Privacy Policy

This Privacy Policy describes how we collect, use, share, and protect information when you use our Services. We respect your privacy and are committed to being transparent about our practices.

We collect: (a) account data you provide (name, email, phone, workspace details); (b) Content you submit through the Services; (c) technical data (IP address, browser type, timestamps, device info); (d) usage data (pages visited, features used, interaction events).

We use your data to: operate and maintain the Services; authenticate you; send service-related communications; provide support; detect fraud and abuse; comply with legal obligations; and, with your consent, improve the product and inform you about updates.

We process personal data under the following lawful bases: performance of a contract, compliance with a legal obligation, legitimate interests that do not override your rights, and your consent (which you may withdraw at any time).

We share data only with: (a) sub-processors who help operate the Services (hosting, email delivery, payment processing); (b) authorities when legally compelled; (c) successors in the event of a merger or acquisition. We do not sell personal data.

We retain account data for as long as your account is active and for a reasonable period thereafter to comply with legal and accounting obligations. Audit logs are retained for up to seven (7) years. You may request deletion at any time.

We protect your data with AES-256-GCM encryption at rest, TLS 1.3 in transit, row-level tenant isolation, least-privilege access controls, and append-only audit logs. No system is perfectly secure; we disclose incidents promptly when they occur.

We use essential cookies to run the platform (session, CSRF, load balancing) and optional cookies for analytics and preferences. Opt out or customise via the cookie banner on your first visit, or clear cookies in your browser at any time.

You may: access your data, correct inaccuracies, request erasure, object to processing, withdraw consent, and lodge a complaint with a supervisory authority. California residents may exercise CCPA rights; EU residents may exercise GDPR rights. Reach us via our support contact page; we respond within thirty (30) days.

Your data may be processed in jurisdictions outside India where our sub-processors operate. Transfers are made under contractual safeguards that provide adequate protection, consistent with DPDPA 2023 requirements.

The Services are not directed at individuals under 18. We do not knowingly collect data from minors. If we learn that we have collected data from a minor without verifiable parental consent, we will delete it promptly.

In line with the Information Technology Act, 2000 and DPDPA 2023, we have appointed a Grievance Officer. Submit grievances via our support contact page; we acknowledge within 24 hours and resolve within 30 days.

We may update this policy from time to time. Material changes will be communicated at least fifteen (15) days before they take effect, via email or a prominent in-product notice.

Questions about this policy or how we handle your data? Reach out via our support contact page.