Privacy Policy
Contents
1. Who We Are
FindARisk ("we", "us", "our") is a digital product platform providing Pre-Delivery Inspection (PDI) checklists for car buyers in India, accessible at findarisk.com.
This Privacy Policy explains how we collect, use, store, and protect your personal information. By using FindARisk, you agree to the practices described here.
This policy is compliant with the Information Technology Act, 2000, the IT (Reasonable Security Practices) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (DPDP Act).
2. Data We Collect
2.1 Account Information
When you sign in via Google OAuth, we receive and store:
- Your full name and email address
- A unique user identifier (UUID) assigned by our database
- Your Google profile avatar URL (display only)
We do not receive your Google password, phone number, or any other Google account data.
2.2 Purchase Records
When you make a purchase, we store:
- Your user ID linked to the product purchased
- The product identifier (e.g. "new-car-pdi", "used-car-pdi", "bundle")
- The Razorpay payment ID (transaction reference only)
- Timestamp of the purchase
We do not store card details, UPI IDs, bank account information, or any payment credentials. All payment data is handled exclusively by Razorpay.
2.3 Analytics Data
We use Google Analytics (GA4) to collect anonymised data including pages visited, device type, browser, general location (country/city), and referral source. This data cannot identify you personally.
2.4 What We Do NOT Collect
- Aadhaar, PAN, or any government ID
- Physical address or phone number
- Financial account details
- Your PDI checklist responses — these remain on your device only
3. How We Use Your Data
We use your personal data only for:
- Account management: Identifying you when you log in
- Purchase verification: Granting access to purchased checklists
- Transactional emails: Purchase confirmations and welcome emails via Resend
- Customer support: Responding to queries sent to support@findarisk.com
- Product improvement: Anonymised analytics to improve our platform
We do NOT use your data for advertising, retargeting, selling to third parties, profiling, automated decision-making, or unsolicited marketing.
4. Third Party Data Processors
| Processor | Purpose | Data Shared |
|---|---|---|
| Supabase | Database & authentication | Name, email, purchase records |
| Razorpay | Payment processing | Email, transaction data |
| Google OAuth | Authentication | Name, email from Google |
| Google Analytics | Usage analytics | Anonymised usage data |
| Resend | Transactional email | Name, email address |
| Netlify | Website hosting | IP address (server logs only) |
All processors are bound by their own privacy policies and applicable data protection laws. We do not share your data with any other third parties.
5. Data Storage & Security
Your personal data is stored on Supabase infrastructure with:
- AES-256 encryption at rest
- TLS 1.2+ encryption in transit
- Row-Level Security (RLS) — you can only access your own data
- Servers hosted on AWS infrastructure
Your checklist inspection responses are stored in your browser's localStorage only. They are never transmitted to our servers and we have no access to them.
While we implement industry-standard security, no internet transmission is 100% secure. We take all reasonable precautions but cannot guarantee absolute security.
6. Data Retention
- Account data (name, email): Until you request deletion
- Purchase records: 7 years from purchase date (required by Indian accounting and GST law)
- Email logs: 30 days (retained by Resend)
- Analytics data: 26 months, anonymised (Google Analytics default)
After the retention period, data is permanently deleted. Purchase records may be retained in anonymised form for statutory compliance even after account deletion.
7. Your Rights
Under the DPDP Act 2023 and applicable Indian law, you have the right to:
- Access: Request a copy of all personal data we hold about you
- Correction: Request correction of inaccurate data
- Erasure: Request deletion of your account and personal data
- Withdraw consent: Withdraw consent for non-essential data processing
- Grievance redressal: Raise a complaint with us or the Data Protection Board of India
To exercise any right, email support@findarisk.com with subject "Data Request". We will respond within 7 business days and action your request within 30 days.
Note: Purchase records cannot be deleted within the 7-year statutory retention period, but your identity will be dissociated from those records upon request.
8. Cookies & Local Storage
Cookies
- Authentication cookies: Set by Supabase to maintain your login session. Essential and cannot be disabled.
- Analytics cookies: Set by Google Analytics. Non-essential and can be blocked via browser settings.
Local Storage
We store in your browser's localStorage:
- Your PDI checklist progress (inspection ratings)
- A flag indicating if your welcome email has been sent
- A cached record of your purchase status
All localStorage data stays on your device and is never sent to our servers. Clear it via browser settings or the "Reset Progress" button in the checklist.
9. Children's Privacy
FindARisk is not directed at anyone under 18 years of age. We do not knowingly collect data from minors. If you believe a minor has used our service, contact us immediately at support@findarisk.com and we will delete their data promptly.
10. Changes to This Policy
When we make material changes, we will update the "Last updated" date, notify registered users by email, and display a notice on our website for 30 days. Continued use of FindARisk after changes constitutes acceptance of the updated policy.
11. Contact Us
- Email: support@findarisk.com
- Website: findarisk.com
- Response time: Within 7 business days
If unsatisfied with our response, you may raise a complaint with the Data Protection Board of India under the DPDP Act, 2023.