Privacy Policy — Babella (Datana Labs LLP)
Effective Date: 17 October 2025
Last Updated: 17 October 2025
1. Introduction and Scope
This Privacy Policy (“Policy”) describes how Datana Labs LLP (“Datana Labs,” “we,” “our,” or “us”) collects, uses, discloses, and protects personal data in connection with your use of the Babella mobile and web applications and associated services (collectively, the “Services”).
Datana Labs LLP is a limited liability partnership registered in India with its office at:
502, Siddh Icon, Baner, Pune, Maharashtra, India — 411007
This Policy applies to all users accessing https://babella.in, the Babella Android and iOS apps, and any related services, APIs, or beta features offered under the Babella brand.
Datana Labs is committed to protecting your privacy and ensuring compliance with:
- The Digital Personal Data Protection Act, 2023 (DPDPA),
- The Information Technology Act, 2000, and IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021,
- And, for international users, relevant global data-protection frameworks such as the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), to the extent applicable.
By using Babella, you acknowledge that you have read, understood, and agreed to the practices described in this Policy, and that you consent to the collection and processing of your personal data as outlined herein. If you do not agree with this Policy, you must discontinue using the Services.
This Policy should be read together with our Terms of Service, which govern all use of the Services and establish the legal basis for processing.
2. Key Definitions
For the purposes of this Policy:
- “Personal Data” means any information relating to an identified or identifiable natural person (“Data Principal”), such as name, email address, or ID number.
- “Sensitive Personal Data” includes government identification, biometric data, or information revealing racial or health details, as defined under the DPDPA.
- “Processing” means any operation performed on personal data, including collection, recording, organization, storage, alteration, use, disclosure, or deletion.
- “User”, “you,” or “your” means a natural person who uses or accesses Babella.
- “Data Fiduciary” refers to Datana Labs LLP, which determines the purpose and means of processing personal data.
- “Processor” refers to third parties that process personal data on behalf of Datana Labs (e.g., Razorpay, hosting partners).
- “AI Content” means text, audio, or visual outputs generated by Babella’s artificial intelligence systems in response to user input.
- “Minor” means a person under the age of eighteen (18) years, as defined by the Indian Majority Act, 1875.
- “DPO” refers to the Data Protection Officer appointed by Datana Labs.
3. Data We Collect
Datana Labs collects only the data necessary to operate Babella effectively and to ensure compliance with Indian and international data-protection laws.
3.1 Identity and Account Information
- Full name, email address, phone number, and government-issued ID for 18+ verification;
- Gender and date of birth (optional, for personalization);
- Login credentials (securely hashed and encrypted).
3.2 Payment and Transaction Information
- Subscription plan, payment date, and transaction amount;
- Processed securely via Razorpay;
- Datana Labs does not store your card or banking information.
3.3 Device and Technical Data
- Device ID, model, OS version, IP address, browser type, and network provider;
- App usage logs, crash reports, and diagnostic data.
3.4 Usage and Interaction Data
- Chat interactions (text, audio, image) between you and Babella’s AI;
- Frequency, duration, and type of features accessed;
- Feedback, preferences, and analytics derived from usage behavior.
3.5 Support and Communication Data
- Emails, tickets, or other communication with support@babella.in;
- Grievance or complaint submissions handled by our Grievance Officer.
3.6 Cookies and Tracking Technologies
- Essential Cookies: required for authentication and app performance;
- Analytics Cookies: for engagement metrics and usage trends;
- Marketing Cookies: used only with explicit consent, and may be withdrawn anytime.
Datana Labs does not engage in unauthorized third-party tracking or behavioral advertising.
3.7 AI Content and Contextual Metadata
Babella may temporarily store your AI interactions to generate responses, improve moderation, and ensure compliance with content policies.
AI data logs are retained in anonymized form for product improvement only when explicit consent has been provided.
4. Legal Basis and Purpose of Processing
4.1 Legal Basis
Datana Labs LLP processes personal data only when there is a lawful basis to do so, which may include:
- User Consent (DPDPA § 6): Voluntarily given consent for specific purposes such as account creation, subscription, and AI interaction.
- Contractual Necessity (GDPR Art. 6 (1)(b)): To deliver and maintain the Services you have requested.
- Legitimate Interest (GDPR Art. 6 (1)(f)): To improve user experience, prevent fraud, and ensure security.
- Legal Obligation: To comply with Indian laws (IT Act, POCSO Act, tax and RBI rules).
- Vital Interest: Where processing is necessary to protect user safety or prevent harm.
You may withdraw consent at any time by contacting dpo@babella.in, subject to legal and contractual limitations.
