Privacy Policy
Last Updated: May 5, 2026
REGULATORY COMPLIANCE ARCHITECTURE
This Privacy Policy governs the global data processing operations of Consuma Technologies Pvt Ltd (“Consuma AI,” “the Company,” “we,” “us,” or “our”).
DATA COLLECTION AND PROCESSING
Consuma AI utilizes automated systems and web scraping technology to aggregate publicly available data from the internet, including (“Public Information”):
News outlets, media publications, and blogs
Social media platforms (public posts and profiles)
Public discussion forums, community boards, and comment sections
E-commerce platforms and product review sites
Government databases and publicly accessible registries
This data is collected from public sources where information has been made openly accessible. Consuma does not verify and cannot guarantee the accuracy of this Public Information.
Consuma relies upon the following lawful grounds to collect information:
Lawful Basis: Legitimate Interest
We process publicly available data based on our legitimate interests and those of our clients, which include providing comprehensive market research and business intelligence, enabling data-driven decision-making for corporate and legal strategy, and developing and optimizing AI models for advanced text analysis. We only collect data already made public by the subject and strictly limit processing to research contexts, where the public nature of the source data reduces the reasonable expectation of privacy, ensuring our processing does not infringe upon the subject’s fundamental rights or private life.
Data We Collect Directly from Users
When you interact with our platform, we also collect information directly from you:
Account information: Name, email address, company details, and business contact information when you sign up or request a demo.
Research data: First-party data you share with us for analysis purposes, which remains confidential and is used only for the intended research.
Usage data: Platform interaction data (pages visited, reports generated, search queries) to enhance user experience.
Communication data: Correspondence when you contact our support team or submit inquiries.
System and telemetric information: Information such as IP address, device identifiers, browser plug-in types and versions, model, storage capacity, mobile network details, and operating system version, and cookies; to maintain network security, optimize website performance, and prevent fraudulent bot activity. This helps us to provide you with a good user experience when you use the Platform and also allows us to improve the Platform.
Scope of Processing
Processing of data is limited to:
Aggregate market research and trend analysis,
Statistical insights generation for consumer intelligence purposes,
Consumer sentiment and behavioural analytics,
and other related activities.
We do not use this data for automated individual decision-making, profiling of specific individuals, or discriminatory purposes.
HOW WE USE YOUR DATA
We use the data we collect to:
Generate market insights: Produce consumer behaviour analytics, trend reports, and competitive intelligence based on your research briefs.
Improve AI models: Refine search accuracy, natural language processing capabilities, and insight generation quality.
Provide customer support: Respond to inquiries, troubleshoot issues, and deliver technical assistance.
Ensure security & fraud prevention: Detect and prevent unauthorized access, abuse, and malicious activity.
Comply with legal Obligations: Meet regulatory requirements, respond to lawful requests, and protect our legal rights.
Technical & analytics providers: We receive pseudonymized usage trends, crash reports, and engagement metrics from service providers to ensure the technical integrity and optimization of the Platform.
Advertising & search networks: We may receive data regarding your interaction with our advertisements and search queries from advertising partners to measure the effectiveness of our outreach.
We never sell your personal data to third parties.
GLOBAL DATA SUBJECT RIGHTS
We recognize a unified set of enhanced rights, available to all users globally:
Right to access: Request a copy of your personal data we hold.
Right to rectification: Update or correct any inaccuracies in your information.
Right to erasure (“Right to be Forgotten”): Request deletion of your personal data from our systems.
Right to restriction of Processing: Limit how we use your data under certain circumstances.
Right to data portability: Obtain a copy of your data in a structured, machine-readable format.
Right to object: Object to certain types of data processing, including direct marketing.
Right to logic explanation: Request a meaningful explanation of the data sources and logic used by the AI to generate a specific output.
We automatically honour Global Privacy Control (GPC) signals as valid “Do Not Sell or Share”.
To exercise any of these rights, contact us at privacy@consuma.ai.
