Privacy Policy

Effective Date: 18 June 2026  Version: 1.1  Replaces: Version 1.0 dated 01 March 2026

Violet InfoSystems Pvt. Ltd. ("Violetinfo.ai", "we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use any product across the Violetinfo.ai platform, visit any of our websites, or interact with us in any other way.

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy.

1. Scope and Applicability

This Privacy Policy applies to all Violetinfo.ai products and services, including:

  • VioletLMS — Enterprise Learning Management System
  • VioletLXP — Learning Experience Platform
  • VOnboard — AI-powered employee onboarding
  • VRecruit — Recruitment intelligence
  • VAuthor AI — AI content authoring
  • VTest — Online assessment and proctoring
  • VKnow — Knowledge management
  • VForms — Digital forms and surveys
  • VGen AI / VConverse / VInsights / VSearch / VTranslate / VGamify / VPath AI / VCoach — AI assistants and intelligence layers
  • Competency Intelligence — Skills and competency framework
  • Any future product released on the Violetinfo.ai platform

It also applies to:

  • our websites: violetinfo.ai, violetlms.com, and any subdomain (e.g., customer.violetinfo.ai)
  • white-labelled customer domains (e.g., learn.yourcompany.com)
  • our mobile applications, browser extensions, and APIs
  • communications you have with us by email, phone, chat, or through any support or sales channel

If you access any Violetinfo.ai product through your employer, educational institution, or another organization, your administrator's contract with us also governs how your data is handled.

2. Who We Are

Violet InfoSystems Pvt. Ltd. (corporate brand: Violetinfo.ai) is an Indian company registered under the Companies Act 2013, with its registered office at:

1106, Quantum Tower, Chincholi Phatak, S.V. Road, Malad (West), Mumbai — 400064, India

Violet InfoSystems Pvt. Ltd. is the Data Fiduciary (under India's DPDPA 2023) and the Data Controller (under the EU/UK GDPR) for personal data processed in connection with the Violetinfo.ai platform, unless your organization has separately agreed to act as the controller under a data-processing agreement.

For privacy queries, contact our DPO at dpo@violetinfo.ai or privacy@violetinfo.com.

3. Information We Collect

3.1 Information You Provide Directly

  • Account registration: name, email address, phone number, organization name, job title, employee/student ID, password
  • Profile information: profile photo, professional details, learning preferences, location, language, time zone, reporting manager
  • Communications: messages, support tickets, feedback, survey responses, sales enquiries
  • Payment information: billing name, billing address, GSTIN/tax ID. Payment card data is processed by our PCI-DSS Level 1 payment processor and is never stored on Violetinfo.ai systems

3.2 Information Collected Automatically

  • Usage data: course completions, assessment scores, learning progress, login times, watch time, feature usage, search queries, click streams
  • Technical data: IP address, browser type and version, device type and model, operating system, screen resolution, session duration, referrer URL
  • Log data: system logs of your interactions with our platform, retained for security, performance monitoring, and regulatory compliance (including the CERT-In direction on log retention)

3.3 Information From Your Organization

Where you access a Violetinfo.ai product through your employer or institution, your administrator may provide us with your name, email, employee/student ID, department, location, designation, reporting manager, and other details required to provision your account or assign learning.

3.4 Special Categories of Data

We may process special categories of data only where strictly necessary for the Service and only with appropriate safeguards:

  • Biometric data — only where your organization has enabled biometric authentication (e.g., facial verification during VTest proctoring) and only as permitted by applicable law
  • Sensitive personal information (under CCPA/CPRA) — including precise geolocation, identity documents for proctoring, and any biometric data — handled with additional restrictions; you may opt out of certain uses where the law allows
  • Children's data — see Section 12

3.5 Information We Do Not Collect

  • We do not collect social security numbers, driving licence numbers, or other government IDs unless your organization specifically enables a feature that requires it (e.g., compliance training certifications)
  • We do not access your microphone, camera, or location without your explicit in-product consent
  • We do not read messages in third-party messaging apps

4. How We Use Your Information

We use personal data to:

  • Provide the Services — create and manage your account, deliver learning, track progress, enable assessments and certifications, process onboarding/recruitment workflows
  • Personalize your experience — surface relevant learning paths, AI coaching, recommended content, dashboards
  • Communicate with you — send service notifications, password resets, course assignment alerts, account changes, security alerts, and (with your consent) marketing communications
  • Provide customer support — respond to enquiries, troubleshoot, route to the right team
  • Maintain security and prevent fraud — detect unauthorized access, abuse, account takeover, and policy violations
  • Comply with law — meet our obligations under DPDPA 2023, GDPR, CCPA/CPRA, applicable tax laws, CERT-In directions, and law-enforcement requests
  • Improve our products — analyze aggregated usage patterns to make the platform better

5. Legal Basis for Processing

We rely on the following legal bases, depending on jurisdiction and processing activity:

Basis When we use it
Contractual necessity To deliver the Services under your account agreement or your employer's subscription
Legitimate interests Security, fraud prevention, analytics, platform improvement — balanced against your rights
Legal obligation Tax records, CERT-In log retention, court orders, regulator requests
Consent Marketing communications, optional cookies, biometric features. You may withdraw consent at any time without affecting prior processing
Public interest / vital interest Where applicable under specific local laws

5.1 Aggregated and Anonymized Data

We may aggregate and anonymize personal data so that it can no longer reasonably be linked to you, and use that aggregated data for benchmarking, research, analytics, and product development. Aggregated data is not personal data.

6. Who We Share Your Information With

We share personal data only with the following categories of recipients:

  • Your organization's administrators — your learning records, progress, and account details are visible to the administrators of the institution that gave you access
  • Sub-processors — vetted third-party providers under written data-processing agreements (see Section 7)
  • Legal and regulatory requirements — courts, government authorities, CERT-In, when required by law
  • Business transfers — in the event of a merger, acquisition, or restructuring, personal data may be transferred subject to equivalent privacy protections; you will be notified before the transfer takes effect
  • With your consent — any other recipient you specifically authorize

We do not sell your personal data. We do not share your personal data with advertisers. California residents — see Section 11.

6.1 DPDPA Consent Manager

Under India's DPDPA 2023, you may interact with us through a registered Consent Manager. Where the Government of India operationalizes Consent Managers, we will support consent-management requests routed through them.

6.2 Marketing Opt-Out

If you receive marketing communications from us:

  • every email contains an Unsubscribe link in the footer
  • you can also email privacy@violetinfo.com at any time
  • opting out of marketing does not affect service-related communications (security alerts, course assignments, billing)

7. Sub-processors

We use a small set of trusted sub-processors to operate the Services. All sub-processors are bound by written Data Processing Agreements, are required to maintain equivalent security and privacy protections, and process data only on our documented instructions.

Category Sub-processor Purpose Data location
Cloud infrastructure Amazon Web Services Hosting, storage, databases AWS Mumbai (ap-south-1) primary; backups within India
Payments Razorpay / Stripe Payment processing for paid subscriptions India / US (PCI-DSS)
Transactional email Amazon SES / SendGrid Account emails, notifications, password resets Region-specific
AI inference Anthropic, OpenAI, AWS Bedrock AI features (VAuthor, VGen, VConverse, VInsights) — see Section 9 for what we do and do not send US / regional endpoints
Customer support Zoho Support ticketing Region-specific
Analytics First-party analytics + GA4 (cookie-consent gated) Usage analytics Region-specific

8. How We Protect Your Information

We implement administrative, technical, and physical safeguards aligned to ISO 27001, SOC 2 Type II, and DPDPA-grade controls:

8.1 Technical controls

  • Encryption at rest using AES-256
  • Encryption in transit using TLS 1.2 or higher
  • Least-privilege role-based access with multi-factor authentication required for any sensitive system
  • AWS CloudWatch, GuardDuty, and CloudTrail for continuous monitoring
  • Regular vulnerability scanning and annual third-party penetration testing
  • Network segmentation, private VPC, AWS Web Application Firewall

8.2 Organizational controls

  • Mandatory annual security and privacy training for every employee
  • Background verification on every hire
  • Quarterly access reviews
  • Documented incident response procedure with on-call rotation
  • ISO 27001 / SOC 2 Type II audited (refer to our Command Center https://commandcentre.violetcloud.io/)

8.3 Data Breach Notification

If we become aware of a security incident affecting your personal data, we will:

  • notify your organization's administrators without undue delay, and at the latest within 72 hours of becoming aware (GDPR) and as required by the CERT-In direction (within 6 hours of becoming aware, for incidents involving Indian residents' data)
  • notify the Data Protection Board of India as required by DPDPA 2023
  • notify supervisory authorities in other applicable jurisdictions where required by law
  • where the incident is likely to result in a high risk to your rights and freedoms, notify you directly

While we take significant measures, no internet transmission or electronic storage is completely secure, and we cannot guarantee absolute security.

