Effective Date: April 14, 2026|Version: 2.0
This Privacy Policy explains in detail how NAYARAi™ collects, uses, stores, shares, and protects your personal data. We are committed to full transparency. Please read this document carefully before using our website or engaging our services.
NAYARAi™ (“we,” “us,” or “our”) is a healthcare regulatory consulting firm headquartered in Bangalore, Karnataka, India. We provide regulatory strategy, submission management, compliance, and clinical advisory services to clients in the medical device, pharmaceutical, and biotechnology sectors globally.
This Privacy Policy applies to:
• Your use of our website at nayarai.com (the “Site”);
• Your engagement with NAYARAi™’s consulting and professional services;
• All communications you initiate with NAYARAi™ via email, phone, or online forms;
• Scheduling interactions via third-party tools such as Calendly embedded on or linked from our Site.
This Policy does not apply to third-party websites, platforms, or services linked from our Site. For how those platforms handle your data, please refer to their own privacy policies.
When you contact us, submit an enquiry, book a consultation, or engage our services, we may collect:
• Full name and professional title or designation
• Company or organization name and business address
• Email address and telephone number
• Details of your regulatory needs, product descriptions, or project scope shared in communications
• Billing and payment information (processed exclusively through secure, PCI-compliant third-party payment processors — NAYARAi™ does not store raw card data)
• Any other information you voluntarily provide to us
When you visit our Site, we or our third-party service providers automatically collect the following technical data:
• IP address and approximate geographic location (city/country level)
• Browser type, version, and language settings
• Operating system and device type
• Pages visited, time and duration of visits, and navigation paths
• Referring URLs (the page you arrived from)
• Screen resolution and device identifiers
This data is collected through cookies and similar tracking technologies. See our Cookie Policy for detailed information.
We may receive limited information about you from:
• LinkedIn or other professional networks, where you have connected with or followed NAYARAi™ publicly
• Referral partners or professional contacts who recommend our services
• Publicly available professional directories or regulatory body registers
We use this information solely to understand professional context and to provide relevant services.
NAYARAi™ does not intentionally collect sensitive personal data (such as health records, financial account numbers, biometric data, or government identification numbers) through our website. If such data is shared during a professional engagement, it is handled under a separate engagement agreement with enhanced confidentiality obligations.
We use your personal data only for specified, legitimate purposes. These are:
a) To Respond to Enquiries and Provide Services
Processing your contact details and enquiry information to respond promptly, schedule consultations, and deliver our regulatory consulting services.
b) To Manage Client Relationships
Maintaining records of our communications, engagements, and service delivery history for ongoing client management and quality assurance.
c) To Send Service-Related Communications
Sending you updates, invoices, project-related notifications, and information directly related to your engagement with NAYARAi.
d) For Marketing Communications
Where you have opted in, or where permitted by applicable law, sending you newsletters, industry updates, event invitations, or information about our services. You may opt out of marketing communications at any time by clicking “unsubscribe” in any such email or contacting us at info@nayarai.com.
e) To Improve Our Website and Services
Analyzing aggregated, anonymized usage data to understand how visitors use our Site and to improve its content, structure, and performance.
f) To Comply with Legal Obligations
Processing data as required to comply with applicable laws, regulations, court orders, or lawful requests from regulatory or law enforcement authorities in India or internationally.
g) To Detect and Prevent Fraud and Security Threats
Monitoring Site activity to identify, investigate, and prevent fraudulent, abusive, or unlawful use of our services or systems.
Where data protection law applies — including the Digital Personal Data Protection Act, 2023 (India) (“DPDP Act”) and the General Data Protection Regulation (GDPR) for individuals in the European Economic Area — we rely on the following legal bases:
• Consent — Where you have given us explicit, freely-given, and informed consent (e.g., subscribing to our newsletter or accepting non-essential cookies). You may withdraw consent at any time without affecting the lawfulness of prior processing.
• Contractual Necessity — Where processing is necessary to enter into or perform a contract with you, or to take steps at your request prior to entering a contract.
• Legitimate Interests — Where processing is necessary for our legitimate business interests (e.g., site analytics, fraud prevention, client relationship management), provided those interests are not overridden by your fundamental rights and freedoms.
• Legal Obligation — Where we are required to process your data to comply with a legal or regulatory obligation applicable to NAYARAi.
We do not use automated decision-making or profiling that produces legal or similarly significant effects on individuals.
NAYARAi™ does not sell, rent, trade, or otherwise commercially exploit your personal data to any third party. Your data is shared only as described below.
We engage trusted third-party service providers who process data on our behalf under strict contractual obligations. These may include:
• Cloud hosting and infrastructure providers (e.g., Vercel, GoDaddy)
• Email delivery and CRM platforms
• Website analytics providers (Google Analytics, Microsoft Clarity)
• Meeting scheduling tools (Calendly)
• Payment processors (PCI-DSS compliant providers)
All such providers are contractually required to maintain appropriate data security measures and to process your data only for the specified purposes.
We may share data with lawyers, accountants, or auditors where necessary, subject to professional privilege or confidentiality obligations.
