India's Home Services Apps Are Becoming AI Data Infrastructure
An investor memo describing Pronto as a ‘data business leveraging its workforce’ has pushed a Bengaluru pilot into one of the earliest public tests of India’s new data protection regime.
News
- US Lifts Curbs on Anthropic AI Models
- Tata Communications Plans $152 Million India-Singapore Subsea Cable Expansion
- RBI Flags AI Cyberattacks As Top Financial Stability Risk
- Apple Speeds Up Security Updates As AI Threats Rise
- Anthropic, OpenAI Push AI Deeper Into Scientific Research
- BAT Leans On ITC Infotech Amid Tech-Led Overhaul
Key Takeaways
01
The Pronto pilot puts AI training data collection inside private Indian homes, with one opt-in covering both the service and a commercial dataset.
02
Under India’s Digital Personal Data Protection Act, 2023, the disclosed purpose must match the actual use, and a bundled opt-in cannot stretch from service verification to robotics training
03
Companies whose product touches a private space need separate consent flows, retention rules that cover derived datasets, and explicit protections for bystanders the contracting customer cannot consent for.
India’s instant home services market has scaled fast over the past two years. Bengaluru-based home services app Pronto, alongside competitors Urban Company and Snabbit, dispatches large numbers of workers each month to Indian households to do cleaning and laundry. That access is now being treated as a commercial asset by some investors in the category.
Pronto, founded in 2025, confirmed in late May that some of its workers were wearing outward-facing body cameras during select jobs. The footage, the company said, served two purposes. The first was customer reassurance, for households that wanted a record of work done in their absence. The second was training data for “physical AI,” the term for AI systems built to operate in real-world environments rather than only in text.
The disclosure sparked controversy after the Indian tech publication Entrackr published an investor memo from Pronto’s backer, Glade Brook Capital. The memo described Pronto as “developing a data business leveraging its workforce to capture real-world household data for robotics labs.” That sentence collapsed the distinction Pronto had drawn between service quality and AI training. It also moved a small pilot into the center of a national debate about consent inside private homes.
The Ministry of Electronics and Information Technology has taken cognizance of the matter, according to Moneycontrol, and is examining concerns around consent and the commercial use of household data. Competitors, regulators, and privacy advocates are now using the Pronto case to argue that India’s home services platforms are quietly becoming a new piece of AI data infrastructure, with consent flows that were not designed for this use.
The old assumption in India’s privacy debates was that an opt-in checkbox at the moment of service was a sufficient safeguard. The Pronto pilot tests that assumption directly. When in-home recording is also the primary commercial asset of the company doing the recording, opt-in consent at booking does not carry the legal or ethical weight it is being asked to bear.
Pronto’s opt-in defense
In a 22 May company blog, Pronto described the pilot as a way for its workers, whom it calls “Pros,” to participate directly in the AI economy and earn from the data their work generates. The program is opt-in at booking, the company said, and consent must be reaffirmed each time. Customers pay an extra Rs 29 per booking, and workers are paid more for jobs that include recording.
The company elaborated on X that “by default, there is no camera involved, and when there is, it’s impossible to miss.” It said it had “worked for months to ensure we go above and beyond what we’re required to do by the law.” It also pushed back at competitors by stating it was “not the only company in the space doing this.”
Cofounder and CEO Anjali Sardana told the Times of India that the pilot was built for customers who feel uneasy about leaving unfamiliar workers in their homes. “They worry about what’s happening in their home during their booking,” she said. In Pronto’s framing, the recording is a service guarantee, and the use of AI training is a secondary economic benefit. These claims have a clean internal logic. They also stop short of the question raised by the investor memo.
What the investor memo describes
The Glade Brook Capital memo, reported by Entrackr in late May, framed Pronto in a different language from the customer-facing blog. It described the company as developing a data business that uses its workforce to capture household footage for robotics labs. It said early partnership interest had been encouraging and that Pronto was moving quickly to commercialize the strategy. It also stated that the company was already piloting real-world training data with physical AI labs.
S D Shreyas, founder and CEO of compliance advisory firm ComplyPlanet, said this is where the legal pressure point of the case sits.
“The Pronto episode is not a privacy scandal; it is a consent architecture failure.”
S D Shreyas, founder and CEO, ComplyPlanet
The pilot was technically an opt-in, Shreyas said. In his reading, the investor memo had already redefined what was being collected and why. Once household recordings are positioned to investors as commodifiable training data, the disclosed purpose of collection no longer matches the actual purpose, he argued.
Queries emailed to Pronto remained unanswered at the time of publication.
Purpose limitation is the central legal test.
The Digital Personal Data Protection Act, 2023, India’s first comprehensive data privacy law, requires consent to be free, specific, informed, and unambiguous. Purpose limitation, a core principle of the Act and of every serious data-protection regime, requires the disclosed purpose to match the actual use. Consent obtained for service verification will not legally stretch to cover an AI-training license, no matter how clean the checkbox.
Nikhil Narendran, partner at law firm Trilegal, said homes are among the most privacy-sensitive environments a company can enter. A recording inside a home can capture children, domestic workers, visitors, health conditions, conversations, the home’s layout, and intimate behavioral patterns.
The privacy policy and consent flow “must say so clearly, specifically and upfront” whether the data will be used to train AI or robotics systems, Narendran said. A broad clause covering “service improvement” is not enough. He argued that developers need explicit disclosures covering what data is collected, which data fiduciaries are involved, and the purpose of processing.
That standard has implications beyond the current pilot. A review of Pronto’s public privacy policy shows that the document was last updated on 9 November 2024, more than a year before India’s privacy rules were notified. It does not refer to video recording, AI training, physical AI labs, or children’s data. Section 11(b) of the policy states that aggregated data may be used “indefinitely without further notice,” a clause that is at odds with the 48-hour deletion claim in Pronto’s blog. The policy’s update mechanism in Section 14 treats continued use of the platform as consent to any future revision, an approach digital rights groups argue is inconsistent with the DPDPA’s standard for free, specific, informed consent.
Research highlight
Reporting drawn from Pronto’s 22 May 2026 company blog and X statements, the Glade Brook Capital investor memo reported by Entrackr in late May, Pronto’s published privacy policy last updated 9 November 2024, MeitY’s 6 June 2026 call for Data Protection Board applications, and on-the-record interviews with three named privacy and compliance experts in India..
Derived datasets outlast the source footage
The 48-hour deletion window is the headline safeguard in Pronto’s defense. It is also the easiest one to misread.
In statements to Indian media, Pronto confirmed that derived datasets are retained even after raw video is deleted. These include key-point mapping data that tracks body joints and hand movements. Whether those derived datasets can be monetized or shared with third-party AI or robotics firms remains unclear.
The commercial weight of the data does not live in the raw footage. It lives in the structured features extracted from it. Skeletal motion data, hand-tracking sequences, and spatial maps of household interiors are what a robotics lab actually buys. Those artifacts outlive the source video and persist on retention timelines to which customers have not consented.
Bystanders cannot opt in
Even a well-designed opt-in cannot solve a problem the contracting customer is not in a position to solve.
Nikhil Pahwa, founder of digital media outlet MediaNama and a digital rights activist, said the contracting user is rarely the only person captured during a home services job. Visitors, family members, delivery workers, and children can all be recorded incidentally. Their images and movements may land in training datasets or in storage that no one explicitly authorized.
“If ten people are present in a house, do you need consent from all ten?”
Nikhil Pahwa, founder, MediaNama
The practical answer is that no current consent architecture can meaningfully obtain it. Pahwa argued that bystander privacy needs to be treated as a distinct design problem, not folded into the contracting user’s checkbox.
The wider pattern is starting to take shape. Physical AI and robotics companies typically obtain in-home recording consent through their service agreement, sometimes with explicit clauses and sometimes by offering discounts or free services in exchange. Human Archive, a US robotics data startup, partners with home services platforms in Asia and offers subsidized cleaning in exchange for consent to be recorded. The Pronto pilot is one node in a global supply chain for first-person video, not an isolated Indian experiment.
