Privacy Policy

PRIVACY POLICY – RAGSUITE
Effective Date – 01.08.2025

1. Purpose and Scope
This Privacy Policy (“Policy”) applies to the use of RAGSUITE, a proprietary AI-based offline-first product developed by Felamity Technologies LLP (“Felamity”, “we”, “us”, “our”). This Policy governs all data processing activities related to the installation, deployment, use, and maintenance of RAGSUITE, whether hosted on-premise, via hybrid cloud, or through private GPU-based workstations. The Policy is compliant with the General Data Protection Regulation (Regulation EU 2016/679) (“GDPR”), the Information Technology Act, 2000 and SPDI Rules, 2011 (India), and the Digital Personal Data Protection Act, 2023 (India), to the extent applicable. This Policy also applies to any support, training, diagnostics, or integration services that Felamity provides in relation to RAGSUITE.

2. Definitions
a) “Personal Data” means any data relating to an identified or identifiable natural person.
b) “Processing” means any operation performed on Personal Data, including collection, storage, use, transfer, or deletion.
c) “Data Fiduciary” means the entity that determines the purposes and means of the processing of Personal Data.
d) “Consent” means any freely given, specific, informed and unambiguous indication of a Data Subject’s agreement to the processing of their Personal Data.
e) “Sensitive Personal Data” includes financial information, biometric data, health data, government IDs and passwords, or any other category defined as such under Indian law or GDPR.

3. Identity of the Data Fiduciary
Felamity Technologies LLP, a limited liability partnership registered in India, having its principal office at 44 Beerangikula Street, Tiruchirapalli – 620008, Tamil Nadu, is the Data Fiduciary. The designated Data Protection Officer (DPO) can be contacted at support@felamity.com. The Grievance Officer for Indian residents may be contacted at support@felamity.com.

4. Legal Basis for Processing
Where data is processed for deployment, configuration, licensing or support of RAGSUITE, the lawful basis is contractual necessity. Where Felamity sends product updates, announcements, or event invitations, the lawful basis is Consent, and users can withdraw such consent at any time. For compliance with legal obligations such as accounting, tax, export control, or regulatory audit, Felamity processes data under legal obligation. In limited cases such as product security or anti-abuse monitoring (if enabled), Felamity may process certain metadata based on legitimate interest, ensuring it does not override user rights. Any processing necessary to prevent physical harm or respond to urgent safety risks shall be based on vital interest.

5. Categories of Personal Data Collected
Felamity Technologies LLP only collects and processes personal data necessary to fulfill contractual and support obligations related to RAGSUITE. The product is designed to operate in fully offline and locally hosted environments; therefore, Felamity does not access or process operational user data unless voluntarily provided for support or integration purposes. The categories of data collected may include the following:

(a) Identity and Contact Data
Includes information necessary to identify or communicate with customers or administrators who deploy or support RAGSUITE. Examples: Full name, official email address, phone number, job designation, company name, and business address.
Source: Provided directly by the user during demos, onboarding, support tickets, or contract execution.

(b) Business or Organizational Profile Data
Describes the organization or enterprise deploying RAGSUITE for contextualization of services. Examples: Organization’s legal name, nature of business, industry classification, deployment type (cloud/on-premise/workstation), and user role profiles.
Source: Provided during deployment planning, commercial onboarding, or customization questionnaires.

(c) Technical and Diagnostic Data
May be collected only where telemetry is enabled or diagnostic logs are shared voluntarily. Examples: Product version, installation mode, instance uptime, system errors, request type, configuration schema (non-sensitive), device metadata (CPU/GPU, OS), and update logs.
Source: Captured locally on customer devices and optionally transmitted with consent or manually uploaded for support.

(d) Usage Metadata (Optional / Consent-Based)
Collected only with opt-in consent, for product performance analysis or to enhance user experience. Examples: Frequency of feature/module usage, time spent in specific components, command success/failure rates, anonymized error traces.
Source: Shared through anonymized usage metrics from telemetry clients if explicitly enabled.

(e) Communication Records
Captured when a user engages with our team for support, commercial, or integration-related matters. Examples: Email threads, ticket histories, chat logs, meeting summaries, attached documents or screenshots.
Source: Submitted directly by the user via support forms, emails, or video calls.

(f) Voluntarily Shared File Samples (Support/Diagnostics)
In rare cases, users may upload or transmit document excerpts or database structures for diagnosis or bug reproduction. Examples: Partial data files, anonymized spreadsheets, configuration templates.
Source: Provided manually by customer for troubleshooting only; not retained beyond resolution unless requested.

(g) Marketing and Event Participation Data (if subscribed)
Applicable only to customers who sign up for product newsletters, whitepapers, webinars, or marketing communications. Examples: Opt-in preferences, registration forms, attendance confirmations, feedback survey responses.
Source: Collected via marketing or event platforms, or via forms on the Felamity website.

