Privacy Policy
Last updated: February 12, 2026
Niyantra Technologies Private Limited ("Niyantra," "we," "us," or "our") operates the Niyantra platform, including the web application, backend API, PII detection service, and browser extension (collectively, the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect information when you use our Service.
By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.
1. Information We Collect
1.1 Account Information
When you create an account or your organization administrator provisions access, we collect:
- Name and email address
- Organization or company name
- Role and access permissions
- Authentication credentials (hashed passwords or SSO tokens)
1.2 PII Detection Logs
When the Service scans text or documents for personally identifiable information (PII), we log:
- The type of PII detected (e.g., email address, Aadhaar number, credit card number)
- Confidence scores and detection method (regex or ML model)
- The action taken (blocked, warned, redacted, or allowed)
- Timestamp and the platform where the detection occurred
- The user who triggered the detection (if authenticated)
Important: In "enforce" mode, detected PII content is blocked before reaching the LLM provider. In "log_only" (monitoring) mode, the original text may be sent to the LLM provider while a copy is logged for compliance analysis. We do not store the raw PII values in our logs; only the type, location, and metadata are retained.
1.3 Usage Data
We automatically collect information about how you interact with the Service:
- API request metadata (endpoints called, response codes, latency)
- Dashboard page views and feature usage
- Browser type, operating system, and device information
- IP address and approximate geographic location
1.4 API Keys
When you or your administrator generate API keys for the browser extension or API access, we store a cryptographic hash of the key. The raw API key is displayed once at creation time and is never stored in plaintext.
1.5 Browser Extension Data
The Niyantra browser extension may collect the following information:
- Text entered into supported AI platforms (ChatGPT, Claude, Gemini, Perplexity, Grok) for PII scanning
- File metadata (name, type, size) for documents uploaded to AI platforms
- URLs of AI platforms visited (for Shadow AI detection, if enabled by your organization)
- Extension configuration and connection status
The extension only activates on supported AI platform domains as configured by your organization. It does not monitor general browsing activity. All data collected by the extension is sent to your organization's configured Niyantra server instance.
2. How We Use Your Information
We use the collected information for the following purposes:
- PII Detection and Prevention: To scan, detect, and optionally block or redact sensitive information before it reaches LLM providers
- Compliance Monitoring: To generate audit logs, compliance reports, and analytics for your organization's regulatory requirements (DPDPA, HIPAA, SOC 2, GDPR)
- Shadow AI Detection: To identify and control access to unauthorized AI tools per your organization's policy
- Smart Routing: To route AI requests to the most cost-effective model while respecting your security policies
- Service Improvement: To analyze usage patterns, improve detection accuracy, and enhance platform features
- Security: To detect and prevent unauthorized access, fraud, and other security threats
- Customer Support: To respond to your inquiries and provide technical assistance
3. Data Sharing and Third-Party Providers
3.1 LLM Providers
When you use the Niyantra chat feature or smart routing, your prompts (after PII scanning and any applicable redaction) may be forwarded to the following third-party LLM providers:
- OpenAI (GPT-4, GPT-3.5-Turbo) - governed by OpenAI's usage policies
- Anthropic (Claude) - governed by Anthropic's usage policies
- Google (Gemini) - governed by Google's AI terms of service
Each LLM provider has its own privacy policy and data handling practices. We recommend reviewing the privacy policies of the LLM providers your organization uses. Niyantra's role is to scan and filter content before it reaches these providers, but once data is transmitted, it is subject to the provider's terms.
3.2 Service Providers
We may share information with trusted service providers who assist us in operating the Service, such as cloud hosting, monitoring, and analytics providers. These providers are contractually obligated to protect your data and use it only for the purposes we specify.
3.3 Legal Requirements
We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Niyantra, our users, or the public.
3.4 Business Transfers
In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify affected users before their information becomes subject to a different privacy policy.
4. Data Retention
We retain your data in accordance with the following policies:
- PII Detection Logs: Retained for a configurable period set by your organization's administrator. The default retention period is 90 days.
- Account Information: Retained for as long as your account is active or as needed to provide the Service. Upon account deletion, data is removed within 30 days.
- Usage Analytics: Aggregated and anonymized data may be retained indefinitely for service improvement purposes.
- Audit Logs: Retained per your organization's compliance requirements, which may exceed the default retention period.
Enterprise customers may configure custom retention periods through their tenant settings or by contacting our support team.
5. Your Data Rights
You have the following rights regarding your personal data:
- Access: You may request a copy of the personal data we hold about you.
- Correction: You may request that we correct inaccurate or incomplete personal data.
- Deletion: You may request deletion of your personal data. We will process deletion requests within 30 days, subject to legal and compliance obligations.
- Data Portability: You may request your data in a structured, machine-readable format.
- Objection: You may object to certain processing of your data, including automated decision-making.
- Withdrawal of Consent: Where processing is based on consent, you may withdraw that consent at any time.
To exercise any of these rights, please contact us at admin@guardflow.tech. Organization administrators may also manage user data through the Niyantra dashboard.
6. Data Security
We implement industry-standard security measures to protect your data, including:
- Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
- API key hashing using bcrypt
- Role-based access control (RBAC) with tenant isolation
- Regular security audits and vulnerability assessments
- SOC 2 Type II compliant infrastructure
- Multi-tenant architecture with strict data segregation
While we take reasonable measures to protect your information, no method of transmission or storage is completely secure. We cannot guarantee absolute security.
7. Cookies and Tracking
We use the following types of cookies and similar technologies:
- Essential Cookies: Required for authentication, session management, and security. These cannot be disabled.
- Analytics Cookies: Used to understand usage patterns and improve the Service. You may opt out of these through your browser settings.
We do not use third-party advertising cookies or trackers. The Niyantra browser extension does not set or read cookies; it uses browser extension storage APIs (chrome.storage) which are isolated from website cookies.
8. Children's Privacy
The Service is designed for enterprise and business use and is not directed at children under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe we have inadvertently collected information from a child, please contact us at admin@guardflow.tech.
9. International Data Transfers
Niyantra's primary infrastructure is located in India. However, your data may be transferred to and processed in other jurisdictions in the following circumstances:
- LLM API Calls: When using AI chat or smart routing features, your prompts (after PII filtering) may be sent to LLM providers whose servers are located in the United States or other regions.
- Cloud Infrastructure: Certain infrastructure components may be hosted in regions outside India for performance and redundancy.
- Support Services: Our support team may access data from various locations.
We ensure that all international data transfers comply with applicable data protection laws, including the Digital Personal Data Protection Act, 2023 (DPDPA) of India, and where applicable, the General Data Protection Regulation (GDPR) of the European Union. We implement appropriate safeguards such as standard contractual clauses and data processing agreements.
10. Compliance Frameworks
Niyantra is designed to help organizations comply with the following regulatory frameworks:
- DPDPA (India): Digital Personal Data Protection Act, 2023
- HIPAA (US): Health Insurance Portability and Accountability Act
- SOC 2: Service Organization Control 2
- GDPR (EU): General Data Protection Regulation
The specific compliance features available to your organization depend on your subscription tier and the policy packs enabled by your administrator.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last updated" date at the top of this page
- Notify organization administrators via email for material changes
- Display a notice in the Niyantra dashboard
Your continued use of the Service after the effective date of a revised Privacy Policy constitutes your acceptance of the updated terms.
12. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Niyantra Technologies Private Limited
Email: admin@guardflow.tech
Data Protection Officer: admin@guardflow.tech
General Inquiries: admin@guardflow.tech
© 2026 Niyantra Technologies Private Limited. All rights reserved.