Privacy Policy

Effective Date: 1st April, 2025

Last Updated: 8th April, 2025

This Privacy Policy ("Policy") describes how FoodNEST(S) Technologies OPC Pvt Ltd ("FoodNEST(S)," "we," "us," or "our"), a company registered under the laws of India, collects, uses, discloses, stores, and protects personal and business data in connection with the use of our product, Mochan-D.

Mochan-D is an advanced AI-powered assistant designed to help businesses ("Business Clients" or "Clients") facilitate brainstorming, commerce, discussions, innovation, and other operations, often integrated via platforms like WhatsApp.

This Policy applies globally, with its foundation rooted in Indian law, including the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act (DPDP), 2023, while also considering principles from global data protection regulations where applicable.

By accessing or using Mochan-D, whether as a Business Client or an End User interacting with Mochan-D through a Business Client, you acknowledge that you have read, understood, and agree to the practices described in this Policy.

  1. Introduction to Mochan-D & Our Role
    • Product: Mochan-D utilizes sophisticated AI models (potentially including base models like Ignite and Llama) to provide customized assistance for various business functions, including internal team collaboration and external customer engagement.
    • Data Controller vs. Data Processor:
      • FoodNEST(S) as Data Processor: For the data provided by our Business Clients to configure and train Mochan-D for their specific use (e.g., customer interactions, business documents) and for the data generated by End Users interacting with the Client's instance of Mochan-D, FoodNEST(S) generally acts as a Data Processor. We process this data based on the instructions of our Business Client.
      • Business Client as Data Controller: The Business Client is typically the Data Controller for the data they provide for training and the data generated by their End Users' interactions with Mochan-D. The Client is responsible for the lawful collection and processing of this data, including obtaining necessary consents from End Users.
      • FoodNEST(S) as Data Controller: FoodNEST(S) acts as a Data Controller for the data we collect directly from our Business Clients to manage their accounts (e.g., contact details, billing information) and for data collected through the operation and monitoring of the Mochan-D service itself (e.g., usage logs, performance data).
  2. Information We Collect

    We collect different types of information depending on your interaction with Mochan-D:

    1. Information from Business Clients (FoodNEST(S) as Controller/Processor):
      • Account Data: Name, email address, phone number, business name, address, billing information, and other details provided during registration and account management. (Controller)
      • Configuration Data: Settings and preferences chosen by the Client to customize Mochan-D. (Processor)
      • Training Data: Documents, communication logs, transaction histories, proprietary business information, and other data provided by the Client to train and fine-tune their specific instance of Mochan-D. The Client retains ownership and control over this data. (Processor)
    2. Information from End Users (Processed on behalf of the Client - FoodNEST(S) as Processor):
      • User Interactions: Messages, queries, commands, files, voice/text inputs, and other content shared by End Users when interacting with Mochan-D via integrated platforms (like WhatsApp).
      • Metadata: Information associated with interactions, such as timestamps, user identifiers (provided by the platform, e.g., phone number on WhatsApp), and conversation context.
    3. Automatically Collected Data (FoodNEST(S) as Controller):
      • Usage Data: Logs of how the Mochan-D service is accessed and used, including IP addresses, device information (type, operating system), browser type, interaction timestamps, feature usage, error logs, and performance analytics.
      • Cookies and Similar Technologies: If accessing Mochan-D via a web interface, we may use cookies or similar technologies to enhance user experience, maintain sessions, and collect usage analytics. You can manage cookie preferences through your browser settings.
      • Third-Party Data: We may receive information about you from third parties, such as social media platforms or other services you use to interact with Mochan-D. This data is used to enhance our services and improve user experience.
  3. How We Use Your Information & Legal Basis for Processing

    We use the collected information for the following purposes, relying on specific legal bases:

