Privacy Policy

This Privacy Policy explains how Clavrit Digital Solutions Pvt. Ltd. ("Clavrit", "we", "us") collects, uses, stores, and protects personal data in connection with the Resorcia platform ("Service") available at resorcia.ai. This Policy applies globally to all customers and Authorised Users of the Service, regardless of where they are located.

The Service is designed exclusively for business customers. We do not knowingly collect personal data from individuals under the age of 18, nor is the Service directed at children.

For customers in the European Union or European Economic Area, this Policy is also intended to satisfy the transparency requirements under Regulation (EU) 2016/679 (the General Data Protection Regulation, "GDPR").

The data controller for personal data processed through the Service is:

We process the following categories of personal data solely to the extent entered into the platform by the Customer (Admin or Planner) or generated through use of the Service:

• Full name of team members and users
• Email address (used for account access and system notifications)
• Job role or designation within the Customer organisation
• Resource assignment data (project allocations, schedules, availability)
• Timesheet entries (hours logged per task, project, or period)
• Leave records (leave types, duration, and approval status)

We do not collect or process any sensitive or special-category personal data as defined under GDPR Article 9 — including health data, racial or ethnic origin, political opinions, biometric data, or genetic data. We do not generate or store biometric templates, facial recognition data, or audio/video recordings. We do not use AI, machine learning, or large language model processing on Customer Data.

Tracker or screen capture functionality, if used, retains data only within the Customer's environment for the duration of the active subscription. No such data is transmitted to third-party systems.

4.1Service Delivery

We process personal data to provide, maintain, and operate the Resorcia platform. The legal basis under GDPR is the performance of a contract (Article 6(1)(b)) between Clavrit and the Customer, and where applicable, the legitimate interests of Clavrit in delivering a functional service (Article 6(1)(f)).

4.2Account Management and Authentication

Name and email addresses are used for account creation, login, and role-based access control (RBAC). Legal basis: contract performance and legitimate interests.

4.3Customer Support

We may access account or log data when assisting with support queries raised by the Customer. Legal basis: contract performance.

4.4Security and Fraud Prevention

Audit logs and access records are maintained to detect unauthorised access or misuse. Legal basis: legitimate interests in system security (GDPR Article 6(1)(f)).

4.5Legal Compliance

We may process and retain certain data where required to comply with applicable legal obligations. Legal basis: compliance with a legal obligation (Article 6(1)(c)).

To be entirely clear, Clavrit does not:

• Use Customer Data for machine learning model training, fine-tuning, or AI benchmarking
• Create anonymised or aggregated analytics derived from Customer Data
• Share Customer Data across different Customer environments (no cross-customer learning)
• Sell or licence Customer Data to any third party for commercial purposes
• Store embeddings, vector representations, or AI-generated outputs derived from Customer Data

We retain Customer Data for the duration of the active subscription. Specifically:

• Operational data (projects, bookings, scheduling records, timesheets, leave records) and any tracker or screen-capture data are retained only for the period of the active subscription and stored in encrypted form.
• Following account deactivation or deletion, all Customer Data will be retained in encrypted form for thirty (30) days, after which it will be permanently purged from all Clavrit systems including backups.
• If the Customer submits a deletion request prior to the expiry of the thirty (30) day period, Clavrit will complete the purge within ten (10) working days of the request.
• Audit logs containing personal data are subject to the same thirty (30) day retention and purge schedule.

All Customer Data is hosted and processed exclusively in India. The hosting infrastructure is provided by RackMonk, operating data centres in India. Backup and disaster recovery systems are also located within India.

No Customer Data is transferred to, processed in, or made accessible from the European Union, the United States, or any other country outside India. Clavrit does not currently offer customers the option to select an alternative hosting region.

Email notifications to users are sent via Clavrit's self-managed SMTP infrastructure. No third-party email delivery provider is used.

The only infrastructure sub-processor used by Clavrit in connection with the Service is:

No other sub-processors, cloud providers, analytics platforms, or third-party integrations receive Customer Data. Clavrit will notify customers of any material changes to sub-processors prior to such changes taking effect.

Clavrit implements the following technical and organisational security measures:

• Encryption of data at rest using industry-standard encryption
• Encryption of data in transit (TLS/HTTPS)
• Role-based access control (RBAC) limiting access to Customer Data to authorised personnel only
• Audit logging of access and activities within the platform
• Immediate internal escalation procedures upon detection of a potential breach
• Customer notification of a confirmed security incident within twenty-four (24) hours

Clavrit does not currently hold ISO 27001, SOC 2, or equivalent certifications. We are committed to maintaining appropriate security standards in line with the sensitivity of the data we process.

Where applicable under GDPR or other applicable data protection legislation, individuals whose personal data is processed through the Service may have the following rights:

• Right of access — to obtain a copy of the personal data held about them
• Right to rectification — to request correction of inaccurate or incomplete data
• Right to erasure — to request deletion of personal data under certain circumstances
• Right to restriction of processing — to request that processing be limited in certain situations
• Right to data portability — to receive personal data in a structured, machine-readable format
• Right to object — to object to processing based on legitimate interests

Because Clavrit acts as a data processor on behalf of its business customers (who are data controllers), individual data subject requests should in the first instance be directed to the relevant Customer (the employer or organisation). If necessary, the Customer may raise a data subject request on the individual's behalf with Clavrit at resorcia@clavrit.com.

EU/EEA data subjects also have the right to lodge a complaint with their local supervisory authority.

Resorcia may use session-based cookies strictly necessary for the operation of the Service, including authentication and security. We do not use third-party advertising cookies, tracking pixels, or behavioural analytics tools.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Customers will be notified of material changes via email or a notice within the platform prior to the changes taking effect. Continued use of the Service after such notification constitutes acceptance of the updated Policy.

For any questions, concerns, or requests related to this Privacy Policy or the handling of personal data, please contact: