Privacy Policy
Last updated: 29 April 2026
1. Who we are
Web Accuracy (OPC) Private Limited ("Web Accuracy", "we", "us", "our") is a One Person Company incorporated in India under the Companies Act, 2013 (CIN: U72900JH2020OPC014405), with its registered office at C/o Subrata Roy Maulick, Bhawanipur, Doranda, Near Devi Mandir, Ranchi 834001, Jharkhand, India.
This policy describes how we collect, use, disclose and protect personal information across all websites, applications and services we operate, including webaccuracy.com and Ruma AI (rumadesk.com). It applies whether you are a website visitor, a customer of our agency services, a Ruma AI subscriber, or an end-user interacting with a Ruma AI agent deployed by one of our customers.
For the purposes of the EU General Data Protection Regulation (GDPR) and the UK GDPR, Web Accuracy (OPC) Pvt Ltd is the Controller for personal data of our website visitors and direct customers, and the Processor for end-user chat content sent to Ruma AI by our subscribing businesses.
2. Information we collect
(a) Information you give us directly:
- Contact form submissions on webaccuracy.com — name, email address, phone number, and the contents of your message.
- Account registration on Ruma AI — name, business name, email address, password (stored hashed), and account configuration.
- Billing information — collected and stored by our payment processor Stripe; we receive only metadata such as the last 4 digits of the card, card brand, billing country and transaction ID.
- Customer support correspondence with our team.
(b) Information collected automatically when you use our Services:
- Server and device information — IP address, browser type, operating system, referring URL, and pages viewed (collected by our hosting provider Vercel and by Google Analytics).
- Cookies and similar technologies — see Section 6 below.
(c) Information processed on behalf of Ruma AI customers:
- Conversation content exchanged between end users and a Ruma AI agent, including any information the end user voluntarily provides (such as name, email, order numbers).
- Conversation metadata — timestamps, session IDs, language detected, and tool execution logs.
3. How we use your information
- To provide, operate, maintain and improve our Services.
- To process payments and manage subscriptions (via Stripe).
- To respond to enquiries, support requests and contract negotiations.
- To send service-related notifications (account, billing, security, policy updates).
- To send marketing communications, only where you have opted in (you can unsubscribe at any time).
- To detect, prevent and respond to fraud, abuse and security incidents.
- To comply with legal obligations under Indian law and applicable foreign law.
4. Legal bases for processing (GDPR / UK GDPR customers)
If you are located in the European Economic Area, the United Kingdom or Switzerland, we rely on the following legal bases:
- Performance of a contract — to provide the Services you have subscribed to or enquired about.
- Legitimate interests — to operate, secure and improve the Services, prevent fraud, and conduct limited analytics.
- Consent — for marketing emails and non-essential cookies, which you can withdraw at any time.
- Legal obligation — to comply with tax, accounting and regulatory requirements.
5. Sub-processors and third parties with whom we share data
We do not sell your personal data. We share it only with the third-party service providers ("sub-processors") listed below, each of whom processes data on our behalf under contractual data-protection commitments:
| Sub-processor | Purpose | Data location |
|---|---|---|
| Vercel Inc. | Website and application hosting, server logs | USA / EU |
| Stripe, Inc. / Stripe India | Payment processing, fraud prevention, billing | USA / India |
| Upstash, Inc. | Redis-backed lead and account storage | USA / EU (selectable region) |
| FormSubmit | Email delivery of contact-form submissions | USA |
| Google LLC (Google Analytics) | Anonymised website analytics | USA / EU |
| [TODO: confirm LLM provider — e.g. OpenAI, Anthropic, Google AI] | Large-language-model inference for Ruma AI conversations | USA |
We may also disclose personal data when required by law, court order, or legitimate request from public authorities, or to protect our rights, property or safety and that of our users or others.
6. Cookies
We use the following categories of cookies:
- Strictly necessary — for authentication, session management and security. These cannot be disabled.
- Analytics — Google Analytics cookies (set only with your consent in regions where consent is required).
You can control cookies through your browser settings. Disabling strictly necessary cookies may break parts of the Services.
7. International data transfers
Because our hosting and payment infrastructure is operated by US-based providers (Vercel, Stripe, Google), personal data of EU/UK customers may be transferred to and processed in the United States or other countries outside the EEA/UK. Such transfers are protected by the EU Standard Contractual Clauses and equivalent safeguards offered by each sub-processor.
8. Data retention
- Account data — retained for as long as your account is active, plus 6 years thereafter to meet Indian tax and accounting requirements.
- Contact-form leads — retained for up to 24 months unless you request earlier deletion.
- Ruma AI conversation content — retained per the configuration set by the subscribing business; default is 90 days unless extended by them.
- Server logs — retained for up to 30 days for security and debugging.
- Payment records — retained for 8 years as required by Indian tax law.
9. Security
We use HTTPS/TLS encryption in transit, encryption at rest where supported by our sub-processors, hashed password storage, role-based access control, and routine security reviews. No system is 100% secure, however, and we cannot guarantee absolute security.
10. Your rights
Subject to applicable law (including the Digital Personal Data Protection Act, 2023 in India, the GDPR, and the UK GDPR), you have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate or incomplete data.
- Request deletion of your data ("right to be forgotten"), subject to retention obligations.
- Object to or restrict certain processing.
- Receive a portable copy of your data.
- Withdraw consent at any time, where processing is based on consent.
- Lodge a complaint with your local supervisory authority (in India: the Data Protection Board; in the EU: your national DPA; in the UK: the ICO).
To exercise any of these rights, write to care@webaccuracy.com. We will respond within 30 days.
11. Children
Our Services are not directed to children under 18. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, please contact us and we will delete it.
12. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be notified by email to your account address or by a prominent notice on the Services at least 14 days before they take effect.
13. Grievance Officer (India)
In compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023:
Grievance Officer: [TODO: name of designated officer]
Web Accuracy (OPC) Private Limited
C/o Subrata Roy Maulick, Bhawanipur, Doranda, Near Devi Mandir, Ranchi 834001, Jharkhand, India
Email: care@webaccuracy.com
Phone: +91 85399 23343
Response time: within 30 days of receipt.
14. Contact us
For any privacy-related question, write to care@webaccuracy.com or by post to the registered office above.
Web Accuracy is a digital product agency from Delhi & Ranchi,
building web, mobile, UI/UX, AI/ML and AR/VR solutions
for Indian businesses and global clients since 2015.
+91 85399 23343
