Privacy Policy
Effective: 24 February 2026
Compliant with the Digital Personal Data Protection (DPDP) Act, 2023 and the Information Technology Act, 2000
TL;DR — We respect your privacy
Minimal data collection. Scan content deleted within 1 hour. We never sell your data. Full rights under Indian law. Email support@savdhaan.in anytime.
Data Fiduciary
Under the DPDP Act 2023, we are the Data Fiduciary responsible for processing your personal data.
Personal Data We Collect
We collect minimal data necessary to provide the Service:
Account Data
- Email address
- Display name (optional)
- Google profile (name + email only)
- Hashed password (never plain text)
Scan Data
- Messages you submit for scanning
- Screenshots for OCR analysis
- Extracted URLs, phones, UPI IDs
WhatsApp Bot
- Your WhatsApp phone number
- Messages sent to the bot
Processed and discarded within 1 hour.
Automatic
- IP address (anonymised in 24h)
- Browser & device type
- Pages visited & timestamps
Key point: Scan content is processed in real-time and automatically deleted within 1 hour. Only anonymised risk scores and categories are retained.
Purpose of Processing
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Scam detection analysis | Scan data, entities | Consent (Sec 6) |
| Account management | Email, name, hash | Consent (Sec 6) |
| WhatsApp bot replies | Phone, message | Consent (Sec 6) |
| Analytics & improvement | Anonymised metadata | Legitimate use (Sec 7) |
| Abuse detection | IP, usage patterns | Legitimate use (Sec 7) |
| Legal compliance | As required | Legal obligation |
Data Retention
Your Rights Under DPDP Act 2023
As a Data Principal, you have these rights:
Right to Access
Section 11Request a summary of your data and processing activities
Right to Correction & Erasure
Section 12Correct inaccurate data or request deletion
Right to Grievance Redressal
Section 13File a complaint — we respond within 30 days
Right to Nominate
Section 14Nominate someone to exercise your rights
Right to Withdraw Consent
Delete your account or contact us anytime
To exercise any right, email support@savdhaan.in. We respond within 30 days.
Data Security
We implement security safeguards per the IT (Reasonable Security Practices) Rules, 2011:
Children's Data
Per Section 9 of the DPDP Act 2023, we do not knowingly collect personal data from children under 18 without verifiable parental consent. If we discover such data was collected, we will delete it promptly.
Cross-Border Data Transfer
Some providers (Anthropic, Vercel, Google) may process data outside India. Under DPDP Act 2023, transfers are permitted to countries not restricted by the Central Government. We maintain equivalent protection standards through contractual safeguards.
Grievance Redressal
Under the IT (Intermediary Guidelines) Rules, 2021 and DPDP Act 2023:
If unsatisfied, you may file a complaint with the Data Protection Board of India.
Applicable Law
This policy is governed by Indian law, including:
- Digital Personal Data Protection (DPDP) Act, 2023
- Information Technology Act, 2000
- IT (Reasonable Security Practices) Rules, 2011
- IT (Intermediary Guidelines) Rules, 2021
Disputes are subject to the exclusive jurisdiction of courts in India.
Changes to This Policy
Material changes will be notified via email (if you have an account) or by a prominent notice on the website. Continued use after changes constitutes acceptance.