PRIVACY POLICY
SAVRA
Digital Business Card Platform
1. INTRODUCTION AND SCOPE
This Privacy Policy explains how Savra Technologies ("Savra," "we," "us," or "our"), operated by Tirth Yogeshkumar Solanki as a sole proprietorship, collects, uses, stores, shares, and protects your personal data when you use our mobile application ("App") and related services.
This policy applies to:
- All users of the Savra mobile application (Android and iOS)
- Users worldwide, including those in the European Union (EU) and European Economic Area (EEA)
- Both Customer Free and Customer Premium accounts
- Visitors to our website at https://savraa.in
By using our App, you consent to the collection, use, and processing of your personal data as described in this Privacy Policy, including the use of scanned card data for AI training purposes. If you do not agree, please do not use the App.
2. DATA CONTROLLER INFORMATION
The data controller responsible for your personal data is:
| Field | Information |
|---|---|
| Legal Entity Name | Savra Technologies (Sole Proprietorship) |
| Proprietor | Tirth Yogeshkumar Solanki |
| Registered Address | 1868, New Khadda Colony, Ahmedabad, Gujarat,389151, India |
| GSTIN | 24SUVPS6567R1ZO |
| Email (Privacy) | [email protected] |
| Website | https://savraa.in |
| Grievance Officer | Tirth Yogeshkumar Solanki ([email protected]) |
For GDPR Purposes (EU/EEA Users): As we process personal data of EU/EEA residents and do not have an establishment in the EU, we are considering appointing an EU Representative under Article 27 GDPR. Until such appointment, please contact us directly at [email protected] for any GDPR-related inquiries.
3. DEFINITIONS
| Term | Definition |
|---|---|
| Personal Data | Any information relating to an identified or identifiable natural person (GDPR Art. 4; DPDP Act S.2) |
| Processing | Any operation performed on personal data: collection, recording, storage, use, disclosure, erasure, etc. |
| Data Controller | Entity determining purposes and means of processing (Savra) |
| Data Processor | Entity processing data on behalf of the controller (our service providers) |
| Consent | Freely given, specific, informed, unambiguous indication of wishes by clear affirmative action |
| AI Training Data | Anonymized or de-identified data derived from scanned cards used to improve our OCR and AI systems |
| Customer Free | Free account for scanning and storing business cards |
| Customer Premium | Paid subscription with additional features (Reminders, Notes, Export) |
4. PERSONAL DATA WE COLLECT
4.1 Data You Provide Directly
| Category | Data Points | Purpose | Legal Basis |
|---|---|---|---|
| Identity Data | Full name | Account creation, personalization | Contract / Consent |
| Contact Data | Email address, physical address | Communication, account recovery | Contract / Consent |
| Account Credentials | Email address, password (securely hashed) | Account authentication and login | Contract |
| Scanned Card Data | Names, phones, emails, companies, titles, addresses from scanned cards | Core app functionality, AI training | Consent / Legitimate Interest |
| User Content | Notes, tags, reminders (Premium) | Enhanced functionality | Contract |
4.2 Data Collected Automatically
| Category | Data Points | Purpose | Legal Basis |
|---|---|---|---|
| Device Data | Device model, OS version, unique identifiers | App compatibility, analytics | Legitimate Interest |
| Usage Data | Features used, time spent, actions | Analytics, improvement | Legitimate Interest |
| Location Data | Approximate location (city/region) | Analytics | Consent |
| Log Data | IP address, timestamps, crash logs | Security, debugging | Legitimate Interest |
| Advertising IDs | GAID (Android), IDFA (iOS) | Personalized advertising | Consent |
4.3 Data from Device Permissions
| Permission | What We Access | Why We Need It |
|---|---|---|
| Camera | Camera for QR scanning and card photography | Core functionality: scanning QR codes and business cards |
| Storage/Gallery | Read/write to device storage | Save scanned cards, export data, cache images |
5. USE OF SCANNED DATA FOR AI TRAINING
5.1 What We Collect for AI Training
When you scan a business card using Savra, we collect and process the scanned card data to improve our Optical Character Recognition (OCR) technology and AI systems. This includes:
- Images of scanned business cards
- Text extracted from business cards (names, emails, emails, addresses, company names, job titles)
- OCR accuracy metrics and correction data
- Card layout and formatting patterns
5.2 Purpose of AI Training
We use this data to:
- Improve OCR accuracy and text extraction quality
- Train and enhance our proprietary AI/ML models
- Recognize different card formats, languages, and layouts
- Reduce errors in contact information extraction
- Develop new features and improve user experience
5.3 Legal Basis for AI Training
| Jurisdiction | Legal Basis | Reference |
|---|---|---|
| GDPR (EU/EEA) | Consent (Art. 6(1)(a)) and Legitimate Interest (Art. 6(1)(f)) | You consent by using the App; we have legitimate interest in improving our services |
| DPDP Act (India) | Consent (Section 6) and Legitimate Use (Section 7) | Processing for improvement of services |
5.4 Data Protection Measures for AI Training
We implement the following safeguards:
| Safeguard | Description |
|---|---|
| Anonymization | Where possible, we anonymize or de-identify data before using it for AI training |
| Aggregation | Individual card data is aggregated with data from many users to train models |
| Access Controls | AI training data is accessible only to authorized personnel |
| Encryption | All training data is encrypted at rest and in transit |
| No Direct Marketing | We do NOT use scanned contact data to directly contact individuals on the cards |
| No Sale of Data | We do NOT sell scanned card data to third parties |
5.5 Your Rights Regarding AI Training Data
You have the following rights:
- Right to Object: You may object to your data being used for AI training by contacting us at [email protected]
- Right to Erasure: You may request deletion of your data, though this may not affect models already trained
- Right to Information: You may request information about how your data is used for AI training
- Withdraw Consent: You may withdraw consent, but this will require you to stop using the App
Once data has been used to train an AI model, it becomes part of the model's learned patterns and cannot be individually extracted or deleted from the trained model. However, upon request, we will exclude your future data from training and delete your raw data from our training datasets.
6. USER RESPONSIBILITY FOR THIRD-PARTY DATA
When you scan a business card, you upload personal data of third parties.
By scanning cards, you represent that:
- (a) You received the card directly from the individual for business purposes
- (b) You have a legitimate business reason for storing this information
- (c) You understand this data may be used for AI training as described in Section 5
- (d) You will NOT upload data obtained through scraping, bulk purchases, or unauthorized means
- (e) You are solely responsible for lawful collection and use of such data
Savra acts as a Data Processor for third-party data you upload. You are the Data Controller and bear responsibility for lawful processing.
7. HOW WE USE YOUR PERSONAL DATA
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Account registration and authentication | Email address, password (hashed) | Contract |
| Providing core app services | Account data, scanned cards | Contract |
| AI/OCR Training and Improvement | Scanned card images and text | Consent / Legitimate Interest |
| Premium features (Reminders, Notes, Export) | User content, contact data | Contract |
| Sending service communications | Contract | |
| Displaying personalized advertisements | Device ID, usage data | Consent |
| Analytics and service improvement | Usage data, crash reports | Legitimate Interest |
8. DATA SHARING AND THIRD PARTIES
8.1 Third-Party Service Providers
| Provider | Data Shared | Purpose | Location |
|---|---|---|---|
| Firebase Firestore | All user data | Database, cloud storage | USA/Global (SCCs) |
| Firebase Authentication | Email address, password hash | User authentication | USA/Global (SCCs) |
| Firebase Analytics | Device ID, usage data | App analytics | USA/Global (SCCs) |
| Firebase Crashlytics | Device info, crash logs | Crash reporting | USA/Global (SCCs) |
| Google AdMob | Ad ID, interactions | Advertising | USA/Global (SCCs) |
| Facebook Audience Network | Ad ID, interactions | Advertising | USA/Global (SCCs) |
| InMobi | Ad ID, interactions | Advertising | Global (SCCs) |
| IronSource | Ad ID, interactions | Advertising | Global (SCCs) |
8.2 AI Training Data Sharing
We do NOT share raw scanned card data with third parties for their AI training. Scanned data is used solely for Savra's internal AI/OCR improvement.
We do NOT sell, rent, or commercially exploit scanned card data.
9. DATA RETENTION
| Data Type | Retention Period | Reason |
|---|---|---|
| Active account data | Until account deletion | Service provision |
| Deleted account data | 30 days after deletion | Recovery window |
| Scanned card data | Until user deletes | Core functionality |
| AI Training Data (anonymized) | Indefinitely | Model improvement |
| Transaction records | 7 years | Tax/legal compliance |
| Analytics data | 26 months | Service improvement |
| Log/security data | 365 days | Security, debugging |
10. DATA SECURITY
| Security Measure | Implementation |
|---|---|
| Encryption in Transit | TLS 1.2+ encryption for all data transmission |
| Encryption at Rest | AES-256 encryption for stored data |
| Authentication | Email/password authentication with secure password hashing (bcrypt), email verification required |
| Access Controls | Role-based access, principle of least privilege |
| AI Training Security | Training data stored separately with additional access controls |
| Incident Response | Breach notification within 72 hours (GDPR) / as required (DPDP) |
11. YOUR RIGHTS
11.1 Rights Under GDPR (EU/EEA Users)
| Right | Description | How to Exercise |
|---|---|---|
| Access | Obtain confirmation and copy of your data | Email [email protected] |
| Rectification | Correct inaccurate or incomplete data | Edit in app or email |
| Erasure | Request deletion of your data | In-app or email |
| Object to AI Training | Object to your data being used for AI training | Email [email protected] |
| Data Portability | Receive data in machine-readable format | Email [email protected] |
| Withdraw Consent | Withdraw consent at any time | In-app settings or email |
| Lodge Complaint | Complain to supervisory authority | Contact your local DPA |
11.2 Rights Under DPDP Act 2023 (Indian Users)
You have the right to: Access (S.11), Correction (S.12), Erasure (S.13), Withdraw Consent (S.6), Grievance Redressal (S.13), and Nomination (S.14). Response within 30 days.
12. CHILDREN'S PRIVACY
Our App is intended for users aged 18 years or older.
We do not knowingly collect data from children under 18. If we discover we have collected data from a child, we will delete it immediately. Parents may contact [email protected] to request deletion.
13. ADVERTISING AND TRACKING
We display ads through: Google AdMob, Facebook Audience Network, InMobi, IronSource.
Opt-out of personalized ads:
- Android: Settings > Google > Ads > Opt out of Ads Personalization
- iOS: Settings > Privacy & Security > Tracking > Disable tracking
14. GRIEVANCE OFFICER (INDIA)
Grievance Officer: Tirth Yogeshkumar Solanki
Email: [email protected]
Response: Acknowledgment within 48 hours, Resolution within 30 days
15. AUTOMATED DECISION-MAKING AND PROFILING
We use automated processing for:
- OCR Processing: Automated text extraction from scanned cards
- AI Model Training: Automated learning to improve OCR accuracy
- Ad Personalization: Profiling for ads (with consent)
We do NOT make solely automated decisions that produce legal effects or significantly affect you.
16. CHANGES TO THIS PRIVACY POLICY
We may update this policy. Material changes will be notified via in-app notification, email, or updated date. 10 days notice for significant changes. Continued use = acceptance.
17. GOVERNING LAW AND JURISDICTION
For Indian Users: Governed by laws of India including IT Act 2000 and DPDP Act 2023. Courts in Ahmedabad, Gujarat have exclusive jurisdiction.
For EU/EEA Users: You retain all GDPR rights. You may lodge complaints with your local supervisory authority.
18. CONTACT US
Savra Technologies
Tirth Yogeshkumar Solanki, Proprietor
Address: 1868, New Khadda Colony, Ahmedabad, Gujarat, India
Email: [email protected]
Website: https://savraa.in
GSTIN: 24SUVPS6567R1ZO
— END OF PRIVACY POLICY —