We may disclose your data to regulatory authorities, law enforcement agencies, or courts where required by applicable law, a valid legal order, or to protect the rights, safety, or property of NAYARAi™, our clients, or third parties.
In the event of a merger, acquisition, restructuring, or sale of assets involving NAYARAi™, your data may be transferred to the relevant successor entity, subject to equivalent privacy protections.
When you choose to interact with third-party platforms accessible from our Site — such as LinkedIn, YouTube, X (Twitter), Facebook, Instagram, Pinterest, or Calendly — any data you submit to those platforms is processed by them under their own privacy policies. NAYARAi™ has no control over and assumes no responsibility for those platforms’ data practices. Please review each platform’s privacy policy before submitting personal data.
NAYARAi™ is headquartered in India. Some of our service providers and clients are located in other countries, including the European Economic Area (EEA), the United Kingdom, and the United States. Where we transfer personal data across borders, we implement appropriate safeguards, including:
• Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable under GDPR;
• Transfers only to countries or recipients offering equivalent data protection standards;
• Compliance with the cross-border transfer provisions of the DPDP Act, 2023 as they are notified and implemented.
By using our Site or services, you acknowledge that your data may be processed in countries outside your country of residence, which may have different data protection laws.
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Our standard retention periods are:
• Website enquiry and contact data: 3 years from last interaction
• Client engagement and project data: 7 years from project completion, or as required by applicable regulatory or professional obligations
• Marketing preferences and consent records: Until consent is withdrawn, plus 1 year
• Financial and billing records: 8 years in accordance with Indian accounting and tax law
• Website analytics data: As set by the respective analytics provider (typically up to 26 months for Google Analytics)
When data is no longer required, it is securely deleted or anonymized so that it can no longer be associated with any individual.
Depending on your jurisdiction, you have the following rights regarding your personal data:
• Right of Access — You may request a copy of the personal data we hold about you and information about how we use it.
• Right to Correction — You may request that we correct inaccurate or incomplete personal data.
• Right to Erasure (“Right to be Forgotten”) — You may request deletion of your personal data, subject to legal retention obligations.
• Right to Restrict Processing — You may ask us to temporarily restrict the processing of your data in certain circumstances.
• Right to Object — You may object to processing based on legitimate interests, including for direct marketing purposes.
• Right to Data Portability — Where processing is based on consent or contract and carried out by automated means, you may request a structured, machine-readable copy of your data.
• Right to Withdraw Consent — Where processing is consent-based, you may withdraw consent at any time without affecting the lawfulness of prior processing.
• Right to Lodge a Complaint — You have the right to lodge a complaint with the relevant data protection authority in your jurisdiction (for India: The Data Protection Board of India under the DPDP Act; for EEA: your national supervisory authority).
To exercise any of the above rights, please contact us at info@nayarai.com. We will respond within 30 days. We may require identity verification before processing your request.
NAYARAi™ takes the security of your personal data seriously. We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, alteration, disclosure, or destruction. These measures include:
• SSL/TLS encryption for all data transmitted to and from our Site
• Access controls and role-based permissions for internal systems
• Regular security reviews and vulnerability assessments
• Confidentiality obligations for all personnel handling personal data
• Use of reputable, security-certified third-party service providers
However, no method of electronic transmission or storage is completely secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security. In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant authorities in accordance with applicable law.
Our Site and professional services are directed exclusively at business professionals and organizations. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have inadvertently collected data from a minor, we will delete it promptly. If you believe we hold such data, please contact us immediately at info@nayarai.com.
Our Site contains links to, icons of, and integrations with third-party platforms including YouTube, LinkedIn, X (formerly Twitter), Facebook, Instagram, Pinterest, Calendly, GoDaddy, Microsoft Analytics, and Google Analytics. Clicking on these links or interacting with embedded tools will direct you to platforms operated by third parties.
NAYARAi is not responsible for the privacy practices of any third-party platform. The display of third-party logos on our Site is for identification purposes only and does not constitute an endorsement of, or any partnership with, those platforms. Any personal data you provide directly to these third-party platforms is subject to their own privacy policies, which we encourage you to review.
Our Site uses cookies and similar technologies to function correctly and to collect analytics data. For full details on the types of cookies we use, what they do, how long they last, and how you can control them, please refer to our Cookie Policy, available on our Site.
You can manage your cookie preferences at any time via the Cookie Settings link in our Site footer or through your browser settings.
We may update this Privacy Policy from time to time to reflect changes in our data practices, the services we offer, or applicable law. When we make material changes, we will:
• Update the effective date at the top of this document;
• Post the revised Policy on our Site;
• Where appropriate and required by law, notify you by email.
Your continued use of our Site or services after any update is posted constitutes your acknowledgement of, and consent to, the revised Privacy Policy.
For any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact:
Organization: NAYARAi™ — Data Privacy Team
Email: info@nayarai.com
Phone: +91 (789) 265 7083
Address: Bangalore, Karnataka, India
Website: nayarai.com
We aim to respond to all privacy-related requests within 30 days. For complex requests, we may extend this period by a further 30 days and will notify you accordingly.