    • To Provide and Maintain the Service: Operate, deliver, maintain, personalize, and improve Mochan-D features and functionality. (Legal Basis: Performance of Contract with the Client; Legitimate Interests for service improvement).
    • To Customize and Train AI Models: Use Client-Provided Training Data solely to train and customize the specific instance of Mochan-D for that Client, ensuring strict segregation between Client data. (Legal Basis: Performance of Contract; based on Client instructions as Data Controller). We may use anonymized and aggregated data derived from usage for general model improvement, subject to Section 11.
    • For Security and Fraud Prevention: Monitor for security threats, prevent fraud, protect the rights and safety of FoodNEST(S), our Clients, and End Users, and ensure the integrity of our services. (Legal Basis: Legitimate Interests; Legal Obligation).
    • For Communication: Send service-related updates, technical notices, security alerts, and support messages to Business Clients. With prior consent, we may send marketing communications. (Legal Basis: Performance of Contract; Legitimate Interests; Consent for marketing).
    • For Compliance and Legal Obligations: Comply with applicable laws, regulations, legal processes, or governmental requests; enforce our terms and policies. (Legal Basis: Legal Obligation).
    • For Analytics and Research: Analyze usage patterns, conduct research, and generate aggregated or anonymized reports to understand service usage and improve Mochan-D. (Legal Basis: Legitimate Interests).
  4. Data Sharing and Disclosure
    • We do not sell personal data in the conventional sense. We share data only in the following circumstances:
    • As Directed by Business Clients: We share End User data and processing results back to the relevant Business Client (the Data Controller) as part of the service.
    • With Consent: We may share information with third parties when we have explicit consent from the Business Client or End User (where applicable).
    • With Service Providers (Sub-processors): We engage trusted third-party companies or individuals to perform services on our behalf (e.g., cloud hosting providers, analytics services). These sub-processors are bound by contractual obligations to maintain confidentiality and security, processing data only according to our instructions.
    • For Legal Reasons: We may disclose information if required by law, subpoena, or other legal process, or if we have a good faith belief that disclosure is reasonably necessary to (i) comply with a legal obligation, (ii) protect the safety or rights of any person, (iii) prevent fraud or abuse, or (iv) protect our rights or property.
    • In Case of Business Transfers: If FoodNEST(S) is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of its assets, your information may be transferred as part of that transaction, subject to standard confidentiality arrangements.
    • Anonymized or Aggregated Data: We may share anonymized or aggregated data (which does not identify individuals or specific clients) publicly or with third parties for research, analytics, or reporting purposes.
  5. Data Security

    We implement robust technical and organizational security measures designed to protect the information we process from unauthorized access, use, alteration, or destruction. These measures include:

    • Encryption: Data encryption in transit (e.g., using TLS/SSL) and at rest.
    • Access Controls: Strict role-based access controls and authentication mechanisms to limit access to data.
    • Regular Audits: Periodic reviews of our security practices.
    • Secure Infrastructure: Utilizing reputable cloud service providers with strong security certifications.
    • Incident Response: Procedures to detect and respond to suspected data breaches, including notification protocols as required under Indian law (e.g., IT Rules, 2021) and other applicable regulations.
    Note: While we take significant precautions, no security system is impenetrable. Business Clients are also responsible for implementing appropriate security measures for their own systems, data handling practices, and securing their access credentials and Training Data.
  6. Data Retention

    We retain personal data for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law.

    • Client Account Data: Retained for the duration of the client relationship and for a reasonable period thereafter as required for legal, accounting, or compliance purposes.
    • Client Training Data & End User Data (Processed): Retained according to the instructions of the Business Client or as necessary to provide the service. Data is typically deleted upon termination of the client agreement or upon specific request from the Client, subject to legal holds.
    • Usage Data & Logs: Retained for a period necessary for security, analytics, and service improvement, typically in anonymized or aggregated form for longer periods.
  7. Your Rights and Choices

    Your data protection rights depend on your relationship with Mochan-D and applicable law:

