We are a Data Fiduciary. Here is how we treat your data.

Account: name, email, phone, city, plan, billing history. Identity tuples: name variants, past phones, past addresses, aliases you have entered. Operational data: scan history, exposure records, evidence packs, removal requests, DPB filings, monthly reports. Optional (Concierge): a face embedding derived from a photo you upload.

To run the daily scan, draft and send Section 12 notices on your behalf, track the Rule 14 deadline per fiduciary, escalate to the DPB when needed, generate monthly reports, send severity-graded alerts, and bill you under your subscription.

Consent, given at signup, with the option to withdraw at any time via Settings. For authorising us to file on your behalf with Data Fiduciaries and with the DPB, a separate authorisation block in our terms (and a re-confirmation on first filing).

For the lifetime of your account plus thirty days post-cancellation. Evidence packs related to DPB filings retained for an additional one year to support any continuing proceedings. You can shorten retention via Settings.

For Family-plan members under eighteen, we require verifiable parental consent (Aadhaar OTP for the parent plus signed declaration plus attested relationship document). Tracking-style processing and any monetisation pathway are disabled by default. Erasure on parental request is honoured within seven days, not thirty.

Only with named subprocessors documented at /trust/subprocessors. We do not sell or rent your data. We do not share with advertising networks, data brokers (other than for the purpose of filing Section 12 notices), or any third party not strictly necessary to deliver the service.

Default-deny. The only outbound transfers are: (a) breach API hashes to HIBP, DeHashed, IntelX, LeakCheck for matching against breach databases; (b) Google Vision API calls (Concierge) for face-match, on hashed embeddings rather than source images; (c) Razorpay for billing (Indian processor, Indian rails). Each is documented with the data class, purpose, and country.

Right of access (Section 11): request your data, delivered within twenty-four hours via Settings. Right of correction (Section 11): edit anything in your profile or aliases. Right of erasure (Section 12): one-tap account deletion, completed within thirty days with proof. Right to nominate (Section 13): designate a representative. Right of grievance (Section 13): contact our Grievance Officer at [email protected], response within thirty days.

Appointed and contactable at [email protected]. Name and registered address on the grievance page.

Appointed. The DPO is a different person from the Grievance Officer. Contact via the same grievance email; please mark the subject "FAO: DPO".

Detection-to-notification SLA: seventy-two hours to the Board and to affected users, per Rule 7. Our internal target is twenty-four hours. The full runbook is at /trust/breach-promise.