Privacy Policy

Last Updated: March 2026

Modaviti e-Marketing Private Limited (“Orbo AI”, “Company”, “we”, “our”, or “us”) operates the Orbo AI platform and related technologies. This Privacy Policy explains how we collect, use, process, store, and protect personal data when users interact with our websites, applications, APIs, and enterprise solutions.

This Privacy Policy applies to the following services operated by Orbo AI:

• https://www.orbo.ai
• related subdomains
• mobile applications including Supertouch
• APIs, SDKs, Smart Mirror solutions, and embedded technologies provided to enterprise clients

By accessing or using our services, you acknowledge that your information will be processed as described in this Privacy Policy.

1. Definitions

Service
Refers to websites, applications, APIs, SDKs, kiosks, smart mirrors, and other technologies operated by Orbo AI.

Personal Data
Information that identifies or relates to an identifiable individual, including phone numbers, email addresses, images, or device identifiers.

Usage Data
Information automatically collected from the Service such as device details, browser information, IP address, and interaction logs.

Data Controller
The entity that determines the purposes and means of processing personal data.

Data Processor
An entity that processes personal data on behalf of a Data Controller.

2. Data Processing Roles

Depending on how our technology is used, Orbo AI may operate either as a Data Controller or Data Processor.

Controller Role
When individuals interact directly with Orbo AI websites or applications, Orbo AI determines how personal data is processed.

Processor Role
When Orbo AI provides technology to enterprise clients (such as APIs, SDK integrations, smart mirrors, kiosks, or embedded applications), the enterprise client acts as the Data Controller and Orbo AI processes personal data strictly according to the client’s instructions and applicable contractual agreements.

3. Information We Collect

We may collect the following categories of information when users interact with the Service.

3.1 Personal Information

Information provided while using the Service or required for functionality may include:

• facial images or photographs used for analysis
• phone number
• email address
• user identifier or name
• information entered in forms or application interfaces

3.2 Image Data

Our technologies may process images to provide features such as:

• skin analysis
• cosmetic simulations
• hairstyle or hair color simulations
• image enhancement
• visual diagnostics or recommendations

Images are processed only for the purpose of delivering the requested functionality.

3.3 Usage Information

We may automatically collect information such as:

• device type
• browser type
• operating system
• IP address
• session duration
• interaction logs
• performance diagnostics

This information is used to operate, maintain, and improve the Service.

4. AI-Based Image Processing

Our platform uses artificial intelligence and computer vision technologies to analyse images and generate results such as skin insights, simulations, and enhanced images.

These processes are automated and designed solely to provide the intended functionality of the Service.

Our systems do not perform facial recognition for identity verification and do not create biometric identity templates used to uniquely identify individuals.

5. Use of Personal Data

We may use collected data for the following purposes:

• providing and operating our services
• processing images and generating analysis results
• delivering reports or outputs requested by users or enterprise clients
• improving system performance and user experience
• developing new features and services
• providing technical support
• monitoring service usage and diagnosing issues
• ensuring system security and preventing misuse
• complying with legal obligations

6. Mobile Application Processing

In certain mobile applications, image processing may occur locally on the user’s device.

Where on-device processing is used:

• facial images may not be transmitted to our servers
• facial feature vectors are not stored on our systems
• images are processed locally to generate effects or analysis results

The behaviour may vary depending on application configuration.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to support the functionality of our websites.

Cookies may be used for:

• maintaining sessions
• remembering preferences
• improving performance
• analytics and traffic monitoring
• security purposes

Users may configure their browser settings to refuse cookies, although certain features of the Service may not function properly without them.

8. Data Retention

We retain personal data only for the time required to deliver the requested functionality of the Service.

Typical retention practices include:

• Images uploaded for analysis are stored temporarily for processing and report generation and are typically deleted within 24–48 hours, unless a different retention period is configured based on enterprise client requirements.
• Personal data such as phone numbers or email addresses collected for authentication or report delivery are retained only for the duration required to complete the session and associated reporting workflows.
• For enterprise deployments, data retention periods may be configured according to the client’s instructions or contractual agreements.
• When data is transferred to enterprise client systems such as CRM platforms, images and personal identifiers may be deleted from Orbo AI systems according to the configured retention schedule.
• Aggregated or anonymized metrics that do not identify individuals may be retained for service improvement and analytics.

9. Aggregated and De-Identified Data

We may generate aggregated or anonymized data that does not identify individuals. This information may be used for analytics, research, system improvement, and reporting purposes.

10. Sharing of Information

We do not sell personal data to third parties.

Information may be shared in the following circumstances:

Service Providers
Trusted vendors who assist with cloud infrastructure, analytics, communication services, or system operations.

Enterprise Clients
When our technology is deployed for enterprise clients, analysis results and related information may be shared with the enterprise client operating the platform.

Legal Requirements
When required by applicable law, legal process, or government authority.

Business Transactions
In connection with mergers, acquisitions, restructuring, or sale of company assets.

11. International Data Transfers

Personal data may be processed in countries other than the user’s country of residence. Where such transfers occur, appropriate safeguards are implemented to protect personal data.

12. Data Security

We implement technical and organizational measures designed to protect personal data including:

• encryption of data in transit using TLS
• encryption of stored data
• secure cloud infrastructure
• role-based access controls
• secure key management systems
• monitoring and audit logging of system access

Despite these safeguards, no method of electronic transmission or storage can be guaranteed to be completely secure.

13. User Rights

Depending on applicable laws, users may have rights including:

• requesting access to their personal data
• requesting correction of inaccurate information
• requesting deletion of personal data
• restricting certain processing activities
• withdrawing consent where applicable

Requests may be submitted by contacting us using the details provided below.

14. Children’s Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children.

15. Third-Party Services

Our websites or applications may include links or integrations with third-party services. We are not responsible for the privacy practices of those third parties.

16. Compliance with Data Protection Laws

We aim to comply with applicable data protection regulations, including:

• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• India Digital Personal Data Protection Act
• other applicable privacy laws

17. Biometric Data and Facial Information

Some services process facial images in order to generate visual analysis or simulation results.

However:

• facial images are not used for identity verification
• we do not create biometric identity templates
• we do not perform facial recognition to identify individuals

Images are processed only to generate analysis results or visual simulations requested by the user or enterprise client.

Where images are stored temporarily for processing, they are deleted according to the retention practices described in this Privacy Policy or according to enterprise client requirements.

18. Artificial Intelligence Transparency

Our services use artificial intelligence and computer vision technologies to analyse images and generate insights such as skin condition indicators, visual simulations, or enhanced images.

These outputs are intended for informational and cosmetic purposes only and should not be interpreted as medical advice, diagnosis, or treatment.

We aim to develop and operate AI technologies responsibly by limiting data usage to what is necessary for functionality and by implementing safeguards to protect user privacy.

19. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Updates will be posted on this page along with the revised “Last Updated” date.

Users are encouraged to review this policy regularly.

20. Contact Information

If you have questions regarding this Privacy Policy or our data practices, please contact:

Modaviti e-Marketing Private Limited
Email: support@orbo.ai