Aryacognis Pvt Ltd (trading as "Youkti")
Effective Date: January 18, 2025
Aryacognis Pvt Ltd, trading as Youkti ("Company," "we," "our," or "us"), respects your privacy and is committed to protecting your personal information. This Privacy Policy ("Policy") explains how we collect, use, share, and protect personal information when you:
By using the Services, you agree to this Privacy Policy. If you do not agree, please discontinue use of the Services immediately.
This Privacy Policy is incorporated by reference into our Terms and Conditions and Data Processing Addendum (DPA).
We collect information to provide, improve, and personalize our Services. We collect information in the following ways:
When you create an account or register for our Services, we collect:
We use Razorpay (razorpay.com) as our payment processor. When you purchase our services:
For questions about payment security, contact: billing@youkti.ai
If you create an account on behalf of an organization, we may collect:
Customer Data: Information you upload, import, or input into the Platform, including:
Communications with Us: When you contact customer support via Freshchat, email, or other channels, provide feedback, respond to surveys, or communicate with us, we collect the content of those communications
AI Prompts and Inputs: When you use AI features, we collect your prompts, queries, instructions, and the data you provide for analysis
When you use our Services, we automatically collect:
We use cookies, web beacons, pixels, and similar tracking technologies. See Section 5 for details.
As you use the Platform, we automatically generate and store behavioral pattern data to improve the quality and relevance of our AI-powered features. This includes:
This data is stored in a specialized graph database that maps relationships and patterns across your sales activities. Behavioral pattern data is tenant-isolated — your organization's patterns are never combined with or visible to other organizations.
To power contextual AI features, we generate mathematical representations (embeddings) of your sales activities, conversation history, and account data. These embeddings are stored in a specialized search database that enables ARYA to quickly retrieve relevant context when responding to your queries. Embeddings are derived from your data but cannot be reverse-engineered into the original text. They are tenant-isolated and encrypted at rest.
When you interact with ARYA, our system generates a unique session identifier (agent instance ID) to track the AI agent's context, actions, and audit trail for that interaction. This identifier is linked to your user account and is used to maintain conversation continuity, enable audit logging, and ensure security. Agent session identifiers are retained for 90 days as part of our usage logs and are not used for cross-session behavioral tracking or advertising.
Our Competitive Intelligence features use automated web monitoring and data collection technologies to gather publicly available business information. This includes:
Legal basis: Legitimate interests in providing competitive intelligence features to our B2B customers
Rights of data subjects: If you are a business professional whose publicly available information has been collected through our web monitoring, you have the right to access, correct, or request deletion of your data. See Section 10 for instructions.
We comply with applicable laws regarding automated data collection and respect robots.txt directives and website terms of service where technically feasible. Our automated collection practices are designed to minimize the volume of personal data collected and focus on business-relevant intelligence.
When you connect third-party services (CRM systems, email platforms, calendar applications), we receive data from those services as authorized by you.
Data We Collect from Third-Party Integrations:
When we collect business contact information from public sources or licensed data providers, we do so for legitimate business intelligence purposes. If you are a business professional and your publicly available information appears in our database, you have the right to request access, correction, or removal of your information. See Section 10 for instructions.
We do NOT collect or process:
If you inadvertently upload such data, please notify us immediately at privacy@youkti.com
We use the personal information we collect for the following purposes:
You can opt out of marketing communications at any time by:
Note: You cannot opt out of transactional emails (e.g., password resets, billing notices) as these are necessary for the Services.
We operate a continuous security monitoring system that analyzes usage patterns to detect and prevent fraud, abuse, and unauthorized access. This system:
Consequences of high risk scores:
Your rights: You can contest any security restriction by contacting support@youkti.com. We will provide a human review of any automated security decision upon request.
