CivilBolt.ai

Privacy Policy

Last updated: December 28, 2025
Effective: December 28, 2025

1. Introduction

Welcome to Civilbolt (“we,” “our,” or “us”). We are committed to protecting your privacy and handling your data in an open and transparent manner.

Civilbolt is a contract intelligence platform that uses artificial intelligence to help construction contractors manage contracts, track obligations, and draft formal correspondence. Our services are provided through our website at civilbolt.ai and our web application (collectively, the “Services”).

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our Services. By using Civilbolt, you agree to the collection and use of information in accordance with this policy.

Important: We are governed by Indian data protection laws, including the Digital Personal Data Protection Act, 2023 (DPDP Act) and the Information Technology Act, 2000. Our operations are based in India, and our services are primarily designed for users in India and other regions where we operate.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Name, email address, phone number, company name, job title, and password when you create an account.
  • Profile Information: Company details, GST number, PAN number, registered address, and contractor profile information.
  • Payment Information: Billing details, payment card information (processed through secure third-party payment processors), and transaction history.
  • Project Data: Contracts, project documents, correspondence, site diaries, meeting minutes, RFIs, variations, and other construction-related documents you upload.
  • Communications: Your messages, support tickets, feedback, and any correspondence with our team.

2.2 Information We Collect Automatically

  • Usage Data: Pages visited, features used, time spent, search queries, and interaction patterns within the platform.
  • Device Information: IP address, browser type and version, device type, operating system, and unique device identifiers.
  • Log Data: Access times, error logs, and technical diagnostic information.
  • Cookies and Similar Technologies: Session cookies, preference cookies, and analytics cookies (see Section 8 for details).

2.3 Information from Third Parties

  • Payment Processors: Transaction confirmations and payment status from our payment partners.
  • Analytics Providers: Aggregated usage statistics and platform performance metrics.
  • Referral Partners: Information if you were referred to us by a third party.

3. How We Use Your Information

We use your personal data for the following purposes:

3.1 To Provide and Improve Our Services

  • Create and manage your account
  • Process your documents using AI and OCR technology
  • Enable contract search and analysis features
  • Generate AI-powered insights and draft letters
  • Track contractual obligations and send deadline reminders
  • Enable team collaboration and project management
  • Provide customer support and respond to inquiries
  • Improve our AI models and platform functionality (using aggregated, anonymized data)

3.2 For Business Operations

  • Process payments and manage subscriptions
  • Send service announcements, updates, and security alerts
  • Detect, prevent, and address fraud, security issues, or technical problems
  • Comply with legal obligations and enforce our Terms of Service
  • Analyze usage patterns to optimize platform performance

3.3 For Marketing and Communications (With Your Consent)

  • Send promotional emails about new features, updates, or offers (you can opt-out anytime)
  • Conduct surveys and collect feedback
  • Display personalized content and recommendations
Legal Basis (DPDP Act): We process your data based on: (a) Consent you provide when using our Services, (b) Contractual necessity to deliver our Services, (c) Legitimate business interests (improving services, fraud prevention), and (d) Legal compliance obligations.

4. Data Sharing and Disclosure

We do not sell your personal data. We may share your information only in the following circumstances:

4.1 Service Providers

We share data with trusted third-party service providers who help us operate our platform:

  • Cloud Hosting: Cloud infrastructure providers for secure data storage and processing
  • Payment Processing: Payment gateway providers (they handle payment data directly under their own privacy policies)
  • Analytics: Analytics tools for usage tracking (anonymized data)
  • Email Services: Email service providers for transactional and service-related emails
  • AI/ML Services: AI providers for document processing (see Section 9)

All service providers are bound by strict data processing agreements and are prohibited from using your data for their own purposes.

4.2 Team Members

If you use Civilbolt as part of a team or organization, your project data and activity may be visible to other authorized team members within your organization.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Valid legal processes (court orders, subpoenas, warrants)
  • Government or regulatory investigations
  • Requests from law enforcement or government authorities in India or other jurisdictions
  • Protection of our rights, property, or safety, or that of our users or the public

4.4 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and provide options regarding your data.

4.5 With Your Consent

We may share your information with other third parties when you explicitly consent to such sharing (e.g., connecting with specialist contractors through our platform).