4.2 Purpose of Processing
Datana Labs processes personal data for the following lawful purposes:
| Purpose | Description |
|---|---|
| Service Delivery | To operate, authenticate, and personalize the AI chat, voice, and visual interactions. |
| Account and Age Verification | To verify users are 18+ and eligible to use Babella. |
| Payments and Billing | To process transactions securely via Razorpay and maintain records for tax compliance. |
| Safety and Moderation | To detect violations, prevent fraud, and maintain a safe environment using AI and human moderation. |
| Product Improvement | To analyze aggregated and anonymized data to enhance Babella’s performance and user experience. |
| Legal Compliance | To respond to lawful requests from authorities and comply with statutory obligations. |
| Communication and Support | To respond to queries, resolve grievances, and notify you of policy or feature updates. |
| Marketing (Consent Based) | To send optional emails or in-app notifications about new features or offers only if you opt in. |
Datana Labs does not process data for profiling, targeted advertising, or automated decision-making without explicit consent.
5. AI and Content Disclaimers
5.1 Nature of AI Processing
Babella uses large-language models and machine-learning systems to generate simulated responses based on your inputs. Your data is processed to produce contextual outputs but is not used to personally profile you without consent.
AI interactions are transiently stored and may be reviewed automatically or manually for moderation and safety purposes.
5.2 AI Content Limitations
- AI responses are synthetic and probabilistic and may be inaccurate or inappropriate.
- Babella does not offer professional, medical, financial, or legal advice.
- Datana Labs is not liable for decisions or actions taken based on AI content.
- All outputs are for personal and entertainment use only.
5.3 Moderation Transparency
Datana Labs uses a multi-layered moderation framework comprising:
- Automated filters detecting harmful keywords or patterns;
- AI-assisted classification for risk scoring; and
- Human review by trained moderators under strict confidentiality protocols.
Moderation is conducted solely to enforce our Terms of Service and legal obligations.
5.4 Data Use for AI Training
User content and chat data are not used for model training unless you have given explicit, informed opt-in consent.
If you consent, data is first anonymized and aggregated to remove personal identifiers before training.
You may withdraw consent at any time without affecting past processing done lawfully.
5.5 Human Oversight and Ethical Use
All AI systems deployed by Datana Labs undergo regular bias, ethics, and security audits. We maintain human oversight over critical content decisions and adhere to principles of fairness, accountability, and transparency.
6. Age Verification and Minor Protection
6.1 Strict 18+ Eligibility
Use of Babella is restricted to individuals aged eighteen (18) years and above. We conduct government-ID and/or mobile OTP verification to confirm eligibility. Users failing verification will be denied access.
6.2 No Data Collection from Minors
Datana Labs does not knowingly collect or store personal data from minors. If we learn that data from a minor has been collected, we will promptly delete such data and terminate the account.
6.3 No Parental Consent Alternative
Because Babella contains AI interactions that may include mature themes, parental consent cannot replace the age requirement. Minors are strictly prohibited from using the Services.
6.4 Legal Compliance and Reporting
Datana Labs complies with the Protection of Children from Sexual Offences Act, 2012 (POCSO) and the IT Rules 2021. If illegal content involving a minor is detected, Datana Labs will immediately report it to the appropriate law-enforcement authorities and preserve evidence as required by law.
6.5 Safety Measures
We maintain content filters to prevent exposure to explicit material and continuously update our systems to detect potential abuse or underage use.
6.6 Content Standards and PG-13 Rating
Babella is designed for respectful, safe, and age-appropriate communication. The app does not promote, display, or engage in sexually explicit, pornographic, or adult-themed content. All AI interactions are moderated to maintain a PG-13 environment, ensuring that conversations remain suitable for users aged 13 and above while complying with Indian IT Rules, 2021, and the Protection of Children from Sexual Offences Act, 2012. Any attempt to generate, request, or share explicit or harmful material is strictly prohibited and may result in account suspension or reporting to authorities.
7. Data Sharing and Disclosure
7.1 Authorized Processors
Datana Labs LLP may share limited personal data with trusted third-party processors solely for the purposes described in Section 4. These processors act under written, DPDPA-compliant contracts and include:
| Processor Category | Purpose | Example |
|---|---|---|
| Payment Gateway | Subscription billing and reconciliation | Razorpay Software Private Limited |
| Cloud / Hosting Providers | Secure data storage and application hosting | India-based or globally compliant providers (ISO 27001, SOC 2) |
| Analytics Tools | Usage metrics and crash diagnostics | Aggregated, anonymized only |
| Customer Support Platforms | Ticketing, grievance management | Internal or third-party CRM tools |
Each processor is bound by confidentiality and security obligations equivalent to those imposed on Datana Labs.
7.2 Legal Disclosures
We may disclose data when required by law or lawful authority, including:
- Compliance with court orders, government requests, or law-enforcement investigations;
- To prevent, detect, or investigate fraud, security incidents, or criminal offences;
- To enforce our Terms of Service or protect rights, property, or safety of Datana Labs, our users, or the public.
