Privacy Policy
At Oviglo, your privacy is our primary asset. We collect and process your information strictly in your best interest to deliver clean cataloging and sync services.
Zero Data Monetization
We never sell, rent, or lease your personal information, inventory screenshots, or design data to any third-party advertisers.
No AI Model Training
Images and visual uploads processed via the Google Gemini API are handled ephemerally and are never used to train or refine public or private AI models.
Enterprise-Grade Security
We secure your database records using Supabase Row-Level Security (RLS) policies, ensuring users only access their own synchronized data.
Information We Collect
At Oviglo, we collect specific types of information to build, maintain, and secure your digital experience. This information is categorized as follows:
When you authenticate using Google SSO, we retrieve and securely retain your core profile details. This includes your **full name, verified email address, and profile picture avatar URL**. This data is cached to create your local platform profile and displays details on your dashboard.
If you purchase hardware components, 3D printing services, or consultancy hours, we collect shipping details and basic checkout info. Financial transactions are securely routed through our payment gateway partner, **Razorpay**. We do not store credit card or bank login details on our servers.
We collect browser metadata, device identifiers, and basic session usage details to detect fraud, maintain layout states, and resolve rendering bugs on our dashboards.
Secure Content Capture & AI Processing
1. Visual Inventory uploads
When using our AI Inventory suite, you may capture or upload screenshots, inventory lists, or images via camera or WhatsApp integration. We use these visual captures solely to perform automated data extraction (such as catalog details, item name, model numbers, description, and pricing parameters).
2. Processing with Google Gemini API
To extract detailed parameters from screenshots, visual media is transmitted securely via SSL encryption to the **Google Gemini API**. This processing is ephemeral.
- The processed images are not stored by Google or Oviglo for longer than required to return the structured metadata.
- Google Gemini API terms assure that data sent through developer-paid API endpoints is **never** used to train, adjust, or optimize foundation machine learning models.
- No human review is performed on your uploaded photos unless you explicitly request customer support review.
3. Synchronization to CRM Systems
Once the Gemini API processes the media and produces structured inventory data, that metadata is automatically synced to your designated **Zoho CRM** dashboard. This ensures your captured data is immediately cataloged and available to your sales and logistics teams in real time.
Data Retention Schedules
We store user data for no longer than required to fulfill the operational services detailed in this policy:
- Account Profile & SSO Records: Retained for the active lifespan of your user account. Profile details are permanently expunged upon explicit account deletion requests.
- Captured Screenshot Media: Media files transmitted to our API for visual catalog generation are kept temporarily in secure cache buffers and deleted automatically within 24 hours of successful parameter processing.
- Zoho CRM Catalog Syncs: Kept in Zoho CRM in accordance with your workspace terms and operational schedules.
- Transaction Records: Financial logs processed via Razorpay are maintained for a minimum of 7 years to comply with statutory taxation and audit guidelines under Indian law.
Data Security Protocols
Oviglo employs high-end system-level protections to ensure all client data remains isolated and secure.
- Isolation: Row-Level Security (RLS) is active across all core tables in our Supabase instance. This guarantees that your profile details and sync logs are completely invisible to other platform users.
- Transit Safety: High-grade TLS/SSL certificates protect all visual capture requests routed through the dashboard.
- Storage Security: Passwords (where credential-based signup is used) are hashed using industry-standard bcrypt before write. Google SSO profiles rely on oauth tokens verified by Google.
Your Legal Rights
In compliance with Section 43A of the Indian Information Technology Act, 2000, and the SPDI Rules, 2011 (as well as GDPR/CCPA framework standards where applicable for global customers), you hold the following rights:
- Right of Access & Rectification: You can view and update your registered account details directly from your User Dashboard.
- Right to Withdrawal of Consent: You can choose to stop visual catalog syncing or disconnect your Google SSO login profile at any time.
- Right to Erasure (Right to be Forgotten): You can request the complete purge of your profile database entries by sending an email request to our compliance address.
- Right to Object/Restrict Processing: You may request restriction of how your visual uploads are processed under custom engineering contracts.
Contact and Rights
Depending on your residency, you retain the right to query your account data, request full profile deletion, or restrict visual sync operations. If you delete your profile, we trigger deletion sequences across our production databases within 7 days.
Have Privacy Concerns?
Our privacy and data compliance team is happy to review your queries.