1. What we collect
Account data.When you sign in with Google we receive your name, email address, and avatar from Google OAuth. We don't see your Google password.
Business profiles. The descriptions you submit and the structured profiles extracted from them (sector, state, scale, ownership, operating flags) — this is the input the product runs on.
Usage analytics. Product events (pages viewed, queries run, buttons clicked) via Mixpanel, hosted on EU residency servers. We use this to understand what works, not to build advertising profiles.
Payment data. Subscriptions are processed by Razorpay. We store your subscription status and quota — never your card or bank details.
2. How we use it
To compute which rules and schemes apply to your business, run watcher relevance checks against your saved profiles, deliver notifications, operate billing and quotas, and improve the product. Your business descriptions are processed by Anthropic's Claude models via API to perform the analysis; API inputs are not used by us to train models.
We do not sell your data, share it with advertisers, or train machine-learning models on your business profiles.
3. Where it lives
Application data is stored in Supabase (Postgres) with row-level security, hosting runs on Vercel, analytics on Mixpanel's EU infrastructure, and payments on Razorpay (India). Each processor handles data under its own security and privacy commitments.
4. Your controls
You can edit or delete any saved business profile in the app — deletion is real, not a soft hide. You can cancel your subscription from the billing page. To delete your account and all associated data, or to request a copy of your data, email support@complianceradar.inand we'll complete it within 30 days.
5. Cookies
We use cookies for authentication (keeping you signed in) and first-party analytics. No third-party advertising cookies, no cross-site tracking pixels.
6. Legal bases and DPDP
We process your data to perform the contract you signed up for (running compliance queries you ask for), with your consent (analytics), and for legitimate operational interests (security, billing integrity). We follow the consent, purpose-limitation, and erasure principles of India's Digital Personal Data Protection Act, 2023, and will continue aligning as its rules take effect.
7. Changes and contact
Material changes to this policy will be posted here with a new date. Grievances and data requests: support@complianceradar.in.