Effective Date: April 25, 2026

Website: https://seclura.ai/

1. Introduction

Seclura (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://seclura.ai/ (the “Site”) or use our AI agent infrastructure platform (the “Service”).

Please read this policy carefully. By accessing or using our Service, you agree to the collection and use of information in accordance with this policy.

2. Personal Data We Collect

2.1 Information You Provide Directly

  • Account Information: Name, email address, organization name, and password when you register for an account
  • Profile Data: Job title, department, and role within your organization
  • Communications: Messages, feedback, support requests, and correspondence you send to us
  • Payment Information: Billing details processed securely through our payment providers (we do not store full credit card numbers)
  • API Keys: When you choose to bring your own model keys (BYOK), you provide API credentials for third-party LLM providers. These keys are encrypted at rest and never logged or exposed in plaintext.

2.2 Information Collected Automatically

  • Usage Data: Pages visited, time spent, features used, and interaction patterns
  • Device Information: IP address, browser type, operating system, device identifiers
  • Log Data: Server logs, error reports, and performance metrics
  • Cookies and Similar Technologies: Session cookies, preference cookies, and analytics cookies (see Section 8)

2.3 Information from Connected Services

When you connect third-party services to Seclura, we may collect:

  • Email Data: Messages and metadata from connected email accounts (e.g., Gmail)
  • Document Data: Files and metadata from connected storage services (e.g., Google Drive)
  • Context Graph Data: Connected resources – emails, files, tasks, people, projects, calendar events – become nodes in your organization’s Context Graph, with relationships mapped as edges
  • Code Repository Data: Repository information, commit history, and pull request data from connected development platforms (e.g., GitHub)
  • Calendar Data: Events, attendees, and scheduling information from connected calendar services
  • Other Integrations: Data from any third-party services you explicitly authorize us to access

We only access connected service data with your explicit consent and strictly within the scope of permissions you grant.

3. How We Use Your Personal Data

3.1 Service Delivery

  • Provide, maintain, and improve the Seclura platform
  • Process and fulfill your requests and transactions
  • Enable AI agent functionality, including Context Graph construction, multi-agent orchestration, and workflow automation
  • Deliver personalized experiences based on your organization’s data and preferences
  • Route queries to specialist agents (Email, Research, Code, Task) through our Orchestrator

3.2 Platform Operations

  • Monitor and analyze usage patterns to improve performance
  • Detect, investigate, and prevent fraudulent or unauthorized access
  • Maintain security through our 3-tier architecture (Gateway, Control Plane, Data Plane)
  • Generate audit trails for agent actions and data access
  • Prevent unauthorized AI usage by ensuring agent activity is visible, logged, and governed

3.3 Communications

  • Send administrative information, updates, and security alerts
  • Respond to your comments, questions, and support requests
  • Deliver marketing communications (with your consent, where required)
  • Conduct surveys and gather feedback to improve our Service

3.4 Legal Compliance

  • Comply with applicable laws, regulations, and legal processes
  • Enforce our Terms of Service and other agreements
  • Protect the rights, property, and safety of Seclura, our users, and others

4. Disclosure of Your Personal Data

4.1 We Do Not Sell Your Data

Seclura will never sell, rent, or trade your personal information to third parties for marketing purposes.

4.2 Model Training

Seclura does not use your data, prompts, responses, or connected service data to train, fine-tune, or improve AI models by default. If you opt into any data-sharing program for model improvement, we will obtain your explicit consent and provide clear opt-out mechanisms.

Customers on eligible plans may enable Zero Data Retention (ZDR) mode, under which prompts and responses are processed ephemerally and not stored beyond what is immediately needed to fulfill the request.

