AboutBlogCareersContactExplore SpaceSync →
Legal

Privacy Policy

Last updated: 14 June 2026  ·  Enquiries: hi@sooru.ai

This Privacy Policy ("Policy") is published by Sooru AI Private Limited, a company incorporated under the laws of India ("Sooru", "we", "us", "our"), in accordance with applicable data-protection and privacy legislation across the jurisdictions in which we operate or whose residents we may serve. This Policy governs the collection, use, storage, disclosure, and protection of personal data in connection with your use of our website, your correspondence with us, and your engagement with our services.

We are committed to handling personal data with transparency, integrity, and in compliance with applicable law. We encourage you to read this Policy carefully. By accessing our website or submitting information to us, you acknowledge that you have read and understood this Policy.

1. Identity and Contact Details of the Data Controller / Data Fiduciary

  • Entity Name: Sooru AI Private Limited
  • Role: Data Controller (under the EU/UK GDPR); Data Fiduciary (under the Digital Personal Data Protection Act, 2023); Business (under the CCPA/CPRA)
  • Registered Address: No. 816, 27th Main Road, Sector 1, HSR Layout, Bengaluru – 560 102, Karnataka, India
  • Contact Email: hi@sooru.ai
  • Grievance Officer (DPDP Act, 2023): Michael Stanley — mike@sooru.ai

For all privacy-related enquiries or requests to exercise data rights, you may contact us at the email or postal address set out above. Grievances under the DPDP Act, 2023 may be directed to our Grievance Officer at mike@sooru.ai.

2. Scope and Jurisdictional Applicability

This Policy is designed to align with the requirements of the following data-protection frameworks, to the extent applicable to the processing activities described herein:

  • (a) India: the Digital Personal Data Protection Act, 2023 ("DPDP Act") and rules made thereunder, as applicable;
  • (b) European Union: the General Data Protection Regulation (EU) 2016/679 ("EU GDPR");
  • (c) United Kingdom: the UK General Data Protection Regulation ("UK GDPR") as retained in domestic law pursuant to the European Union (Withdrawal) Act 2018, read with the Data Protection Act 2018;
  • (d) United States: applicable state privacy laws, including the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 ("CCPA/CPRA"), to the extent triggered by our processing activities.

Where a specific provision of this Policy is stated to apply to a particular jurisdiction, it applies only to individuals whose personal data is processed subject to that jurisdiction's laws. All other provisions apply generally. In the event of any inconsistency between a jurisdiction-specific provision and a general provision, the jurisdiction-specific provision shall prevail with respect to individuals in that jurisdiction.

3. Personal Data We Collect

We collect only such personal data as is reasonably necessary for the purposes described in this Policy. The categories of personal data we collect are as follows:

3.1 Form Submissions

When you use our Request for Service or Contact for Support forms on our website, we collect the information you voluntarily provide, which may include:

  • your full name;
  • your work email address;
  • your company or organisation name;
  • your professional role or designation;
  • the Sooru product or service to which your enquiry relates; and
  • the content of your message or request.

In addition, we collect limited technical data incidental to your use of the form, including your IP address and browser user-agent string, solely for the purposes of spam prevention and abuse detection.

3.2 Correspondence

Where you contact us directly by email or other written means, we retain the content of your communication and your contact details to the extent necessary to respond to your enquiry and to maintain an accurate record of our correspondence.

3.3 Usage Data

We collect basic analytics data relating to how our website is accessed and used. Such data is, in the main, aggregated and does not identify individual users. This data is collected through standard web technologies including cookies and similar tracking mechanisms, as further described in Section 11 of this Policy.

3.4 Product Data

Where you are a user of any of our products, including but not limited to SpaceSync, we may collect and process personal data as is necessary to provide the relevant product or service. The nature and scope of such data processing is described in the terms and conditions or supplementary privacy notice applicable to the specific product. In the event of any conflict between this Policy and a product-specific notice, the product-specific notice shall prevail with respect to that product.

4. Purposes for Which We Use Personal Data

We use the personal data we collect solely for the following purposes:

  • (a) to respond to, process, and fulfil service requests and support enquiries submitted through our website or by correspondence;
  • (b) to operate, maintain, secure, and improve our website and the services we provide;
  • (c) to detect, investigate, and prevent spam, fraudulent activity, and abuse of our systems;
  • (d) to meet our legal, regulatory, contractual, and security obligations; and
  • (e) to provide our products and services to users in accordance with the applicable product terms.