All such disclosures are recorded internally for audit and accountability.
7.3 Business Transfers
In the event of a merger, acquisition, restructuring, or sale of assets, personal data may be transferred to the successor entity subject to continued protection under this Policy or a policy at least as protective.
7.4 No Data Sale
Datana Labs does not sell, rent, trade, or commercially exploit your personal data for advertising or profiling. Any marketing or analytics sharing occurs only with explicit, revocable consent.
7.5 Cross-Jurisdictional Sharing
If personal data is transferred outside India (e.g., for cloud redundancy or analytics), it is protected under contractual clauses ensuring equal or higher protection consistent with DPDPA § 16 and GDPR Chapter V.
8. Data Retention and Deletion
8.1 Retention Principles
Personal data is retained only for as long as necessary to fulfill the purposes outlined in this Policy or as mandated by law. We apply specific retention windows:
| Data Type | Typical Retention Period | Legal Reference |
|---|---|---|
| Account & Identity Data | Up to 5 years post deactivation | IT Rules 2021 Reg. 3(1)(j) |
| Payment / Tax Records | Minimum 7 years | Indian Tax and RBI rules |
| Chat & AI Logs | Operationally necessary period (≤ 24 months) | DPDPA § 9 principle of storage limitation |
| Support & Grievance Logs | 3 years after closure | For dispute resolution |
8.2 Deletion and Anonymization
When retention expires or a user requests deletion:
- Personal identifiers are securely erased or anonymized using industry-standard methods;
- Backups are purged in rolling cycles (≤ 90 days);
- Aggregated, non-identifiable analytics may be retained indefinitely for research and system optimization.
8.3 User-Initiated Deletion
You may request deletion of your account and data by emailing dpo@babella.in. We will verify identity and process requests within 30 days, subject to statutory or contractual obligations requiring retention.
8.4 Data Portability
Upon verified request, Datana Labs will provide a machine-readable export of your personal data (JSON/CSV) within 30 days, fulfilling DPDPA and GDPR portability rights.
9. Data Security Measures
9.1 Technical and Organizational Safeguards
- Encryption: All personal data encrypted at rest (AES-256) and in transit (TLS 1.3).
- Access Control: Role-based access; multi-factor authentication for internal systems.
- Network Security: Firewalls, intrusion detection, and continuous monitoring.
- Secure Coding & Testing: OWASP-compliant development and periodic penetration tests.
- Logging & Audit: Immutable logs maintained for access and data-processing events.
- Physical Security: Restricted server-room access and 24×7 surveillance at hosting facilities.
9.2 Personnel Confidentiality
All employees and contractors handling personal data undergo background checks and sign strict confidentiality and data-protection agreements. Regular training on data privacy and security is mandatory.
9.3 Incident Response and Breach Notification
In the event of a personal-data breach:
- Datana Labs will assess and contain the incident immediately;
- Notify affected users and the Data Protection Board of India within 72 hours where required;
- Provide remedial steps and guidance to mitigate potential harm.
9.4 Continuous Compliance
Regular privacy and security audits are conducted to maintain compliance with the DPDPA, GDPR Art. 32, and relevant ISO standards. Datana Labs also maintains a vendor-risk-management program to ensure third-party compliance.
10. User Rights
Datana Labs LLP respects your rights as a Data Principal under the Digital Personal Data Protection Act 2023 and, where applicable, as a Data Subject under the GDPR or a Consumer under the CCPA.
You may exercise the following rights by contacting our Data Protection Officer at dpo@babella.in or support@babella.in:
| Right | Description |
|---|---|
| Access | Obtain confirmation that we process your data and request a copy of your personal data held by us. |
| Correction / Rectification | Request correction of inaccurate or incomplete personal information. |
| Deletion (“Right to be Forgotten”) | Ask for erasure of your data, subject to retention required by law. |
| Portability | Receive your data in a structured, commonly-used, machine-readable format (JSON/CSV). |
| Consent Withdrawal | Withdraw consent at any time for non-essential processing (marketing, analytics, optional AI training). |
| Objection / Restriction | Object to or restrict certain processing where legally permitted. |
| Grievance Redressal | Escalate unresolved complaints to the Data Protection Board of India after first contacting our Grievance Officer. |
Datana Labs will verify your identity before acting on any request and respond within 30 days, extendable by another 30 days where justified, in line with DPDPA § 13 and GDPR Art. 12(3). No discrimination or service denial will occur for exercising any lawful privacy right.
11. Cookies and Tracking Technologies
11.1 Types of Cookies
- Essential Cookies: Required for authentication, account security, and basic app performance.
- Analytics Cookies: Help us understand usage trends and improve experience (aggregated & anonymized).
- Marketing Cookies: Used only with explicit consent for optional communications or offers.
