Saaph.in is a privacy product. Our entire purpose is to help you remove your data from the internet — so we hold ourselves to a higher standard than most companies. This policy explains exactly what we collect, why, where it lives, and the rights you have under India's DPDP Act 2023.
Your data is stored and processed in India, encrypted at rest and in transit, and used only to run your scan and send the removal requests you approve. We never sell, rent, or share your personal data, we show no ads and run no tracking pixels, and we never store your passwords. You can access or delete your data at any time.
Saaph.in is operated by Ronin Works Private Limited, a company registered in India (Hyderabad, Telangana). Saaph is a tool that helps individuals discover where their personal data is exposed across Indian and global platforms and prepare and send their own data-erasure requests under the Digital Personal Data Protection Act 2023 ("DPDP Act").
For the purposes of the DPDP Act, Ronin Works Private Limited (operating as "Saaph", "we", "us", "our") is the Data Fiduciary for the personal data you provide to us, and you are the Data Principal. When you use Saaph to send a removal request, Saaph acts only as a communication facilitator that transmits your own request to the relevant company at your instruction, with you kept in copy and the company asked to reply to you directly. Saaph does not act as your legal, authorised, or other representative or agent, does not exercise your rights for you, and does not take on any legal representation of you. You remain the Data Principal exercising your own rights, and the requests are your own.
We collect only what we need to find and remove your exposed data. You provide most of it yourself during onboarding.
| Data | Why we collect it |
|---|---|
| Name, email(s), phone, city | Your "footprint" — used to search for your exposure and to address removal requests correctly. |
| Usernames / handles (optional) | To check for public profiles registered to you. |
| Scan results & findings | What we discovered (accounts, data-broker listings, breach exposure) so we can show your report and track removals. |
| Breach exposure | Whether your email appears in known data breaches, checked against breach-intelligence databases. |
| Removal records | Which companies were contacted, when, the 90-day deadline, and status. |
| Preferred contact email | So companies reply directly to you (you are CC'd on every removal email). |
| Consent & account records | To prove you agreed to our terms and to manage your account/login. |
| Feedback you submit | To improve the product (only if you choose to send it). |
If you check whether a password has leaked, that check happens inside your browser using k-anonymity — only a short, partial fingerprint of the password is used, and the password itself never leaves your device and is never sent to us.
We use your data only to deliver the service:
We do not use your data to build advertising profiles, train AI models, or for any purpose you haven't agreed to.
Legal basis & consent. We process your data on the basis of the consent you give when you create an account and start a scan. You can withdraw consent at any time by closing your account or emailing us — withdrawal stops further processing (though it doesn't undo actions already taken at your request, such as a removal email already sent).
Your personal data is stored and processed in India (Mumbai region), encrypted at rest and in transit. See our Security & Data Residency page for detail.
To run the service we rely on a small number of reputable third-party processors, bound by contract to protect your data and use it only on our instructions. We use them by category, not to monetise your data:
The only other parties who receive your data are the companies you direct us to contact for a removal — and only the details necessary for that request (with you CC'd). We do not sell, rent, or share your data with anyone else.
Because we're a privacy company, we think it's important to be explicit:
We use only the cookies and storage strictly necessary for the service to work:
We do not use advertising cookies, third-party ad/analytics trackers, or any cookie that follows you across other websites. Any internal usage metrics are aggregated counts with no personal identifiers.
Your consent (DPDP Act 2023). On your first visit we show a consent notice and record your choice. Because Saaph uses only essential cookies, accepting keeps the service working; there are no advertising or analytics cookies to opt into (a control for future privacy-first analytics stays off unless you turn it on). Your consent is as easy to withdraw as to give — use the "Cookie preferences" link in the footer at any time to review or change it. For signed-in users we keep a record of the consent given, as required for demonstrable consent under the DPDP Act 2023.
As a Data Principal you have the right to:
To exercise any right, email data@saaph.in with the subject "DPDP Rights Request". We aim to acknowledge within 7 business days and complete the action within 30 days. If you're not satisfied with how we handle your grievance, you may escalate to the Data Protection Board of India.
Saaph is intended for adults (18+). We do not knowingly process the personal data of a child without verifiable parental/guardian consent, and we do not undertake tracking, behavioural monitoring, or targeted advertising directed at children, in line with the DPDP Act. If you believe a child has provided us data, contact data@saaph.in and we will delete it.
We keep your data only as long as needed to provide the service:
We apply strong, industry-standard safeguards:
We will notify affected users and the Data Protection Board of India within the timeframe required by the DPDP Act, and be transparent about what was affected and the steps we are taking.
We may update this policy when our practices change or when required by law. For material changes we will notify account holders by email before the change takes effect. The effective date at the top shows when this version was last updated; previous versions are available on request.
For any question about this policy, to exercise your rights, or to raise a grievance, contact our Grievance Officer: