🔒 Privacy

Privacy Policy

📅 Effective: March 28, 2026🔄 Updated: March 28, 2026📍 Pakistan & International
Plain-English Summary: Infiniotics collects only what is needed to deliver our services. We do not sell your data. Our AI Project Explorer processes your messages to generate responses but does not permanently store them against your identity. Project intake forms are stored securely in Supabase and used only to scope your project. You can request deletion of any personal data we hold at any time.

1. Who We Are

Infiniotics ("we", "us", "our") is a full-stack AI studio based in Pakistan. We build complete digital products — including admin web portals, Flutter mobile apps, autonomous AI agents, and payment systems — for founders and businesses globally.

Our three live AI products are MedLoop (healthcare AI), PromptlyApps (AI prompt engineering), and InfiniSignal (AI stock analysis). This Privacy Policy applies to the Infiniotics website (infiniotics.com), our AI Project Explorer chatbot, our project intake system, and all services we provide in connection with software development engagements.

We operate under the Prevention of Electronic Crimes Act (PECA) 2016 and the Pakistan Telecommunication (Re-Organization) Act. For users in the European Economic Area (EEA), we apply GDPR principles where applicable.

2. Information We Collect

2.1 Information You Provide Directly

  • Contact information: Name, email address, and phone number submitted via contact forms, consultation bookings, or email correspondence.
  • Project brief data: Company name, industry, problem description, target users, platform preferences, tech stack preferences, timeline, and budget — submitted via our Project Intake form when you start a project enquiry.
  • File uploads: Documents, designs, or reference materials you optionally upload via the intake form (stored securely in Supabase storage).
  • Business information: Project descriptions, requirements, and specifications shared during discovery calls or proposal discussions.
  • Payment information: Billing details processed by our payment partners. We do not store full card numbers on our servers.
  • Communication records: Emails, Slack messages, and project notes exchanged during active development engagements.

2.2 Information Collected Automatically

  • Usage data: Pages visited, time spent, links clicked, and features used on our website and AI Project Explorer.
  • Device information: Browser type, operating system, screen resolution, and IP address.
  • AI chat session data: Message count per session, whether the strategy-call CTA was displayed, and whether you opened the project intake form from the chat. Messages themselves are not stored against your identity.
  • Currency preference: Your selected currency is stored in your browser's local storage for pricing display.
  • Location (country-level only): We detect your country from your IP address via our /api/currency endpoint to display prices in your local currency. We do not store your IP address or precise location.

2.3 Information from Third Parties

  • Calendar bookings: When you book a strategy call via Cal.com, we receive your name and email address.
  • Currency exchange rates: We fetch live exchange rates from a public API to convert USD prices. No personal data is sent to this service.

3. How We Use Your Data

We use the information we collect to:

  • Respond to enquiries and deliver software development services
  • Scope, plan, and execute projects based on your intake brief
  • Send project updates, milestone reports, and delivery communications
  • Process payments and issue invoices
  • Display pricing in your local currency based on detected country
  • Improve our AI Project Explorer and overall website experience
  • Send occasional updates about Infiniotics services (you may opt out at any time)
  • Comply with legal obligations and resolve disputes
  • Protect against fraud, abuse, and security threats

We process your data on the following legal bases: contract performance(delivering services), legitimate interests (improving our services and communicating with prospects), consent (for marketing communications), and legal obligation (for compliance and record-keeping).

4. AI Chat & Project Explorer

Our website features an AI Project Explorer allowing visitors to ask questions about our work, products (MedLoop, PromptlyApps, InfiniSignal), and services. The chat is powered by OpenRouter, which routes requests to large language model providers including OpenAI (GPT-4), Anthropic (Claude), Google (Gemini), and Meta (LLaMA).

  • What we send to AI providers: Your chat messages and our project context data (product descriptions, FAQs, pricing, tech stacks). We do not send your name, email, or identifying information unless you include it voluntarily in your message.
  • Message storage: Chat messages are held in browser memory during your session only. They are not stored in our database. Your chat history is gone when you close your browser tab.
  • AI training: We do not use your chat conversations to train AI models. Messages passed to third-party AI providers are subject to their own data retention policies.
  • Project data in context: Our AI uses business-public information from our Supabase database — product descriptions, FAQs, pricing, and tech stacks from our own projects. No client-confidential data is included in the AI context.
  • OpenRouter: Messages are routed through OpenRouter in accordance with their Privacy Policy.
  • Accuracy: AI responses are generated and may not always be accurate. Do not rely on chat responses for legal or financial decisions — verify with our team directly.

5. Project Intake Forms

When you submit a project brief via our intake form ("Start Your Project"), we collect and store the following in our Supabase database:

  • Full name and email address (required)
  • Company name, phone number (optional)
  • Project description, target users, platform preference, stage, tech preferences
  • AI feature requirements, real-time requirements
  • Success vision, timeline preference, budget range
  • Any files you choose to upload (stored in Supabase Storage)
  • The source/page where you submitted the form (e.g. "hero", "pricing", "navbar")

This information is used solely to scope your project, prepare a proposal, and contact you about your enquiry. We do not share project brief data with third parties for marketing purposes. You may request deletion of your intake data at any time.

6. Data Sharing & Third Parties

We do not sell, rent, or trade your personal data. We share data only in these circumstances:

  • Service providers: Supabase (database, auth, file storage), Vercel (hosting), OpenRouter (AI routing), Cal.com (booking). All are contractually bound to protect your data.
  • Legal requirements: When required by Pakistani law, court order, or government authority under PECA 2016.
  • Business transfers: In the event of a merger, acquisition, or asset sale, with appropriate notice.
  • With your consent: In any other circumstance, only with your explicit permission.

6.1 Sub-processors

  • Supabase — Database, authentication, file storage (AWS EU Ireland / US Virginia)
  • Vercel — Web hosting and edge functions (US / global CDN)
  • OpenRouter — AI model routing for our Project Explorer (US servers)
  • Cal.com — Strategy call booking (EU servers)
  • Exchange rate API — Currency conversion rates (no personal data sent)

7. Data Storage & Security

Your data is stored on Supabase infrastructure using PostgreSQL with row-level security (RLS) policies that ensure each client's data is isolated. File uploads are stored in Supabase Storage with access-controlled buckets.

We implement the following security measures:

  • All data in transit encrypted via TLS 1.3
  • All data at rest encrypted using AES-256
  • Row-level security (RLS) on all database tables
  • API keys and secrets stored as environment variables, never in source code
  • Access controls limiting data access to authorised Infiniotics personnel only
  • Regular security reviews and dependency audits

Retention: Contact and project data is retained for the duration of our business relationship plus 5 years for legal and accounting purposes. Anonymous usage data (chat session counts, page views) is retained for 12 months. You may request earlier deletion of personal data at any time.

8. Your Rights

Depending on your location, you have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Portability: Receive your data in a structured, machine-readable format (JSON or CSV).
  • Objection: Object to processing based on legitimate interests.
  • Restriction: Request restriction of processing in certain circumstances.
  • Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior lawful processing.

To exercise any right, contact us at privacy@infiniotics.com. We will respond within 30 days and may need to verify your identity before processing your request.

9. Cookies & Local Storage

We use the following cookies and browser local storage:

  • Essential (session): Supabase authentication tokens required for admin access. Cannot be disabled without breaking authenticated functionality.
  • Functional — inf_currency: Stores your selected currency code (e.g. "USD", "PKR") in local storage so pricing displays in your preferred currency on return visits.
  • Functional — cta_shown: Remembers whether you have already seen the strategy-call CTA popup during your session, to avoid showing it repeatedly.
  • Functional — theme: Stores your light/dark mode preference so the site displays correctly on return visits.
  • Analytics: We do not use Google Analytics, Facebook Pixel, or any third-party tracking cookies. We do not track you across websites.

You can clear local storage and cookies via your browser settings at any time. Clearing these will reset your currency preference, theme, and session state.

10. Children's Privacy

Our services are intended for businesses and adults aged 18 and over. We do not knowingly collect personal data from children under 18. If you believe a minor has submitted data to us, please contact privacy@infiniotics.com immediately and we will delete it promptly.

11. International Data Transfers

As a Pakistan-based company serving clients globally (including the UK, USA, UAE, EU, and Australia), your data may be transferred to and processed in countries outside Pakistan, including the United States and European Union, where our service providers operate.

For transfers to countries without adequacy decisions, we rely on contractual safeguards with our service providers (including standard contractual clauses where applicable) to ensure your data receives appropriate protection equivalent to Pakistani and international standards.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Post a notice on our website for 30 days following the change
  • Notify active clients by email for significant changes affecting their data

Continued use of our services after changes take effect constitutes acceptance of the updated policy. If you do not agree, please discontinue use of our services and contact us to close your account and request data deletion.

13. Contact Us

📬 Privacy Enquiries

For privacy questions, data access requests, or concerns, please contact:

Infiniotics
Data Privacy
privacy@infiniotics.com
Lahore, Pakistan

General enquiries: support@infiniotics.com

We aim to respond to all privacy enquiries within 30 business days. For urgent matters relating to data breaches or security incidents, mark your email URGENT — we will respond within 72 hours.

Read our Terms & Conditions →

Ask AI anything 👋