We Built This to Protect Your Data.
We Won't Misuse It Either.

Who We Are

Saaph.in ("we", "us", "our") is an Indian personal data removal service operating at saaph.in. We help individuals discover where their personal data is exposed on Indian and global platforms, and file DPDP Act 2023-compliant removal requests on their behalf.

For the purpose of India's Digital Personal Data Protection Act 2023, Saaph.in is the Data Fiduciary for data you provide when creating an account. For free scan users, no data fiduciary relationship exists because no data reaches our servers.

Free Scan — What We Collect and Where It Goes

When you use the free scan on our homepage, you enter your name, phone number, email address, and city. Here is exactly what happens to that information:

The free scan results are illustrative and simulated, based on statistical patterns of data exposure common to Indian users. They are not the result of real-time queries to external platforms. Actual data discovery and verified removal requires creating a Pro account.

Account Data (Pro & Family Plans)

When you create an account to use our Pro or Family plan, we collect and securely store:

• Name — to address removal requests correctly
• Email address — for account access and removal request confirmations
• Mobile number — for account verification and removal requests
• City — to prioritise platform coverage relevant to your location
• Payment details — processed entirely by Razorpay. We never see or store your card or UPI details.
• Platform scan results and removal history — so we can track progress and re-scan automatically every 90 days

This data is used only to deliver the service you've paid for: finding your data, filing erasure requests on your behalf, and monitoring re-appearance. We do not use it for any other purpose.

What We Explicitly Don't Do

Given that we're a privacy company, we think it's important to be explicit:

• ❌ We do not sell, rent, or trade your personal data to any third party
• ❌ We do not share your data with advertisers or marketing platforms
• ❌ We do not use Google Analytics, Facebook Pixel, or any ad network tracking
• ❌ We do not send your data to data brokers (that would defeat our purpose entirely)
• ❌ We do not display targeted ads anywhere on our platform
• ❌ We do not use your data to train AI models
• ❌ We do not retain free scan data on our servers — we never receive it
• ❌ We do not keep your data after account closure beyond what is legally required

Cookies and Analytics

We use a minimal set of cookies, all strictly necessary for the service to function:

• Session cookie — keeps you logged into your account. Expires when you close your browser unless you select "Remember me".
• CSRF token — a security measure that prevents cross-site request forgery attacks.

We do not use advertising cookies, third-party analytics cookies, or any cookie that tracks your activity across other websites. We do not use Google Analytics. Our internal analytics (page views, feature usage) use privacy-preserving, aggregated counts with no personal identifiers.

Your Rights Under DPDP Act 2023

As an account holder, you have the following rights over data we hold about you:

• Access — request a copy of all personal data we hold about you
• Correction — request correction of any inaccurate information
• Erasure — request permanent deletion of your account and all associated data
• Portability — receive your scan history and removal records in a machine-readable format
• Withdrawal of consent — close your account and stop all processing at any time

To exercise any of these rights, email data@saaph.in with the subject "DPDP Rights Request". We will respond within 7 business days and complete any action within 30 days.

Data Retention

We retain your account data for as long as your subscription is active. When you close your account:

• Your personal profile, scan history, and removal records are deleted within 30 days
• Anonymised, aggregated statistics (e.g. "X removal requests sent to TrueCaller this month") may be retained for service improvement — these contain no personal identifiers
• Payment records are retained for 7 years as required by Indian financial regulations (GST Act), but stored by our payment processor Razorpay, not by us

Free scan users: since we never receive your data, there is nothing to delete.

Security

We implement industry-standard security measures to protect account data:

• All data transmitted between your browser and our servers is encrypted using TLS 1.3
• Account passwords are hashed using bcrypt and never stored in plain text
• Database access is restricted to authorised personnel only, with audit logging
• We conduct regular security reviews and vulnerability assessments

If you believe your account has been compromised, contact us immediately at data@saaph.in.

Changes to This Policy

We may update this Privacy Policy when our practices change or when required by law. If we make material changes, we will notify account holders by email at least 14 days before the change takes effect. Continued use of the service after notification constitutes acceptance of the updated policy.

The effective date at the top of this page shows when this version was last updated. Previous versions are available on request.

Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please reach out: