Pronto AI In-Home Recording DPDP Compliance

Your cleaner arrives. There is a camera strapped to their head. Your dishes are being washed. Your home is being recorded. The startup says it is for AI training. The government is now investigating.

Introduction

Your cleaner arrives. There is a camera strapped to their head. Your dishes are being washed. Your laundry is being folded. Your home is being recorded. The startup says it is for AI training. The government is now investigating.

Bengaluru-based home-services startup Pronto has landed in the middle of a privacy storm after reports revealed that workers were wearing outward-facing cameras inside customers’ homes to generate training data for “Physical AI” and robotics systems.

The controversy has now reached the Ministry of Electronics and Information Technology (MeitY), with government sources confirming that officials are examining the company’s in-home recording pilot and its implications for customer privacy and AI data collection .

This article analyzes the legal and regulatory dimensions of the controversy under India’s Digital Personal Data Protection Act (DPDP Act), 2023.

What Pronto Was Doing

The Practice

Worker wears a small head-mounted camera during select household service bookings . The camera faces outward at the work being performed. Footage captures real-world domestic tasks such as:

Washing dishes
Folding laundry
Cleaning floors
Kitchen work
Other household chores

The Purpose

The recordings are used to generate training data for “Physical AI” and robotics systems. Physical AI refers to artificial intelligence systems that operate in and interact with the physical world rather than existing only in software or digital environments .

Investor documents from Glade Brook Capital, cited by Entrackr, state that Pronto is “piloting real-world training data with leading physical AI labs” and “moving quickly to commercialise the strategy” .

The Scale

Pronto claims the pilot reaches only 0.1% of its customer base. The company handles over 25,000 to 26,000 daily bookings across India’s top cities .

The Privacy Concerns

What Makes This Different

Unlike other app-based platforms that track user behaviour through clicks and cookies, Pronto’s recordings take place inside customers’ homes — one of the most private environments possible .

The Surveillance Concern

Critics have pointed to sections of the company’s privacy policy that mention aggregated user data may be retained indefinitely for “research or statistical purposes” . Questions have emerged around:

What exactly qualifies as “research”
Who can access the data
Whether customers and workers fully understand how recordings may ultimately be used

The Anonymisation Debate

While Pronto claims faces and identifying details are automatically blurred, and no personally identifiable information is uploaded or shared , experts note that homes are nearly impossible to truly anonymise . Name plates, ID cards, credit cards, bills, and other identifying items can appear in footage.

The Retention Issue

Pronto states that raw footage is deleted within 48 hours . However, the company confirmed that “derived datasets” from those recordings are retained, including “key point mapping” data tracking body joints and hand movements . When asked whether those datasets could eventually be monetised or shared with third-party AI or robotics firms, Pronto declined to comment .

The Legal Framework: DPDP Act, 2023

Key Provisions

The Digital Personal Data Protection Act, 2023, governs the processing of personal data in India. Key provisions relevant to this case include:

Section 6: Consent Requirements – Consent must be free, specific, informed, unconditional, and unambiguous. Each purpose requires separate consent.
Section 5: Purpose Limitation – Personal data must be collected only for a lawful purpose for which consent has been obtained.
Section 8: Data Quality and Storage Limitation – Data must not be retained beyond the necessary period.

The Consent Question

Pronto asserts that the program is strictly opt-in, requires explicit customer consent before every booking, and that consent is not one-time but must be affirmed for each individual job .

However, legal experts argue that consent may not be valid unless the user is fully aware of what they are agreeing to .

“Companies must obtain informed consent from users under the DPDP Act. Unless the user is fully aware of what they are agreeing to, their consent is invalid.”
— Amitabh Kumar, trust and safety expert and co-founder of Contrails AI

The Purpose Limitation Problem

Kamesh Shekar, Associate Director at The Dialogue, a technology policy think tank, highlighted the core legal uncertainty:

*”Pronto’s collection of personal data has brought to the forefront several uncertainties within the DPDPA, 2023, particularly when it comes to the use of personal information for AI training purposes. Although Pronto may delete the underlying data after 48 hours, concerns remain around prompt-data reuse and the broader challenge that AI-generated inferences cannot simply be ‘unlearned’ like human memory.”*

The broader concern is whether data collected for one service (e.g., a cleaning job) can automatically be treated as lawfully reusable for training AI systems .

The Regulatory Response

MeitY Scrutiny

The Ministry of Electronics and Information Technology has taken cognisance of the controversy and is examining the matter, according to government sources .

However, sources close to Pronto stated that the company has not received any formal communication from the ministry so far. Pronto has indicated it would be “happy to engage” if approached .

The Regulatory Gap

Analysts and privacy experts say the bigger concern is not the recordings alone, but the lack of clarity around how such data could eventually be used by AI systems. India’s privacy and regulatory frameworks remain ill-equipped to deal with AI-related data collection inside private homes .

“Consumers currently have little independent visibility into how such safeguards are enforced in practice or whether parts of the data continue to inform AI systems after deletion.”

Pronto’s Defense

What the Company Says

Strictly Opt-in: No recording occurs unless the customer explicitly opts into the program. Consent must be affirmed before each booking, not just once .
Small Scale: The pilot reaches only 0.1% of customers (some reports state less than 0.01%) .
Anonymisation: Faces and identifying details are automatically blurred. No personally identifiable information is uploaded or shared .
Deletion: Footage is deleted within 48 hours .
Customer Benefit: The program is meant for customers who feel uneasy about allowing unfamiliar workers into their homes while they are away. They receive the footage afterward as reassurance .
DPDP Compliance: The company claims the program complies fully with India’s DPDP Act .

Pronto CEO Anjali Sardana’s Statement:

“They worry about what’s happening in their home during their booking. Something may be stolen or broken, or work may not be done properly.”

Company Statement on X:

“Unless you have opted-in and paid for the program personally, the Pro doesn’t come to the house with a camera. Opt in is not one time, it has to be affirmed before each booking. By default there is no camera involved, and when there is, it’s impossible to miss.”

What Rivals Are Saying

The controversy has prompted rival home-services startups to publicly distance themselves from similar practices.

Urban Company:

“We are in the business of trust and we take customer trust and privacy extremely seriously. We do not engage in any such activities, have never done so, and have no plans to do so.”
— Abhiraj Singh Bhal, co-founder and CEO

Snabbit:

“No customer home has ever been recorded by us, in any way. In the interest of transparency: yes, we were approached by several players and yes, we have studied how this technology works. But understanding something and deploying it in our customers’ homes are two very different things. We have not done the latter.”
— Aayush Agarwal, founder

The Investor Connection

The controversy gained additional attention due to investor documents linking Pronto’s operations to physical AI and robotics development.

Glade Brook Capital Memo (cited by Entrackr):

“Pronto is seeking to formalise India’s vast informal labour markets and in the process generate data to help train physical AI and robotics.”

Another investor note:

Pronto is “developing a data business leveraging its workforce to capture real-world household data for robotics labs.”

Physical Intelligence Connection

Earlier in May 2026, Pronto raised $20 m i l l i o n i n a n e x t e n s i o n r o u n d l e d b y L a c h y G r o o m, c o - f o u n d e r o f A I r o b o t i c s c o m p a n y P h y s i c a l I n t e l l i g e n c e a n d a n e a r l y b a c k e r o f q u i c k - c o m m e r c e f i r m Z e p t o [c i t a t i o n : 8] [c i t a t i o n : 9] [c i t a t i o n : 10] . T h e c o m p a n y c l o s e d i t s S e r i e s B f u n d i n g r o u n d a t$ 20millioninanextensionroundledbyLachyGroom,co−founderofAIroboticscompanyPhysicalIntelligenceandanearlybackerofquick−commercefirmZepto[citation:8][citation:9][citation:10].ThecompanycloseditsSeriesBfundingroundat45 million, doubling its valuation to $200 million in about a month .

The Non-Personal Data Question

Nikhil Narendra, a partner at law firm Trilegal, noted that anonymised household data could potentially fall outside India’s Digital Personal Data Protection Act, while cautioning that India still lacks a governance framework for non-personal data .

This is a critical legal grey area. Even if the DPDP Act applies to the raw footage (which contains identifiable information), the “derived datasets” — key point mapping data tracking body joints and hand movements — may not be considered personal data at all. India currently has no framework governing such non-personal data.

The Larger Questions

For Consumers

Are you fully aware of what you are consenting to when you opt into such programs?
Do you understand that “derived datasets” may be retained indefinitely even if the raw footage is deleted?
Could your home — anonymised or not — become part of a permanent training dataset for robotics systems?

For Companies

Does “informed consent” under the DPDP Act require disclosure of derived dataset retention and potential commercialisation?
Is purpose limitation being violated if data collected for home services is reused for AI training?
How can consumers verify that their data has actually been deleted?

For Regulators

Does the DPDP Act adequately address AI training use cases?
Should there be specific rules for in-home data collection for AI development?
What remedies do consumers have when data is collected for one purpose but used for another?

For Policymakers

India needs a governance framework for non-personal data.
Clarity is needed on whether anonymised datasets derived from personal data remain subject to data protection law.
Consumers need independent visibility into how safeguards are enforced.

Conclusion

The controversy around Pronto’s in-home recording pilot has exposed several critical gaps in India’s privacy and AI governance framework.

What is clear:

Pronto was recording inside customers’ homes using worker-worn cameras
The data was being used to train physical AI and robotics systems
Investor documents indicate plans to commercialise this data
MeitY is now examining the matter

What remains unclear:

Whether “informed consent” under the DPDP Act is satisfied when consumers may not understand derived dataset retention and commercialisation
Whether purpose limitation permits data collected for home services to be reused for AI training
Whether India’s privacy framework is equipped to govern AI-linked recordings inside private homes
What happens to “derived datasets” that may not constitute personal data under the DPDP Act

What must happen:

Regulatory clarity on AI training data under the DPDP Act
A governance framework for non-personal data
Independent oversight of company claims about deletion and anonymisation
Transparent disclosure of derived dataset retention and potential commercialisation

The Pronto controversy has opened a much larger conversation. As AI companies race to teach machines how humans live and work, the question remains: where exactly should innovation stop and privacy begin?

Q: Can a company legally record inside my home if they claim it is for AI training?

Ans: Under the Pronto AI In-Home Recording DPDP compliance framework, a company can only record if they obtain explicitly informed, specific, and unambiguous consent under Section 6 of the DPDP Act. The consumer must be completely aware of both the recording and the exact commercial purpose (e.g., third-party robotics training).

Q: If Pronto deletes the raw video within 48 hours, is my privacy protected?

Ans: Not necessarily. While deleting raw video mitigates immediate surveillance risks, retaining “derived datasets” (such as spatial mapping and body movement tracking) creates permanent AI training artifacts. Once your domestic data influences an AI model, those machine inferences are nearly impossible to “unlearn.”

Q: Does the DPDP Act protect me if the retained data is “anonymized”?

Ans: This is currently a major legal grey area in India. The DPDP Act governs personal data. Companies often argue that derived, anonymized data becomes non-personal data, falling outside current strict regulations. However, experts argue that true anonymization inside a private home is practically impossible.

What specific type of dataset does Pronto admit to retaining after deleting the raw video footage?

Ans: “Derived datasets,” including “key point mapping” that tracks body joints and hand movements.

Under the DPDP Act, which section strictly mandates that consent must be specific, informed, and unambiguous?

Ans: Section 6.

What type of AI is Pronto’s training data intended to develop?

Ans: Physical AI and robotics systems.

True or False: According to legal experts, true anonymization of video footage inside a private home is easily achieved.

Ans: False; experts note that homes are nearly impossible to truly anonymize due to ambient identifying items.

Adv. Shoeb Hakim
Data Privacy & AI Governance Advisor

📌 Follow me on LinkedIn for daily data privacy and AI governance insights: https://www.linkedin.com/in/shoebhakim

📌 Visit my website for more articles: https://www.shoebhakim.com
📌 Visit my website for legal knowledge: https://www.vakilverse.com
📌 Visit my website for research fellowship: https://www.legalcomplaince.in

♻️ Share this article with your network.

Disclaimer: This article is for informational purposes only and does not constitute legal advice.

Hashtags: #Pronto #DataPrivacy #AITraining #PhysicalAI #DPDPAct #MeitY #HomeServices #Surveillance #Consent #DataProtection #IndianStartups #PrivacyMatters #AIRegulation #TechPolicy #DigitalRights #ConsumerPrivacy #HomeRecording #AIEthics #DataGovernance #StartupControversy #PhysicalIntelligence #RoboticsAI #ArtificialIntelligence #PrivacyBacklash #DataCollection #InformedConsent #PurposeLimitation #NonPersonalData #LegalGreyArea #RegulatoryScrutiny #AnjaliSardana #GladeBrookCapital #UrbanCompany #Snabbit #LachyGroom #TimesOfIndia #Mint #BusinessStandard #Moneycontrol #IndianExpress #TheDialogue #ContrailsAI #Trilegal #KameshShekar #AmitabhKumar #NikhilNarendra #AbhirajSinghBhal #AayushAgarwal #AdvShoebHakim

Adv. Shoeb Hakim

Find

Latest Posts

Post Category

Find Us On:

Pronto’s In-Home AI Recording Pilot: Privacy Backlash and Regulatory Scrutiny Under the DPDP Act