1. What we collect

Account data.When you sign in with Google we receive your name, email address, and avatar from Google OAuth. We don't see your Google password.

Business profiles. The descriptions you submit and the structured profiles extracted from them (sector, state, scale, ownership, operating flags) — this is the input the product runs on.

Usage analytics. Product events (pages viewed, queries run, buttons clicked) via Mixpanel, hosted on EU residency servers. We use this to understand what works, not to build advertising profiles.

Payment data. Subscriptions are processed by Razorpay. We store your subscription status and quota — never your card or bank details.

2. How we use it

To compute which rules and schemes apply to your business, run watcher relevance checks against your saved profiles, deliver notifications, operate billing and quotas, and improve the product. Your business descriptions are processed by Anthropic's Claude models via API to perform the analysis; API inputs are not used by us to train models.

We do not sell your data, share it with advertisers, or train machine-learning models on your business profiles.

3. Where it lives

Application data is stored in Supabase (Postgres) with row-level security, hosting runs on Vercel, analytics on Mixpanel's EU infrastructure, and payments on Razorpay (India). Each processor handles data under its own security and privacy commitments.

4. Your controls

You can edit or delete any saved business profile in the app — deletion is real, not a soft hide. You can cancel your subscription from the billing page. To delete your account and all associated data, or to request a copy of your data, email support@complianceradar.inand we'll complete it within 30 days.

5. Cookies

We use cookies for authentication (keeping you signed in) and first-party analytics. No third-party advertising cookies, no cross-site tracking pixels.

6. Legal bases and DPDP

We process your data to perform the contract you signed up for (running compliance queries you ask for), with your consent (analytics), and for legitimate operational interests (security, billing integrity). We follow the consent, purpose-limitation, and erasure principles of India's Digital Personal Data Protection Act, 2023, and will continue aligning as its rules take effect.

7. Changes and contact

Material changes to this policy will be posted here with a new date. Grievances and data requests: support@complianceradar.in.