9. AI and Automated Processing

Violetinfo.ai products use AI features (VAuthor AI, VGen AI, VConverse AI, VInsights AI, VCoach, VTest AI proctoring, and others). Here is what that means for your data:

  • We do not use customer personal data to train our AI models or any third-party AI models. Customer content sent to AI providers (Anthropic, OpenAI, AWS Bedrock) is processed under zero-retention or no-training agreements wherever supported by the provider.
  • AI suggestions are recommendations, not decisions. Where AI features influence outcomes — for example, AI-assisted scoring on VTest, AI competency recommendations on Competency Intelligence — a qualified human can review and override the AI output. You may request human review for any automated decision that affects your learning record, certification, or employment.
  • AI proctoring transparency. If your organization enables AI proctoring on VTest, you will see an on-screen notice before the proctoring session begins, listing exactly what is captured (camera, screen, microphone, browser activity) and for how long it is retained.
  • AI generation transparency. Content produced by VAuthor / VGen is labelled as AI-generated where appropriate.

You may exercise your right under GDPR Article 22 and CCPA to not be subject to a decision based solely on automated processing that produces legal or similarly significant effects on you. Email dpo@violetinfo.ai.

10. International Data Transfers

Your personal data is primarily stored and processed within India on Amazon Web Services infrastructure in the AWS Mumbai (ap-south-1) region.

Where we transfer personal data outside its country of origin, we rely on one or more of the following safeguards:

  • DPDPA 2023 — transfers only to countries permitted by the Government of India by notification
  • GDPR Chapter V — Standard Contractual Clauses (SCCs) approved by the European Commission, the UK International Data Transfer Addendum, or an adequacy decision
  • CCPA — contractual provisions equivalent to the CPRA service-provider standard
  • Other applicable law — equivalent local-law mechanisms in KSA, UAE, Singapore, Australia, and other regions

11. Your California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the following rights:

  • Right to Know — what personal information we collect, the sources, the purposes, and the categories of third parties with whom we share it
  • Right to Delete — request deletion of your personal information (subject to legal retention obligations)
  • Right to Correct — request that we correct inaccurate personal information
  • Right to Opt Out of Sale / Sharing — we do not sell or share your personal information for cross-context behavioural advertising
  • Right to Limit Use of Sensitive Personal Information
  • Right to Non-Discrimination — we will not deny you Services, charge you a different price, or provide a different quality of Service because you exercised any of these rights

To exercise these rights, submit a request at email privacy@violetinfo.com. We may verify your identity before responding.

You may also designate an authorized agent to act on your behalf.

12. Children's Privacy

Different ages of consent apply in different countries:

Region Threshold What it means
India (DPDPA) Under 18 Verifiable parental consent required for processing
EU (GDPR) Under 16 (some member states 13–15) Parental consent required for online services
US (COPPA) Under 13 Federal verifiable parental consent required
California (CCPA) Under 16 Opt-in required for any sale/sharing

Where Violetinfo.ai products are deployed for an audience that includes children below the applicable age, we require the deploying institution (school, training partner, or parent) to obtain all necessary parental consents before deployment and to confirm this in writing to us.

We do not knowingly collect personal data directly from children without verifiable parental consent. If you believe a child has provided us data without consent, please email privacy@violetinfo.com and we will delete the data without undue delay.

See our internal Violetinfo Children's Data Policy for the full operating procedure. (refer to our Command Center https://commandcentre.violetcloud.io/)

13. Cookies and Tracking Technologies

We use cookies and similar technologies in four categories:

Category Required? What it does How to control
Strictly necessary Always on Session, security, load balancing Cannot be disabled; required for the Service to function
Functional Opt-in Remembers language, theme, preferences Cookie banner
Analytics Opt-in Matomo + GA4 + Hotjar + Violetinfo Analytics to measure usage patterns Cookie banner
Marketing Opt-in None on logged-in product surfaces; limited on violetinfo.ai marketing pages with consent Cookie banner

You can manage your preferences through our cookie banner or your browser settings. Details are in our separate Cookie Policy, which forms part of this Privacy Policy.

