Nirikshan is built for Indian government officers. This policy explains exactly what data we collect during inspections, how we protect it, and your rights under the Digital Personal Data Protection Act, 2023.
Nirikshan ("we", "our", "us") is an AI-assisted inspection management platform operated by an independent software provider based in India. We serve government officers across eight regulatory departments: FSSAI, FDCA (Drug Control), Labour, GPCB, PWD, Revenue, SMC Health, and Mining.
We collect only what is necessary to generate inspection reports. Data varies by department.
| Data Type | What Exactly | Stored Where |
|---|---|---|
| Account | Name, email, designation, department, district, state | Neon DB (AWS Mumbai) |
| GPS Location | Coordinates + human-readable address at inspection site | Neon DB (AWS Mumbai) |
| Voice Recording | Audio for transcription; optional copy uploaded to Cloudinary when upload succeeds | Transcript + provider metadata in Neon; audio URL may be stored when Cloudinary upload succeeds |
| Photos | Photos taken at establishment during inspection | Cloudinary |
| Inspection Reports | Violations, observations, AI-generated summary and PDF link | Neon DB (AWS Mumbai) |
| Senior Officer Email | Reporting authority email for report delivery | Neon DB — used only to send reports |
| Device/IP Data | IP address and browser type for security | Audit logs — 90 days |
Department-specific data collected
FSSAI
FSSAI License No., food samples (if collected), hygiene observations
FDCA
Drug licence, Schedule H/H1/X records, pharmacist presence, expired stock
Labour
Factory registration, worker counts, safety checks, child labour checks
GPCB
Consent/CTO details, ETP status, stack measurements, records
PWD
Work order, contractor details, construction stage, measurement records
Revenue
Survey identifiers, village, land classification, boundary points
SMC Health
Municipal licence, water source, waste disposal, sanitation observations
Mining
Lease validity, mineral type, GPS boundary compliance, safety checks
We will never:
We process your data based on:
Location: Application data is stored in Neon PostgreSQL (region follows your Neon project — commonly AWS ap-south-1 Mumbai for India deployments). Voice is sent to Sarvam or, if needed, OpenAI Whisper for transcription only; the text transcript is saved in Neon. Optional voice files may be uploaded to Cloudinary when that step succeeds. AI report drafting uses Google Gemini; prompts contain inspection text and wizard context — handling is governed by Google's API terms (we do not use your data to train their models).
Nirikshan is currently serving government officers across India.
Security measures:
| Data | Retention | Reason |
|---|---|---|
| Inspection reports + photos | 7 years | Audit compliance |
| Account data | Until account deleted | Service provision |
| Voice audio files | Optional Cloudinary + URL in DB if upload succeeds | Otherwise only transcript text retained |
| Audit logs | 7 years | Security and compliance |
| Device/IP data | 90 days | Security only |
| Payment records | 7 years | GST/tax compliance |
If a breach affecting your data occurs:
| Service | Purpose | Data Sent | Retained? |
|---|---|---|---|
| Neon | PostgreSQL database (hosted Postgres) | Inspections, officers, auth/session tables, photos URLs, transcripts, audit logs, invite codes metadata | Retained as per Nirikshan policy (typically up to 7 years for inspection records). |
| Cloudinary | Media hosting | Inspection photos; optional voice recording files when upload succeeds during transcription | Yes — files retained per your Cloudinary account; URLs/reference stored in Neon |
| Sarvam AI | Speech-to-text (primary) | Audio blob sent to api.sarvam.ai | Transcript stored in Neon; retention/deletion of audio governed by Sarvam — see their policy |
| OpenAI | Speech-to-text fallback only (Whisper API) | Audio blob when Sarvam does not return a result | Transcript stored in Neon; audio handling per OpenAI API data policies (not used to train models by default) |
| Google (Gemini API) | AI inspection draft / structured report generation | Text: transcription + establishment/wizard fields relevant to the report | Generated output stored in Neon; request handling per Google AI API terms |
| Resend | Transactional email | Recipient addresses, OTPs, invite codes, report HTML/PDF links, service notices | Email pipeline provider — short-lived logs may apply; see Resend documentation |
| Vercel (typical deploy) | Application hosting & CDN | HTTP access logs, IPs, edge/request metadata | Platform logs are retained for a limited time (often weeks to ~90 days, depending on the hosting plan). |
About AI processing
Voice is transcribed with Sarvam AI first; if that fails, OpenAI Whisper is used as a fallback. Structured inspection drafts are produced with Google Gemini. Sign-in OTPs, invitations, completed reports, and service notices are emailed via Resend. Each vendor applies its own subprocessors and retention rules — refer to their published privacy and data processing terms. Nirikshan uses these APIs only to deliver the features above, not for unrelated advertising.
Nirikshan is for adult government officers (18+) only. We do not knowingly collect data from minors.
We will notify you by email at least 30 days before any material changes.