Privacy Policy

Privacy-first approach to enterprise AI automation. Learn how NayaFlow protects your data with complete on-premise deployment and zero external API calls.

Your data never leaves your network

🔒 Privacy-First AI Platform

NayaFlow is designed with complete data sovereignty as the foundation. Our on-premise AI platform ensures your data never leaves your network, providing the ultimate privacy protection for enterprise AI automation.

Effective Date: December 2024 | Last Updated: December 2024

1. Our Privacy Philosophy

NayaFlow was built from the ground up with a privacy-first philosophy. Unlike cloud AI services that process your data on external servers, our on-premise platform ensures:

✅ What We DO

  • • Deploy AI entirely on your infrastructure
  • • Process all data within your network
  • • Provide complete audit trails
  • • Enable air-gapped deployments
  • • Support compliance frameworks
  • • Give you full data ownership

❌ What We DON'T DO

  • • Send data to external APIs
  • • Store your data on our servers
  • • Share data with third parties
  • • Use your data for training
  • • Track across other websites
  • • Sell or monetize your data

2. Information We Collect

We collect minimal information necessary to provide our services, and we're transparent about what we collect and why:

Website Information

Information collected when you visit our website:

  • Contact Forms: Name, email, company, phone (when you provide it)
  • Demo Requests: Business requirements, deployment preferences
  • Technical Logs: IP address, browser type, pages visited (anonymized)
  • Cookies: Essential cookies only (see our Cookie Policy)

Enterprise Platform Information

Information related to your on-premise deployment:

  • Deployment Metadata: Server specifications, deployment architecture
  • Support Interactions: Technical support tickets and communications
  • Usage Analytics: Platform performance metrics (anonymized)
  • License Information: Subscription details and billing information

Your Business Data (On-Premise Only)

Data processed by your NayaFlow deployment:

  • Complete Ownership: All your business data remains on your infrastructure
  • Zero External Access: NayaFlow staff cannot access your business data
  • Local Processing: AI models process data entirely within your network
  • Your Control: You decide retention, backup, and access policies

3. How We Use Your Information

We use collected information solely to provide and improve our services:

Service Delivery

  • • Respond to demo requests and inquiries
  • • Provide technical support and training
  • • Deploy and maintain your platform
  • • Send important service updates
  • • Process billing and subscriptions

Platform Improvement

  • • Improve platform performance and reliability
  • • Develop new features and capabilities
  • • Enhance security and compliance
  • • Optimize deployment architectures
  • • Create better documentation and training

4. Data Sovereignty and Security

Data sovereignty is at the core of NayaFlow's architecture:

Complete Data Sovereignty

On-Premise Processing

  • • All AI processing in your data center
  • • Local GPT-OSS models (no external APIs)
  • • AWS MCP connections within your VPC
  • • Complete network isolation capability

Security Measures

  • • Encryption at rest (FIPS 140-2)
  • • TLS 1.3 for all communications
  • • Role-based access control (RBAC)
  • • Comprehensive audit logging

5. Compliance Framework Support

NayaFlow is designed to support enterprise compliance requirements:

🏥
HIPAA
Healthcare Privacy
💳
PCI-DSS
Payment Security
🇪🇺
GDPR
EU Privacy
🏛️
FedRAMP
Government

Compliance Features

  • • Data residency controls
  • • Audit trail generation
  • • Access control matrices
  • • Encryption key management
  • • Compliance reporting tools
  • • Data lineage tracking
  • • Privacy impact assessments
  • • Breach notification systems

6. Data Sharing and Third Parties

We have a strict policy regarding data sharing:

❌ We Never Share Your Data

  • No Third-Party Analytics: We don't use Google Analytics or similar tracking
  • No Data Brokers: Your information is never sold or shared with data brokers
  • No Marketing Partners: We don't share contact information with partners
  • No AI Training: Your data is never used to train our models or anyone else's
  • No Government Backdoors: We don't provide backdoor access to any government

⚠️ Limited Exceptions

We may share information only in these specific circumstances:

  • Legal Compliance: When required by valid legal process
  • Service Providers: Minimal data to essential service providers (hosting, payment processing) under strict contracts
  • Business Transfer: In the event of a merger or acquisition (with advance notice)
  • Your Consent: When you explicitly authorize sharing

7. Your Privacy Rights

You have comprehensive rights regarding your personal information:

Access and Control

  • Access: Request copies of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your personal data
  • Portability: Export your data in standard formats

Platform Control

  • Data Ownership: Complete ownership of all business data
  • Processing Control: Decide how your data is processed
  • Retention Policies: Set your own data retention rules
  • Access Management: Control who can access your data

8. Data Retention

We follow data minimization principles and retain information only as long as necessary:

Website Data

  • • Contact forms: 3 years or until request fulfilled
  • • Demo requests: 2 years or until converted
  • • Support tickets: 5 years for reference
  • • Website logs: 1 year (anonymized)

Platform Data

  • • Business data: Under your complete control
  • • Deployment metadata: Duration of service + 1 year
  • • Billing records: 7 years (legal requirement)
  • • Support interactions: 5 years

9. International Data Transfers

NayaFlow's on-premise architecture eliminates most international data transfer concerns:

✅ Data Localization Benefits

  • Regional Deployment: Deploy in any country or region
  • Data Residency: All processing occurs within your chosen jurisdiction
  • Compliance Alignment: Meets local data protection requirements
  • Sovereignty Control: Government and regulatory compliance

10. Children's Privacy

NayaFlow is an enterprise platform not intended for use by children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will delete it immediately.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements:

  • Advance Notice: 30 days notice for material changes
  • Enterprise Notification: Direct notification to enterprise customers
  • Version Control: Previous versions available upon request
  • Effective Date: Changes take effect on the specified date

12. Contact Us

We're committed to transparency and are here to answer your privacy questions:

Privacy Officer

Email: privacy@nayaflow.com

Response time: Within 24 hours

For all privacy-related questions

Data Protection Officer

Email: dpo@nayaflow.com

Response time: Within 48 hours

For GDPR and compliance questions

View Terms of ServiceContact Privacy Team