if

Privacy Policy

Effective Date: March 10, 2026 | Last Updated: March 10, 2026

Compliant with the Digital Personal Data Protection Act 2023 (DPDP Act), Information Technology Act 2000, and IT Rules 2021.

1. Introduction

ifelt ("we", "us", "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use ifelt.online.

We are a Data Fiduciary under the Digital Personal Data Protection Act, 2023 (DPDP Act) and operate as an intermediary under Section 79 of the Information Technology Act, 2000. We process your data lawfully, fairly, and transparently.

2. Data We Collect

We collect only the minimum data necessary for ifelt to function. This is in accordance with the data minimization principle of the DPDP Act 2023.

Email Address

Source: Google OAuth. Purpose: Authentication only. Never displayed publicly. Legal basis: Consent (Section 6, DPDP Act).

Anonymous Display Name

Source: User-chosen during setup. Purpose: Public identity on posts. You can change this anytime.

Post Content

Source: User-created. Purpose: Core platform functionality. Auto-deleted after 24 hours (free) or 14 days (premium). No backups maintained.

Payment Records

Source: Razorpay (PCI-DSS Level 1). Purpose: Subscription management. We store only transaction IDs. Card details are never stored by us.

Push Notification Token

Source: Browser push subscription. Purpose: Sending notifications. Optional — can be revoked anytime from Settings.

3. Data We DO NOT Collect

  • Your real name or identity
  • Location or GPS data
  • IP address (not stored in database)
  • Browsing history or activity outside ifelt
  • Contacts, photos, or phone data
  • Biometric data
  • Device identifiers for tracking/advertising
  • Sensitive personal data (health, finances, political beliefs)
  • Cookies for tracking (we use no tracking cookies)

4. How We Use Your Data

As per Section 5 of the DPDP Act 2023, we process personal data only for lawful purposes with your consent:

AuthenticationEmail (via Google)Consent — Section 6, DPDP Act
Display postsAnonymous name, post contentContract performance
Process paymentsTransaction IDsContract performance
Send notificationsPush subscription tokenConsent (opt-in)
Enforce TermsAccount status, post historyLegitimate interest + legal obligation
Respond to legal requestsAs required by lawLegal obligation — IT Act Section 69

5. What We NEVER Do With Your Data

✓ NEVER sell your data to third parties

✓ NEVER share data with advertisers or ad networks

✓ NEVER use your data for targeted advertising

✓ NEVER use your posts to train AI models

✓ NEVER create behavioral profiles or shadow profiles

✓ NEVER transfer data to countries without adequate data protection (unless legally required)

6. AI Writing Enhancer & Data

The AI Writing Enhancer (Premium feature) processes your text through a third-party AI service:

  • • Text is sent in real-time for enhancement only
  • • Text is NOT stored, logged, or used for AI training by either ifelt or the AI provider
  • • Processing happens in-memory and is discarded immediately after response
  • • No personal identifiers are sent with the text

7. Data Retention & Automatic Deletion

As per Section 8(7) of the DPDP Act 2023, we retain data only as long as necessary:

Posts (Free)Auto-deleted after 24 hours
Posts (Premium)Auto-deleted after 14 days
Account DataRetained until voluntary deletion or account suspension
Payment RecordsRetained for 7 years (Indian tax law compliance)
Suspended DataRetained 90 days for law enforcement, then permanently deleted

8. Data Security Measures

As required under Section 8(4) of the DPDP Act 2023, we implement reasonable security safeguards:

Encryption in Transit

All data transmitted over HTTPS/TLS 1.3. End-to-end encrypted connections.

Secure Database

Hosted on Supabase (AWS infrastructure) with Row Level Security (RLS) policies.

Authentication Security

Google OAuth 2.0 with PKCE flow. No passwords stored.

Payment Security

Razorpay handles all payment data (PCI-DSS Level 1 certified). We never touch card details.

Auto-Deletion

Automated cleanup jobs permanently delete expired posts. No backups of deleted content.

Access Control

Minimal team access to production data. Service role keys are environment-isolated.

9. Your Rights (DPDP Act 2023)

As a Data Principal under the DPDP Act 2023, you have the following rights:

Right to Access (Section 11)

Request a summary of all personal data we hold about you and how it is being processed.

Right to Correction (Section 11)

Request correction of inaccurate or incomplete personal data (e.g., your anonymous name).

Right to Erasure (Section 12)

Request complete deletion of your account and all associated data via Settings > Delete Account.

Right to Withdraw Consent (Section 6)

Withdraw consent for data processing at any time. Note: this may result in inability to use ifelt.

Right to Grievance Redressal (Section 13)

File complaints about data handling to our Grievance Officer or the Data Protection Board of India.

Right to Nominate (Section 14)

Nominate someone to exercise your data rights in case of death or incapacity.

To exercise any right, email privacy@ifelt.online. We will respond within 7 days.

10. Third-Party Services

Supabase

AWS (Mumbai region preferred)

Database & authentication hosting — Data shared: Email, anonymous name, posts

Google OAuth

Global (Google Cloud)

User authentication — Data shared: Email, basic profile

Razorpay

India

Payment processing — Data shared: Payment details (card info handled by Razorpay only)

Vercel

Global CDN (primary: US East)

Application hosting — Data shared: Application code, server logs

We do not use any analytics services, advertising SDKs, or tracking pixels. No data is shared with Meta, Google Analytics, or any ad network.

11. Data Breach Notification

In compliance with Section 8(6) of the DPDP Act 2023:

  • a. In the event of a personal data breach, we will notify the Data Protection Board of India and affected users within 72 hours of becoming aware of the breach.
  • b. Notification will include: nature of the breach, data affected, remedial actions taken, and contact information for further queries.
  • c. We will also report to CERT-In as required under the Cyber Security Directions 2022.

12. Children's Privacy

As per Section 9 of the DPDP Act 2023:

  • a. ifelt is designed for users 18 years and older. Users between 13-18 require verifiable parental consent.
  • b. We do not knowingly collect personal data from children below 13 years.
  • c. We do not engage in tracking, behavioral monitoring, or targeted advertising directed at children.
  • d. If we learn that we have collected data from a child under 13, we will delete it immediately.

13. Grievance Officer & Contact

Data Protection Contact

Grievance Officer: ifelt Privacy Cell

Email: privacy@ifelt.online

Response Time: Within 48 hours

Resolution: Within 15 days as per IT Rules 2021

If unsatisfied with our response, you may file a complaint with the Data Protection Board of India as per Section 13 of the DPDP Act 2023.

14. Changes to Privacy Policy

We may update this policy to reflect changes in our practices or legal requirements. Significant changes will be notified via email or in-app notification at least 7 days before taking effect. Continued use constitutes acceptance. The latest version is always available at ifelt.online/privacy.

This Privacy Policy is governed by the laws of India, including the Digital Personal Data Protection Act 2023, Information Technology Act 2000, and IT (Intermediary Guidelines) Rules 2021.

Version 3.0 | Effective: March 10, 2026

Terms of ServiceFAQBack to if