Legal

Data Security Policy

Effective Date: January 1, 2026  |  Last Updated: March 1, 2026

ErioAI Private Limited takes the security of your personal, behavioral, and session data with the utmost seriousness. This Data Security Policy describes the technical and organizational measures we implement to ensure your data is protected at every layer of our platform.

1. Data Classification

We classify all data handled by ErioAI into the following tiers:

  • Tier 1 — Personal Identifiers: Name, email, phone number, payment information. Highest security protocols apply.
  • Tier 2 — Behavioral Data: Personality scores, communication metrics, body language logs, AI coaching session histories. Encrypted at rest and in transit.
  • Tier 3 — Session Media: Video/audio recordings submitted for analysis. Processed with end-to-end encryption; deleted from processing servers after analysis unless explicitly saved.
  • Tier 4 — Usage Analytics: Anonymized interaction patterns and feature usage. Stored without personal identifiers.

2. Encryption Standards

  • In Transit: All data between your device and ErioAI servers is encrypted using TLS 1.3.
  • At Rest: Databases are encrypted using AES-256 encryption.
  • Session Media: Video/audio data is encrypted end-to-end during transmission and processing.
  • Payments: All financial transactions are processed by Razorpay, which is PCI-DSS Level 1 compliant. ErioAI never stores raw card or banking credentials.

3. Access Controls

  • Access to user data is restricted to authorized ErioAI engineers on a strict need-to-know basis.
  • All internal staff access is logged, monitored, and audited regularly.
  • Multi-factor authentication (MFA) is mandatory for all ErioAI engineering and admin staff.
  • Database access is segmented by user tier, with no single engineer having unrestricted access to all data.

4. Infrastructure Security

  • ErioAI is hosted on enterprise-grade cloud infrastructure with 99.9% uptime SLAs.
  • Data centers are ISO 27001 certified.
  • Automated vulnerability scanning is performed weekly on all services.
  • Penetration testing is conducted semi-annually by third-party security firms.
  • Firewalls and DDoS protection are active at all network edges.

5. AI Session Data Handling

Because ErioAI processes sensitive behavioral data (facial expressions, speech patterns, posture), we apply special protocols:

  • On-device processing is used wherever technically possible for camera and microphone input.
  • Server-side AI processing is performed in isolated, ephemeral compute environments that do not retain data beyond the session.
  • Users may opt out of server-side video analysis at any time in their account settings.
  • Behavioral scores and insights are stored under your account, visible only to you (or your org admin for enterprise accounts).

6. Third-Party Processors

ErioAI shares data with third-party processors only where necessary and only under strict data processing agreements:

  • Razorpay: Payment processing. PCI-DSS Level 1 Compliant.
  • Cloud Provider: Hosting and storage. ISO 27001 and SOC 2 certified.
  • Analytics Partner: Anonymized usage analytics. No personal data shared.

7. Data Breach Response

In the event of a confirmed data breach that affects user data:

  • Affected users will be notified within 72 hours of ErioAI becoming aware of the breach.
  • Appropriate authorities under Indian Information Technology law will be notified as required by law.
  • ErioAI will publish details of the breach, scope, and remediation steps on our status page.
  • A dedicated incident response team handles all security events with documented procedures.

8. User Rights Over Their Data

  • Data Export: You may request an export of all your personal and behavioral data at any time via privacy@erio.ai.
  • Data Deletion: Upon account closure, personal data is deleted within 30 days. Anonymized data may be retained for AI improvement.
  • Data Portability: Exported data is provided in machine-readable formats (JSON/CSV).

9. Compliance

ErioAI's data security practices are aligned with:

  • The Information Technology Act, 2000 (India)
  • The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
  • Emerging requirements under India's Digital Personal Data Protection Act (DPDPA), 2023

10. Contact

To report security vulnerabilities or data concerns:

ErioAI Private Limited
Security Team: security@erio.ai
Privacy Officer: privacy@erio.ai
Precision Hubs: Surat | Ahmedabad | Jaipur | Udaipur, India

Responsible disclosure is encouraged. Security researchers may contact us at security@erio.ai with any vulnerability reports.