1. Introduction

PhytoForm AI, a product of Horfay Taqnia Private Limited (CIN: U72900JK2022PTC013845), registered at Floor 1st, Block A, STPI, Rangreth, Srinagar, J&K, India ("we", "us", or "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share information when you use the PhytoForm AI platform ("the Platform").

2. Information We Collect

Account Information

When you create an account, we collect your email address, organization name, and password (stored in hashed form). We do not store passwords in plain text.

Formulation Data

Data you enter into the Platform — including ingredient selections, formulation parameters, analyte values, lab results, and regulatory market selections — is stored to provide the service. This data belongs to you.

Payment Information

Payment processing is handled by Razorpay. We do not store credit card numbers, bank account details, or other sensitive payment information on our servers. We receive only transaction confirmations and subscription status from Razorpay.

Usage Data

We collect standard usage data including pages visited, features used, and credit consumption patterns. This helps us improve the Platform and troubleshoot issues.

3. How We Use Your Information

To provide and operate the Platform
To generate formulations, documents, and regulatory analyses based on your inputs
To process payments and manage subscriptions
To send transactional emails (verification, password reset, billing receipts)
To improve the Platform's accuracy and features
To respond to support requests

4. Data Sharing

We do not sell your data. We share information only in these limited circumstances:

Service providers: We use Razorpay for payment processing and Resend for transactional email delivery. These providers process data only as needed to perform their services.
AI processing: Formulation and document generation requests are processed using AI language models. Your input data is sent to the model provider for processing and is not retained by them for training purposes.
Legal requirements: We may disclose information if required by law, regulation, or legal process.

5. Data Security

We implement reasonable security measures to protect your data, including:

HTTPS encryption for all data in transit
Hashed password storage (bcrypt)
Database access restricted to authorized services
Regular security updates and monitoring

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Data Retention

We retain your account and formulation data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required for legal or compliance purposes (e.g., billing records).

7. Your Rights

You have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your account and associated data
Export your formulation data
Withdraw consent for non-essential data processing

To exercise these rights, contact us at support@phytoformai.com.

8. Cookies

The Platform uses essential cookies and local storage for authentication (session tokens). We do not use third-party tracking cookies or advertising cookies.

9. Children's Privacy

The Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "Last updated" date at the top reflects when the policy was last revised.

11. Contact

For questions about this Privacy Policy or your data, contact us at support@phytoformai.com.