Privacy Policy

This Privacy Policy explains how Dhruv Labs (we, us, our) collects, uses, shares, and protects information when you use the Dhruv Ops dashboard (web, iOS, Android), our marketing website at dhruvlabs.ai, and any related services we operate (collectively, the Services).

Dhruv Ops is a private operations dashboard licensed to small business owners and the staff they invite. We are not a consumer app and our Services are not directed to children under 13.

1.1 Information you give us

• Account info: name, email address, password (stored as a salted scrypt hash, never in plain text), role within your organization.
• Business content: any data you or your team enter into the dashboard, including orders, reservations, leads, customer messages, shift reviews, tasks, team chat, photos, brand assets, fonts, colors, scheduled posts, accounting entries, staff records, and training notes.
• Profile: optional photo and short bio you choose to display in your team's roster.

1.2 Information generated by your use of the Services

• Conversation logs: messages exchanged with the AI assistant (Neela), including form submissions made via chat.
• Usage data: pages viewed, features used, timestamps, error logs.
• Device + connection data: IP address, browser type, OS, screen size, locale.

1.3 Information from third parties

If you connect external services (e.g. MailerLite for email lists, Vapi for phone calls, Meta for Facebook/Instagram messages, Moneris for payments), we receive data from those services as described in the relevant integration.

• Operate, maintain, and improve the Services.
• Authenticate users, enforce role-based access, and isolate data by organization.
• Power AI features such as the Neela assistant (your business content is sent to Anthropic's Claude API only for the purpose of generating responses on your behalf and is not used by us to train models).
• Send transactional emails (login invites, password resets, lead notifications, booking confirmations) via Resend.
• Detect, investigate, and prevent fraud, abuse, and security incidents.
• Comply with legal obligations.

We do not sell your personal information. We do not use your data to train AI models.

We share information only with the categories of recipients below, and only as needed to operate the Services.

• Service providers (subprocessors): Vercel (hosting + serverless functions, USA), Neon / Vercel Postgres (database, USA), Vercel Blob (file storage, USA), Anthropic (Claude AI, USA), Resend (transactional email, USA), MailerLite (marketing email, where enabled), Vapi (voice AI, where enabled), ElevenLabs (voice synthesis, where enabled), Moneris (payments, where enabled), Pollinations (image generation, where enabled).
• Within your organization: data is visible to other users in your same organization based on the role-based permissions your admin assigns.
• Legal: we may disclose information if required by law, court order, or to protect rights, property, or safety.
• Business transfers: if Dhruv Labs is acquired, merges, or sells assets, your data may transfer to the successor under the same protections.

We retain your data for as long as your organization's account is active, plus a reasonable period for legal and operational needs. You can request deletion at any time by contacting us. We will delete or anonymize personal data within 30 days of your verified request, subject to legal retention requirements.

Depending on your jurisdiction (including GDPR, CCPA, PIPEDA, and similar), you have the right to:

• Access the personal data we hold about you.
• Request correction or deletion.
• Object to or restrict certain processing.
• Withdraw consent (where consent is the legal basis).
• Receive a portable copy of your data.
• Lodge a complaint with your local data protection authority.

To exercise these rights, email us at the address below. We respond within 30 days.

We use industry-standard safeguards including TLS in transit, encryption at rest where our subprocessors offer it, password hashing with scrypt, per-user access tokens, multi-tenant isolation by organization ID, and secret hygiene on all API keys. No system is perfectly secure; we cannot guarantee absolute security.

Our primary infrastructure is hosted in the United States. If you access the Services from outside the US, you consent to the transfer of your information to the US and the use of our US-based subprocessors. Where required, transfers rely on Standard Contractual Clauses or equivalent safeguards.

The Services are not directed to children under 13 (or under 16 in the EU/UK). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us and we will delete it.

We may update this Privacy Policy from time to time. When we make material changes, we will update the Last updated date above and, where appropriate, notify you via the dashboard or by email. Continued use of the Services after a change means you accept the updated policy.

Questions about this policy or your data?

Dhruv Labs
Email: privacy@dhruvlabs.ai
Web: https://dhruvlabs.ai