4.3 Permitted Sharing

We may share your information only in the following circumstances:

  • With Your Consent: When you explicitly authorize sharing with specific third parties
  • Service Providers: With trusted vendors who perform services on our behalf (hosting, analytics, payment processing) under strict data processing agreements
  • Legal Requirements: When required by law, regulation, legal process, or governmental request
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users
  • Protection of Rights: To protect the safety, rights, or property of Seclura, our users, or the public

4.4 Connected Service Data

When you connect third-party services (Gmail, Drive, GitHub, Calendar, etc.), data from those services is:

  • Processed within your organization’s tenant
  • Subject to the privacy policies of the respective third-party services
  • Accessible only to agents and users you explicitly authorize within your organization

4.5 Multi-Agent Data Sharing

Seclura’s specialist agents (Email, Research, Code, Task) share context through your organization’s Context Graph. This sharing is:

  • Scoped: Each agent only accesses data within its defined capabilities and permissions
  • Logged: Cross-agent data access is recorded in audit trails
  • Controlled: Organization administrators can restrict which agents access which data sources

5. Data Retention

5.1 Retention Periods

We retain your personal data only as long as necessary:

  • Account Data: For the duration of your account plus 30 days after deletion
  • Usage Logs: Up to 12 months for security and performance analysis
  • AI Prompts/Responses: Retained for 30 days by default. Customers on eligible plans may enable Zero Data Retention (ZDR) mode, under which prompts and responses are processed ephemerally and not stored beyond what is immediately needed to fulfill the request.
  • Audit Trails: Tier-based retention:
    • Starter: 30 days
    • Professional: 1 year
    • Enterprise: 7+ years (customizable)
  • Connected Service Data: Only while the integration is active and authorized
  • Marketing Data: Until you unsubscribe or request deletion
  • Context Graph Data: For the duration of your organization’s subscription, then securely deleted

5.2 Deletion Process

When data reaches the end of its retention period or you request deletion:

  • Data is securely erased from our active systems
  • Backups are updated in accordance with our backup rotation schedule
  • You will receive confirmation of deletion upon request
  • Connected service authorizations are revoked and tokens are deleted

5.3 Legal Hold

Seclura may retain data beyond standard retention periods when:

  • Required by applicable law, regulation, or court order
  • Necessary for ongoing litigation or regulatory investigation
  • Requested by your organization for internal compliance purposes

In such cases, the affected data will be isolated and access-restricted until the hold is released.

6. Data Controls

6.1 User-Level Controls

You can manage your data through:

  • Account Settings: Update your profile information, email preferences, and password
  • Data Export: Request a copy of your personal data in a structured, machine-readable format
  • Data Deletion: Request deletion of your personal data and connected service authorizations
  • Cookie Preferences: Manage cookie settings through your browser or our cookie consent banner

6.2 Organization-Level Controls

As an organization administrator, you can:

  • Configure data retention policies for your organization
  • Set access controls and permissions for team members
  • Review audit logs of agent activities and data access
  • Disconnect third-party service integrations at any time
  • Export or delete all organizational data from our platform
  • Enable or disable Zero Data Retention (ZDR) mode (on eligible plans)
  • Configure which specialist agents are active and what data sources they can access
  • Set approval workflows for sensitive operations
  • Enable hard organizational isolation (on eligible plans)
  • Configure EU data routing (on eligible plans)

7. Your Rights

7.1 Individual Rights

Depending on your location, you may have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Correct inaccurate or incomplete personal data
  • Erasure: Request deletion of your personal data (“Right to be Forgotten”)
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Limit how we process your data in certain circumstances
  • Objection: Object to processing based on legitimate interests or direct marketing
  • Withdraw Consent: Revoke consent at any time where processing is based on consent
  • Automated Decision-Making: Under GDPR Article 22, you have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. Seclura’s agents operate under human-in-the-loop governance – sensitive decisions always require explicit human approval.

7.2 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

  • Email: privacy@seclura.ai
  • Subject Line: Privacy Rights Request
  • Include: Your name, email address, organization name, and specific request

We will respond to verified requests within 30 days.

8. Security

8.1 Security Measures

Seclura implements security measures to protect your information:

  • Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access control (RBAC) with granular permissions at both organization and user levels
  • SSO/SAML: Enterprise-tier customers can authenticate via Single Sign-On with SAML 2.0 identity providers
  • Audit Trails: Agent actions, data access, and system changes are logged
  • Approval Gates: Write operations (sending emails, updating records, database writes) can require explicit user approval before execution
  • Scoped Agent Capabilities: Each agent can be configured to access only designated data sources
  • Regular Assessments: Ongoing security testing, vulnerability assessments, and penetration testing

8.2 Infrastructure

Our platform is built on a 3-tier architecture:

