Privacy Policy

Last updated 22 June 2025

1. Introduction

Welcome to Znorm.org. As a leading AI development company based in Bengaluru, India, Znorm Pvt Ltd, along with our subsidiaries like Snapshare.ai, is committed to protecting the privacy of our visitors, customers, and users. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal data across our AI-driven services, including iVA (AI visual inspection), General Object Detection API, Video Analytics, DocAI, Echolink, and Snapshare.ai. Our services leverage advanced technologies such as facial recognition, natural language processing (NLP), and machine learning to deliver innovative solutions.

This Policy is crafted to comply with the General Data Protection Regulation (GDPR), India's Digital Personal Data Protection Act (DPDP Act), and other applicable data protection laws. It applies to:

• Users: Individuals or entities who register accounts to use our services (e.g., Snapshare.ai for event photo-sharing, iVA for visual inspection, or Echolink for enterprise chatbots).
• Guest Users: Individuals accessing services without accounts (e.g., event attendees using Snapshare.ai's facial recognition to retrieve photos).
• Website Visitors: Individuals browsing our website (https://Znorm.org/).
• Clients: Organizations engaging our AI consulting, training, or development services.

This Policy does not govern personal data processed independently by third parties. For third-party details, see the "Third Parties" section below.

2. Definitions

For clarity:

• User: An individual or organization with a registered account on any Znorm.org service.
• Guest User: An individual accessing a service without an account (e.g., retrieving photos via Snapshare.ai).
• Personal Data: Any information relating to an identified or identifiable person, including biometric data (e.g., facial recognition templates).
• Data Controller: Znorm Pvt Ltd, responsible for determining the purposes and means of processing personal data.

3. Information We Collect

We collect the following categories of personal data, depending on the service used:

• Identity and Contact Data: Name, email address, phone number, and organization details provided during account registration or client onboarding.
• Biometric Data: Facial recognition templates or face scans (e.g., for Snapshare.ai's photo-sharing or Face Data Analytics services).
• Content Data: Photos, videos, or documents uploaded to services like Snapshare.ai (event photos), iVA (inspection videos), or DocAI (documents for NLP-based search).
• Usage Data: Technical information such as IP addresses, device identifiers, browser types, and interaction logs collected during platform use.
• Analytics Data: Aggregated and anonymized data from services like Video Analytics or iVA to monitor performance and improve algorithms.
• Training and Consulting Data: Information provided during AI training programs or consulting engagements (e.g., participant names, professional details).

4. Purpose of Collecting Information

We process personal data to:

• Deliver services, such as:
  • Photo-sharing via facial recognition (Snapshare.ai).
  • Visual inspection and analytics (iVA, Video Analytics).
  • Document retrieval (DocAI) and enterprise chatbots (Echolink).
  • Real-time object detection (General Object Detection API).
• Facilitate account creation, authentication, and client management.
• Enable Guest Users to access services (e.g., event photos via Snapshare.ai links).
• Improve our platforms by enhancing AI algorithms using anonymized data.
• Communicate updates, service notifications, or event details.
• Provide AI consulting and training services, including bootcamps and mentoring.
• Analyze usage trends to optimize performance and security.
• Comply with legal obligations and prevent fraud.

5. Legal Basis for Processing

We process personal data under the following GDPR-compliant legal grounds:

• Explicit Consent: For biometric data (e.g., facial recognition templates for Snapshare.ai or Face Data Analytics), we obtain explicit consent.
• Contractual Necessity: For account information, content data, and client data necessary to deliver our services or fulfill contracts.
• Legitimate Interests: For usage data and analytics to improve functionality, ensure security, and enhance user experience, provided it does not override your rights.
• Legal Obligation: To comply with GDPR, DPDP Act, or other regulatory requirements.

6. Storing Personal Data

Storage Location: Personal data is stored on secure cloud servers (AWS) managed by GDPR-compliant providers, primarily in India, with potential transfers outside the EEA, GCC (see "International Data Transfers").

Security Measures:

• Encryption of biometric and sensitive data during transmission and storage.
• Access controls restricting data to authorized personnel.
• Regular security assessments to mitigate risks.

Snapshare.ai Alignment: Storage practices align with Snapshare.ai's standards, ensuring consistency across services.

7. Data Retention and Deletion

We retain personal data only as long as necessary:

• Biometric Data: Retained for 30 days post-event for Snapshare.ai or as required for other services (e.g., Face Data Analytics), unless extended by user request or legal requirements.
• Account and Client Data: Retained for the duration of an active account or client relationship, plus a reasonable period (e.g., 1 year) for legal compliance.
• Content Data: Retained based on service needs (e.g., 30 days for Snapshare.ai event photos, longer for iVA if specified by clients).
• Usage Data: Retained for up to 6 months for analytics and optimization.

Deletion: Upon expiration or user request, data is securely deleted or anonymized per GDPR and DPDP Act protocols.

8. Data Breach Notification

In the event of a personal data breach:

• We will notify the relevant supervisory authority within 72 hours, as required by GDPR, if the breach poses a risk to individuals' rights and freedoms.
• If the breach poses a high risk, affected individuals will be informed without undue delay, with details on the breach, its impact, and recommended actions.
• For Snapshare.ai users, refer to the Snapshare.ai Data Breach Manual for specific procedures.
• Contact our DPO at [email protected] for inquiries.

9. Third Parties

We may share personal data with:

• Cloud Service Providers: For secure storage and processing (e.g., AWS, Google Cloud).
• AI Technology Partners: To support AI capabilities (e.g., facial recognition, NLP).
• Analytics Providers: For platform performance evaluation (e.g., anonymized usage data).
• Consulting and Training Partners: For delivering training programs or client services.

All third parties are bound by GDPR-compliant data processing agreements. We do not allow third parties to process data independently unless required by law.

10. Security of Personal Data

We implement robust measures to protect your data:

• Encryption of biometric and sensitive data.
• Access controls limiting data to authorized personnel.
• Regular security audits and penetration testing.
• Alignment with Snapshare.ai's security standards for consistency.

11. Data Protection Rights

Under GDPR, you have the following rights:

• Right to Access: Request copies of your personal data.
• Right to Rectification: Correct inaccurate or incomplete data.
• Right to Erasure: Request deletion of your data.
• Right to Restriction: Limit processing under certain conditions.
• Right to Object: Oppose processing based on legitimate interests.
• Right to Data Portability: Obtain your data in a structured, machine-readable format.
• Right to Withdraw Consent: Revoke consent for biometric data processing at any time.

To exercise these rights, use our Data Rights Request Form. We will respond within 30 days. You may also lodge a complaint with an EU supervisory authority or India's Data Protection Authority.

12. Children's Information

Some services (e.g., Snapshare.ai, Face Data Analytics) may process children's data (e.g., event photos). We do not knowingly process data of individuals under 16 without verifiable parental consent. Parents or guardians can review or request deletion of their child's data by contacting [email protected].

13. International Data Transfers

As an India-based company, Znorm.org may transfer data outside the EEA for processing (e.g., cloud storage, AI model training). We ensure compliance through:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Additional safeguards as required by GDPR and DPDP Act.

These measures protect your data regardless of location.

14. Acknowledgement and Consent

By using Znorm.org services, you:

• Acknowledge that you have read and understood this Privacy Policy.
• Confirm that, if under 16, parental consent has been obtained (where applicable).
• Consent to the processing of your personal data, including biometric data, for service delivery.
• Understand that consent is voluntary and can be withdrawn at [email protected] though this may limit service access.

15. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Significant updates will be communicated via our website (www.znorm.org/) or direct notifications to Users.

16. Contact Information

For questions, concerns, or to exercise your data protection rights, contact:

Znorm.org
Address: Znorm Pvt Ltd, Nikoo2, Bhartiya City, Bengaluru, India
Email: [email protected]
Phone: +91 98099 50569, +91 98959 08840
LinkedIn: https://in.linkedin.com/company/znorm

For Snapshare.ai-specific inquiries, refer to the Snapshare.ai Privacy Policy and Data Breach Manual.