Legal

Privacy Policy

Last updated: June 2026 · Truwisdom Labs Private Limited

Truwisdom Labs Private Limited ("Lemma", "we", "us", or "our") is committed to protecting your privacy and handling your data transparently and responsibly. This Privacy Policy explains how we collect, use, process, and safeguard personal information in connection with the Lemma platform accessible at app.letslemma.com.

01

Information We Collect

A. From Platform Users

When you register or use Lemma, we may collect:

• Name and business email address

• Company name and billing address

• Tax identification details (e.g., GSTIN)

• Payment-related metadata

• Account activity and usage data

We do not store credit card or payment card details on our servers.

B. From Your Shopify Store

When you connect your Shopify store via OAuth, we access:

• Order history and transaction data

• Customer records (anonymized for analysis)

• Product catalogue and variant data

• Store-level behavioral signals (discount usage, abandoned checkouts, etc.)

This data is used solely to generate digital twins, run AI persona interviews, and produce analytical reports for your account. We do not use your store data to serve advertising or share it with other merchants.

C. Usage & Technical Data

We may collect device type, browser, IP address, and interaction logs to operate, secure, and improve the platform.

02

Legal Basis for Processing (DPDP Act, 2023)

We process personal data under the lawful bases provided by India's Digital Personal Data Protection (DPDP) Act, 2023, primarily:

Consent: Free, specific, informed, and unambiguous consent provided by you at account creation and at the point of Shopify store authorization. You may withdraw your consent at any time via your account Settings or by contacting our Grievance Officer. Withdrawal will not affect the lawfulness of processing prior to withdrawal.

Certain Legitimate Uses: As defined under the Act, including processing necessary for legal compliance, fraud prevention, or platform security.

03

How We Use Data

We use collected data to:

• Provide, operate, and improve the Lemma platform

• Generate AI digital twins and persona profiles from your store data

• Power AI persona interview sessions and produce analytical reports

• Process token purchases and maintain billing records

• Detect fraud, maintain security, and enforce our Terms of Service

• Comply with applicable legal obligations

• Develop anonymized benchmarks to improve our AI systems

We do not sell personal data. We do not use your store data for any purpose outside your account.

04

AI Digital Twins & Anonymization

Digital twins generated by Lemma are AI constructs derived from behavioral patterns in your store data. They are not profiles of identified individuals — they represent aggregated behavioral archetypes.

All customer-level data used in persona generation is anonymized and aggregated before being passed to our AI systems. No individual customer's identity is exposed to or stored by our AI models.

Analytical reports produced by Lemma contain only aggregated insights and do not include personally identifiable customer information.

05

Payment Processing

All token purchases are processed through certified, PCI-DSS compliant third-party payment gateways. Lemma does not store or process raw payment card information on its servers. Payment metadata (transaction ID, amount, timestamp) is retained for billing and legal compliance purposes.

06

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy.

• Account data: Retained for the duration of your account and deleted 60 days after termination.

• Shopify store data: Deleted within 7 days of store disconnection.

• Anonymized analytical outputs: May be retained indefinitely as they contain no personally identifiable information.

• Billing records: Retained as required by applicable Indian tax and financial regulations.

Specific termination-related retention terms are detailed in our Terms of Service (Section 9).

07

Data Sharing

We do not share your personal data or your store data with third parties for commercial purposes. We may share data with:

• Cloud infrastructure providers (for platform hosting and storage)

• Payment processors (for token purchase handling)

• Analytics and security services (for fraud prevention and platform monitoring)

All such vendors are bound by contractual confidentiality and data protection obligations consistent with the DPDP Act, 2023.

08

Cross-Border Data Transfers

Your data may be processed and stored outside India due to the location of our cloud infrastructure and AI service providers (including Google Cloud Platform). Such transfers are subject to appropriate contractual safeguards and data protection obligations consistent with applicable Indian law.

09

Data Security

We implement commercially reasonable administrative, technical, and organizational measures to protect your data from unauthorized access, alteration, disclosure, or destruction. These include OAuth-based store authorization, encrypted data transmission (TLS), row-level security on our database, and access controls limiting data access to authorized personnel.

No system is completely secure. If you become aware of any security vulnerability, please contact us immediately at founders@letslemma.com.

10

Your Rights

Under the DPDP Act, 2023, you have the right to:

• Access a summary of your personal data being processed by Lemma

• Request correction, completion, or updating of inaccurate data

• Request erasure of your data when it is no longer needed or if you withdraw consent

• Nominate another individual to exercise your rights in the event of death or incapacity

• Access our grievance redressal mechanism

To exercise any of these rights, contact our Grievance Officer at manik@letslemma.com. We will respond within the timeframe stipulated by applicable Indian law.

11

Personal Data Breach Notification

Lemma maintains reasonable security safeguards to protect your personal data. In the event of a personal data breach that is likely to result in harm to you, we will notify the Data Protection Board of India (DPBI) and affected users in the manner and within the timeframe prescribed by the DPDP Act, 2023 and its associated rules.

12

Grievance Redressal

In accordance with the DPDP Act, 2023, we have appointed a Grievance Officer to address any concerns regarding your personal data.

Grievance Officer: Manik Sharma

Email: manik@letslemma.com

Address: Cabin No. 2, First Floor, SCO No. 216, Sector 37C, Chandigarh

We will acknowledge and resolve all data-related grievances within the timeframe stipulated by applicable Indian law.

13

Updates to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. Updates will be posted with a revised "Last Updated" date. Continued use of the platform after updates constitutes your acceptance of the revised policy.

Questions about your data?

Contact our Grievance Officer at manik@letslemma.com · Cabin No. 2, First Floor, SCO No. 216, Sector 37C, Chandigarh