(h) Sensitive Personal Data
Not actively collected or processed. However, should the customer use RAGSUITE to process Sensitive Personal Data (e.g. medical records, financial datasets), such data remains entirely within the customer’s infrastructure. Note: Felamity does not access or view such content. If such data is inadvertently shared for debugging, it is handled with strict safeguards and deleted immediately after resolution.

6. Methods and Sources of Collection
a) Personal Data is collected directly from users when they fill out forms, request demos, or initiate support or licensing communication.
b) Technical and diagnostic data may be collected through consent-based telemetry or when manually uploaded for troubleshooting.
c) No unsolicited automated data scraping or background tracking is carried out by RAGSUITE.
d) Device-based processing occurs entirely within customer infrastructure. No external data sync occurs unless manually initiated by the user.

7. Purposes of Processing
a) To provision, deploy, configure and maintain RAGSUITE according to customer requirements.
b) To provide technical and administrative support, including error diagnosis and version upgrades.
c) To comply with regulatory, contractual, or financial obligations.
d) To improve the functionality, stability and security of the product (only if anonymised or explicitly shared).
e) To maintain licensing records and software update entitlements.
f) To deliver marketing materials, thought leadership, or surveys (only where consent has been granted).

8. Cookies and Web Technologies
RAGSUITE in offline or on-premise mode does not use cookies or trackers. When accessed through a browser interface in a connected environment, cookies may be used for login management, preferences, and analytics.
Cookies used on the public website or demo portal are explained in the Cookie Statement and include:
(i) strictly necessary cookies
(ii) preference cookies,
(iii) analytics cookies, and
(iv) marketing cookies (only with consent).
Users may disable or manage cookies via their browser settings at any time.

9. Data Sharing and Disclosure
a) No customer data within the RAGSUITE platform is shared, accessed, or processed by Felamity unless shared explicitly.
b) Where Personal Data is shared voluntarily for support, it may be accessed only by authorized support staff under confidentiality obligations.
c) Felamity may share data with regulatory bodies, auditors, or legal counsel only under applicable legal process.
d) No Personal Data is sold, licensed, or disclosed for commercial gain or advertising purposes.
e) Subcontractors or vendors used (e.g., for hosting a support portal) are bound by strict data processing agreements.

10. International Data Transfers
For customers located outside India, any transfer of diagnostic or contact data shall occur under appropriate safeguards. These safeguards may include Standard Contractual Clauses (SCCs), encryption, and pseudonymisation. For EU/EEA users, transfers will occur only to jurisdictions deemed adequate by the European Commission or under lawful exemptions. Indian law will apply to all processing carried out by Felamity within India.

11. Data Security
RAGSUITE is architected for private, secure, and disconnected deployments. For cloud or hybrid deployments, Felamity enforces strong encryption (AES-256 at rest, TLS 1.3 in transit). Access to any data shared for diagnostics is restricted using role-based access control, multi-factor authentication, and internal audits. In the event of a confirmed data breach involving customer data (shared voluntarily), Felamity will notify the relevant authority and affected parties as required by applicable law.

12. Data Retention
a) Contact details and contractual records are retained for up to 8 years for tax and compliance purposes.
b) Diagnostic logs are retained for a maximum of 90 days post-issue resolution unless otherwise required.
c) Anonymised telemetry (if enabled) is stored for up to 12 months.
d) Marketing contact lists are maintained until the user opts out or withdraws consent.
e) Upon expiry of each period, data is securely erased using industry-standard methods (e.g., NIST 800-88).

13. Data Subject Rights
a) You may request access to your Personal Data held by Felamity.
b) You may request correction of inaccurate or outdated data.
c) You may request erasure, subject to contractual or legal limitations.
d) You may object to processing or restrict the use of your data in certain contexts.
e) You may withdraw consent at any time for marketing or telemetry-based processing.
f) You may lodge complaints with the Indian Data Protection Board (when constituted) or your relevant data protection authority.
g) To exercise any of these rights, email privacy@felamity.com with appropriate identity proof and request details.

14. Children’s Data
RAGSUITE is a business software product not intended for children under 18. We do not knowingly collect or process data from minors.

15. Policy Updates
This Policy may be revised periodically in response to legal or technical changes. The most recent version shall be published at https://felamity.com/privacy. Material changes will be communicated via product documentation or support notices.

16. Contact and Redressal
For questions, data rights requests or complaints, you may contact the following:
Grievance Officer (India) - support@felamity.com
Felamity Technologies LLP - 44 Beerangikula Street, Tiruchirapalli – 620008, Tamil Nadu, India