DrishtiDrishti
Get a studio
Legal · Privacy

Privacy, written for the brands that read the small print.

We are a Data Fiduciary under India's Digital Personal Data Protection Act, 2023. This page tells you exactly what we collect, why, where it sits, and how to get it back or have it deleted.

Last updated
2026-05-19
Effective
2026-05-19
Jurisdiction
India · DPDP 2023
Data officer
admin@indigenservices.in

1. Who we are

Drishti is operated by Drishti Studio LLP (placeholder pending registration), a limited liability partnership registered in Mumbai, Maharashtra, India under placeholder PAN AAACS0000A. We act as a Data Fiduciary under India's Digital Personal Data Protection Act, 2023 (the “DPDP Act”) for all personal data processed through the Drishti platform.

Our registered Data Protection Officer (DPO) can be reached at admin@indigenservices.in. For non-DPDP matters (commercial, billing, support), see the contacts at the foot of this page. We respond to verified data-subject requests within 30 days, as required by Indian law.

2. What we collect

We collect only the minimum necessary to operate the service, grouped into four buckets:

  • Account data. Email address, display name, and avatar URL — supplied by your OAuth provider (Google or GitHub). We do not store your OAuth password.
  • Workspace data. The brand vault contents you upload (logos, packshots, palette references), generated outputs, the prompts you write, and the fidelity scores attached to each generation.
  • Payment data. The last four digits of your card and the Razorpay subscription ID — nothing else. Full card numbers and CVVs never touch our servers; Razorpay is PCI-DSS Level 1 certified.
  • Telemetry. Anonymous product analytics (page views, mode usage, queue latency). We never auto-capture form contents, prompts, or any personally-identifying field.

3. How we use your data

We use your data for three explicit purposes, and only these three:

  • Running the service. Generating images, rendering your dashboard, sending invoices, delivering support replies.
  • Compliance and audit. Retaining the audit log of who generated what for the period required by Indian law and our enterprise contracts.
  • Abuse prevention. Detecting attempts to extract training data, deepfake real people without consent, or generate prohibited content.

We do not train AI models on your uploads or generations. Full stop. We send your inputs to Gemini for inference only; Google's API tier we use disables data-for-training by default. Any future change here will be a separate, explicit, per-workspace opt-in — never opt-out.

4. Lawful basis

We process personal data under two legal bases drawn from the DPDP Act:

  • Section 6 — Consent. You consent to the processing described in this notice when you create an account. Consent is itemised in the sign-up flow and can be withdrawn at any time from Workspace settings → Privacy.
  • Section 7 — Legitimate uses. Some processing is necessary regardless of consent: complying with court orders, fraud prevention, and the lawful interests of the State as defined in the Act.

We do not rely on Section 7(g) (employment) or 7(d) (compliance with judgment) opportunistically — only where genuinely applicable. Indian law is the primary regime; we treat GDPR, where it overlaps, as a stricter floor and apply whichever standard is higher.

5. Where your data lives

By default, all tenant data is stored in AWS Mumbai (ap-south-1): the database (Postgres on RDS), object storage (S3), the queue (SQS), and the application servers (ECS Fargate). Backups are encrypted at rest using AWS KMS with per-tenant keys for House and Enterprise customers.

EU-only routing is available to House-tier customers and above under a separate contract — your data is then pinned to eu-central-1 (Frankfurt) with no transit through Mumbai for application traffic. We will tell you before any data leaves India, and we will not move tenant data across regions for cost optimisation.

6. How long we keep it

Different data types have different lifetimes — none are “forever”:

  • Raw uploads (your brand references) — 7 days on the S3 ingest bucket, then evicted by lifecycle rule. Promoted assets in your brand vault live for as long as the vault exists.
  • Generated outputs — as long as you keep them in your workspace. DELETE /api/gen/<id> purges within 24 hours from primary and 30 days from backups.
  • Audit log — 7 years (legal hold under Indian IT law and the DPDP Act's record-keeping expectations).
  • Invoices and GST records — 8 years, matching the Indian Goods and Services Tax retention requirement.

7. Your rights under DPDP

Chapter III of the DPDP Act gives you, the Data Principal, five concrete rights. All of them can be exercised by emailing admin@indigenservices.in from the address on file:

  • Right to information — ask us what we hold about you, in machine-readable form.
  • Right to correction. Fix any inaccurate field within your account.
  • Right to erasure. Delete your account and all associated data, subject to the retention windows in Section 6.
  • Right to grievance redressal. Escalate any unresolved complaint to our DPO; escalate further to the Data Protection Board of India if you remain unsatisfied.
  • Right to withdraw consent. Withdrawal does not retroactively invalidate processing that was lawful at the time it occurred.

We acknowledge requests within 72 hours and resolve them within 30 days, as the Act requires.

8. Cookies + tracking

We use the minimum cookies required to keep you signed in safely:

  • Functional cookies. Session token (HttpOnly, Secure, SameSite=Lax), CSRF token, and a workspace selector. These are strictly necessary; the service does not work without them.
  • Analytics cookies. Off by default. If you opt in (Settings → Privacy → Help us improve), we set a rotating, salted device identifier that resets every 30 days. No third-party marketing cookies, no advertising pixels, no fingerprinting.

We do not embed Google Analytics, Meta Pixel, LinkedIn Insight, or any cross-site tracker. The Do Not Track header is respected as an automatic opt-out for the analytics tier.

9. Third-party data processors

These are the only sub-processors that ever see your data, what they do, what we send them, and where they sit:

  • Amazon Web Services — infrastructure (compute, storage, queue). Receives all platform data. Mumbai (ap-south-1) by default.
  • Google Cloud (Gemini API) — image inference. Receives your prompt and the upload(s) for that one call only. Routed via the asia-south1 endpoint where available. Training opt-out enforced at the API key level.
  • Razorpay — payment processing. Receives your billing email, GSTIN, and card data; we receive only the masked last four. India.
  • Resend (or AWS SES once wired) — transactional email. Receives your email address and the message body. United States & EU.
  • Sentry — error monitoring. Receives stack traces, scrubbed of PII via our beforeSend hook. EU (Frankfurt).
  • PostHog — anonymous product analytics. Receives event names and a rotating device ID only — never email, prompt, or upload. EU (Frankfurt).

10. Children

Drishti is a business-tool service for users 18 years and older. We do not knowingly collect data from anyone under 18. The DPDP Act requires verifiable parental consent for processing the data of children — we comply by not processing it at all. If we learn that we have inadvertently collected data from a minor, we will delete it within 7 days and notify the affected accounts.

We also do not generate imagery depicting children. The abuse-prevention layer rejects such prompts before inference.

11. Security

Our security posture is documented in detail on the security page: encryption at rest (KMS), encryption in transit (TLS 1.3), per-tenant data isolation, signed C2PA provenance on every generation, the IPTC AI-disclosed flag on EXIF, and our incident response protocol.

We disclose any data breach affecting personal data to the Data Protection Board of India and to affected users within 72 hours of discovery, in the form prescribed by the DPDP Act.

12. Changes + contact

We will update this notice as the platform evolves. Any material change — a new sub-processor, a new data category, a shorter retention window for our benefit — is announced 30 days in advance by email to the address on file and by an in-app banner. The version log is kept publicly at /legal/privacy/changelog.

Questions, requests, or grievances: admin@indigenservices.in. General legal: admin@indigenservices.in. Postal: Drishti Studio LLP, c/o registered office, Mumbai 400001, Maharashtra, India.