11.2 User Control
You may manage cookie preferences via your browser or in-app settings at any time. Disabling essential cookies may affect functionality.
11.3 Third-Party Analytics
We may use compliant analytics services (e.g., privacy-enhanced Google Analytics or Mixpanel) operating under data-processing agreements that prohibit independent tracking or resale of your data.
11.4 Do Not Track
While browsers may send “Do Not Track” signals, our Service responds only to consent choices provided directly within Babella.
12. International Data Transfers
12.1 Primary Storage in India
All personal data is primarily stored on secure Indian servers (Mumbai-region cloud) to comply with DPDPA § 16(1).
12.2 Cross-Border Transfers
If limited data must be transferred abroad—for cloud redundancy, analytics, or vendor support—Datana Labs ensures:
- Transfer only to jurisdictions recognized by the Government of India or the European Commission as providing adequate protection; or
- Use of Standard Contractual Clauses (SCCs) or Intra-Group Agreements offering protections equivalent to Indian and GDPR requirements.
12.3 Safeguards
All transfers are encrypted, access-logged, and limited to the minimum data required. Users will be notified if cross-border transfers materially change in scope or destination.
13. Data for AI Training and Improvement
13.1 Default Policy — No Training Without Consent
User content, chats, or voice inputs are not used for training or fine-tuning any AI model without your prior explicit consent.
13.2 Optional Opt-In Programs
If future features invite you to contribute anonymized data for improving Babella’s intelligence:
- You will receive a clear consent notice describing the data type, duration, and intended use;
- Data will be irreversibly anonymized (removal of identifiers, aggregation);
- Participation will be entirely voluntary and revocable at any time.
13.3 Withdrawal of Consent
You may opt out of such programs by emailing dpo@babella.in or adjusting settings in the App. Withdrawal does not affect prior lawful processing.
13.4 Research and Development Ethics
All internal R&D uses of data adhere to privacy-by-design and AI ethics principles—fairness, accountability, transparency, and explainability. Datana Labs conducts periodic algorithmic-bias and data-minimization audits.
14. Content Moderation Process
14.1 Moderation Principles
Datana Labs enforces responsible and lawful AI interactions through a structured moderation system designed to:
- Prevent dissemination of obscene, harmful, or unlawful material;
- Detect harassment, impersonation, or misinformation; and
- Ensure compliance with the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021 and POCSO Act 2012.
14.2 Moderation Pipeline
Our moderation process involves three integrated layers:
- Automated Screening: AI filters flag potentially harmful or policy-violating content in real time.
- AI Assisted Review: Flagged items are further classified for severity and context.
- Human Oversight: Trained moderators conduct limited manual review under confidentiality agreements and strict access controls.
All moderation actions are logged for transparency and audit.
14.3 User Reporting
Users may report offensive, harmful, or unlawful content directly through in-app tools or by emailing support@babella.in. Each report receives acknowledgment within 48 hours and resolution within 15 days, consistent with Rule 3(2)(a) of the IT Rules 2021.
14.4 Escalation and Law-Enforcement Cooperation
When content appears to violate Indian law, Datana Labs will:
- Remove or disable access to such content promptly;
- Preserve relevant logs for investigation; and
- Notify and cooperate with competent authorities upon lawful request.
14.5 Transparency and Accountability
Aggregate statistics on moderation actions may be published periodically for transparency, without revealing user identities.
15. Updates to This Policy
Datana Labs may modify this Privacy Policy from time to time to reflect new laws, technologies, or features.
- Advance Notice: Material updates will be announced at least 30 days before taking effect via email and in-app notification.
- Version Control: The latest version and revision date will always appear at the top of this document.
- Acceptance: Continued use of Babella after the effective date constitutes acceptance of the updated Policy. If you disagree with any update, you may delete your account and request data erasure under Section 8.
16. Contact Information
Data Protection Officer (DPO)
Name: Mr. Sunil Kumar Chaurasiya
Email: dpo@babella.in
Address: 502, Siddh Icon, Baner, Pune, Maharashtra 411007, India
Grievance Officer
Name: Mr. Sunil Kumar Chaurasiya
Email: support@babella.in
Address: Same as above
Users may escalate unresolved complaints to the Data Protection Board of India in accordance with Section 13(5) of the DPDPA 2023.
17. Governing Law and Jurisdiction
This Policy, its interpretation, and any dispute arising from it shall be governed by the laws of India, without regard to conflict-of-law principles.
Any dispute shall be subject to binding arbitration in Pune, Maharashtra, in accordance with the Arbitration and Conciliation Act, 1996, as specified in our Terms of Service. Subject to arbitration, the courts of Pune, Maharashtra shall have exclusive jurisdiction.
18. Personal Data
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected. Unless otherwise required by law or consented by the user, all user data is securely deleted within 90 days.