14. Data Retention

Data category Retention period Why
Active account data Duration of your subscription + 3 years Reactivation, dispute resolution, regulatory
Transaction and financial records 8 years Indian tax law
Security and system logs 12 months active + 24 months archive Security investigations, CERT-In direction
AI proctoring video/screen capture (when enabled) 90 days unless dispute Test integrity, audit
Marketing data Until you unsubscribe + 1 year Suppression list maintenance
Anonymized/aggregated data Indefinitely No longer personal data

On request, account closure, or end of contract, we will delete or anonymize your personal data within 90 days, subject to legal retention obligations.

See our internal Data Restoration and Destruction Policy for the disposal procedure. (refer to our Command Center https://commandcentre.violetcloud.io/)

15. Third-Party Websites and Services

Our websites and products may contain links to third-party websites or integrate with third-party services (e.g., LinkedIn for SSO, YouTube for video, Razorpay for payments). This Privacy Policy applies only to the Violetinfo.ai-operated services. We are not responsible for the privacy practices of third parties and encourage you to review their policies.

16. Your Rights and How to Exercise Them

Subject to applicable law, you have these rights:

  • Right to be informed — understand how your data is used
  • Right of access — request a copy of the personal data we hold about you
  • Right to rectification — correct inaccurate or incomplete data
  • Right to erasure — request deletion (subject to legal retention)
  • Right to restrict processing — limit how we use your data
  • Right to object to processing — including direct marketing
  • Right to data portability — receive your data in a machine-readable format
  • Right to withdraw consent — at any time, where consent is the legal basis
  • Right to grievance redressal (DPDPA) — to our Grievance Officer
  • Rights related to automated decision-making and profiling — see Section 9
  • Right to opt out of sale/sharing — see Section 11
  • Right to non-discrimination — for exercising any of the above

How to exercise

  • Email: privacy@violetinfo.com or dpo@violetinfo.ai
  • Post: the address in Section 17

We will respond to verified requests within 30 days (DPDPA / India / most jurisdictions) or 1 month (GDPR), extendable by 2 further months for complex requests. We may need to verify your identity before responding.

17. How to Contact Us

Role Contact
Data Protection Officer (DPO) dpo@violetinfo.ai
Privacy Contact privacy@violetinfo.com
Grievance Officer (DPDPA 2023) grievance@violetinfo.ai (replace with named officer before publishing)
General Support support@violetinfo.ai
Registered Office Violet InfoSystems Pvt. Ltd., 1106, Quantum Tower, Chincholi Phatak, S.V. Road, Malad (West), Mumbai — 400064, India

18. Complaints and Supervisory Authorities

If you have a concern about our handling of your personal data, please contact our DPO first at dpo@violetinfo.ai. We will work with you to resolve the matter within 30 days.

If unresolved, you may lodge a complaint with the supervisory authority in your jurisdiction:

Region Authority
India Data Protection Board of India (DPDPA 2023) · CERT-In for cyber incidents
EU / EEA Your local data protection authority (list: edpb.europa.eu)
UK Information Commissioner's Office — ico.org.uk
California (US) California Privacy Protection Agency — cppa.ca.gov · California Attorney General
United States (Federal) Federal Trade Commission
KSA Saudi Data and Artificial Intelligence Authority (SDAIA)
UAE UAE Data Office (Federal Law 45 of 2021)
Oman Ministry of Transport, Communications and Information Technology
Bahrain Personal Data Protection Authority
Singapore Personal Data Protection Commission — pdpc.gov.sg
Australia Office of the Australian Information Commissioner (OAIC) — oaic.gov.au
Malaysia Personal Data Protection Commissioner
South Africa Information Regulator

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. We will notify you of material changes by email and through a notice on the Violetinfo.ai platform at least 30 days before the changes take effect.

Version log

Version Date Summary
1.0 01-Mar-2026 Initial public privacy policy for VioletLMS
1.1 18-Jun-2026 Expanded to full Violetinfo.ai product suite. Added CCPA/CPRA, AI processing, sub-processors, breach timelines, supervisory authorities, cookie categories, version log. Updated entity branding to Violetinfo.ai and contacts to violetinfo.ai domain.
Need help?