Privacy Policy

Effective Date: 1 March 2026 | Last Updated: 28 February 2026

InventDB Software LLP ("InventDB," "we," "us," or "our") respects your privacy. This Privacy Policy explains what information we collect, how we use it, with whom we share it, and your rights and choices.

This policy applies to our website at inventdb.com, the InventDB software product, and all related services.

1. Information We Collect

1.1 Information You Provide

Data	When Collected	Purpose
First name, last name	Waitlist signup, account creation	Account identification, communication
Email address	Waitlist signup, account creation	Account verification, communication, license delivery
Country	Waitlist signup, account creation	Tax compliance, regional legal requirements
Payment information	Subscription purchase	Payment processing (handled by third-party processors; we do not store card details)

1.2 Information Collected Automatically via the Website

When you visit inventdb.com, we may automatically collect:

Log data: IP address, browser type and version, operating system, referring URL, pages visited, date and time of access.
Cookies and similar technologies: We use only essential cookies required for site functionality (e.g., theme preference). We do not use advertising or third-party tracking cookies.

1.3 Information Collected by the Software

The InventDB software does not collect, transmit, or access your stored data, database contents, queries, or any user-generated content.

The Software periodically contacts our license verification server and transmits only:

Your License Key.
A minimal technical identifier (machine fingerprint hash) to verify single-instance compliance.

No personal data, database contents, usage analytics, telemetry, or behavioural data is collected by InventDB through the Software.

1.4 AI Agent Feature — Third-Party AI Providers

The AI Agent Feature connects directly from your infrastructure to a third-party large language model (LLM) provider (e.g., OpenAI) using an API key that you provide. InventDB does not route, intercept, store, or have any access to the data transmitted to the third-party AI provider.

When you use the AI Agent Feature, data you submit — including prompts, queries, and any database content referenced in your requests — is sent directly to the third-party AI provider's API endpoint. The processing, storage, retention, and use of that data is governed solely by the third-party provider's own privacy policy and terms of service.

You are solely responsible for:

Reviewing and accepting the third-party AI provider's privacy policy and terms before using the AI Agent Feature.
Ensuring that any personal data or sensitive information you transmit complies with applicable data protection laws (including GDPR, UK GDPR, CCPA/CPRA, and the Indian DPDP Act).
Securing your third-party API key and preventing unauthorised access to it.

2. How We Use Your Information

Provide and maintain our services: Process your registration, manage your account, deliver license keys, and provide support.
Verify licensing: Validate License Keys and enforce single-instance compliance as described in the EULA.
Communicate with you: Send transactional emails (verification codes, license delivery, subscription confirmations), respond to support inquiries, and notify you of material changes to our terms or services.
Legal compliance: Meet our obligations under applicable tax, accounting, and regulatory requirements.
Improve our services: Analyse aggregate, anonymised website usage to improve site performance and user experience.

We do not sell your personal information. We do not use your information for profiling, automated decision-making, or targeted advertising.

3. Legal Basis for Processing (GDPR / UK GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, our legal bases for processing your data are:

Basis	Applies To
Performance of a contract	Processing necessary to fulfil your license subscription, deliver the Software, and provide support.
Legitimate interests	License verification, fraud prevention, improving our services. We balance our interests against your rights and freedoms.
Legal obligation	Tax compliance, responding to lawful government requests.
Consent	Where you voluntarily submit information (e.g., waitlist signup). You may withdraw consent at any time.

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share data only as follows:

Payment processors: To process subscription payments. Payment processors operate under their own privacy policies and PCI-DSS compliance.
Email service providers: To send transactional emails (verification codes, receipts). These providers process data solely on our instructions.
Legal requirements: If required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of InventDB, our users, or the public.
Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data becomes subject to a different privacy policy.
Third-party AI providers (user-initiated): When you use the AI Agent Feature, data is transmitted directly from your infrastructure to the third-party AI provider you have configured (e.g., OpenAI). This transfer is initiated by you using your own API key; InventDB does not control, access, or intermediate this data flow. Refer to Section 1.4 for details.

5. International Data Transfers

InventDB Software LLP is based in India. If you are located outside India, your information will be transferred to and processed in India.

For transfers from the EEA or UK, we rely on:

Standard Contractual Clauses (SCCs) approved by the European Commission.
The UK International Data Transfer Agreement (IDTA) where applicable.

We ensure that all transfers are subject to appropriate safeguards as required by applicable data protection law.

6. Data Retention

Account data: Retained for as long as your account is active and for a period of twelve (12) months after termination, unless longer retention is required by law.
Waitlist data: Retained until you are onboarded or until you request deletion.
License verification logs: Retained for up to twelve (12) months for fraud prevention and then deleted or anonymised.
Website log data: Retained for up to ninety (90) days.
Payment records: Retained as required by applicable tax and accounting laws (typically 7 years).

7. Your Rights

7.1 All Users

Regardless of where you are located, you may:

Request access to the personal information we hold about you.
Request correction of inaccurate information.
Request deletion of your information (subject to legal retention requirements).
Withdraw consent where processing is based on consent.

7.2 European Economic Area and United Kingdom (GDPR / UK GDPR)

In addition to the above, you have the right to:

Data portability: Receive your data in a structured, commonly used, machine-readable format.
Restriction of processing: Request that we limit how we process your data in certain circumstances.
Object to processing: Object to processing based on legitimate interests.
Lodge a complaint: File a complaint with your local data protection authority (e.g., the ICO in the UK, or the relevant supervisory authority in your EU member state).

7.3 California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

Know what personal information we collect and how we use it.
Request deletion of your personal information.
Opt out of the sale of personal information. Note: we do not sell personal information.
Non-discrimination for exercising your privacy rights.

7.4 Indian Residents (DPDP Act)

If you are a resident of India, you have rights under the Digital Personal Data Protection Act, 2023, including the right to access, correct, and erase your personal data, and the right to nominate a representative. You may also file a complaint with the Data Protection Board of India.

8. Security

We implement reasonable technical and organisational measures to protect your information, including:

Encryption of data in transit (TLS/HTTPS).
Secure storage of credentials and License Keys.
Access controls limiting who within our organisation can access personal data.

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

9. Children's Privacy

Our services are not directed to individuals under the age of 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children. If we learn that we have collected information from a child, we will delete it promptly.

10. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to review their privacy policies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on inventdb.com at least thirty (30) days before they take effect. Your continued use of our services after the effective date constitutes acceptance.

12. Contact Us

For privacy-related questions, data access requests, or complaints, contact:

InventDB Software LLP
Email: privacy@inventdb.com
Website: inventdb.com

We aim to respond to all requests within thirty (30) days.