DATA SHARING & INTERNATIONAL TRANSFERS
Consuma AI is headquartered in India. We may transfer and process data internationally to provide our services. Where data is transferred across borders, we ensure a level of protection equivalent to that required by applicable data protection laws. We rely on one or more of the following mechanisms:
Adequacy decisions: We may transfer data to jurisdictions recognized by relevant regulatory authorities as providing an adequate level of data protection.
Consent: Where the data subject has explicitly consented to the proposed transfer after being fully informed of the specific risks arising from the lack of an adequacy decision and appropriate safeguards.
Publicly available data: We may process and transfer data that has manifestly been made public.
Contractual necessity: Where the transfer is strictly necessary for the performance of a contract.
Standard contractual clauses (SCCs) & agreements: Where required, we use current versions of approved mechanisms, such as the EU Standard Contractual Clauses (SCCs) and the UK International Data Transfer Agreement (IDTA), or their local equivalents.
Supplementary measures: We implement additional technical, organizational, and legal safeguards to ensure that transferred data remains subject to the same rigorous security standards regardless of its geographical location.
Statutory compliance: All transfers are conducted in accordance with the cross-border transfer requirements of the Information Technology Act, 2000 (IT Act), the Digital Personal Data Protection Act (DPDP) and other relevant local statutes.
5.1 Third-Party Service Providers
We may share data with trusted third-party service providers who assist in delivering our services, including:
Cloud infrastructure providers.
AI and machine learning infrastructure services.
Customer support and communication platforms.
Payment processors and billing systems.
All third-party processors are bound by data processing agreements and are required to implement appropriate technical and organizational security measures.
DATA RETENTION POLICY
We retain data only for as long as necessary to fulfil the purposes outlined in this Policy:
Active account data: Retained for the duration of your subscription plus ninety (90) days after termination, if requested.
Publicly scraped data: Retained in our research indexes unless you submit a removal request, which will be processed within thirty (30) days.
Audit, legal, and compliance records: Retained for such period as required by law and regulatory obligations.
DATA SECURITY
We implement industry-leading security measures to protect your data:
Encryption: We employ industry-standard encryption protocols to protect data both at rest and during transmission.
Access controls: Role-based access control (RBAC) for all users.
Regular security audits: We conduct regular security reviews and automated vulnerability scanning as part of our commitment to maintaining a robust defensive posture against emerging threats.
Limited access: Data access is restricted to authorized personnel only on a need-to-know basis.
ETHICAL SCRAPING & DATA PROVENANCE
Consuma AI adheres to ethical web data collection standards to ensure responsible data gathering:
Robots.txt compliance: All automated agents respect site-owner directives specified in robots.txt files.
Public access only: We do not circumvent paywalls, or login-restricted environments.
Text and data mining (TDM) rights: We respect TDM opt-out signals and machine-readable exclusion mechanisms.
Rate limiting: Our crawlers implement respectful rate limiting to avoid disrupting website operations.
Data provenance: We maintain detailed logs of data sources and collection timestamps to ensure transparency and traceability.
UPDATES TO THIS POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. The most current version of this Policy (available at https://consuma.ai/privacy-policy) serves as the definitive notice of our processing practices under applicable law. The “Last Updated” at the top of this document reflects the most recent revision. Your continued use of our services after changes are posted constitutes acceptance of the updated Policy.
THIRD-PARTY INTEGRATIONS & COMPLIANCE
We integrate with platforms like Google, Meta (Facebook/Instagram), LinkedIn, Twitter, and others for data collection purposes. We adhere to their respective terms of service and data policies.
Data collected through these integrations is subject to both this Privacy Policy and the privacy policies of the respective platforms.
CHILDREN’S PRIVACY
Consuma AI’s services are not directed to individuals under the age of 18 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@consuma.ai, and we will promptly delete such information.