Data retention: Fraud detection and security monitoring logs are retained for 1 year (see Section 9.1)
Legal basis: Legitimate interests in protecting the security of our platform and our users (GDPR Art. 6(1)(f))
Our security monitoring system performs both pre-execution and post-execution analysis of AI tool interactions. Before ARYA executes a tool action, the system checks for patterns consistent with fraud, policy violations, or anomalous behavior. After execution, results are validated against expected patterns to detect data manipulation or unexpected changes. This dual-layer analysis helps ensure the integrity and security of all AI-powered actions.
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal information based on the following legal grounds under the General Data Protection Regulation (GDPR):
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal information based on the following legal grounds under the General Data Protection Regulation (GDPR):
| Processing Activity | Legal Basis | GDPR Article |
|---|---|---|
| Account creation and service delivery | Performance of contract | Art. 6(1)(b) |
| Payment processing via Razorpay | Performance of contract | Art. 6(1)(b) |
| Customer support (Freshchat, email) | Performance of contract & Legitimate interests | Art. 6(1)(b) & (f) |
| Product improvements, analytics, monitoring | Legitimate interests | Art. 6(1)(f) |
| Marketing communications | Consent | Art. 6(1)(a) |
| Legal compliance | Legal obligation | Art. 6(1)(c) |
| Security, fraud detection | Legitimate interests | Art. 6(1)(f) |
You have the right to object to processing based on legitimate interests (Art. 6(1)(f)). We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests, or we need the data to establish or defend legal claims. See Section 10 for how to exercise this right.
Where we process data based on consent (e.g., marketing emails), you can withdraw consent at any time by clicking "Unsubscribe" or contacting privacy@youkti.com. This will not affect the lawfulness of processing before withdrawal.
Youkti operates globally, and your personal information may be transferred to, stored in, and processed in countries outside your country of residence, including:
These countries may have data protection laws that differ from the laws of your jurisdiction.
When we transfer personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to countries that do not provide an "adequate" level of data protection under GDPR, we implement appropriate safeguards:
We rely on appropriate transfer mechanisms recognized under applicable data protection laws, including SCCs, adequacy decisions, or other lawful mechanisms.
You can request a copy of the safeguards we use for international transfers by contacting privacy@youkti.com. Note that we may redact commercially sensitive information.
Enterprise customers who are data controllers under GDPR can execute our Data Processing Addendum, which includes:
Access our DPA at: www.youkti.ai/legal/dpa
Our Platform incorporates artificial intelligence and machine learning technologies to provide the following features:
AI-powered personalized outreach emails and communication templates
Transcription, summarization, and action item extraction from sales meetings
AI-generated recommendations, next-best-actions, and opportunity analysis
Predictive analytics to prioritize leads based on likelihood to convert
Natural language processing to analyze emails, messages, and documents
Identification of trends, patterns, and anomalies in sales activities
ARYA uses a multi-model architecture where different AI models handle different stages of processing. Your data may be processed by multiple models in a single request:
| Provider | Models Used | Purpose |
|---|---|---|
| Anthropic | Claude (Sonnet, Opus, Haiku) | Email generation, meeting analysis, insights, conversational AI |
| OpenAI | GPT-4, GPT-4 Turbo, GPT-3.5 | Natural language processing, content generation, analysis |
| Gemini Pro, Gemini Flash | Text generation, multi-modal analysis, insights |
Your data sent to these external providers is NOT used to train their public AI models. We have contractual "zero data retention" agreements with all external AI providers.
In addition to external providers, ARYA uses internally hosted AI models running on our own cloud infrastructure (AWS/GCP) for the following purposes:
| Function | Purpose | Data Processed |
|---|---|---|
| Intent Analysis | Understanding and classifying your requests | Your query text and conversation context |
| Tool Routing | Determining which integrated tools to use | Request metadata and intent classification |
| Action Assessment | Evaluating risk level of proposed actions | Action parameters, historical patterns |
| Response Optimization | Selecting the most efficient model for simple queries | Query complexity assessment |
Important distinctions about internally hosted models:
ARYA communicates with integrated tools through a standardized protocol layer (Model Context Protocol) that manages connections, handles authentication, and maintains audit trails for all AI-to-tool interactions. This protocol layer:
The protocol layer is an internal infrastructure component — not a separate subprocessor — as it operates within our own cloud environment.
