Privacy Policy

Last updated:

This Privacy Policy explains how Clearview Financial Services ("DRS Skills", "we") collects, uses, shares and protects personal data when you use the website drscommunity.dev and the services offered through it (the "Service").

For the purposes of the Digital Personal Data Protection Act, 2023 ("DPDP Act"), we act as a Data Fiduciary in respect of personal data you provide to us, and you are the Data Principal.

1. What personal data we collect

• Email address — to sign you in, to deliver one-time codes, and to send your invoice and service notifications.
• Payment metadata — order id, payment id, amount, currency, timestamp, invoice number. We do not store any card number, CVV, UPI handle, or bank account credential. These are processed by Razorpay.
• Service usage log — which skill or file you downloaded and when, for usage analytics and to prevent abuse.
• Technical data — IP address, user-agent, and timestamps captured in server logs by Cloudflare for security and abuse-prevention purposes (typically retained for 30 days).
• Session data — a single secure, httpOnly session cookie is set on sign-in. The cookie holds a random token; the corresponding session record is stored on our database. No tracking or advertising cookies are set.

2. What we do NOT collect

• No advertising or analytics tracking pixels.
• No location, contacts, microphone, camera or any device-sensor data.
• No "shadow" profile information beyond what you explicitly provide.
• No marketing emails unless you opt-in separately.

3. Purposes & legal basis

We process personal data only for the following purposes, on the legal basis of your consent (given at sign-up or purchase) and for the performance of our contract with you:

• To create and authenticate your account.
• To process your payment and deliver the digital goods you purchased.
• To generate and send your GST invoice.
• To respond to your support requests.
• To comply with our legal obligations, including tax and accounting record-keeping.
• To detect and prevent fraud, abuse and security incidents.

4. Third-party data processors

We rely on the following processors. Each processes your data strictly on our instructions and for the purposes described:

• Razorpay Software Private Limited (India) — payment processing.
• Cloudflare, Inc. (global) — hosting (Cloudflare Pages), database (D1), file storage (R2), DNS, TLS termination, and DDoS protection.
• Resend, Inc. (United States / European Union) — transactional email delivery (OTPs, invoices, service notifications).
• Zoho Corporation Pvt. Ltd. (India) — inbound and outbound email handling for our support inbox.

5. Cross-border transfers

Some of our processors may host or process data outside India (primarily the United States and the European Union). Where this occurs we rely on standard contractual safeguards offered by the processor. The DPDP Act permits transfer to all jurisdictions except those notified by the Central Government as restricted.

6. Retention

We retain your account, payment and invoice records for as long as your membership remains active, and thereafter for the period required under Indian tax and accounting laws (typically eight (8) years from the end of the relevant financial year). Server logs are retained for thirty (30) days. After the applicable retention period, data is deleted or anonymized.

7. Your rights as a Data Principal

Subject to the DPDP Act and other applicable law, you have the right to:

• Access — obtain a summary of the personal data we hold about you.
• Correction — request correction of inaccurate or incomplete data.
• Erasure — request deletion of your account and personal data, subject to our legitimate retention obligations (e.g. tax records).
• Withdraw consent — withdraw consent previously given. Withdrawal will not affect the lawfulness of processing prior to withdrawal.
• Nominate — nominate another individual to exercise your rights in the event of your death or incapacity.
• Grievance redressal — raise a grievance with our Grievance Officer (see Section 10).

To exercise any right, email support@drscommunity.dev from the address registered with us. We will respond within thirty (30) days.

8. Children

The Service is intended for adults. We do not knowingly collect personal data from children below 18 years of age. If you believe a minor has provided us with personal data, please contact the Grievance Officer and we will delete it promptly.

9. Security

We protect personal data using industry-standard measures, including TLS for all data in transit, hashed sessions, hashed one-time codes, encrypted secrets and rate-limited sign-in. No system can be guaranteed perfectly secure; in the unlikely event of a personal data breach we will notify affected users and the Data Protection Board of India as required by law.

10. Grievance Officer

We will acknowledge your request within twenty-four (24) hours and aim to resolve it within fifteen (15) days. If you are not satisfied, you may approach the Data Protection Board of India once it is constituted under the DPDP Act.

11. Changes to this policy

We may update this Policy from time to time. The "Last updated" date at the top will reflect the most recent revision. Material changes will be communicated by email.