Privacy Policy

Last updated: January 1, 2025 ยท Effective: January 1, 2025

1. Introduction

BharatDecision.com ("we," "our," or "us") is operated by BharatDecision Internet Pvt. Ltd., registered in India. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

By using BharatDecision, you agree to the collection and use of information as described in this policy. If you disagree, please do not use our service.

2. Information We Collect

2.1 Information You Provide

  • Account information: username, email address, password (hashed with bcrypt)
  • Profile data: bio, avatar image
  • Content: dilemmas, votes, comments you post
  • Communications: support requests, feedback

2.2 Information Collected Automatically

  • IP Address (Hashed): We store a one-way HMAC hash of your IP address for anti-spam purposes. The original IP is never stored.
  • Browser type, operating system, and device type (User-Agent)
  • Pages visited, time spent, referral source (via Google Analytics)
  • Cookies (see Section 6)

2.3 What We Do NOT Collect

  • We do not collect Aadhaar, PAN, or any government ID
  • We do not collect payment information (no paid tiers yet)
  • We do not collect your contacts or social graph
  • We do not sell your data to advertisers

3. How We Use Your Information

  • To operate and maintain the platform
  • To prevent spam and abuse (IP hashing, rate limiting)
  • To send you notifications about your dilemmas (opt-out available)
  • To send weekly email digests (opt-out in profile settings)
  • To improve user experience via analytics
  • To comply with legal obligations under Indian IT Act 2000

4. Data Sharing & Disclosure

We do not sell, rent, or trade your personal information. We may share data only:

  • Service Providers: Supabase (database hosting), Upstash (Redis), Cloudinary (image hosting), Vercel (web hosting) โ€” under strict data processing agreements
  • Legal Requirements: If required by Indian law, court order, or lawful government request
  • Safety: To protect the rights, property, or safety of BharatDecision, our users, or the public

5. Data Retention

  • Account data: retained until account deletion request
  • Deleted content: purged from database within 30 days
  • Vote records: anonymized after 12 months (user_id set to null)
  • Audit logs: retained for 24 months for safety/compliance
  • Email logs: retained for 90 days

6. Cookies

  • Essential: Authentication token (HttpOnly cookie, 7-day expiry) โ€” cannot be disabled
  • Analytics: Google Analytics 4 โ€” tracks page views and events (opt-out via cookie banner)
  • Preferences: Dark mode, category filter state โ€” stored in localStorage

You can manage cookie preferences using the banner shown on first visit.

7. Your Rights (PDPB Compliant)

  • Access: Request a copy of your data at privacy@bharatdecision.com
  • Correction: Update your profile at any time in settings
  • Deletion: Request account deletion โ€” all personal data removed within 30 days
  • Opt-out: Unsubscribe from email digests in profile settings
  • Portability: Export your dilemmas and vote history via profile page

8. Security

We implement industry-standard security measures: TLS encryption in transit, bcrypt password hashing, JWT authentication with HttpOnly cookies, rate limiting, and IP blocking for abuse. However, no system is 100% secure. In the event of a data breach, we will notify affected users within 72 hours per applicable law.

9. Children's Privacy

BharatDecision is not intended for users under 13 years of age. We do not knowingly collect data from children. If you believe a child has provided us personal information, contact us immediately.

10. Contact Us

For privacy-related queries, email: privacy@bharatdecision.com
Grievance Officer: [Name], BharatDecision Internet Pvt. Ltd., [Address], India