WE DO NOT USE YOUR DATA TO TRAIN PUBLIC AI MODELS
All such internal analysis is conducted on anonymized data that cannot identify you or your organization.
Important: AI-generated content is probabilistic and may contain errors.
You acknowledge and agree that:
We use AI for the following types of automated processing:
We use graph-based analytics to build relationship maps and behavioral patterns from your sales activities. This constitutes "profiling" under GDPR Article 4(4). Specifically:
Your rights: You can request a copy of your behavioral profile data, object to profiling under GDPR Art. 21, or request deletion of your pattern data by contacting privacy@youkti.com. Objecting to profiling may reduce the personalization and accuracy of AI-powered features
Your Right: You can override AI lead scores manually and disable auto-scoring in settings
Your Right: You can request manual review of blocked emails
Your Right: You can contest security restrictions by contacting support@youkti.com
Automated Decision-Making: ARYA performs certain low-risk automated actions on your behalf (see Section 8.7) such as CRM updates and task creation. These actions are governed by rules you configure and can be disabled at any time.
For actions that may have significant impact — such as sending communications to external parties, modifying deals, or scheduling commitments — ARYA requires your explicit approval before execution. We do not make solely automated decisions that produce legal effects concerning you (such as account termination or billing changes) without human review.
ARYA, our AI agent, can perform actions on your behalf across your connected tools. Actions are classified into tiers based on risk and impact:
ARYA may automatically perform the following actions without requiring your explicit approval for each instance:
These automatic actions are governed by rules and triggers you configure in your account settings. You can enable or disable automatic actions at any time under Settings > ARYA > Automation Preferences.
For actions with greater impact, ARYA will draft the action and present it for your review and approval before execution:
Multi-factor authentication may be required for certain suggested actions
Long-term recommendations such as campaign adjustments, territory planning, or account strategy changes are presented as suggestions only and are never auto-executed.
Actions that ARYA's risk assessment flags as potentially harmful, non-compliant, or unusual are escalated for human review by your organization's administrator or our security team. These are never executed automatically.
You have the following controls over AI features:
ARYA communicates with integrated tools through a standardized protocol layer (Model Context Protocol) that manages connections, handles authentication, and maintains audit trails for all AI-to-tool interactions. This protocol layer:
The protocol layer is an internal infrastructure component — not a separate subprocessor — as it operates within our own cloud environment.
We retain personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements.
| Data Category | Retention Period | Legal Basis |
|---|---|---|
| Account information | Duration of subscription + 90 days | Contract performance, legal obligations |
| Customer Data (CRM, emails, activities) | Duration of subscription + 30 days | Contract performance |
| AI interaction history | Duration of subscription + 60 days | Legitimate interests (service improvement) |
| Behavioral pattern data (graph database) | Duration of subscription + 60 days | Legitimate interests (AI personalization) |
| Semantic search embeddings (vector database) | Duration of subscription + 60 days | Legitimate interests (AI contextual retrieval) |
| Tool execution cache (web search results) | 5-30 minutes | Legitimate interests (performance, reduced API calls) |
| Tool execution cache (CRM data) | 4-24 hours | Legitimate interests (performance, rate limit management) |
| Tool execution cache (social/communication data) | 12-48 hours | Legitimate interests (performance, API rate limits) |
| Tool execution cache (company/firmographic data) | 7-30 days | Legitimate interests (performance, data stability) |
| Security verification cache | 5 minutes | Legitimate interests (real-time security) |
| Fraud detection and security logs | 1 year | Legitimate interests (security, fraud prevention) |
| Payment transaction records | 7 years | Legal obligations (tax, accounting laws) |
| Marketing communications consent | Until withdrawn or 3 years of inactivity | Consent (GDPR Art. 6(1)(a)) |
To improve performance and reduce latency, we temporarily cache tool execution results. Cached data is encrypted, tenant-isolated, and automatically purged according to the retention periods above. Cache data is never used for purposes other than serving subsequent similar requests within the same tenant.