SUPERVISORY AUTHORITY & COMPLAINTS
If you believe your privacy has been violated and we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your relevant Data Protection Authority:
EU/EEA: Your local supervisory authority (e.g., CNIL in France, ICO in the UK, BfDI in Germany)
India: Data Protection Board of India
B2B DATA PROCESSING ADDENDUM (DPA)
When Consuma AI interacts with enterprise clients, the following provisions apply:
Sub-processors: Consuma utilizes certain infrastructure and software-as-a-service (SaaS) providers who may, in turn, engage downstream subprocessors to facilitate specialized functions (e.g., cloud storage, email platforms, sales tools ). By agreeing to this Privacy Policy, you provide general written authorization for Consuma to involve such sub-processors.
Data subject rights assistance: We assist clients in responding to data subject requests (access, deletion, rectification) within contractually agreed timeframes.
Data return and deletion: Upon contract termination, client data is returned in a portable format and securely deleted within ninety (90) days, unless legal retention is required.
SPECIFIC CLAUSES FOR EU DATA SUBJECTS
The following applies to Public Data collected from citizens of the European Economic Area, United Kingdom or Switzerland (collectively the “EU”):
14.1 Notification Exemption: Disproportionate Effort
Where personal data is not obtained directly from the individual, we rely on the Disproportionate Effort exemption under GDPR Article 14(5)(b) regarding individual notification. Given the massive scale of public web data aggregation (billions of data points across millions of sources), individual notification would require disproportionate effort.
This Privacy Policy serves as the public notice for such processing, satisfying the transparency requirements under GDPR Article 14.
14.2 Processing of Special Category Data: Manifestly Public
In the course of aggregating data from public forums, discussion boards, and social media, the Company may incidentally ingest “Special Category Data” under GDPR Article 9, including:
Political opinions and affiliations
Religious or philosophical beliefs
Health-related discussions or medical conditions
Ethnic origin or racial background
Legal Justification: We process such data exclusively on the basis that the data subject has manifestly made the data public by voluntarily choosing to post on a platform accessible to the general public.
For all privacy inquiries, data subject rights requests, or concerns about this Policy, please contact privacy@consuma.ai
Last Updated: May 5, 2026
REGULATORY COMPLIANCE ARCHITECTURE
This Privacy Policy governs the global data processing operations of Consuma Technologies Pvt Ltd (“Consuma AI,” “the Company,” “we,” “us,” or “our”).
DATA COLLECTION AND PROCESSING
Consuma AI utilizes automated systems and web scraping technology to aggregate publicly available data from the internet, including (“Public Information”):
News outlets, media publications, and blogs
Social media platforms (public posts and profiles)
Public discussion forums, community boards, and comment sections
E-commerce platforms and product review sites
Government databases and publicly accessible registries
This data is collected from public sources where information has been made openly accessible. Consuma does not verify and cannot guarantee the accuracy of this Public Information.
Consuma relies upon the following lawful grounds to collect information:
Lawful Basis: Legitimate Interest
We process publicly available data based on our legitimate interests and those of our clients, which include providing comprehensive market research and business intelligence, enabling data-driven decision-making for corporate and legal strategy, and developing and optimizing AI models for advanced text analysis. We only collect data already made public by the subject and strictly limit processing to research contexts, where the public nature of the source data reduces the reasonable expectation of privacy, ensuring our processing does not infringe upon the subject’s fundamental rights or private life.
Data We Collect Directly from Users
When you interact with our platform, we also collect information directly from you:
Account information: Name, email address, company details, and business contact information when you sign up or request a demo.
Research data: First-party data you share with us for analysis purposes, which remains confidential and is used only for the intended research.
Usage data: Platform interaction data (pages visited, reports generated, search queries) to enhance user experience.
Communication data: Correspondence when you contact our support team or submit inquiries.
System and telemetric information: Information such as IP address, device identifiers, browser plug-in types and versions, model, storage capacity, mobile network details, and operating system version, and cookies; to maintain network security, optimize website performance, and prevent fraudulent bot activity. This helps us to provide you with a good user experience when you use the Platform and also allows us to improve the Platform.
