Privacy Policy

Last Updated: May 14, 2026

1. Introduction

This Privacy Policy describes how AspenTech Consulting Group, Inc., operating as Aspen94 and Niravu (“Niravu,” “we,” “us,” or “our”), collects, uses, stores, and protects information in connection with the Niravu platform (the “Service”).

We are committed to protecting your privacy and being transparent about our data practices. This policy applies to all users of the Service, including free and paid subscribers.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address (used for account authentication, communication, and support)
• Name (if provided during registration or retrieved from your Zoho account)
• Organization name (if provided or retrieved from your Zoho CRM)

2.2 Payment Information

If you subscribe to a paid plan, payment processing is handled by Zoho Billing. We do not directly collect, store, or have access to your credit card numbers, bank account information, or other financial account details. Please refer to Zoho’s privacy policy for information about how they handle payment data.

2.3 Zoho CRM Metadata

When you connect your Zoho CRM and run a scan, we collect and process your CRM’s configuration metadata, including:

• Module definitions, field schemas, layouts, and relationships
• Automation configurations (workflow rules, custom functions, blueprints, validation rules, assignment rules)
• User records: names, email addresses, roles, profiles, and status
• Integration settings and connected application footprints
• Backup configuration and scheduling metadata
• Aggregate record counts per module (not the records themselves)

2.4 User Records Within Your CRM

Our scan collects information about users configured in your Zoho CRM, including their names, email addresses, roles, profiles, and active/inactive status. This information is used to assess governance and security posture.

This user data appears in your assessment reports and, for Enterprise subscribers, in the downloadable User Matrix export file. This data is visible only to you (the account owner) and is not shared with other customers or third parties.

2.5 Usage Data

We automatically collect certain technical information when you use the Service, including:

• IP address and approximate geographic location
• Browser type and version
• Pages visited and features used within the Service
• Scan timestamps and completion status
• Error logs and performance metrics

3. How We Use Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Generate system health assessments, scores, findings, and reports for your CRM environment
• Process subscriptions and payments (via Zoho Billing)
• Send transactional communications (scan results, subscription confirmations, account notifications)
• Send promotional communications related to the Service (you may opt out at any time)
• Detect, prevent, and address technical issues, fraud, and security concerns
• Comply with legal obligations

We do NOT use your CRM metadata to:

• Train artificial intelligence or machine learning models
• Sell or share your data with advertisers
• Create profiles about your customers or contacts (we don’t have access to that data)
• Benchmark Zoho’s products or services

4. No AI or Machine Learning Processing

Your CRM metadata is never processed by any artificial intelligence model, large language model, neural network, or machine learning system at any stage of the assessment process. Every score, finding, and recommendation produced by the Service is generated by deterministic, rules-based logic.

All scores, findings, and recommendations are currently produced by deterministic, rules-based logic. We may incorporate AI-assisted analysis features in the future to enhance the Service. If we do, we will notify you in advance and you may opt out of AI-assisted features at any time through your account settings. AI-assisted features will never process your CRM’s business data records — only the same configuration metadata already described in this policy.

5. Information Sharing and Disclosure

We do not sell, rent, or trade your information to third parties. We may share information in the following limited circumstances:

Service Providers

We use third-party services to operate the Service, including cloud hosting (Amazon Web Services), email delivery (ZeptoMail), and payment processing (Zoho Billing). These providers access only the minimum information necessary to perform their functions and are bound by contractual obligations to protect your data.

Legal Requirements

We may disclose information if required by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred to the acquiring entity. We will provide notice before your information becomes subject to a different privacy policy.

With Your Consent

We may share information with your explicit consent for purposes not described in this policy.

6. Data Storage and Security

Your data is stored on secure servers hosted by Amazon Web Services (AWS) in the United States. We implement industry-standard security measures to protect your information, including:

• TLS 1.2+ encryption for all data in transit
• Encrypted connections to your Zoho CRM via OAuth 2.0
• Access controls limiting employee access to customer data
• Regular security reviews of our infrastructure

While we take reasonable measures to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your data as follows:

• Account information: retained for the duration of your active account plus 90 days after termination
• Scan artifacts and reports: retained for the duration of your active account; you may request deletion at any time
• OAuth tokens: stored securely for the duration of your CRM connection; deleted when you disconnect or revoke access
• Usage logs: retained for up to 12 months for operational and security purposes

After the applicable retention period, we will delete or anonymize your data within a commercially reasonable timeframe.

8. Your Rights and Choices

You have the following rights regarding your information:

Access

You may request a copy of the information we hold about you.

Correction

You may update your account information at any time through the Service or by contacting us.

Deletion

You may request deletion of your account and associated data by contacting us at hello@niravu.ai. We will process deletion requests within 30 days, subject to any legal retention requirements.

Disconnect

You may revoke the Service’s access to your Zoho CRM at any time through your Zoho account settings.

Opt Out

You may opt out of promotional emails by clicking the unsubscribe link in any promotional message or by contacting us. Transactional emails (scan results, billing confirmations) cannot be opted out of while your account is active.

Data Portability

Enterprise subscribers may download their assessment data, including reports and export packages, at any time through the Service.

9. Children’s Privacy

The Service is designed for business use and is not directed to individuals under the age of 16. We do not knowingly collect information from children under 16. If we become aware that we have collected information from a child under 16, we will take steps to delete it promptly.

10. International Data Transfers

The Service is operated from the United States. If you access the Service from outside the United States, you understand and consent to the transfer of your information to the United States, where data protection laws may differ from those in your jurisdiction.

11. California Privacy Rights

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information.

We do not sell personal information. To exercise your California privacy rights, contact us at hello@niravu.ai.

12. Cookies and Tracking Technologies

The Service uses essential cookies to maintain your session and authentication state. We do not use third-party advertising cookies or cross-site tracking technologies.

We may use analytics tools to understand how the Service is used. Any analytics data is aggregated and does not identify individual users.

13. Changes to This Policy

We may update this Privacy Policy from time to time by posting the revised policy on our website and updating the “Last Updated” date. If we make material changes, we will provide notice via the email address associated with your account at least thirty (30) days before the changes take effect.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy.

14. Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us: