KHOJ — Terms of Service PUBLIC DOCUMENT Axiomaera Private Limited | CIN: U62011MH2026PTC467707 | DPIIT: DIPP248013 Registered Office: Shop 8, Upper Ground Floor, Amenity Bldg, Ashok Astoria, Gangapur, Nashik, Maharashtra 422222, India Version: 1.0 | Effective Date: May 10, 2026 | Document Owner: Office of the Managing Director, Axiomaera Private Limited
LANGUAGE
This document is published in English. Translations will be made available in Hindi and additional Indian languages on a rolling basis. This document is currently available in English only. The English version shall prevail for all legal purposes. Any discrepancy in a future translated version is unintentional. Axiomaera respects each language and is committed to improving translation accuracy on an ongoing basis. If you notice a translation error, please report it to legal@axiomaera.com. The English version of all legal documents (Terms of Service, Privacy Policy, Data Retention Policy, Grievance Mechanism, and Methodology Disclosure) is freely accessible at khoj.axiomaera.com/legal at all times, in all circumstances, at no charge. For the KHOJ diagnostic report itself (the paid product), the report language is determined at the time of scan and additional language versions are subject to standard service fees.
TABLE OF CONTENTS
- Definitions
- Eligibility
- OTP Verification Requirement
- Acceptable Use
- Prohibited Uses — Explicit Enumeration
- Service Description — Free Tier
- Service Description — Paid Tier (₹99)
- Payment Terms
- Data Accuracy Disclaimer
- Intellectual Property
- Limitation of Liability
- Indemnification
- Dispute Resolution
- Modification of Terms
- Termination
- Severability
- Entire Agreement
- Contact
- Template Letters Disclaimer
- Report Confidentiality
- No Legal Evidence Disclaimer
- Technology Preview — Compliance Verification
- Emotional Impact and Wellness
- Service Availability and Third-Party Dependency
- Responsible Security Disclosure
1.1 Definitions
For the purposes of these Terms of Service, the following terms shall have the meanings set forth below: "KHOJ" means the personal data exposure diagnostics service operated by Axiomaera Private Limited, accessible at khoj.axiomaera.com or any successor domain. "Axiomaera", "we", "us", or "our" refers to Axiomaera Private Limited (CIN: U62011MH2026PTC467707), a private limited company incorporated under the Companies Act, 2013, having its registered office in Nashik, Maharashtra, India. "User", "you", or "your" refers to the natural person accessing or using KHOJ. "Data Principal" has the meaning ascribed to it under Section 2(j) of the Digital Personal Data Protection Act, 2023 ("DPDPA"), being the individual to whom the personal data relates. "Data Fiduciary" has the meaning ascribed to it under Section 2(i) of the DPDPA. Axiomaera is the Data Fiduciary in respect of personal data processed through KHOJ. "Scan" means a single diagnostic query initiated by a verified Data Principal, in respect of their own email address or telephone number, against breach intelligence sources accessed by KHOJ. "Report" means the diagnostic output generated by KHOJ following a Scan, including the ATI Score, breach list, and remediation actions. "ATI Score" means the Axiomaera Threat Index, a proprietary composite score developed by Axiomaera Private Limited, computed on a scale of 0 to 100. The ATI Score is derived from a weighted analysis of multiple parameters including, but not limited to, breach volume and severity, credential exposure depth (plaintext versus hashed), Indian-origin breach concentration, telephone number exposure and associated fraud vectors (including UPI and SIM-swap risk), and temporal exposure window (duration of continuous exposure). The exact parameters, weights, calibration constants, and computational methodology are proprietary and confidential, and constitute trade secrets of Axiomaera Private Limited. The AIRAVATA compliance infrastructure underlying KHOJ is the subject of Indian Patent Application No. 202521070192. "ATI™" and "Axiomaera Threat Index™" are trademarks of Axiomaera Private Limited. "Free Tier" and "Paid Tier" mean the two service levels offered by KHOJ as further described in Sections 1.6 and 1.7. "OTP" means One-Time Password, a numeric verification code delivered to a User via Short Message Service (SMS) or electronic mail, used for identity verification. "Exposed Credentials" means credential data sourced from licensed breach intelligence providers, including but not limited to passwords, usernames, internet protocol addresses, names, and telephone numbers, that have been exposed in known data breaches.
