This policy describes our practices in plain language. Vijnara is built around permission-aware retrieval — your data stays within its existing access boundaries, and we do not use customer content to train foundation models. Capitalized terms not defined here have the meaning given in your agreement with us.
Vijnara (“Vijnara”, “we”, “us”) provides an enterprise AI search and secure Retrieval-Augmented Generation (RAG) platform that helps organizations find grounded, source-cited answers across their internal knowledge. This Privacy Policy explains what information we process, why, and the choices and rights available to you.
For most customer content, Vijnara acts as a data processor (or service provider) on behalf of the organization that deploys the platform — the “Customer”. The Customer is the controller of that data and is responsible for its own privacy notices to end users. For our website and account administration, Vijnara acts as a controller.
We collect the following categories of information:
We use information to:
We do not sell personal information, and we do not use Customer content to train foundation models. Any model improvement is limited to the configuration and scope agreed with the Customer.
Documents and repositories you connect remain yours. Vijnara processes them solely to deliver search and retrieval on your behalf:
You control connection, configuration and deletion of your content through the platform's administrative controls.
Where the GDPR or UK GDPR applies, we rely on: performance of a contract (to provide the service), legitimate interests (to secure and improve the platform, balanced against your rights), consent (where required, e.g. certain cookies and marketing), and legal obligation (to comply with applicable law).
We retain information for as long as needed to provide the service and meet legal, accounting or reporting obligations. Customer content is retained per the Customer's configuration and agreement; on termination or deletion request, we delete or return it within the period defined in the agreement, subject to backups and legal holds.
We apply technical and organizational measures designed to protect information, including encryption in transit and at rest, role- and department-based access controls, audit logging, and least-privilege internal access. Our architecture is built to align with frameworks such as SOC 2, ISO 27001, GDPR and HIPAA; specific certifications depend on your deployment configuration. No method of transmission or storage is completely secure, but we work continuously to protect your data.
We may process information in countries other than where you are located. Where we transfer personal data internationally, we use appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms. Customers requiring data residency can discuss private or in-region deployment options with our team.
Depending on your location, you may have rights to access, correct, delete, restrict or object to processing of your personal data, and to data portability. Where Vijnara acts as a processor, please direct requests to the Customer that controls your data; we will assist them as required. To exercise rights for data we control, contact us using the details below. You may also lodge a complaint with your local supervisory authority.
Vijnara is a business product intended for organizations and their authorized users. It is not directed to children, and we do not knowingly collect personal information from children.
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, provide additional notice. Your continued use of the platform after changes take effect constitutes acceptance of the revised policy.
Questions about this policy or our data practices? Reach our privacy team: