Privacy Policy

PlugAI, Inc. ("PlugAI," "we," "us," or "our") operates the enterprise knowledge platform accessible at plugai.in and associated services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use our Service.

By accessing or using the Service, you agree to the collection and use of information in accordance with this policy. If you are using the Service on behalf of an organization, you represent that you have the authority to bind that organization to this policy.

1. Information We Collect

1.1 Information You Provide

• Account information: Name, email address, job title, company name, and password when you create an account or request a demo.
• Contact information: Information you submit through our contact forms, including inquiry details and company information.
• Knowledge content: Documents, articles, and other content you upload or connect to the Service through integrations.
• Communications: Information you provide when you contact us for support or feedback.

1.2 Information We Collect Automatically

• Usage data: Pages visited, features used, search queries made within the platform, session duration, and interaction logs.
• Device information: IP address, browser type, operating system, and device identifiers.
• Audit logs: All actions performed within the platform are logged for security and compliance purposes, including access events, modifications, and permission changes.

1.3 Information from Third Parties

• Integrated services: When you connect third-party services (Slack, Confluence, Google Drive, Jira, etc.), we access data from those services only as necessary to provide the sync and indexing features you configure.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process and fulfill your requests for demos, trials, and enterprise contracts
• Send administrative communications, including account notifications and security alerts
• Detect, investigate, and prevent security incidents and fraudulent activity
• Comply with legal obligations and enforce our Terms of Service
• Generate aggregated, anonymized analytics to improve platform performance
• Respond to your inquiries and provide customer support

We do not use your knowledge content or organizational data to train AI models or to provide services to other customers.

3. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share information in the following circumstances:

• Service providers: We engage third-party vendors to help operate the Service (e.g., cloud infrastructure providers, payment processors). These vendors are contractually bound to process data only on our instructions and in accordance with this policy.
• Legal requirements: We may disclose information when required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect rights, safety, or property.
• Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.
• With your consent: We may share information in other ways if you give us explicit consent to do so.

4. Data Retention

We retain personal data for as long as your account is active or as needed to provide the Service. Audit logs are retained for a minimum of 365 days by default (configurable per enterprise agreement). Upon account termination, we delete or anonymize your data within 90 days, unless a longer retention period is required by law or a specific contractual agreement.

Knowledge content synced from third-party integrations is retained only as long as the integration is active. Disconnecting an integration queues the associated content for deletion within 30 days.

5. Security

We implement technical and organizational measures designed to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• AES-256-GCM encryption for all data at rest
• TLS 1.3 encryption for all data in transit
• RS256-signed JWT tokens with automatic expiration
• Role-based access control enforced at the retrieval pipeline layer
• Immutable, append-only audit logging of all platform actions
• Regular penetration testing and vulnerability assessments

No security system is impenetrable. In the event of a data breach that affects your personal information, we will notify you in accordance with applicable law.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request that we correct inaccurate or incomplete information.
• Deletion: Request deletion of your personal data, subject to legal and contractual obligations.
• Portability: Request your data in a structured, machine-readable format.
• Objection: Object to the processing of your data for specific purposes.
• Restriction: Request that we restrict processing of your data in certain circumstances.

To exercise these rights, contact us at privacy@plugai.in. We will respond to your request within 30 days.

For users in the European Economic Area, United Kingdom, or other jurisdictions with data protection laws, you may also have the right to lodge a complaint with your local data protection authority.

7. International Data Transfers

PlugAI is based in India and operates data infrastructure in India (Mumbai), the United States (Virginia), and the European Union (Frankfurt). Enterprise customers may select their preferred data residency region as part of their agreement.

If your data is transferred across borders, we ensure adequate protections are in place through Standard Contractual Clauses, adequacy decisions, or other lawful mechanisms under applicable data protection law.

8. Cookies & Tracking

Our public website (plugai.in) uses essential cookies to ensure functionality and basic analytics to understand usage patterns. We do not use tracking cookies for advertising purposes.

The PlugAI application itself uses session cookies for authentication and preference storage. You can configure your browser to refuse cookies, but this may affect some functionality of the Service.

9. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us at privacy@plugai.in and we will promptly delete such information.

10. Changes to This Policy

We may update this Privacy Policy periodically. When we make material changes, we will notify you by email (for registered users) or by posting a prominent notice on our website at least 30 days before the changes take effect. Your continued use of the Service after the effective date of the updated policy constitutes your acceptance of the changes.

11. Contact Us