Compliance & Regulatory Position

1. Indian Law Compliance

ViViD Global Services operates under and strives to comply with the following Indian laws:

• Information Technology Act, 2000 (IT Act): All operations align with IT Act provisions regarding electronic records, digital signatures, and liability of intermediaries.
• Information Technology (Reasonable Security Practices) Rules, 2011: We implement industry-standard security practices for personal data.
• Digital Personal Data Protection Act, 2023 (DPDP Act): We are actively monitoring and aligning our data handling practices with DPDP provisions as they come into effect.
• Consumer Protection Act, 2019: Our policies are designed to provide transparent service terms to customers.

2. International Regulatory Awareness

While ViViD Global Services is an India-based company, we are aware of and design our systems with consideration for:

• GDPR (EU): For users in the European Economic Area, we respect data subject rights. However, ViViDlyPro is primarily marketed to Indian businesses and we make no specific GDPR compliance guarantee without a signed Data Processing Agreement (DPA).
• CCPA (California, USA): We do not sell personal data. California users have the right to opt out of data sale — which is moot as we never engage in such practices.
• WhatsApp Business Policy: All WhatsApp-based messaging must comply with Meta's WhatsApp Business Policy. Customers are solely responsible for ensuring their use of the WhatsApp channel complies with Meta's policies.

Important: ViViD Global Services expressly disclaims any liability arising from customers' non-compliance with regulations applicable to their specific industry (e.g., healthcare, finance, education). Customers are solely responsible for regulatory compliance in their own domain.

3. AI Ethics & Responsible Use

ViViDly's AI engine is built and operated under responsible AI usage policies. We enforce the following AI ethics principles:

• The platform must not be used to generate harmful, hateful, discriminatory, or illegal content.
• AI must not be used for impersonating real individuals or creating disinformation.
• Customers must ensure their AI configurations comply with the WhatsApp and Instagram Business policies.
• ViViDly does not train AI models on customer data. All processing is done via API calls with no persistent model fine-tuning on your data.

4. Data Sovereignty

Customer data is stored primarily in Google Cloud infrastructure, with servers located in the Mumbai (asia-south1) region for Indian customers. We do not actively replicate data outside this region unless required by the architecture of Google Firebase and Firestore (which may use global redundancy). For enterprise customers requiring strict data residency, contact us for a custom arrangement.

5. Security Certifications

ViViD Global Services relies on Google Cloud's underlying infrastructure which maintains ISO 27001, SOC 2 Type II, and PCI DSS certifications. Our payment processing is handled by Razorpay, which is PCI DSS compliant. ViViD Global Services itself has not sought independent third-party security certification at this time.

6. Compliance Disclaimer

This document is provided for informational purposes and transparency. It does not constitute legal advice. ViViD Global Services makes no warranty that its services are compliant with all regulations applicable to your specific use case or jurisdiction. You are solely responsible for assessing whether ViViDly meets your regulatory requirements before using the platform for sensitive or regulated industries.