1.2 Eligibility
By accessing or using KHOJ, you represent and warrant that: 1. You are at least 18 (eighteen) years of age; 2. You are the lawful owner of the email address or telephone number being scanned; 3. You will complete OTP verification before any Scan is processed; 4. You have the legal capacity to enter into a binding agreement under the Indian Contract Act, 1872; and 5. You are not barred from receiving services under the laws of India. KHOJ is primarily designed for residents of India. While international users may technically access KHOJ, these Terms and the laws of India shall govern all use, irrespective of the User's location.
1.3 OTP Verification Requirement
No Scan is processed without OTP verification. This is a mandatory and non-bypassable step. The purpose of OTP verification is to verify that the person initiating the Scan is the lawful owner of the email address or telephone number being scanned. This requirement protects against unauthorised scanning of another person's data and ensures compliance with Section 6(1) of the DPDPA (consent of the Data Principal). SMS OTP is delivered via Bharti Airtel Limited under the Telecom Commercial Communications Customer Preference Regulations, 2018, issued by the Telecom Regulatory Authority of India ("TRAI"). Axiomaera is a TRAI-registered Principal Entity (Registration No. 1001825059978445085, valid until April 23, 2027). Email OTP is delivered via Axiomaera's verified email infrastructure, with messages dispatched from authenticated domains under SPF, DKIM, and DMARC compliance. Any attempt to circumvent, bypass, or defeat OTP verification is a material breach of these Terms and may constitute an offence under Section 43 read with Section 66 of the Information Technology Act, 2000.
1.4 Acceptable Use
You may use KHOJ only as expressly permitted under these Terms. In particular: 1. You may scan only your own email address or telephone number; 2. You may not use KHOJ to scan another person's data, even with their verbal consent. While OTP verification ensures this technically, you contractually warrant that you are the owner of the data being scanned; 3. You may not use KHOJ for corporate intelligence, competitive analysis, employee surveillance, or any purpose other than your own personal data exposure awareness; 4. You may not attempt to reverse-engineer, decrypt, or reconstruct any Exposed Credentials shown in any Report beyond what KHOJ already displays; 5. You may not use any information from KHOJ Reports to access, test, probe, or attempt to access any account, system, application, or service belonging to yourself or any other person, except solely for the purpose of changing your own credentials on accounts you own; 6. You may not scrape, automate, or programmatically access KHOJ; 7. You may not redistribute, resell, sublicense, or commercially exploit KHOJ Reports, the data within them, or the KHOJ service itself.
1.5 Prohibited Uses — Explicit Enumeration
Without limiting the generality of Section 1.4, the following uses of KHOJ are expressly prohibited: 1. Scanning data belonging to another person — using OTP codes obtained from another person's device, social engineering of OTPs, or any other method to scan data not belonging to you; 2. Using Exposed Credentials to attempt account access — including testing whether a credential still works on any system. This may constitute a criminal offence under Section 66 of the Information Technology Act, 2000 (punishable with imprisonment up to three years and/or fine up to five lakh rupees) and/or an offence under the Bharatiya Nyaya Sanhita, 2023; 3. Corporate espionage or competitive intelligence — using KHOJ to obtain breach data on employees, competitors, or business associates; 4. Harassment, stalking, or abuse — using breach information to harass, intimidate, threaten, or abuse any person; 5. Building databases from KHOJ results — extracting, compiling, or aggregating Report data into any database, spreadsheet, or system for systematic analysis or redistribution; 6. Circumventing OTP verification — including but not limited to phishing, smishing, social engineering, or technical exploits; 7. Filing false or frivolous complaints against breached organisations using KHOJ Reports as the sole basis. KHOJ Reports are diagnostic in nature and are not legal evidence. Independent verification is required for legal proceedings. Violation of any provision of Section 1.5 will result in immediate termination of your access to KHOJ, deletion of your data (subject to law-enforcement preservation requirements), and potential reporting to law enforcement authorities.
