Statutory framework governing the collection, processing, storage, and sovereign protection of personal and commercial data across the Opera AI Operating System (`https://operaai.in`).
This Privacy Policy and Data Protection Charter details how Opera AI (“we”, “our”, or “Platform”) collects, processes, stores, and protects data. We operate strictly under the statutory mandates of the Digital Personal Data Protection Act, 2023 (`DPDPA`), the Information Technology Act, 2000 Section 43A / SPDI Rules 2011, and global privacy standards including ISO/IEC 27701 (PIMS) and ISO/IEC 27018 (Public Cloud PII).
Opera AI is an autonomous, AI-native Enterprise Resource Planning (`ERP`) and CRM operating system specifically engineered for Indian MSMEs, SMBs, and factory owners (`Morbi, Rajkot, Surat, Ludhiana context`). When your commercial organization registers a workspace on Opera AI:
We strictly practice data minimization under DPDPA 2023 Section 5. We collect only what is essential for commercial workflow execution:
| Data Category | Specific Elements | Statutory Processing Purpose |
|---|---|---|
| Workspace & Identity | Business legal name, GSTIN, factory address, owner mobile number (`+91`), email, and cryptographic login credentials (`bcrypt` hashed). | Account provisioning, multi-factor authentication (`TOTP RFC 6238`), and statutory billing (`CGST SAC 998314`). |
| Conversational Payloads | WhatsApp text messages, images (visiting cards, proforma slips), voice notes (`Hinglish / Gujarati`), and customer phone numbers. | Real-time autonomous AI reply generation, inventory stock lookups, and order booking over WhatsApp Cloud API v19.0. |
| ERP Metadata & Ledgers | Custom object schemas, tile box counts, vehicle license plates (`GJ-36-V-...`), proforma invoices, and E-Invoice IRN references. | Executing enterprise manufacturing workflows, gate passes, and NIC IRP GST compliance. |
| Audit & Telemetry | Cryptographic trace IDs (`x-operaai-trace-id`), IP addresses, user agent strings, and immutable database mutation logs. | Companies Act Rule 3(1) edit log compliance, intrusion detection, and SRE self-healing diagnostics. |
In accordance with DPDPA 2023 Section 6, all personal data is processed either upon explicit, verifiable consent from the Data Principal or under statutory legitimate uses (such as responding to a customer’s direct WhatsApp inquiry to purchase commercial goods).
All automated WhatsApp interactions generated by Opera AI clearly identify the conversational agent (`e.g., "Opera AI Assistant"`), ensuring complete transparency under ASCI digital advertising rules and consumer protection frameworks.
To ensure strict sovereign alignment with DPDPA 2023 Section 16 (Cross-Border Data Transfers) and RBI Data Localization mandates, all primary database storage resides in AWS Asia Pacific 1 (Singapore — `ap-southeast-1`), maintaining sub-100ms latency (~45ms to Morbi and Rajkot industrial belts).
Opera AI operates on a zero-trust, “Bring-Your-Own-Key” (`BYOK`) and sovereign platform foundation. We partner strictly with audited, enterprise-grade sub-processors:
We enforce dual-tiered statutory data retention schedules:
Under DPDPA 2023 Sections 11–14, Data Principals (`your customers and users`) possess absolute rights over their data:
In compliance with DPDPA 2023 Section 13 and IT Rules 2011 Rule 5(9), we have designated a dedicated Statutory Grievance Officer (`Resident Grievance Officer — RGO`) to resolve complaints within 24 hours of receipt:
Resident Grievance Officer (`RGO`)
Organization: Opera AI Compliance & Legal Governance Directorate
Official Grievance Email: rgo@operaai.in
Legal Privacy Counsel: support@operaai.in
Sovereign Domain: `https://operaai.in` • Industrial HQ: Rājkot / Morbi, Gujarat, India (`IN`)