We do not sell your personal data. We do not use personal data for automated decision-making that produces legal or similarly significant effects on any individual.

5. Legal Basis for Processing (EU / UK GDPR)

Where the EU GDPR or UK GDPR applies to our processing of your personal data, we rely on one or more of the following legal bases:

  • (a) Consent: where you have freely given, specific, informed, and unambiguous consent to the processing — for example, by submitting an enquiry form on our website;
  • (b) Pre-Contractual and Contractual Necessity: where processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract;
  • (c) Legitimate Interests: where processing is necessary for the purposes of our legitimate interests, including responding to enquiries, securing our systems and infrastructure, and improving our services, provided such interests are not overridden by your fundamental rights and freedoms;
  • (d) Legal Obligation: where processing is necessary for compliance with a legal obligation to which we are subject.

Where we rely on consent as a legal basis, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

6. India — Digital Personal Data Protection Act, 2023

6.1 Applicability

The provisions of this Section apply to individuals whose personal data is processed in India or in connection with activities directed at individuals in India, to the extent that the DPDP Act, 2023 applies to such processing.

6.2 Lawful Processing and Consent

We process your personal data for the lawful purposes described in this Policy. Where the DPDP Act requires us to obtain your consent prior to processing, we shall seek such consent in a clear, standalone, and intelligible manner. You shall have the right to withdraw consent at any time, and such withdrawal shall not affect the lawfulness of processing undertaken prior to such withdrawal.

6.3 Rights of the Data Principal

As a Data Principal under the DPDP Act, you have the following rights, subject to applicable conditions and limitations under the Act:

  • (a) Right of Access: you may request confirmation of whether we are processing your personal data and obtain a summary of the personal data we hold about you and the purposes for which it is being processed;
  • (b) Right to Correction and Completion: you may request that we correct inaccurate personal data or complete incomplete personal data;
  • (c) Right to Erasure: you may request that we erase your personal data where it is no longer necessary for the purpose for which it was collected or where you have withdrawn consent and there is no other lawful basis for continued processing;
  • (d) Right of Nomination: you may nominate another individual to exercise your rights under the DPDP Act in the event of your death or incapacity;
  • (e) Right to Grievance Redressal: you have the right to have your grievances addressed in an expeditious manner.

6.4 Grievance Officer

In accordance with the DPDP Act and applicable rules, our designated Grievance Officer is Michael Stanley, reachable at mike@sooru.ai. We shall endeavour to acknowledge and address grievances within the timelines prescribed under applicable law.

7. United States — California (CCPA / CPRA)

7.1 Applicability

The provisions of this Section apply to California residents whose personal information is subject to the CCPA/CPRA.

7.2 Categories of Personal Information Collected

We collect the categories of personal information described in Section 3 of this Policy, including identifiers (such as name and email address), professional or employment-related information, internet or other electronic network activity information, and the content of communications.

7.3 Purposes of Collection

Personal information is collected for the business purposes described in Section 4 of this Policy.

7.4 Your California Privacy Rights

California residents have the following rights under the CCPA/CPRA:

  • (a) Right to Know: you have the right to know what personal information we collect, the purposes for which it is used, and the categories of third parties with whom it is shared;
  • (b) Right to Access: you have the right to request access to the specific pieces of personal information we hold about you;
  • (c) Right to Deletion: you have the right to request the deletion of your personal information, subject to certain exceptions permitted by law;
  • (d) Right to Correction: you have the right to request correction of inaccurate personal information;
  • (e) Right to Opt Out of Sale or Sharing: we do not sell or share personal information as those terms are defined under the CCPA/CPRA. No opt-out mechanism is therefore required; however, you may contact us at any time to confirm this;
  • (f) Right to Limit Use of Sensitive Personal Information: we do not use sensitive personal information beyond the purposes for which it was collected, as described in this Policy;
  • (g) Right to Non-Discrimination: we will not discriminate against you for exercising any of your rights under the CCPA/CPRA;
  • (h) Authorised Agent: you may designate an authorised agent to submit a request on your behalf, subject to appropriate verification of identity and authorisation.

To exercise any of the above rights, please contact us at hi@sooru.ai.