1.6 Service Description — Free Tier
The Free Tier provides: 1. Breach metadata sourced from Have I Been Pwned ("HIBP") under the Creative Commons Attribution 4.0 International licence (CC BY 4.0): including breach name, breach date, data classes exposed, and approximate record count; 2. ATI Score and severity classification (Low / Moderate / High / Critical); 3. Time-sliced remediation action items (24-hour priority, weekly priority, monthly priority); 4. DPDPA 2023 rights education referencing Sections 11 (Right of access to information about personal data), 12 (Right to correction and erasure of personal data), and 13 (Right of grievance redressal); 5. Percentile ranking against the current scan cohort. The Free Tier is provided at no charge.
1.7 Service Description — Paid Tier (₹99)
The Paid Tier includes everything in the Free Tier, plus: 1. Exposed credential data from licensed breach intelligence providers (commercial application programming interface licence): displayed in full as recovered from the third-party breach; 2. Full forensic breach analysis with Indian-context annotations; 3. Phone number vector scan (in addition to email scan); 4. Downloadable Portable Document Format (PDF) diagnostic report, watermarked with the verified email address of the Data Principal. Fee: ₹99 (Indian Rupees Ninety-Nine), inclusive of Goods and Services Tax (GST) as applicable. The fee covers KHOJ's proprietary analytics, threat scoring, forensic analysis, and professional report generation. Breach metadata from Have I Been Pwned is provided free of charge under CC BY 4.0 licence. Credential data is sourced from licensed breach intelligence providers under commercial API licence. The User is not paying for the underlying breach or credential data; the User is paying for the analytical service that contextualises and presents that data.
1.8 Payment Terms
1. Payments are processed through Razorpay Software Private Limited or any successor payment gateway. Axiomaera does not store full credit card or debit card details on its systems. 2. Payment is non-refundable once a Report is generated, because the application programming interface queries to third-party providers have already been executed and computational resources expended. 3. A refund will be issued, in full, where a technical failure on Axiomaera's part prevents Report generation despite successful payment. Refund requests in such cases must be made within 7 (seven) days of payment to billing@axiomaera.com. 4. Refunds, where applicable, are processed to the original payment instrument within 7-10 business days. 5. Any chargeback initiated without first attempting resolution through billing@axiomaera.com may result in suspension of access to KHOJ.
1.9 Data Accuracy and Third-Party Disclaimer
1. KHOJ aggregates and analyses breach intelligence sourced from independent third-party providers, primarily Have I Been Pwned (Superlative Enterprises Pty Ltd, Australia) and licensed breach intelligence providers. Axiomaera does not originate, compile, independently verify, or guarantee breach or credential data; 2. Axiomaera makes NO WARRANTY, EXPRESS OR IMPLIED — including any implied warranty of accuracy, completeness, timeliness, merchantability, fitness for a particular purpose, or non-infringement — regarding the data provided by any third-party provider. Axiomaera does not own, control, or claim responsibility for the underlying breach corpora maintained by any provider; 3. Axiomaera's role is strictly that of ANALYST AND PRESENTER: we query licensed third-party APIs, apply our proprietary analytical framework (including the ATI Score), and present the results in a contextualised, actionable diagnostic format. The quality, coverage, accuracy, and currency of the underlying data is determined entirely by the third-party providers and is outside Axiomaera's control; 4. Where a third-party provider has erroneous, incomplete, outdated, duplicative, or misattributed data, KHOJ inherits such errors. Axiomaera does not independently verify each breach record, each credential entry, each data class attribution, or each record count; 5. ABSENCE OF RESULTS DOES NOT MEAN YOUR DATA HAS NOT BEEN BREACHED. It means your data was not found in the sources queried at the time of the Scan. Breaches not indexed by our data sources will not appear in a Report. New breaches discovered after your Scan are not retroactively included; 6. PRESENCE OF RESULTS DOES NOT CONSTITUTE AN ALLEGATION BY AXIOMAERA. KHOJ reports what third-party providers report. Each breach referenced in a Report is a confirmed, publicly documented incident as catalogued by Have I Been Pwned (CC BY 4.0) and/or licensed breach intelligence providers. Axiomaera does not allege breaches — it presents confirmed records from independent third-party registries; 7. The ATI Score is a PROPRIETARY COMPOSITE METRIC developed by Axiomaera. It is an indicative diagnostic score, not an absolute, scientific, actuarial, or forensic measure of risk. It should not be used as the sole basis for any legal, financial, employment, insurance, or credit decision; 8. Percentile rankings are computed against the current scan cohort and may change over time as the cohort grows. They are indicative and relative, not definitive or absolute; 9. Axiomaera expressly disclaims, to the fullest extent permitted by applicable law, any and all liability arising from errors, omissions, inaccuracies, or incompleteness in third-party data, including any consequences of decisions made in reliance on such data.