India’s privacy law is in force in stages
Pronto’s claim of full compliance with the Digital Personal Data Protection Act exists in a space where the law’s enforcement architecture is still being built.
The Act was passed in 2023. Its rules were notified in late 2025. Phase 2, which covers the consent manager framework, is due to take effect in November 2026. Full substantive compliance for data fiduciaries is currently scheduled for 13 May 2027. The Data Protection Board, the body created by the Act to hear complaints, has been established under the law, but its chairperson and members have not yet been fully appointed. The Ministry of Electronics and Information Technology issued a formal call for applications on 6 June 2026.
That leaves Indian consumers relying on a patchwork: older provisions of the Information Technology Act, the 2011 sensitive personal data rules under that Act, the Consumer Protection Act, the Indian Contract Act, and the constitutional right to privacy established by the Supreme Court in its 2017 K S Puttaswamy ruling. None of these instruments was written for residential video being repurposed as a robotics training corpus.
Shreyas said India is encountering meaningful privacy law for the first time and that the cultural infrastructure has not caught up. Jugaad innovation has rewarded moving fast over moving carefully, he said. Privacy by Design, the principle that data protection should be embedded in a product from day one, remains largely absent from the way Indian startups are built, funded, and scaled. The Pronto pilot, in his reading, is symptomatic of a deeper industry pattern.
Implications for C-suite, functional leaders, and boards
The Pronto episode reads as a near-term operational story. Its useful afterlife is as a checklist for any company whose product touches a private space.
For chief executives and product leaders, the architectural question is whether the company is selling a service, a dataset, or both. If both, the consent flow has to put both in front of the customer at the point of capture, with separate withdrawal mechanisms for each. A single bundled opt-in cannot carry the legal or reputational weight of dual-purpose data collection.
For legal, product, and operations leaders, the work is more granular. Explicit purpose disclosure must specify when recordings will be used for AI training or commercialized, and that disclosure must live within the consent flow rather than be buried in a privacy policy. Bystander protections need policies that cover non-customers who may be incidentally captured. Retention discipline has to extend to derived datasets, including motion data, hand tracking, and spatial maps that survive the deletion of source footage. Independent audits and transparent revenue-sharing terms for workers whose labor creates the data should be published.
For boards, the governance lens widens. Investor decks that describe customer households as a data business deserve the same scrutiny as a related-party transaction. If the company is being presented to investors as training data infrastructure and to customers as a service, the disclosure mismatch is a board-level risk before it is a regulator-level one. Boards should also assess whether the company’s privacy policy reflects current product reality, especially where AI training is part of the revenue model.
The home is becoming a new data category
Embodied AI does not improve without first-person video of humans doing physical work in real environments. That fact has economic consequences for any platform with a foothold inside private homes. Companies that send workers into customer homes now sit on a resource that frontier AI labs want and are willing to pay for. The supply chain for that resource is global, partly Indian, and largely invisible to the customers whose homes feed it.
The Pronto pilot may or may not survive regulatory review. The structural problem behind it will outlast the specific case. As embodied AI moves from research demos to commercial products, the residential interior becomes a data category that current privacy frameworks were not designed to handle. Treating in-home data collection as a distinct high-risk category, with its own consent flows, retention rules, and bystander protections, is what will separate the companies that get to build in this space from those that have to rebuild later under regulatory pressure.
Key facts on Pronto’s pilot
0.01%: share of Pronto’s customer base in the recording pilot, by the company’s own count.
Rs 29: extra fee customers pay per booking that includes recording.
48 hours: stated retention period for raw footage in Pronto’s 22 May 2026 blog.
9 November 2024: last update to Pronto’s privacy policy, more than a year before India’s privacy rules were notified.
“indefinitely”: stated retention period for aggregated “research” data in Section 11(b) of that policy.
About the Author
Kaumudi Kashikar-Gurjar is an Associate Editor at MIT Sloan Management Review India. Based in Pune, Maharashtra, she is a trained multimedia journalist covering business, policy, and technology.
View More

