Privacy Policy

Last updated: 3rd December 2025
Effective date: 3rd December 2025

1. Introduction

TatvaOne Labs DMCC and SARVA HRIM TECH LABS Pvt Ltd (“We”, “Us”, “Our”) operates Tatvaone.ai, Proctorly.ai, Adviora.ai, Cookiera.ai and BrahmaGPT.ai (“Services”), a Software as a Service (SaaS) platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use the Service (via web browser, embedded LMS integration, APIs, Mobile Apps). This policy also explains usage of data when you connect your advertising accounts and use Adviora’s marketing automation capabilities, integrated with Google Ads, Meta Ads, LinkedIn Ads, X Ads, TikTok Ads, GA4, GSC, and other marketing platform data. We comply with major regional data protection laws including:

  • the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL)
  • the India Digital Personal Data Protection Act, 2023 (DPDPA)
  • the European Union’s General Data Protection Regulation (GDPR)
  • applicable U.S. federal and state data privacy laws

2. Definitions

  • Personal Data: any information relating to an identified or identifiable individual.
  • Marketing Data: Advertising account data, campaign metadata, metrics, creative assets.
  • OAuth Tokens: secure credentials granted when connecting Google/Meta/other accounts.
  • Controller: We determine the purposes and means of processing.
  • Customer: organization or individual subscribing to the Services.
  • Processing: collection, storage, use, transmission, deletion of data.
  • Data Subject/Principal: individual whose data is processed.
  • User: faculty, student, administrator or any authorized individual using the Service.

3. Information We Collect

3.1 Information you provide

  • Registration/login data (name, email, role, institution)
  • Business onboarding information
  • Marketing preferences & campaign goals
  • Uploaded creatives, documents, copy
  • LMS integration data
  • Support/feedback communications

3.2 Data Collected via Marketing Platform Integrations

When you connect Google Ads, Meta Ads, LinkedIn Ads, X Ads, TikTok Ads, GA4, or GSC via OAuth, we collect campaign and performance data permitted by each platform.

3.3 Automatically collected information

  • Session metadata (IP, browser, OS, device)
  • Video/image captures for proctoring
  • Audio events (if enabled)
  • Usage logs & system diagnostics
  • Login timestamps and access logs
  • Security & audit logs

3.4 Derived or inferred information

  • Behavioural risk scores, anomaly detection
  • Aggregated or anonymised analytics

4. Legal Bases / Lawful Processing

GDPR: consent, contract, legitimate interests, legal obligations.
DPDPA (India): lawful purposes & consent-based processing.
PDPL (UAE): consent, contract, legal obligations.
U.S.: sector/state-specific privacy laws.

5. How We Use Your Data

5.1 For Proctorly.ai

  • Authentication & LMS integration
  • Behaviour analysis for exam integrity
  • Administrative alerts & communication
  • Compliance with institutional requirements
  • Research/analytics using anonymised data

5.2 For Adviora.ai

Advertising & Campaign Management

  • Syncing & managing Google/Meta ads
  • AI-assisted creatives, keywords, and audience generation
  • Performance optimization
  • Audience segmentation & profiling
  • Budget simulation & forecasting

Analytics & Reporting

  • Aggregated dashboards
  • Trend & performance analysis
  • Benchmarking insights

Platform Operations

  • Authentication & authorization
  • Fraud detection
  • Customer support
  • Billing & account management

6. Data Sharing & Transfers

  • Shared with service providers under contractual safeguards
  • Shared with authorized institution users when required
  • Cross-border transfers only with lawful safeguards
  • Compliance with regulatory/law enforcement obligations

6.1 Google User Data

We comply with Google API Services User Data Policy.

  • We DO NOT sell or misuse Google Ads data
  • Data used ONLY for campaign management & optimization
  • OAuth tokens encrypted at rest and revocable anytime

6.2 Meta (Facebook/Instagram) Marketing Data

  • No selling or unauthorized sharing of Meta Ads data
  • Used ONLY for campaign management & analytics

7. Data Retention

  • OAuth tokens kept until user disconnects
  • Marketing data retained subscription period + 12 months
  • Logs retained 6–24 months
  • Data deleted/anonymized within 90 days after termination

8. Security

  • Encryption at rest and in transit
  • Role-based access control
  • Intrusion detection systems
  • Periodic audits

9. Your Rights

  • Access, correct, delete your data
  • Restrict or object to processing
  • Data portability
  • Withdraw consent
  • UAE PDPL rights for residents

To exercise rights, contact us at info@tatvaone.ai. We respond within 30 days.

10. Children's Data

The Service is not intended for children under 16. If collected unintentionally, we will delete it.

11. Changes to this Policy

We may update this policy periodically. Continued use after updates means acceptance.

12. Contact

SARVA HRIM TECH LABS Pvt Ltd
Email: info@tatvaone.ai