  • Gateway Layer: Authentication, routing, API gateway with rate limiting and threat detection
  • Control Plane: Orchestration engine, governance framework, Context Graph, audit systems, and approval workflows
  • Data Plane: Secure vector database (LanceDB), graph database (Neo4j), relational database (Supabase/PostgreSQL), and organizational memory stores

8.3 Deployment Options

  • Cloud (Standard): Hosted on secure infrastructure
  • Hard Organizational Isolation (Eligible Plans): Enhanced tenant isolation to prevent data mixing between organizations
  • EU Data Routing (Eligible Plans): Route all data processing through EU-based data centers
  • On-Premise (Enterprise): Deploy Seclura entirely within your own infrastructure

8.4 Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  • Notify affected users within 72 hours of discovery
  • Provide details about the nature of the breach and data involved
  • Outline steps we are taking to address the issue
  • Recommend actions users can take to protect themselves
  • Cooperate with relevant regulatory authorities as required

9. International Data Transfers

9.1 Data Processing Locations

Seclura processes data in secure data centers. Your data may be transferred to and processed in countries other than your country of residence.

9.2 EU Data Routing

Customers on eligible plans can configure their organization to route all data processing through EU-based data centers, ensuring compliance with EU data residency requirements.

9.3 Transfer Safeguards

When transferring data internationally, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by relevant authorities
  • Adequacy decisions where applicable
  • Binding Corporate Rules for intra-group transfers
  • Additional technical measures (encryption, pseudonymization) as needed

9.4 On-Premise Deployment

Enterprise-tier customers who deploy Seclura on-premise retain full control over data residency. All data processing occurs within your own infrastructure, and no data is transferred to Seclura’s cloud systems.

10. Third-Party Services

10.1 Connected Services

When you connect third-party services (Gmail, Google Drive, GitHub, Calendar, etc.), your use of those services is governed by their respective privacy policies. Seclura:

  • Does not control the privacy practices of these services
  • Only accesses data within the scope of permissions you grant
  • Processes connected data within your organization’s tenant

10.2 Third-Party Model Providers (BYOK)

When you choose to bring your own API keys for third-party LLM providers (OpenAI, Anthropic, open-source models):

  • Your prompts and responses are sent directly to the model provider’s API
  • The model provider’s privacy policy and terms of service govern that data
  • Seclura does not store, log, or have access to the content of prompts or responses sent to third-party models
  • We recommend reviewing the privacy policies of your chosen model providers

10.3 Subprocessors

Seclura engages the following subprocessors to deliver our Service:

SubprocessorServiceData Processed
SupabaseDatabase & AuthenticationAccount data, audit logs
RenderCloud HostingPlatform infrastructure data
Cloudflare R2Encrypted StorageEncrypted files, backups
Neo4jGraph DatabaseContext Graph relationships
LanceDBVector DatabaseDocument embeddings
GoogleOAuth & AnalyticsAuthentication tokens, site analytics
StripePayment ProcessingBilling information

All subprocessors are bound by data processing agreements. We will notify you of any material changes to our subprocessor list.

11. Children’s Privacy

Seclura is an enterprise platform not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children.

  • GDPR Compliance: For users in the European Economic Area, we comply with the age of consent requirements (16 years, or lower where permitted by member state law).
  • COPPA Compliance: For users in the United States, we comply with the Children’s Online Privacy Protection Act and do not knowingly collect personal information from children under 13.

If we become aware that we have inadvertently collected data from a child, we will take steps to delete such information promptly. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@seclura.ai.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

  • We will update the Last Updated date at the top of this policy
  • We will notify users via email or prominent notice on our Site
  • We encourage you to review this policy periodically

Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

SECLURA INTELLIGENCE LABS PRIVATE LIMITED
Email: privacy@seclura.ai
Website: https://seclura.ai/
Address: 502319, Telangana, India

For data protection inquiries, you may also contact our Data Protection Officer at dpo@seclura.ai.

14. Governing Law

This Privacy Policy is governed by the laws of India, without regard to conflict of law principles. Any disputes arising from this policy shall be resolved in the courts of competent jurisdiction in Telangana, India.

For users in the European Economic Area, this policy complies with the General Data Protection Regulation (GDPR) and the ePrivacy Directive. For users in California, this policy complies with the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

This Privacy Policy was last updated on April 25, 2026.