Legal
Privacy Policy
Effective date: 20 May 2026. This Policy covers the marketing website at www.theorigin.global.
1. Who We Are
This Privacy Policy ("Policy") is published by The Origin Global Pvt Limited ("Origin", "we", "us", "our"), a private limited company incorporated under the Companies Act 2013, with its registered office at PNO. 38 & 39, Guttala Begumpet, Jubilee Hills, Hyderabad, Telangana — 500081, India. We build and operate the Origin family of products — Origin Run (www.theorigin.run) and Origin Trade (www.theorigin.trade). This Policy applies specifically to our public marketing website at www.theorigin.global ("Site") and the AI concierge and contact-request features embedded in it.
2. Legal Basis for Processing
We process personal data in accordance with the Information Technology Act, 2000 (as amended), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), and the Digital Personal Data Protection Act, 2023 ("DPDP Act") as notified and brought into force by the Government of India. By using the Site and voluntarily submitting information (including via the Concierge or the callback form), you provide your free, specific, informed consent to the collection and use described in this Policy. Where applicable, we rely on the legitimate interest of responding to your business enquiry as an additional ground for processing contact data.
3. What We Collect and Why
(a) Site analytics: We collect anonymised or pseudonymised signals — page paths, referrer URL, device type, locale, and approximate region derived from IP — for the purposes of operating and improving the Site. We do not link these signals to individually identified records without your consent. (b) Concierge chat: When you type messages into the Concierge, those messages (and the session history) are sent to our backend, which forwards them to a third-party LLM provider solely to generate a response. We may retain a log of conversations for a limited period (see section 7) to investigate misuse or improve the Concierge. Please do not share sensitive personal data (e.g. Aadhaar, PAN, financial account numbers) in the chat. (c) Contact & callback form: When you submit the form, we collect your name, company name, phone number, and a short description of your enquiry. Email is optional. This data is used exclusively to follow up on your request. (d) Technical data: Standard web server logs (IP address, browser user-agent, timestamps, status codes) are collected automatically for security, reliability, and fraud prevention.
4. Sensitive Personal Data
We do not intentionally collect Sensitive Personal Data or Information ("SPDI") as defined under the SPDI Rules — including passwords, financial information, health records, biometric data, or government-issued ID numbers — through the Site. If you inadvertently share such information in the Concierge or contact form, we will not use it for any purpose other than to respond to your enquiry, and we will take reasonable steps to avoid storing it beyond what is necessary.
5. AI Concierge and Third-Party LLM Processing
The Concierge uses a large-language-model (LLM) service operated by a third-party AI provider under a data processing agreement that prohibits the provider from using your messages to train shared AI models. API calls are made server-side; your data is never sent directly from your browser to the LLM provider. Origin is the data fiduciary; the LLM provider acts as a data processor. Concierge conversations are processed in data centres located outside India; by using the Concierge you consent to this cross-border transfer as permitted under applicable Indian law.
6. WhatsApp and Phone Communication
If you choose to call us via the phone button on the Site, or if you are later contacted via WhatsApp as part of a sales or onboarding interaction, those communications are governed by the respective platform's terms (Meta / WhatsApp for Business) in addition to this Policy. We may record notes from calls for follow-up purposes, stored in our CRM, and subject to the same retention limits below.
7. How Long We Keep Your Data
Contact / callback enquiry data (name, company, phone, query) is retained for up to 24 months or until you request deletion, whichever comes first, for legitimate business follow-up. Concierge conversation logs are retained for up to 90 days for security and quality review and then deleted. Web server logs are retained for up to 30 days. Anonymised / aggregated analytics may be retained indefinitely as they cannot be used to identify you.
8. Sharing and Disclosure
We do not sell, rent, or trade your personal data to third parties for marketing purposes. We share data only as follows: (a) with our LLM provider for Concierge functionality, under a data processing agreement; (b) with our CRM and email infrastructure providers, under data processing agreements; (c) with law enforcement or government authorities if required by law or court order; (d) in connection with a merger, acquisition, or sale of all or substantially all assets, where we will notify you via email or prominent site notice. We require all processors to maintain security standards at least equivalent to those described in this Policy.
9. Cookies and Local Storage
The Site uses essential cookies and browser local storage to maintain basic interface state (for example, form values during a session). We do not use third-party advertising or marketing tracking cookies. If we add non-essential cookies in the future, we will obtain your consent before setting them and update this Policy accordingly.
10. Security
We protect personal data with industry-standard technical and organisational safeguards including: TLS 1.2+ encryption in transit; access controls and least-privilege provisioning; server-side API key storage (keys are never exposed to the browser); audit logging of API calls; and periodic security reviews. No system is perfectly secure. In the event of a data breach that is likely to result in harm to your interests, we will notify affected individuals in accordance with applicable law.
11. Your Rights
Under the DPDP Act 2023 and applicable Indian law, you have the right to: (a) access a summary of the personal data we hold about you; (b) correct inaccurate or incomplete personal data; (c) erasure of personal data that is no longer necessary for the purpose for which it was collected or where consent has been withdrawn; (d) withdraw consent to processing at any time (noting that withdrawal does not affect lawfulness of prior processing); (e) grievance redressal through the contact details below; and (f) nominate a representative to exercise these rights on your behalf. To exercise any right, email legal@theorigin.global with the subject line "Data Rights Request". We will acknowledge within 3 business days and respond within 30 days.
12. Children
The Site is not directed at children under the age of 18. We do not knowingly collect personal data from minors. If we learn that we have inadvertently collected data from a child, we will delete it promptly.
13. Links to Other Sites
The Site links to third-party websites (including theorigin.run, theorigin.trade, and partner sites). This Policy does not apply to those sites. We encourage you to review the privacy policies of any third-party site you visit.
14. Grievance Officer
In accordance with the Information Technology Act, 2000 and the DPDP Act 2023, the following person is designated as our Grievance / Data Protection Officer for the purposes of this Policy: Name of officer and contact details available on written request to legal@theorigin.global. The officer will respond to grievances within 30 days.
15. Changes to This Policy
We may update this Policy periodically to reflect changes in law, technology, or our operations. We will publish the updated Policy at this URL with a revised effective date. Where a change is material, we will also make a reasonable effort to notify users (e.g. via a notice on the Site). Continued use of the Site after the effective date constitutes acceptance of the revised Policy.
16. Contact
For any privacy-related questions, data rights requests, or grievances, contact us at: Email: legal@theorigin.global · General: hello@theorigin.global · Phone: +91 91212 00939 · Post: The Origin Global Pvt Limited, PNO. 38 & 39, Guttala Begumpet, Jubilee Hills, Hyderabad, Telangana — 500081, India.