When your account is terminated or you cancel your subscription:
When we delete personal data:
We may retain data longer than specified periods if:
You can request early deletion of your data before retention periods expire (subject to legal exceptions). See Section 10 for instructions.
Depending on your location, you have the following rights regarding your personal information:
Aryacognis Pvt Ltd
Attn: Data Privacy Team
Bangalore, Karnataka
India
To protect your privacy, we must verify your identity before fulfilling requests. We may ask you to:
We will process most requests free of charge. We may charge a reasonable fee for manifestly unfounded or excessive requests, or repetitive requests for the same information.
We may deny or limit requests when:
If we deny a request, we'll explain why and inform you of your right to complain to a supervisory authority.
You may designate an authorized agent to make privacy requests on your behalf. The agent must:
You may contact your local data protection authority in the EU member state where you reside, work, or where the alleged violation occurred.
List of EU Data Protection Authorities:
edpb.europa.eu/about-edpb/board/members_enExample:
• Ireland: Data Protection Commission - dataprotection.ie
• Germany: Bundesbeauftragter für den Datenschutz - bfdi.bund.de
Information Commissioner's Office (ICO)
Data Protection Authority (when operational)
India is in the process of establishing a Data Protection Board under the Digital Personal Data Protection Act, 2023. Once operational, you may lodge complaints with this authority.
For current consumer grievances:
California:
California Attorney General - Privacy Enforcement
Website: oag.ca.gov/privacy
Other States: Check your state attorney general's website for privacy complaint procedures.
We encourage you to contact us first at privacy@youkti.com so we can address your concerns directly. Many issues can be resolved faster through direct communication than through formal complaints.
However, you have the right to lodge a complaint at any time, even without contacting us first.
In the past 12 months, we have collected the following categories of personal information:
| CCPA Category | Examples | Collected? |
|---|---|---|
| A. Identifiers | Name, email, phone number, IP address, account username | ✅ Yes |
| B. California Customer Records | Name, address, phone, payment information | ✅ Yes |
| C. Protected Classifications | Age, gender (only if voluntarily provided) | ⚠️ Limited |
| D. Commercial Information | Purchase history, subscription details | ✅ Yes |
| E. Biometric Information | Fingerprints, voiceprints, facial recognition | ❌ No |
| F. Internet/Network Activity | Browsing history, search history, website interactions | ✅ Yes |
| G. Geolocation Data | Approximate location based on IP address (city/country) | ⚠️ Non-precise only |
| H. Sensory Information | Audio recordings (meeting transcripts if enabled) | ⚠️ Only if you enable |
| I. Professional/Employment | Job title, company, work email | ✅ Yes |
| J. Education Information | School, degree (if voluntarily provided in profile) | ⚠️ Limited |
| K. Inferences | Profiles reflecting preferences, behavior, lead scores | ✅ Yes |
| L. Sensitive Personal Information | Social security, financial account numbers, health data | ❌ No |
We use the categories of personal information listed above for the business and commercial purposes described in Section 3.
We do NOT "sell" or "share" personal information as defined by CCPA/CPRA.
If this changes in the future, we will update this Privacy Policy, provide notice, and offer an opt-out mechanism.
Request disclosure of categories and specific pieces of personal information we collected, sources, purposes, and third parties we shared it with
Request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, fraud prevention)
Request correction of inaccurate personal information we maintain about you
We will not discriminate against you for exercising your CCPA rights (deny services, charge different prices, etc.)