Scope of Processing
Processing of data is limited to:
Aggregate market research and trend analysis,
Statistical insights generation for consumer intelligence purposes,
Consumer sentiment and behavioural analytics,
and other related activities.
We do not use this data for automated individual decision-making, profiling of specific individuals, or discriminatory purposes.
HOW WE USE YOUR DATA
We use the data we collect to:
Generate market insights: Produce consumer behaviour analytics, trend reports, and competitive intelligence based on your research briefs.
Improve AI models: Refine search accuracy, natural language processing capabilities, and insight generation quality.
Provide customer support: Respond to inquiries, troubleshoot issues, and deliver technical assistance.
Ensure security & fraud prevention: Detect and prevent unauthorized access, abuse, and malicious activity.
Comply with legal Obligations: Meet regulatory requirements, respond to lawful requests, and protect our legal rights.
Technical & analytics providers: We receive pseudonymized usage trends, crash reports, and engagement metrics from service providers to ensure the technical integrity and optimization of the Platform.
Advertising & search networks: We may receive data regarding your interaction with our advertisements and search queries from advertising partners to measure the effectiveness of our outreach.
We never sell your personal data to third parties.
GLOBAL DATA SUBJECT RIGHTS
We recognize a unified set of enhanced rights, available to all users globally:
Right to access: Request a copy of your personal data we hold.
Right to rectification: Update or correct any inaccuracies in your information.
Right to erasure (“Right to be Forgotten”): Request deletion of your personal data from our systems.
Right to restriction of Processing: Limit how we use your data under certain circumstances.
Right to data portability: Obtain a copy of your data in a structured, machine-readable format.
Right to object: Object to certain types of data processing, including direct marketing.
Right to logic explanation: Request a meaningful explanation of the data sources and logic used by the AI to generate a specific output.
We automatically honour Global Privacy Control (GPC) signals as valid “Do Not Sell or Share”.
To exercise any of these rights, contact us at privacy@consuma.ai.
DATA SHARING & INTERNATIONAL TRANSFERS
Consuma AI is headquartered in India. We may transfer and process data internationally to provide our services. Where data is transferred across borders, we ensure a level of protection equivalent to that required by applicable data protection laws. We rely on one or more of the following mechanisms:
Adequacy decisions: We may transfer data to jurisdictions recognized by relevant regulatory authorities as providing an adequate level of data protection.
Consent: Where the data subject has explicitly consented to the proposed transfer after being fully informed of the specific risks arising from the lack of an adequacy decision and appropriate safeguards.
Publicly available data: We may process and transfer data that has manifestly been made public.
Contractual necessity: Where the transfer is strictly necessary for the performance of a contract.
Standard contractual clauses (SCCs) & agreements: Where required, we use current versions of approved mechanisms, such as the EU Standard Contractual Clauses (SCCs) and the UK International Data Transfer Agreement (IDTA), or their local equivalents.
Supplementary measures: We implement additional technical, organizational, and legal safeguards to ensure that transferred data remains subject to the same rigorous security standards regardless of its geographical location.
Statutory compliance: All transfers are conducted in accordance with the cross-border transfer requirements of the Information Technology Act, 2000 (IT Act), the Digital Personal Data Protection Act (DPDP) and other relevant local statutes.
5.1 Third-Party Service Providers
We may share data with trusted third-party service providers who assist in delivering our services, including:
Cloud infrastructure providers.
AI and machine learning infrastructure services.
Customer support and communication platforms.
Payment processors and billing systems.
All third-party processors are bound by data processing agreements and are required to implement appropriate technical and organizational security measures.
DATA RETENTION POLICY
We retain data only for as long as necessary to fulfil the purposes outlined in this Policy:
Active account data: Retained for the duration of your subscription plus ninety (90) days after termination, if requested.
Publicly scraped data: Retained in our research indexes unless you submit a removal request, which will be processed within thirty (30) days.
Audit, legal, and compliance records: Retained for such period as required by law and regulatory obligations.
DATA SECURITY
We implement industry-leading security measures to protect your data:
Encryption: We employ industry-standard encryption protocols to protect data both at rest and during transmission.
