Niathi – Privacy Policy
Last updated: January 11, 2026
Entity: Aaras Learning Private Limited (Operating Niathi)
Email: info@niathi.com
Niathi (niathi.com) is operated by Aaras Learning Private Limited and motion design studio.
This Policy explains, in simple terms, what personal data we collect, why we use it, how we share it, and what choices you have under India's Digital Personal Data Protection Act, 2023 (Rules as notified).
1. What this Policy covers
This Policy applies when you:
- Visit niathi.com or our subdomains.
- Contact us about a project or work with us as a client, vendor, or collaborator.
- Apply for a job or internship.
It does not cover other websites or services we link to. Please check their policies separately.
2. What personal data we collect
We collect only what we need and provide this standalone notice before collecting consent via forms or interactions. For example:
- Contact details: name, email, phone, company, job title, postal address.
- Project details: briefs, reference materials, feedback, and project-related files.
- Billing and payment data: invoicing details, GST, payment confirmations (we do not store full card data where payment is handled by a gateway).
- No sensitive data (health/financial/biometrics) unless client-provided with consent.
- Website and device data: IP address, browser type, pages visited, approximate location, and cookies/analytics identifiers.
- Marketing preferences: what you sign up for and how you interact with our emails.
- Recruitment data: CVs, portfolios, links, interview notes.
- Third-party data shared by clients: for example, information about talent/actors, voice artists, or client contacts that you include in project assets. We expect our clients to have obtained any required consents before sharing this with us.
We avoid collecting sensitive personal data unless it is strictly necessary and lawful to do so, and then only with explicit consent where required.
3. How and why we use your data
We use your personal data only for clear, limited purposes and on lawful grounds under the DPDP Act:
- Provide our services: respond to enquiries, prepare proposals and contracts, design and deliver creative work, manage billing, collections, and support. (Contract/Legitimate Interest)
- Communicate with you: answer emails and calls, share project updates, send only those marketing updates you have agreed to receive or that are compatible with an existing business relationship (you can unsubscribe at any time). (Consent/Legitimate Interest)
- Improve our website and services: understand how our site is used, fix issues and improve performance and content. (Legitimate Interest/Consent for cookies)
- Recruit and collaborate: review applications and portfolios, onboard freelancers and partners. (Consent/Contract)
- Meet legal and security obligations: maintain business, tax, and accounting records, prevent fraud and misuse, respond to lawful requests from authorities, where required. (Legal Obligation/Legitimate Interest)
We do not sell your personal data.
4. Cookies and analytics
When you visit our website, we may use cookies and similar tools to:
- Make the site work (essential cookies – no consent needed).
- Remember your preferences (functional cookies).
- Measure visits and performance (analytics).
We obtain granular, verifiable consent for non-essential cookies/trackers with one-click withdrawal options, per DPDP Rules 2025. You can change your browser settings to block or delete cookies, but some parts of the site may not work correctly if you do.
5. When we share your data
We share your data only when needed, and always with safeguards:
- Service providers: hosting, cloud storage, project management tools, email services, payment processors, and analytics (full subprocessor list with verification of their DPDP compliance available on request to info@niathi.com).
- They can use your data only to provide services to us and must protect it under binding contracts verified for DPDP compliance.
- Professional advisors: lawyers, accountants, auditors, and similar professionals under confidentiality obligations.
- Clients and collaborators: when project delivery reasonably requires it (for example, talent information or contact lists shared as part of a campaign).
- Authorities: when we are legally required to respond to valid requests or comply with law.
- Business reorganisation: if Niathi is involved in a merger, acquisition, or similar event, personal data may be transferred under confidentiality and, where required, you will be informed.
We do not allow our service providers to use your data for their own marketing.
6. International transfers
Some of our tools and providers may be located outside India (for example, cloud hosting, email marketing, or collaboration platforms). In such cases we will:
- Share data only with providers that offer protections broadly consistent with the DPDP Act.
