Privacy Policy
1. Who we are
DataFrontier Innovations Private Limited (“DataFrontier”, “we”) is the data controller for personal data collected through datafrontier.co. We are registered in India, CIN U62091KA2024PTC184641, with our registered office at L 148, 5th Main Road, Sector 6, HSR Layout, Bengaluru 560102, India.
2. Grievance Officer
For any question or complaint about your data, contact our Grievance Officer ([FACT_NEEDED: name]) at privacy [at] datafrontier [dot] co. Under the DPDP Act you may also escalate to the Data Protection Board of India.
3. EU / UK representative
[FACT_NEEDED: if we process a significant volume of EU/UK-resident data, the GDPR/UK GDPR may require us to appoint a representative in the EU/UK. The founder should confirm whether this applies and name one.]
4. What we collect, and why
We collect only what we need. Each category below lists its source, purpose, legal basis, and how long we keep it.
| Data | Source | Purpose | Legal basis | Retention |
|---|---|---|---|---|
| Contact form: name, email, organization, message | You | Respond to your enquiry | Consent; our legitimate interest in replying | 24 months from last contact |
| Waitlist: email | You | Contact you about Clarivoyant early access | Consent | Until you withdraw, or 24 months |
| Consent records: version, timestamp, hashed IP | Generated on submission | Demonstrate the lawful basis for processing | Legal obligation | Kept with the related record |
| Server logs: IP, user agent, timestamps | Automatic | Security and operating the site | Legitimate interest | [FACT_NEEDED: log retention period] |
| Job applications (planned): name, email, optional phone/links, resume | You | Evaluate your application | Consent | 12 months unless hired — [FACT_NEEDED: careers form not yet live] |
5. Who else processes your data
We use a small number of processors, each under their own terms. We do not sell your data or share it for advertising.
- Google Cloud Platform — hosting (Cloud Run, asia-south1 / Mumbai). Privacy notice.
- Resend — transactional email delivery. Privacy policy. [FACT_NEEDED: change if you use Postmark.]
We disclose data to authorities only where the law requires it.
6. International transfers
Our site is hosted in India. When we send email, our provider Resend processes data in the United States. [FACT_NEEDED: name the transfer safeguard you rely on, e.g. standard contractual clauses.]
7. Your rights
Subject to law, you can ask us to access, correct, or delete your data, withdraw consent, and (for EU/EEA/UK residents) request portability, restriction, or object to processing.
Exercise any of these through our data request form. We respond within 30 days.
8. Children
We do not knowingly collect data from anyone under 18. If we learn we have, we delete it on notification.
9. How we protect your data
Data is encrypted in transit (TLS) and at rest. Access is limited to the people who need it, and we keep our third-party surface small. We treat any suspected incident as a priority.
10. Data breaches
If a breach affects your personal data, we will notify you and the relevant authority within 72 hours of becoming aware, where the law requires it.
11. Cookies
We set no analytics or advertising cookies, and we do not track you. Only strictly-necessary cookies (if any) are used to serve the site, and those do not require consent — so there is no cookie banner. [FACT_NEEDED: revisit if analytics is added.]
12. Changes to this policy
We will update this page when our practices change, and revise the version and date below. We will highlight significant changes.
13. Contact
Questions about this policy: privacy [at] datafrontier [dot] co, or our registered office above.
This document was drafted with AI assistance and reviewed by [PLACEHOLDER_LEGAL_REVIEWER]. Version 1 — effective [PLACEHOLDER_DATE].