Access controls: Role-based access control (RBAC) for all users.
Regular security audits: We conduct regular security reviews and automated vulnerability scanning as part of our commitment to maintaining a robust defensive posture against emerging threats.
Limited access: Data access is restricted to authorized personnel only on a need-to-know basis.
ETHICAL SCRAPING & DATA PROVENANCE
Consuma AI adheres to ethical web data collection standards to ensure responsible data gathering:
Robots.txt compliance: All automated agents respect site-owner directives specified in robots.txt files.
Public access only: We do not circumvent paywalls, or login-restricted environments.
Text and data mining (TDM) rights: We respect TDM opt-out signals and machine-readable exclusion mechanisms.
Rate limiting: Our crawlers implement respectful rate limiting to avoid disrupting website operations.
Data provenance: We maintain detailed logs of data sources and collection timestamps to ensure transparency and traceability.
UPDATES TO THIS POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. The most current version of this Policy (available at https://consuma.ai/privacy-policy) serves as the definitive notice of our processing practices under applicable law. The “Last Updated” at the top of this document reflects the most recent revision. Your continued use of our services after changes are posted constitutes acceptance of the updated Policy.
THIRD-PARTY INTEGRATIONS & COMPLIANCE
We integrate with platforms like Google, Meta (Facebook/Instagram), LinkedIn, Twitter, and others for data collection purposes. We adhere to their respective terms of service and data policies.
Data collected through these integrations is subject to both this Privacy Policy and the privacy policies of the respective platforms.
CHILDREN’S PRIVACY
Consuma AI’s services are not directed to individuals under the age of 18 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@consuma.ai, and we will promptly delete such information.
SUPERVISORY AUTHORITY & COMPLAINTS
If you believe your privacy has been violated and we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your relevant Data Protection Authority:
EU/EEA: Your local supervisory authority (e.g., CNIL in France, ICO in the UK, BfDI in Germany)
India: Data Protection Board of India
B2B DATA PROCESSING ADDENDUM (DPA)
When Consuma AI interacts with enterprise clients, the following provisions apply:
Sub-processors: Consuma utilizes certain infrastructure and software-as-a-service (SaaS) providers who may, in turn, engage downstream subprocessors to facilitate specialized functions (e.g., cloud storage, email platforms, sales tools ). By agreeing to this Privacy Policy, you provide general written authorization for Consuma to involve such sub-processors.
Data subject rights assistance: We assist clients in responding to data subject requests (access, deletion, rectification) within contractually agreed timeframes.
Data return and deletion: Upon contract termination, client data is returned in a portable format and securely deleted within ninety (90) days, unless legal retention is required.
SPECIFIC CLAUSES FOR EU DATA SUBJECTS
The following applies to Public Data collected from citizens of the European Economic Area, United Kingdom or Switzerland (collectively the “EU”):
14.1 Notification Exemption: Disproportionate Effort
Where personal data is not obtained directly from the individual, we rely on the Disproportionate Effort exemption under GDPR Article 14(5)(b) regarding individual notification. Given the massive scale of public web data aggregation (billions of data points across millions of sources), individual notification would require disproportionate effort.
This Privacy Policy serves as the public notice for such processing, satisfying the transparency requirements under GDPR Article 14.
14.2 Processing of Special Category Data: Manifestly Public
In the course of aggregating data from public forums, discussion boards, and social media, the Company may incidentally ingest “Special Category Data” under GDPR Article 9, including:
Political opinions and affiliations
Religious or philosophical beliefs
Health-related discussions or medical conditions
Ethnic origin or racial background
Legal Justification: We process such data exclusively on the basis that the data subject has manifestly made the data public by voluntarily choosing to post on a platform accessible to the general public.
For all privacy inquiries, data subject rights requests, or concerns about this Policy, please contact privacy@consuma.ai
Embrace the Future of Market Research
Embrace the Future of Market Research
Embrace the Future of Market Research
Embrace the Future of Market Research