Privacy Policy

Last updated: March 2026

Our Privacy Promise

We take privacy extremely seriously. As a compliance tool, we hold ourselves to the highest standards. comply.youmeyou.ai is itself designed to be DPDP compliant — we practice what we preach. Your data is handled with the same rigour we help you achieve.

Data We Collect

Anonymous Users — Zero Data Collection

Nothing. Absolutely zero. Scan data is processed entirely in server memory, the report is returned to you, and all data is immediately discarded. No cookies, no tracking, no storage — not even temporary files.

Authenticated Users — Minimal Collection

  • Email address — via Firebase authentication (for account access)
  • Scan inputs — encrypted with AES-256-GCM before storage
  • Compliance reports — encrypted with AES-256-GCM before storage

We collect only what is necessary to provide the service. Nothing more.

How We Process Data

  1. Your scan inputs are sent to our AI analysis pipeline (powered by DeepSeek V3) for compliance analysis.
  2. The AI processes your data and returns structured analysis results covering all 10 DPDP obligations.
  3. For anonymous users: the entire process happens in memory. Nothing is written to disk or any database. Once the report is delivered, all data is gone.
  4. For authenticated users: results are encrypted with AES-256-GCM before being written to the database.

Encryption

All stored data is protected with industry-leading encryption:

  • Algorithm: AES-256-GCM (authenticated encryption)
  • Unique IVs: Each database record has its own initialisation vector, ensuring identical inputs produce different ciphertext
  • Key separation: Encryption keys are stored separately from encrypted data, in a different infrastructure layer
  • In transit: All communication uses TLS 1.3

Third-Party Services

We use a minimal set of third-party services:

Firebase (Google)

Used for authentication only. No compliance data, scan inputs, or report data is shared with Firebase or Google.

DeepSeek

Used for AI analysis processing. Data is sent for analysis and is not retained by DeepSeek per their API terms of service.

What We Don't Use

No analytics. No advertising SDKs. No tracking pixels. The only cookies used are essential authentication cookies set by Firebase for session management.

Data Retention

User TypeRetention
Anonymous0 days — not stored
AuthenticatedUntil user deletes their account or data

Authenticated users can delete all their data at any time from the dashboard. Deletion is permanent and irreversible.

Your Rights (DPDP Data Principal Rights)

Under the Digital Personal Data Protection Act, 2023, you have the following rights as a Data Principal:

Right to Access

Request a copy of all personal data we hold about you

Right to Correction

Request correction of inaccurate personal data

Right to Erasure

Request permanent deletion of all your data

Right to Withdraw Consent

Withdraw consent for data processing at any time

To exercise any of these rights, contact us at privacy@youmeyou.ai.

Grievance Officer

In accordance with the DPDP Act, we have appointed a Grievance Officer to address your concerns:

Grievance Officer

Name: [To be designated]

Email: grievance@youmeyou.ai

The Grievance Officer will acknowledge your complaint within 48 hours and resolve it within 30 days of receipt.

Changes to This Policy & Contact

We may update this Privacy Policy from time to time. We will notify registered users of any material changes via email before they take effect.

Continued use of the Service after changes constitutes acceptance of the updated policy.

Contact Us

For any privacy-related questions or concerns, reach us at privacy@youmeyou.ai