1.10 Intellectual Property
1. KHOJ™, AIRAVATA™, ATI™, Axiomaera Threat Index™, the Sunrise visual design system, and all associated logos and marks are trademarks of Axiomaera Private Limited; 2. The ATI scoring algorithm and methodology is proprietary intellectual property of Axiomaera, protected as a trade secret. KHOJ is powered by AIRAVATA, Axiomaera's DPDPA compliance infrastructure, which is the subject of Indian Patent Application No. 202521070192; 3. Reports generated by KHOJ are licensed to the Data Principal for personal use only. They may not be reproduced, distributed, modified, or used as legal evidence without independent verification; 4. The KHOJ source code, infrastructure, and underlying technology are proprietary and protected under the Copyright Act, 1957 and the Indian Patents Act, 1970 as amended.
1.11 Limitation of Liability
To the maximum extent permitted by applicable law: 1. Axiomaera shall not be liable for any loss, damage, claim, expense, or harm — direct, indirect, incidental, special, consequential, or punitive — arising from or in connection with the use of KHOJ or any Report, including but not limited to: failure or delay in acting on remediation recommendations; third-party access to Reports; inaccuracies in third-party breach data; decisions made on the basis of an ATI Score; consequences of identity theft, fraud, or unauthorised access to any account, irrespective of whether such consequences relate to data identified in a Report; 2. Axiomaera's maximum aggregate liability to any User under or in connection with these Terms or any Report shall not exceed the fee actually paid for the specific Scan giving rise to the claim (₹99 for Paid Tier, ₹0 for Free Tier); 3. The limitations of liability set out in this Section 1.11 do not exclude or limit liability that cannot be excluded or limited under applicable Indian law, including liability arising from fraud, gross negligence, or death or personal injury caused by Axiomaera's negligence.
1.12 Indemnification
You shall indemnify, defend, and hold harmless Axiomaera, its directors, officers, employees, agents, and affiliates from and against any claim, demand, action, suit, proceeding, loss, liability, damage, cost, or expense (including reasonable legal fees) arising from or in connection with: (i) your misuse of KHOJ or any Report; (ii) your use of Exposed Credentials to access any account or system; (iii) your scanning of data belonging to any other person; (iv) your violation of these Terms; or (v) your violation of any applicable law, including the Information Technology Act, 2000, the DPDPA 2023, or the Bharatiya Nyaya Sanhita, 2023.
1.13 Dispute Resolution
1. Governing Law: These Terms are governed by, and shall be construed in accordance with, the laws of India. 2. Jurisdiction: Subject to Section 1.13(3), the courts at Nashik, Maharashtra shall have exclusive jurisdiction in respect of any dispute arising out of or in connection with these Terms. 3. Mediation and Arbitration: Before initiating any court proceedings, the parties shall first attempt in good faith to resolve any dispute through mediation for a period of 30 (thirty) days. If mediation fails, the dispute shall be referred to arbitration under the Arbitration and Conciliation Act, 1996, before a sole arbitrator appointed by mutual agreement (or, failing agreement, in accordance with the said Act). The seat of arbitration shall be Nashik, Maharashtra. The language of arbitration shall be English. 4. Equitable Relief: Notwithstanding the above, Axiomaera may seek injunctive or equitable relief in any court of competent jurisdiction to protect its intellectual property or confidential information.
1.14 Modification of Terms
1. Axiomaera may modify these Terms from time to time. Modifications will be effective 30 (thirty) days after notice is provided via electronic mail to registered users and prominent notice on the KHOJ website at khoj.axiomaera.com. 2. Continued use of KHOJ after modifications take effect constitutes acceptance of the modified Terms. 3. Material changes — including changes to pricing, data usage practices, or third-party providers — will be specifically highlighted in the notice.
1.15 Termination
1. You may stop using KHOJ at any time. You may request deletion of your data by writing to privacy@axiomaera.com; 2. Axiomaera may suspend or terminate your access to KHOJ for violation of these Terms, with notice where reasonably practicable. Where termination is for reasons of fraud, abuse, or violation of law, notice may not be given; 3. Upon termination, your scan data will be deleted in accordance with the Data Retention Policy.
