policy Updates

We reserve the right to modify this Policy to reflect changes in legal requirements,
technical advancements or our business operations. Any material revisions will
be posted conspicuously on the Site together with an updated “Effective Date”.
Where mandated by law, we will seek your Consent to material changes that
expand our rights to Process previously collected Personal Data. Continued use
of the Site or Services after such modifications constitutes acceptance of the
revised Policy.

18. Grievance Redressal

For residents of India, any grievance can be addressed to support@felamity.com,
the Grievance Officer shall acknowledge any complaint within twenty-four (24)
hours and endeavour to resolve it within fifteen (15) days.

19. Governing Law and Dispute Resolution

This Policy and any dispute or claim arising out of or in connection with it
(including non-contractual matters) shall be governed by and construed in
accordance with the laws of India, without prejudice to mandatory protections
available under other Applicable Laws. Subject to any statutory
dispute-resolution mechanism, the courts at Tiruchirapalli, Tamil Nadu, shall
have exclusive jurisdiction.

20. Contact

Questions, comments or requests regarding this Policy or our privacy practices
may be addressed to the coordinates specified in Clause 3.