V
VKITES

Privacy Policy

Last updated: June 2026

1. Introduction

VKITES (Proprietorship of Kriti Chaurasia) ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

We comply with the Digital Personal Data Protection Act, 2023 (DPDP Act) and follow Privacy-by-Design principles in all our operations.

Our registered office is located at: B-611 Ratan Galaxy, Sector 12, Vrindavan Yojna, Lucknow, Uttar Pradesh 226029, India.

2. Our Products & Separate Privacy Policies

VKITES offers multiple products, each with its own website and independent privacy policy that governs data collected on those platforms:

  • Sonch (https://sonch.in) — AI-Powered Learning Gap Diagnostic Platform for K-12 students. This product has its own privacy policy available on its website.
  • Nirox (https://nirox.in) — Clinic Operating System for Modern Indian Clinics. This product has its own privacy policy available on its website.
  • EyeHmis (EyeOS) (https://eyehmis.cloud) — Specialized Eye Hospital Management System. This product has its own privacy policy available on its website.
  • PostPilot AI — AI-powered social media management platform hosted on vkites.com. This Privacy Policy directly applies to PostPilot AI usage.

This Privacy Policy applies to data collected through the VKITES corporate website (vkites.com). When you are redirected to a product-specific website (sonch.in, nirox.in, eyehmis.cloud), that platform's privacy policy governs your data. We encourage you to review each product's privacy policy before use.

3. Information We Collect

We practice data minimization — we only collect information necessary for platform operation and service delivery.

  • Contact Information: Name, email address, phone number, and company name when you contact us or request services.
  • Usage Data: Anonymous analytics about how you interact with our website (pages visited, time spent, referring URLs).
  • Service Data: Information you provide when using our products and services, processed only as necessary for service delivery.
  • Cookies: Essential cookies for website functionality and optional analytics cookies with your explicit consent.

4. How We Use Your Information

  • To provide, maintain, and improve our services
  • To communicate with you about your inquiries and requests
  • To comply with legal obligations
  • To detect, prevent, and address technical issues or fraud

5. Legal Basis for Processing

We process your personal data based on the following legal grounds under the DPDP Act:

  • Consent: Where you have explicitly agreed to processing (e.g., analytics cookies, AI processing). You may withdraw consent at any time.
  • Contract: Processing necessary to fulfill our service obligations to you.
  • Legal Obligation: Where required by applicable law.

6. Consent Mechanism

We obtain your explicit consent before collecting or processing your personal data. Consent is obtained through affirmative action (e.g., checking a consent checkbox, clicking an accept button).

You have the right to withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out before such withdrawal.

We provide separate consent options for different processing purposes where required under the DPDP Act.

7. Data Sharing & Third Parties

We may share your information with trusted third-party service providers who assist us in operating our platform, including:

  • Cloud infrastructure providers (e.g., AWS, hosted within India where possible)
  • Analytics services (with your explicit consent only)
  • AI processing providers (with your explicit consent only)

All third-party providers are vetted for DPDP Act compliance and are contractually bound to process data only for specified purposes. We do not sell your personal data to third parties.

8. Cross-Border Data Transfer

Your personal data may be transferred to and processed in jurisdictions outside India where our service providers operate. We ensure that any cross-border transfer of personal data complies with the DPDP Act, including entering into standard contractual clauses and ensuring an adequate level of data protection.

By using our services, you consent to such cross-border transfers where necessary for service delivery.

9. Data Retention

We retain your personal data only as long as necessary to fulfill the purposes for which it was collected, or as required by law. Our specific retention periods are:

  • Contact form inquiries: Retained for 12 months after the last communication, after which it is securely deleted.
  • Service data (clients): Retained for the duration of the contract plus 3 years for legal compliance.
  • Usage analytics: Retained in anonymized form for 26 months.
  • Backup data: Purged within 30 days of the deletion of source data.

10. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encrypted data storage and transmission (TLS 1.3 / AES-256)
  • Secure session management
  • Role-based access control (RBAC)
  • Regular security audits and vulnerability assessments
  • Audit trails for all data processing activities
  • Access controls restricted to authorised personnel only

11. Data Breach Notification

In the event of a data breach that is likely to cause harm to data principals, we will:

  • Notify the Data Protection Board of India within the timeframe prescribed under the DPDP Act
  • Inform affected data principals promptly about the nature of the breach and measures taken
  • Take immediate remedial action to mitigate the impact and prevent recurrence

12. Your Rights Under the DPDP Act

As a Data Principal under the DPDP Act, you have the following rights:

  • Right to Access: Request a summary of your personal data held by us and the processing activities.
  • Right to Correction: Request correction of inaccurate or misleading personal data.
  • Right to Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Right to Revoke Consent: Withdraw your consent at any time.
  • Right to Grievance Redressal: Lodge complaints about our data processing activities.

To exercise these rights, contact our Grievance Officer at contact@vkites.com.

13. Grievance Officer

In compliance with Section 9 of the DPDP Act, we have designated a Grievance Officer to address any concerns regarding your personal data:

  • Grievance Officer: Kriti Chaurasia
  • Email: contact@vkites.com
  • Address: B-611 Ratan Galaxy, Sector 12, Vrindavan Yojna, Lucknow, Uttar Pradesh 226029, India
  • Response Time: We will acknowledge your grievance within 48 hours and resolve it within 30 days as mandated by the DPDP Act.

14. AI Processing Transparency

When AI processing is used, we ensure:

  • You are informed about what information is used for AI processing
  • You understand why content was generated or decisions were automated
  • Human oversight is maintained for all AI-driven processes
  • Explicit consent is obtained before AI processing of personal data occurs

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page with an updated date. Continued use of our services after changes constitutes acceptance of the updated policy.

16. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

  • Email: contact@vkites.com
  • Grievance Officer: contact@vkites.com
  • Registered Address: B-611 Ratan Galaxy, Sector 12, Vrindavan Yojna, Lucknow, Uttar Pradesh 226029, India