8. Your Rights — General (EU / UK)

Where the EU GDPR or UK GDPR applies, you have the following rights in relation to your personal data:

  • (a) right of access to your personal data;
  • (b) right to rectification of inaccurate or incomplete personal data;
  • (c) right to erasure ("right to be forgotten"), subject to applicable conditions;
  • (d) right to restriction of processing in specified circumstances;
  • (e) right to data portability in specified circumstances;
  • (f) right to object to processing based on legitimate interests or carried out for direct-marketing purposes;
  • (g) right to withdraw consent at any time where processing is based on consent; and
  • (h) right to lodge a complaint with a competent supervisory authority. In the United Kingdom, the relevant authority is the Information Commissioner's Office (ICO).

To exercise any of the above rights, please contact us at hi@sooru.ai. We may be required to verify your identity before processing your request.

9. Sharing of Personal Data and Data Processors

9.1 Service Providers and Processors

We share personal data only with third-party service providers who assist us in operating our website and delivering our services. Such providers may include, without limitation:

  • cloud hosting and infrastructure providers;
  • form-management and database service providers;
  • email-delivery service providers; and
  • web-analytics providers.

All such service providers are engaged under appropriate contractual arrangements that obligate them to process personal data only on our instructions and in accordance with applicable law.

9.2 Legal Disclosure

We may disclose personal data to competent governmental, regulatory, or law-enforcement authorities where required or permitted by applicable law, or where necessary to protect our legal rights or the safety of any individual.

9.3 No Sale of Personal Data

We do not sell personal data to any third party under any circumstances.

10. International Transfers of Personal Data

We are incorporated and based in India and process personal data primarily within India. However, some of our third-party service providers may be located in, or process data in, other countries. Where we transfer personal data across international borders, we ensure that appropriate safeguards are in place as required by applicable law, including, where required under the EU/UK GDPR, the use of Standard Contractual Clauses or other approved transfer mechanisms. We shall not transfer personal data to a jurisdiction that does not provide an adequate level of protection without implementing such safeguards.

11. Cookies and Similar Technologies

We use a minimal set of cookies and similar tracking technologies that are necessary for the proper functioning of our website and to understand, on an aggregated basis, how our website is used by visitors.

Where we propose to introduce non-essential cookies — that is, cookies that are not strictly necessary for the operation of the website — we shall implement an appropriate consent mechanism and seek your consent prior to placing such cookies, in jurisdictions where this is required by applicable law.

For further information on the cookies we use and how to manage your preferences, please contact us at hi@sooru.ai.

12. Retention of Personal Data

We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, as described in this Policy, or for such longer period as may be required or permitted by applicable law. Upon expiry of the applicable retention period, personal data is securely deleted or anonymised so that it can no longer be associated with any identifiable individual.

13. Security of Personal Data

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, alteration, or disclosure. These measures are reviewed and updated on a regular basis in line with evolving best practices and applicable legal requirements. For a general overview of our security practices, please refer to our Security & Trust page.

Notwithstanding the foregoing, no method of transmission over the internet or electronic storage is entirely secure, and we cannot guarantee absolute security of personal data.

14. Children

Our website and services are directed exclusively at businesses and professionals. They are not intended for, and are not directed to, children. We do not knowingly collect, process, or retain personal data from children. If we become aware that we have inadvertently collected personal data from a child, we will take prompt steps to delete such data. If you believe we may have collected personal data from a child, please contact us immediately at hi@sooru.ai.

15. Changes to This Policy

We reserve the right to update or amend this Policy from time to time to reflect changes in our practices, legal obligations, or applicable law. Where we make material changes to this Policy, we will take reasonable steps to bring such changes to your attention, which may include posting a notice on our website or updating the "Last updated" date at the top of this document. We encourage you to review this Policy periodically.

Continued use of our website or services following the publication of an updated Policy constitutes your acknowledgement of the revised terms, to the extent permitted by applicable law.

16. Contact and Grievance Redressal

For any questions, concerns, or requests relating to this Policy or to the processing of your personal data, or to exercise any right described in this Policy, please contact us by any of the following means:

  • Email: hi@sooru.ai
  • Grievance Officer (DPDP Act, 2023): Michael Stanley — mike@sooru.ai
  • Postal Address: Sooru AI Private Limited, No. 816, 27th Main Road, Sector 1, HSR Layout, Bengaluru – 560 102, Karnataka, India

We shall endeavour to respond to all legitimate requests within the timeframes prescribed under applicable law. Where we are unable to verify your identity to a sufficient standard, we may request additional information for verification purposes before processing your request.

© 2026 Sooru AI Private Limited. All rights reserved.