At Daftar, we take your privacy seriously. As part of our commitment to transparency and security, this Privacy Policy outlines how we collect, process, and protect your data. As we are still in beta, our practices and software are evolving. By using Daftar, you agree to the terms described below.

1. Introduction

Daftar is in beta, which means we are continually improving the software to provide the best experience. We use Google authentication solely to verify your identity and store only the necessary data for user sessions. We do not explore or access any additional details from your Google account. Your privacy and security are our priority, and we are committed to only using the authentication data needed for your login experience.

Additionally, we host our software on Vercel to provide a scalable and secure environment for our users. As part of our ongoing development, user interactions with the software may be logged for analysis and optimization purposes. However, we ensure that this data is handled by Google’s Privacy Policy and Vercel’s Privacy Practices, adhering to industry standards for data protection.

2. Data We Collect

Authentication Data:

When you sign in to Daftar using Google Sign-In, we only collect essential information necessary for authentication, including your email address and name. We do not store any sensitive data such as passwords. This data is processed in line with Google’s Privacy Policy, and your interactions with Google are governed by their terms.

IP Address & Session Data:

We collect IP address and session data to monitor usage and ensure a secure user experience. This data is stored temporarily and does not contain personal or sensitive details. Our software does not delve deeper into collecting personally identifiable information beyond what's necessary for authentication.

Usage Data:

We also gather data about how you interact with Daftar, such as pages viewed, features used, and timestamps. This information is anonymized and stored for service improvement and performance monitoring.

3. How We Use Your Data

Authentication & Access Control:

We use your Google authentication data solely to manage your login process and maintain session security. This process ensures that you can securely access Daftar without us storing sensitive login information.

Data Logging for Service Improvement:

We collect session data (such as your IP address) for diagnostics, troubleshooting, and performance optimization. This helps us ensure that Daftar functions properly during the beta phase and provides you with a stable experience.

4. Data Storage & Security

As part of our commitment to security, Daftar is hosted on Vercel, which provides a secure cloud infrastructure. Vercel ensures that data is stored in an encrypted environment using industry-standard encryption methods.

Data Encryption:

All data, including your session data, is encrypted in transit using TLS 1.2 or higher, and at rest using AES-256 encryption.

Access Control:

Strict access control policies are in place to ensure that only authorized personnel can access the system. We rely on role-based access control (RBAC) to manage this.

Regular Security Audits:

We conduct regular security audits and apply security patches to ensure that the software remains secure and protected against emerging threats.

5. Third-Party Services

Google:

Your authentication data is processed by Google through OAuth 2.0. Google’s privacy policies govern how your data is handled during authentication. We don’t store or process any further sensitive data through Google beyond what is required for the authentication process.

Google Authentication & Privacy:

As part of Daftar's authentication process, we use Google OAuth 2.0 to verify your identity when you sign in. This allows you to use your existing Google account for a streamlined, secure login process. Below, we outline how we handle your data during this process and Google's role in protecting your information:

• OAuth 2.0 Authentication: We rely on Google’s OAuth 2.0 protocol to authenticate users. This allows Daftar to securely access only the email address and basic profile information (such as name) associated with your Google account.
• Minimal Data Access: Daftar does not ask for or access any other information stored in your Google account, such as emails, contacts, calendar events, or documents. We only retrieve basic data necessary for your user authentication (email and name). This data is stored temporarily and used strictly for login management.
• No Storage of Sensitive Data: Daftar does not store any sensitive information such as passwords or personal documents. We never have access to or retain your Google password, and we do not have the capability to view or alter your Google account details beyond the minimal data required for authentication.
• Google’s Privacy Practices: Google has stringent privacy and security practices in place, governed by its Privacy Policy. When you use Google Sign-In, your interactions with Google are subject to their privacy and data protection practices.
• Data Retention by Google: Google retains your authentication data for as long as necessary to provide the authentication service. This data is stored securely by Google.
• Google’s Security Measures: Google employs industry-standard encryption methods and other security measures to ensure that your authentication data is protected.

For more information, refer to Google’s Privacy Policy.

Vercel:

Daftar is hosted on Vercel, a trusted platform that provides cloud hosting services. Vercel’s policies govern how your data is stored and processed. We ensure that Vercel follows industry standards for data protection and privacy.

Supabase:

We use Supabase as our backend infrastructure for storing user data and session information. Supabase provides a scalable and secure database and authentication service. Supabase processes your data in accordance with its own privacy policies, and we ensure that Supabase complies with industry-standard data protection measures.

6. Data Retention

We retain your data only as long as necessary to provide the services you have requested. If you choose to delete your account, your data will be removed from our systems after a period of 30 days, unless retention is required for audit, compliance, or legal obligations. During the beta phase, some data may be retained for debugging and platform improvement purposes. Logs will be retained for no more than 100 days for debugging and performance analysis.

7. Your Rights Over Your Data

As a user, you have all the rights regarding your data. You maintain ownership of your data at all times. Daftar acts as a data processor and processes your data only for the purposes specified in this Privacy Policy.

8. Cookies & Tracking

We may use cookies and session tracking technologies for the purpose of improving your user experience. These technologies help us remember your preferences and enhance software usability.

9. Security Measures

We employ standard data protection practices, including encryption, access controls, and regular security audits to safeguard your data. In the event of a data security breach, we will notify you promptly within 72 working hours by applicable laws. However, we are not liable for any losses or damages arising from such incidents.

10. Changes to This Policy

Since Daftar is currently in beta, this policy may be updated frequently as we improve the software. Any significant changes to this policy will be communicated to you via email or through the software.

11. Grievance Redressal

If you have any grievances or concerns about your data or this Privacy Policy, please contact us at the support tab in your profile. We will address your concerns within a reasonable time frame, in compliance with Indian data protection laws.