Last updated: 13 May 2026
Privacy Policy
This Privacy Policy describes how Concreate Technologies Private Limited ("Vivly", "we") handles personal data in connection with the Vivly Services and the Vivly website. It is written to comply with India's Digital Personal Data Protection Act, 2023, and, where applicable to our customers, the EU/UK General Data Protection Regulation.
Who we are
Concreate Technologies Private Limited, registered office at G-1, SRS Prashanthi fields, P.O Road, Kadugodi, Bangalore, Karnataka, India, 560067. CIN: U72900KA2022PTC163147.
Personal data we collect
Account data. Name, email, organisation (if applicable), and role of the individual who signs up. Individual users of the market research interface may sign up with a personal or work email; team and enterprise accounts use a designated workspace owner.
Billing data. Billing address, GSTIN (where applicable), and the last four digits / brand of the payment instrument used. Full card details are collected directly by our payment processor (Stripe) and are never stored on Vivly's systems.
Usage data. API request logs, query records, IP address, timestamps, user-agent, the resource called, and credits consumed. This is required to operate, secure, and bill the Services.
Communications. Emails and messages you send to support@vivly.in and metadata about that correspondence.
Cookies and similar. Strictly necessary cookies for authentication and session management; optional analytics cookies that you can decline via the cookie banner. See our Cookie Policy.
What we do not collect
We do not collect special category / sensitive personal data unless you explicitly submit it to the Services for a contracted purpose.
We do not buy personal data from data brokers.
We do not run advertising or share personal data with ad networks.
Lawful basis and purposes
We process personal data to (a) provide and secure the Services (contract), (b) bill and collect payment (contract / legal obligation), (c) comply with tax, anti-money-laundering, and other legal obligations, (d) communicate service updates (legitimate interest), and (e) improve the Services using aggregated, de-identified usage data.
Public web data
Vivly extracts structured signal from public web data sources accessed via official platform APIs and licensed providers. To the extent this processing involves personal data of third parties (for example, public posts attributed to individuals), Vivly relies on the lawful basis of legitimate interests of our Customers to receive structured insight from publicly available information, balanced against the rights of data subjects. We minimise identifiers, do not enrich with non-public sources, and respond to verifiable deletion requests as set out below.
Sharing
We share personal data only with (a) sub-processors that help us operate the Services under written contract - currently including Stripe (payments), our cloud and hosting provider, our email and support tooling providers (a current list is available at privacy@vivly.in); (b) professional advisers under confidentiality; and (c) authorities where legally required. We do not sell personal data.
International transfers
Vivly's primary operations are in India. Customer billing data may be processed by Stripe and our cloud provider in regions outside India under contractual safeguards permitted by Indian law and, where applicable, GDPR transfer mechanisms.
Retention
Account and billing data are retained for the life of the account plus seven years to meet Indian tax and corporate records requirements. Usage logs are retained for thirteen months for security and billing audit. Aggregated, de-identified data may be retained longer.
Your rights
Subject to applicable law, you may request access to, correction of, or deletion of personal data we hold about you, and may withdraw consent for processing based on consent. Send requests to privacy@vivly.in. We will respond within the period required by law.
Grievance Officer (DPDP Act, 2023)
Vivasvan Gadepalli, grievance@vivly.in. Phone: +91 79824 29660. Address: as above. We will acknowledge grievances within 7 working days and resolve within 30 days.
Children
The Services are not directed to individuals under 18. We do not knowingly collect personal data of minors.
Security
We use industry-standard technical and organisational measures - encryption in transit, access controls, audit logging, periodic reviews. No method is perfectly secure; we encourage strong, unique passwords and prompt incident reporting.
Changes
Material changes will be notified to account owners by email and posted here with an updated "Last updated" date.