- Use contractual safeguards and security measures such as encryption and access controls.
- Inform you where the law requires us to do so.
7. How long we keep your data
We delete or anonymize personal data immediately when no longer needed for specified purposes. We retain processing logs, traffic data, and access records for at least 1 year (or longer if required by law) to support audits and breach investigations. Typical periods are:
- General enquiries and prospect data: usually up to 2 years after last contact.
- Client and project records (including invoices): typically up to 7 years for tax and corporate record keeping.
- Recruitment data: usually up to 2 years, unless you ask us to delete it earlier or we are required to retain it longer.
- Analytics data: generally up to 24 months, often in aggregated or de-identified form.
- Marketing lists: until you unsubscribe or we no longer need the data.
When data is no longer needed, we delete it or anonymise it in a secure manner.
8. How we protect your data
We use reasonable technical and organisational measures appropriate to a design studio, and take reasonable steps to keep your data accurate and up to date. These include:
- Access control and role-based permissions.
- Secure cloud infrastructure and encryption in transit; encryption or other safeguards for sensitive fields.
- Regular updates and basic security hygiene on our systems and tools.
- Confidentiality obligations for our team and contractors.
- Contractual commitments from our service providers to protect your data.
No system is 100% secure, but we aim to reduce risk and respond quickly if something goes wrong.
9. What happens if there is a data breach
We notify affected individuals and the Data Protection Board within 72 hours if the breach is likely to cause harm, per DPDP Rules. We will:
- Take steps to contain the incident and limit impact.
- Assess what happened and what data was affected.
- Share practical steps you can take to protect yourself (for example, changing passwords or being alert to phishing attempts).
10. Your rights and choices
Under the DPDP Act and general data protection principles, you have rights in relation to your personal data, subject to certain legal limits. These include:
- Access: You can ask if we process your data and request a copy.
- Correction: You can ask us to correct inaccurate or incomplete data.
- Deletion: You can request deletion where there is no overriding reason for us to keep it (for example, mandatory recordkeeping).
- Restriction or objection: You can object to certain uses (such as direct marketing) or ask us to limit processing in specific situations.
- Portability: Where technically feasible, you may request a copy of data you provided to us in a commonly used, machine-readable format.
- Withdraw consent: For processing based on consent (for example, newsletters), you may withdraw consent at any time. This will not affect processing already carried out.
- You can also manage consents via registered Consent Managers (once available).
To exercise these rights, email info@niathi.com with the subject line "Data Request – [type]", describe your request clearly, and provide any information we reasonably need to verify your identity. We will acknowledge your request within 3 business days and aim to resolve simple requests within 7 days, or complex requests within 30 days with prior notice of any extension.
You also have the right to raise a complaint with the Data Protection Board of India if you are not satisfied with our response.
11. Children
For users under 18, we require verifiable parental/guardian consent before processing (e.g., via OTP/DigiLocker per DPDP Rules). Our services are not directed at children. If you believe a child has shared data with us, please contact us so we can delete it where appropriate.
12. Grievance redressal and contact
Grievance Officer details published on our website homepage as required.
- Grievance Officer
- Email: info@niathi.com
- Acknowledgment: Within 7 calendar days of receipt
- Resolution: Within 30 calendar days (simple grievances)
- Complex cases: Extension with prior notice, maximum 30 additional days
We acknowledge all grievances received at grievance@niathi.com within 7 calendar days and aim to resolve them within 30 days maximum.
For all privacy questions, rights requests, or DPA/subprocessor queries, you can also contact at info@niathi.com
13. Changes to this Policy
We may update this Privacy Policy from time to time to reflect changes in law, our services, or our practices. When we do, we will update the "Last updated" date at the top and, where changes are significant, provide a more prominent notice (for example, on our website or by email where appropriate). Significant updates will be notified via email (where we have your contact) and website banner for 30 days.
