Privacy Policy

Effective: 10 June 2026 · Vipra Software Private Limited ("Vipra Software", "we")

Note: This policy reflects VipraGo's current beta operations. It will be reviewed by counsel before general availability; material changes will be announced on this page.

1. Who we are

VipraGo is operated by Vipra Software Private Limited, Bengaluru, Karnataka, India. For customer organizations using VipraGo, the customer is the data controller (or data fiduciary under India's DPDP Act) for their employees' data; Vipra Software acts as processor. For visitors to this website and trial signups, Vipra Software is the controller.

2. Data we process

Account data: name, work email, organization, role.
Platform data entered by your organization: employee profiles, attendance records (including IP address and GPS coordinates where your organization enables geo-fenced attendance), leave, payroll and salary information, reimbursement receipts, project and task data, asset records.
Technical data: log data (IP address, browser, timestamps), and security audit events.
Website data: contact form submissions.

3. Why we process it

To provide the service your organization configured (attendance, leave, payroll, projects); to secure the platform (authentication, audit logs, abuse prevention); to comply with legal obligations (statutory payroll records); and to communicate service information. We do not sell personal data, and we do not use customer data to train shared AI foundation models.

4. AI processing

VipraBot processes natural-language commands to execute actions inside your organization's account. Commands are processed with the same permissions as the requesting user and are audit-logged. Where third-party AI models are used for language understanding, only the minimum necessary context is sent, and it is not used by us to train shared models.

5. Storage, security, retention

Data is hosted on Google Cloud Platform. PII fields are encrypted at rest (AES-256), all transport uses TLS 1.3, access is role-based, and audit logs are tamper-evident. Data is retained while your organization's account is active and as required by statutory record-keeping; configured retention windows are enforced by automated purge jobs. See Security & Compliance.

6. Your rights (GDPR & DPDP)

Access & portability: request a machine-readable export of your data.
Correction: fix inaccurate data via your profile or your organization's admin.
Erasure: request anonymisation of your personal data (statutory accounting records may be retained as required by law).
Complaint: you may complain to your supervisory authority (EU) or the Data Protection Board of India.

Employees of customer organizations should route requests through their employer (the controller); we support the employer in fulfilling them via built-in GDPR/DPDP tooling.

7. Sub-processors

Google Cloud Platform (hosting), email delivery, and AI language-model providers. A current sub-processor list is available on request: privacy@viprasoftware.com.

8. Contact

Vipra Software Private Limited, Bengaluru, Karnataka, India · privacy@viprasoftware.com (or support@viprasoftware.com).