    • For End Users (Interacting via a Business Client):
      • Since the Business Client is the Data Controller for your interactions, you should direct requests regarding your personal data (e.g., access, correction, deletion, objection) directly to the Business Client whose Mochan-D instance you interacted with. They are responsible for handling your request in accordance with applicable law. We will assist our Clients in responding to such requests as required.
    • For Business Clients:
      • Access and Correction: You can access and update your Account Data through your account settings or by contacting us.
      • Data Portability: You may have the right to request an export of the Training Data you provided, where technically feasible.
      • Deletion: You can request the deletion of your account and associated data, subject to our retention policies and legal obligations.
      • Objection/Restriction: You may have the right to object to or request restrictions on certain processing activities related to your Account Data.
      • Consent Withdrawal: Where processing is based on consent (e.g., marketing emails), you can withdraw your consent at any time.
    • Grievance Redressal: For any privacy-related concerns or to exercise your rights (particularly for Business Clients regarding data we control), please contact our Data Protection Officer (DPO) using the details in Section 14. We will respond in accordance with applicable laws, including the timelines specified under the DPDP Act, 2023.
  8. International Data Transfers

    Our services may be accessed globally, and data may be processed in servers located outside your country of residence. Our primary operations and data storage are based in India. If we transfer personal data outside of India (e.g., to utilize global cloud infrastructure or serve international clients), we will ensure such transfers comply with Indian law (including the DPDP Act, 2023) and provide an adequate level of protection, potentially using mechanisms like Standard Contractual Clauses (SCCs) for transfers involving regions like the European Union, or ensuring compliance with other relevant cross-border transfer frameworks.

  9. Children's Privacy

    Mochan-D is not intended for or directed at individuals under the age of 18. We do not knowingly collect personal data from children under 18. Business Clients are responsible for ensuring they do not use Mochan-D to collect data from children under 18 without obtaining verifiable parental consent, as required by applicable laws like the DPDP Act, 2023. If we become aware that we have inadvertently collected data from a child under 18 without such consent, we will take steps to delete it.

  10. Third-Party Services (e.g., WhatsApp)

    Your interactions with Mochan-D via third-party platforms like WhatsApp are also governed by the privacy policies of those platforms (e.g., WhatsApp's Privacy Policy). Business Clients are responsible for informing their End Users about the involvement of such third-party services and any associated data processing.

  11. AI Model Training and Improvement
    • Client-Specific Training: Training Data provided by a Business Client is used exclusively to train and improve their specific instance of Mochan-D and is kept segregated.
    • General Model Improvement: To enhance the core capabilities of Mochan-D for all users, we may use aggregated and anonymized data derived from service usage and interactions. This data does not contain personal information or Client-specific proprietary data. We may also use publicly available data or licensed datasets. We implement technical measures to prevent the re-identification of individuals or specific clients from this aggregated/anonymized data used for general improvement. Clients may have contractual options regarding the use of derived data for general improvement, as specified in their service agreement.
  12. Changes to This Privacy Policy

    We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify Business Clients of significant changes via email or through platform notifications. The "Last Updated" date at the top indicates when the policy was last revised. Continued use of Mochan-D after changes become effective constitutes acceptance of the revised policy.

  13. Contact Us

    If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, or if you wish to exercise your data protection rights, please contact our Data Protection Officer (DPO):

    Vatsal Asthana

    FoodNEST(S) Technologies OPC Pvt Ltd

    PH-3, T-14, Metrocity Apartments, Paper Mill Colony, Lucknow -226006

    Email: contact@mochand.com

    Phone: +91 7307180059

  14. Governing Law and Dispute Resolution

    This Privacy Policy and any disputes arising out of or related to it shall be governed by and construed in accordance with the laws of India. Any disputes will be subject to the exclusive jurisdiction of the competent courts located in Lucknow, India.

  15. Disclaimer
    Business Clients are solely responsible for:
    • Ensuring they have a lawful basis, including obtaining necessary consents from End Users, for collecting and instructing us to process personal data via Mochan-D.
    • The accuracy, quality, and legality of the data they provide.
    • Complying with all applicable laws and regulations related to their use of Mochan-D and their handling of End User data.
    FoodNEST(S) Technologies does not sell personal data collected through Mochan-D unless explicitly instructed or permitted contractually by the Business Client (Data Controller) and allowed under applicable law.