Visit our Privacy Request Portal at: www.youkti.ai/privacy-request
Email-only requests accepted
A toll-free telephone number will be made available in a future update to this policy
Response Time: We will respond within 45 days. If we need more time (up to 90 days total), we'll notify you.
As a Data Principal (individual whose data is processed), you have the right to:
Obtain confirmation of whether your personal data is being processed and a summary of such processing
Correction and erasure of inaccurate or outdated personal data
Nominate another individual to exercise your rights in case of death or incapacity
We will respond to complaints within the timeframes prescribed by the Data Protection Board of India
Where we rely on consent as the legal basis for processing (e.g., marketing communications), we obtain clear, specific, and informed consent as required by the DPDPA. You may withdraw consent at any time by:
Withdrawal of consent will not affect the lawfulness of processing prior to withdrawal.
We transfer personal data outside India to the United States and other countries where our cloud infrastructure and subprocessors operate. We conduct such transfers in compliance with DPDPA requirements, including any restrictions or conditions that may be notified by the Central Government of India.
We do not transfer personal data to countries that the Central Government may restrict under Section 16(1) of the DPDPA.
In accordance with DPDPA requirements, our Grievance Officer can be contacted at:
Once the Data Protection Board of India is fully operational, you will have the right to lodge complaints with the Board regarding our data processing practices.
We employ differential privacy techniques when using aggregated platform usage data to improve our AI models and features. Differential privacy adds mathematical noise to aggregated datasets, ensuring that no individual user's data can be identified or extracted from the aggregate.
This allows us to learn from platform-wide patterns while preserving individual privacy. Differential privacy is applied only to anonymized, aggregated analytics data and is never used on individual customer data or content.
If your organization operates in the healthcare sector and requires HIPAA compliance, please contact legal@youkti.com before uploading any Protected Health Information (PHI) to the Platform.
Important: Standard accounts are not configured for HIPAA-compliant data processing. Enterprise customers requiring HIPAA compliance must execute a Business Associate Agreement (BAA) with Youkti, which enables additional technical safeguards including:
Without a BAA in place, you must not upload, process, or store any PHI through the Platform.
A data breach (or "Security Incident") occurs when there is:
We will notify you without undue delay and in any event:
If you receive a breach notification from us:
Enterprise customers purchase Youkti to manage their sales teams and operations. Administrator access enables:
Important: When you use Youkti through your employer's account:
Youkti acts as a data processor on behalf of your employer (the data controller). Your employer is responsible for informing you about data collection and use, obtaining necessary consents, and ensuring lawful processing of your data.
Within enterprise accounts, ARYA may perform actions that involve delegation — where an authorized user's request triggers ARYA to interact with systems using permissions granted by that user or their organization. For example:
All delegated actions are:
Delegation authority is configured by your organization's administrators. Individual users cannot delegate beyond their own permission scope.
You may NOT use Youkti to:
Youkti email features must comply with:
You must be at least 16 years of age to use our Services.
If you are under 16 years of age, you may NOT:
This age requirement aligns with GDPR's definition of the age of consent for processing personal data (Article 8).
For more information about how our AI providers handle data:
We may update this Privacy Policy from time to time to reflect:
If we make material changes that significantly affect your rights, we will notify you 30 Days Before Changes Take Effect:
For minor, non-material changes (e.g., clarifications, formatting, contact information updates):
Always Current Version: The most current version of this Privacy Policy is always available at: www.youkti.ai/legal/privacy
Version History: We maintain a version history of this Privacy Policy showing what changed and when. Access it at: www.youkti.ai/legal/privacy-history
Your Responsibility: We recommend you review this Privacy Policy periodically to stay informed about how we protect your data.
Aryacognis Pvt Ltd (trading as Youkti)
Attn: Data Privacy Team
Bangalore, Karnataka
India
Thank you for trusting Youkti with your data.
We are committed to protecting your privacy and being transparent about our data practices.
© 2025 Aryacognis Pvt Ltd. All rights reserved.