Privacy Policy

Thinkior AI (“Thinkior”, “we”, “us”, or “our”) is an AI-powered platform built for early-stage Indian founders, accessible at thinkiorai.com (the “Platform”). We provide tools for business validation, competitor research, pitch evaluation, idea generation, AI-assisted analysis, and investor-grade business reports.

Thinkior AI is operated by an individual founder (Salman Memon, Gariyaband, Chhattisgarh, India). For the purposes of the Digital Personal Data Protection Act, 2023 (“DPDP Act”), we act as the Data Fiduciary for personal data you provide directly to us.

This Privacy Policy explains what personal information we collect when you use our Platform, why we collect it, and how we use and protect it.

2.1 Account Information

When you sign up, we collect your email address, name (if you provide it), and avatar URL (if you sign in with Google or another OAuth provider). We store these in our user database to authenticate you and personalise your dashboard.

2.2 Usage Data

We collect information about how you use the Platform: features accessed, queries submitted, reports generated, and session activity. This data helps us improve the product, enforce plan limits, and prevent abuse.

2.3 Payment Information

Payments are processed by Razorpay. We do not store your card or bank details. We receive and store only a payment reference ID, the plan purchased, the amount paid (in INR), the order ID, and the payment signature — for the purpose of confirming and reconciling your subscription.

2.4 AI Queries & Outputs

When you use any AI feature (Business Validator, Competitor Intel, Ideas Desk, Pitch Evaluator, Co-founder Desk Chat, or Business Reports), your input prompt and the AI-generated output are sent to our AI inference providers (Groq and Cerebras) to generate a response.

We store the query, the response, and metadata (feature used, model used, token count, response time) in our database so that:

• You can revisit past conversations and reports from your dashboard
• We can compute and enforce your daily usage limits
• We can debug and improve model quality

Per our agreements with Groq and Cerebras, your prompts and outputs are not used to train their foundation models.

2.5 Business Reports

When you generate a Business Report, we store the full report (in JSONB form) in our database along with the input data you provided. Reports are tied to your account and remain accessible until you delete them or delete your account.

2.6 Device & Log Data

We automatically collect browser type, IP address (truncated/anonymised in our logs), referring URLs, and timestamps for security monitoring, fraud detection, and diagnostics.

2.7 Cookies & Analytics

We use the following:

• Essential cookies — for authentication sessions and security tokens. These cannot be disabled while you are signed in.
• Google Analytics — for anonymised, aggregated traffic analysis. We have IP anonymisation enabled. No personally identifiable information is sent to Google. You can opt out via your browser's Do Not Track setting or by using an ad blocker.

We do not use advertising or cross-site tracking cookies. We do not use Facebook Pixel, LinkedIn Insight, or similar trackers.

We use your information to:

• Operate and deliver the Thinkior AI Platform to you
• Enforce your plan's daily and lifetime usage limits
• Send transactional emails (account confirmation, payment receipts, important service notices)
• Improve AI accuracy and Platform features using aggregated, anonymised data
• Detect and prevent fraud, abuse, security incidents, and plan-limit circumvention
• Comply with applicable Indian laws and regulations

We do not sell your personal data to third parties. We do not share your prompts or AI outputs with anyone except the AI providers strictly necessary to generate the response.

We rely on the following trusted third parties to operate. Each operates under their own privacy policy and data-processing terms.

• Supabase Inc. — authentication, database hosting, and row-level security (your data is stored in Supabase Postgres with RLS enabled so only you can access your records).
• Groq Inc. — AI inference (your prompts are processed by hosted Llama models; data is not used for training per their DPA).
• Cerebras Systems — AI inference fallback (same data handling guarantees as Groq).
• Razorpay — payment processing. PCI-DSS compliant. Governed by Razorpay's own privacy policy.
• SearXNG (self-hosted) — meta-search engine we use to gather public web data for competitor research and reports. We host this ourselves; no third party sees your queries.
• Vercel Inc. — application hosting and edge network.
• Google Analytics — anonymised traffic analytics only.

• Account data — retained for the lifetime of your account. On account deletion, we delete or irreversibly anonymise your personal data within 30 days, except where retention is required by law (e.g. financial records under the Income Tax Act, 1961).
• AI query logs — retained for up to 90 days for product improvement and abuse investigation, then auto-purged or anonymised.
• Business reports — retained until you delete them or delete your account.
• Payment records — retained for a minimum of 8 years as required by Indian tax law.

Under the Digital Personal Data Protection Act, 2023, you have the right to:

• Access a copy of the personal data we hold about you
• Correction of inaccurate or incomplete data
• Erasure — request deletion of your account and associated data
• Withdrawal of consent — withdraw consent for processing at any time (subject to legal obligations)
• Grievance redressal — file a complaint and have it addressed
• Nominate another individual to exercise your rights in the event of your death or incapacity

To exercise any of these rights, contact us at hello@thinkior.com. We will acknowledge your request within 72 hours and resolve it within 15 days as required by the DPDP Act.

In compliance with the Information Technology Act, 2000 (Intermediary Guidelines and Digital Media Ethics Code Rules, 2021) and the DPDP Act, 2023, the contact details of our Grievance Officer are:

• Name: Salman Memon
• Email: hello@thinkior.com
• Response time: within 72 hours of receipt, resolution within 15 days

Thinkior AI is not directed at individuals under the age of 18. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us at hello@thinkior.com and we will delete the account.

Some of our infrastructure providers (Supabase, Vercel, Groq, Cerebras, Google Analytics) may process your data on servers located outside India, including in the United States and European Union. We ensure that any such transfers are governed by adequate contractual safeguards consistent with the DPDP Act.

We implement industry-standard measures including:

• HTTPS encryption for all data in transit
• Supabase Postgres with row-level security (RLS) on all user data tables
• Access controls and least-privilege principles for any operator access
• API key rotation and server-side enforcement of plan and rate limits

No system is 100% secure; you use the Platform at your own risk.

We may update this Privacy Policy from time to time. Material changes will be announced via email or a notice on the Platform at least 7 days before they take effect. The “Last updated” date at the top of this page reflects the current version. Continued use after the effective date constitutes acceptance.

For privacy-related questions, data access requests, or to exercise your rights under the DPDP Act, email us at hello@thinkior.com.