5. Data Security

We take data security seriously and implement industry-standard measures to protect your information:

Technical Safeguards

  • Encryption in transit (TLS/SSL)
  • Encryption at rest (AES-256)
  • Secure authentication (password hashing)
  • Regular security audits
  • Firewall protection
  • Intrusion detection systems

Organizational Measures

  • Role-based access controls
  • Employee confidentiality agreements
  • Regular staff security training
  • Incident response procedures
  • Data processing agreements with vendors
  • Regular backups and disaster recovery
Important: While we implement strong security measures, no system is 100% secure. You are responsible for maintaining the confidentiality of your account credentials. Please notify us immediately if you suspect any unauthorized access to your account.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

Data TypeRetention Period
Account DataAs long as your account is active, plus 90 days after account deletion (to allow account recovery)
Project DocumentsUntil you delete them, or 90 days after account deletion
Payment Records7 years (as required by Indian tax and accounting laws)
Usage AnalyticsAggregated and anonymized data may be retained indefinitely for improving our services
Legal ObligationsLonger if required by law or to establish, exercise, or defend legal claims

You can request deletion of your data at any time by contacting us (see Section 13). We will comply with your request within 30 days, except where we have a legal obligation to retain certain information.

7. Your Rights Under Indian Law

Under the Digital Personal Data Protection Act, 2023, you have the following rights:

Right to Access

You can request a copy of the personal data we hold about you.

Right to Correction

You can request correction of inaccurate or incomplete personal data.

Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data, subject to legal retention requirements.

Right to Data Portability

You can request a copy of your data in a structured, machine-readable format.

Right to Withdraw Consent

You can withdraw your consent for marketing communications or optional data processing at any time.

Right to Grievance Redressal

You can lodge a complaint with our Grievance Officer or the Data Protection Board of India.

How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@civilbolt.ai or use the contact details in Section 13. We will respond to your request within 30 days.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to improve your experience on our platform. Cookies are small text files stored on your device.

Types of Cookies We Use

Essential Cookies (Required)
Necessary for the platform to function. These enable you to log in, navigate pages, and use core features. Cannot be disabled.

Functional Cookies (Optional)
Remember your preferences (language, theme, settings) to provide a personalized experience.

Analytics Cookies (Optional)
Help us understand how you use the platform, which features are popular, and where we can improve. We use anonymized data.

Marketing Cookies (Optional)
Used to deliver relevant advertisements and track campaign effectiveness. These are only set with your explicit consent.

Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to:

  • View and delete cookies
  • Block third-party cookies
  • Block all cookies (may affect platform functionality)
  • Clear cookies when you close your browser

For more information: AboutCookies.org

9. AI and Automated Processing

Civilbolt uses artificial intelligence and machine learning to analyze contracts, extract information, and generate insights. Here's what you need to know:

How We Use AI

  • Optical Character Recognition (OCR) to extract text from scanned documents
  • Natural Language Processing (NLP) to understand contract clauses and obligations
  • Deep Search to find relevant information across thousands of documents
  • AI-powered drafting to generate formal letters and notices
  • Deadline extraction and reminder systems

AI Training and Your Data

We do NOT use your confidential project documents to train third-party AI models. Specifically:

  • Your contracts and project documents remain confidential and are not shared with AI training datasets
  • We may use aggregated, anonymized, non-identifiable data to improve our own models
  • When we use third-party AI services (like OpenAI), we configure them to NOT retain or train on your data
  • You can opt-out of contributing to model improvement by contacting us

AI Disclaimers

  • Not Legal Advice: AI-generated content is for informational purposes only and does not constitute legal advice
  • Human Review Required: Always review AI-generated documents before use in formal communications
  • No Automated Decisions: We do not make automated decisions that significantly affect you without human oversight
  • Accuracy: While we strive for accuracy, AI systems may occasionally make errors. Verify critical information.

10. International Data Transfers

Civilbolt is based in India, and your data is primarily stored and processed on servers located in India or other regions where we operate.

In some cases, your data may be transferred to, or accessed from, countries outside India for the following reasons:

  • Cloud infrastructure providers (AWS, Google Cloud) with servers in multiple regions
  • Third-party service providers (payment processors, email services) based outside India
  • AI processing services that may operate globally

When we transfer data internationally, we ensure appropriate safeguards are in place:

  • Standard contractual clauses approved by data protection authorities
  • Data processing agreements with all third-party providers
  • Encryption in transit and at rest
  • Compliance with DPDP Act requirements for cross-border data transfers
Note: By using our Services, you consent to the transfer of your data as described in this section, subject to the safeguards mentioned above.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make changes:

  • We will update the “Last Updated” date at the top of this policy
  • For significant changes, we will notify you via email or through a prominent notice on our platform
  • Your continued use of the Services after changes become effective constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

General Inquiries

Email:
privacy@civilbolt.ai
Website:
civilbolt.ai
Address:
D1-1004, Tulip Petals, Pataudi Road, Sector 89, Gurugram-122505, Haryana, India

We will acknowledge your complaint within 24 hours and resolve it within 30 days.

Data Protection Board of India

If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Board of India. Visit meity.gov.in for more information.

This Privacy Policy was last updated on December 28, 2025.
By using Civilbolt, you acknowledge that you have read and understood this Privacy Policy.