Privacy policy
Last updated · 2026
1. What we collect
Email address for magic-link authentication. Payment metadata (Razorpay payment ID, amount, currency, timestamp) — never card numbers; those are handled directly by Razorpay PCI-DSS Level 1.
2. What we DON’T collect
We do not see, store, or transmit the content of your client work. The vault is prompt-and-paste — when you copy a prompt into ChatGPT or Claude, the conversation happens in your AI account, not ours. We never proxy or log it.
3. Where data lives
Buyer email + entitlement records: Supabase Postgres, Singapore region (ap-southeast-1). Payment records: Razorpay (India, PCI-DSS Level 1 certified).
4. Your rights (DPDP Act 2023)
Under India’s Digital Personal Data Protection Act 2023 you may request access, correction, or deletion of your data. Email hello@anyimmi.com with the subject “DPDP request”. We respond within 30 days.
5. Cookies
One first-party cookie for the Supabase auth session. No third-party advertising or tracking cookies.
6. Children
The vault is sold to professional consultants. We do not knowingly collect data from anyone under 18.