1.16 Severability
If any provision of these Terms is held by a court of competent jurisdiction to be unenforceable, illegal, or invalid, the remaining provisions shall continue in full force and effect.
1.17 Entire Agreement
These Terms, together with the Privacy Policy, Data Retention Policy, Grievance Redressal Mechanism, and Methodology Disclosure, constitute the entire agreement between you and Axiomaera in respect of KHOJ and supersede all prior agreements, communications, or understandings, whether oral or written.
1.18 Contact
| Purpose | |
|---|---|
| Legal inquiries | legal@axiomaera.com |
| Privacy / data protection | privacy@axiomaera.com |
| Grievance Officer | grievance@axiomaera.com |
| Billing and refunds | billing@axiomaera.com |
| Security incidents | security@axiomaera.com |
| Abuse reports | abuse@axiomaera.com |
Registered Office: Axiomaera Private Limited, Shop 8, Upper Ground Floor, Amenity Bldg, Ashok Astoria, Gangapur, Nashik, Maharashtra 422222 Grievance Officer: Mukund Hemant Mohadikar, Managing Director
1.19 Template Letters Disclaimer
KHOJ may provide template letters to assist Data Principals in exercising their rights under DPDPA 2023. These templates are provided for educational and informational purposes only. They do not constitute legal advice. Axiomaera does not send these letters on the User's behalf and does not act as the User's legal representative, agent, or Consent Manager (within the meaning of the DPDPA). Users are advised to seek independent legal counsel before initiating formal proceedings.
1.20 Report Confidentiality
Your KHOJ Report contains sensitive information including Exposed Credentials. You are responsible for safeguarding your Report. Axiomaera recommends: 1. Do not share your full Report publicly or on social media; 2. If sharing your ATI Score, use the anonymised share card provided (which contains no credentials); 3. Store your PDF Report securely, as you would a medical record; 4. If you believe your Report has been accessed by an unauthorised person, contact us immediately at security@axiomaera.com. For Paid Tier PDF Reports: each report is watermarked with the verified email address of the Data Principal to discourage unauthorised redistribution and to enable identification in the event of leak.
1.21 No Legal Evidence Disclaimer
KHOJ Reports are diagnostic tools based on third-party breach intelligence. They are NOT: 1. Legal evidence of a data breach; 2. Certified forensic reports; 3. Admissible as sole evidence in judicial or quasi-judicial proceedings; 4. A substitute for professional cybersecurity audit or forensic investigation. If you require forensic-grade evidence for legal proceedings, we recommend engaging a CERT-In empanelled auditor.
1.22 Technology Preview — Compliance Verification
KHOJ is a fully operational diagnostic service, not a beta product. Certain analytical and verification features within KHOJ — including the ATI scoring methodology, the 5-vector composite analysis, the threat classification engine, and the follow-up re-scan verification capability — represent field implementations of patent-pending technology (Indian Patent Application No. 202521070192) developed by Axiomaera Private Limited for its enterprise compliance infrastructure platform. When you use KHOJ's remediation features — including generating DPDPA rights request letters and conducting follow-up re-scans to verify whether a Data Fiduciary has acted on your request — you are participating in the real-world validation of this technology. By using these features, you acknowledge that: 1. The compliance verification methodology is under active development and refinement. Axiomaera may update the methodology, scoring parameters, classification thresholds, and verification algorithms at any time; 2. Scores, classifications, and percentile rankings generated today may not be directly comparable to those generated in future versions, as calibration improves with cohort growth; 3. Re-scan results indicating whether a Data Fiduciary has acted on your request are diagnostic indicators, not legally conclusive determinations. A re-scan showing continued exposure does not constitute proof of non-compliance by the Data Fiduciary, and a re-scan showing reduced exposure does not constitute proof of compliance; 4. Your anonymised, non-identifiable usage patterns (subject to your analytics consent under the Consent Flow) contribute to the validation and improvement of this technology. No personally identifying information is used for this purpose; 5. This Section does not diminish any of your rights under DPDPA 2023 or any other applicable law. Your right to erasure under Section 12, your right to access under Section 11, and your right to grievance redressal under Section 13 are statutory rights conferred by Parliament — they exist independently of KHOJ and independently of Axiomaera's technology; 6. Axiomaera does not guarantee that any Data Fiduciary will act on your request. Compliance with DPDPA is the legal obligation of the Data Fiduciary, not of KHOJ. KHOJ facilitates awareness of your rights and provides diagnostic tools to assess outcomes — it does not enforce compliance on your behalf; 7. Any feedback, suggestions, or bug reports submitted to feedback@axiomaera.com during your use of KHOJ becomes the property of Axiomaera and may be used without restriction or compensation for product improvement.
1.23 Emotional Impact and Wellness
KHOJ Reports may reveal sensitive information about your personal data exposure, including compromised passwords, exposed identity fields, and the extent of your exposure relative to other individuals. This information may cause concern, anxiety, or distress. 1. KHOJ is a diagnostic tool. It reveals pre-existing conditions of data exposure that exist independently of KHOJ. KHOJ does not create, cause, or worsen the underlying exposure; 2. The information in your Report is presented to empower you to take protective action — not to cause alarm or distress. Every Report includes specific, time-prioritised remediation actions designed to help you regain control of your digital identity; 3. If the contents of your Report cause you significant distress or anxiety, we encourage you to: Speak with a trusted person — a family member, friend, or colleague; Contact a professional helpline: Vandrevala Foundation: 1860-2662-345 (24/7, free, multilingual) iCall (TISS): 9152987821 (Mon-Sat, 8am-10pm) KIRAN (Government of India): 1800-599-0019 (24/7, free, toll-free) Remember that data exposure is common, widespread, and remediable — the actions in your Report are designed to help; 4. To the fullest extent permitted by applicable law, Axiomaera shall not be liable for any emotional distress, psychological harm, anxiety, panic, self-harm, harm to person, or any action taken by the User or any third party as a consequence of receiving, reading, interpreting, sharing, or acting upon a KHOJ Report or any information contained therein. This limitation applies whether the harm is direct, indirect, foreseeable, or unforeseeable; 5. KHOJ Reports are not medical, psychological, psychiatric, or therapeutic advice. If you are experiencing a mental health crisis, please seek professional help immediately using the helpline numbers above or by contacting your nearest medical facility; 6. If you believe that receiving a KHOJ Report is likely to cause you significant distress, you may choose not to proceed with the Scan. The OTP verification and consent steps are designed to give you multiple opportunities to make an informed decision before any Report is generated.
1.24 Service Availability and Third-Party Dependency
KHOJ depends on the availability of third-party APIs to generate Reports. Axiomaera does not guarantee uninterrupted availability of these services. 1. Where a third-party API is temporarily unavailable at the time of a Scan, KHOJ will retry automatically for a reasonable period; 2. If the service remains unavailable and a Paid Tier Report cannot be fully generated despite successful payment, the User will be offered, at Axiomaera's discretion: (a) a re-scan at no additional cost within 7 days, or (b) a full refund of the fee paid; 3. Free Tier scans affected by third-party unavailability will display a notice inviting the User to retry later at no cost; 4. Axiomaera is not liable for the unavailability, downtime, performance degradation, or discontinuation of any third-party service. Where a third-party provider permanently discontinues service, Axiomaera will make reasonable efforts to identify alternative sources.
1.25 Responsible Security Disclosure
If you discover a security vulnerability in KHOJ, we encourage you to report it responsibly: 1. Email: security@axiomaera.com; 2. Include: a description of the vulnerability, steps to reproduce, and your contact information; 3. We will acknowledge receipt within 48 hours; 4. We will not take legal action against security researchers who: (a) act in good faith; (b) avoid accessing or modifying other Users' data; (c) provide Axiomaera a reasonable period (minimum 90 days) to address the vulnerability before any public disclosure; (d) do not exploit the vulnerability beyond what is necessary to demonstrate its existence; 5. We may, at our discretion, recognise responsible disclosures on our website (with the researcher's consent) and may offer a token of appreciation. This policy does not authorise any activity that violates applicable law, including the Information Technology Act, 2000. Good-faith security research that complies with the above conditions is not considered unauthorised access.
End of Terms of Service.
By using KHOJ, you acknowledge that you have read, understood, and agree to be bound by these Terms.