Privacy Policy

Last updated: April 13, 2026

1. Information We Collect

We collect information you provide directly: name, email address, and payment information processed via Stripe and Razorpay. We also collect usage data, IP addresses, device information, and browser types automatically. Documents and files you upload are stored to provide our AI processing features.

2. How We Use Your Information

We use your information to provide and maintain our services, process payments, send transactional emails about your account, improve product functionality, and detect and prevent fraud or security incidents. We do not use your data for automated decision-making that produces legal or similarly significant effects.

3. How We Share Your Information

We share information with third parties only as necessary to operate our service: Stripe and Razorpay (payment processing); Firebase Authentication (secure login); Resend (transactional email delivery); Cloudflare (CDN, security, and file storage); Neon (database hosting). Each provider receives only the minimum data required for their function. We never sell your personal information.

4. Method of Disclosure

All data transmission occurs over HTTPS with TLS encryption. When disclosing information to service providers, we transmit only the minimum necessary data via secure API calls authenticated with industry-standard protocols. We do not sell, rent, or lease your personal information to any third parties for marketing purposes.

5. Data Storage & Security

We implement AES-256 encryption for data at rest and TLS 1.3 for data in transit. Your data is stored in Neon Postgres databases (US region) and Cloudflare R2 storage. We maintain strict access controls and regular security audits. Our infrastructure providers hold SOC 2 Type II and ISO 27001 certifications.

6. Data Retention

Account data and uploaded files are retained while your account is active and deleted within 30 days of account closure. Payment records are retained for 7 years to comply with Indian tax and financial regulations. Backup data is purged on a 30-day schedule.

7. Your Rights

You have the right to access, export, correct, and delete your personal data. Under GDPR Article 17, you may request erasure (right to be forgotten). California residents may exercise CCPA rights. Contact [email protected] — we respond to verified requests within 30 days.

8. Cookies

We use essential session cookies only. No advertising or third-party tracking cookies. We use PostHog for product analytics with opt-out available via your browser's Do Not Track setting or by contacting us.

9. Children's Privacy

Our service is not directed to children under 13. We do not knowingly collect information from children under 13. If you believe your child has provided us with personal information, contact [email protected] and we will promptly delete it.

10. Changes to This Policy

For material changes, we will notify you via email at least 14 days before they take effect. Continued use of our service after changes constitutes acceptance of the updated policy.

11. Contact

Questions about this policy: [email protected]. Dirgha AI is based in India and complies with applicable data protection laws including the Information Technology Act 2000 and GDPR where applicable.