DeepShield logoDeepShield

Legal · India

Privacy Policy

Last updated: April 21, 2026 · Governed by the laws of India

This Notice is issued under Section 5 of the Digital Personal Data Protection Act, 2023 ("DPDP Act") and Rule 3 of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 ("IT Rules 2021").

Tip: in the print dialog, choose Save as PDF as the destination.

1. Who we are (Data Fiduciary)

DeepShield ("we", "us", "our") operates the AI-content and deepfake detection service at deepx27.fun. For the purposes of the DPDP Act, 2023 we are the Data Fiduciary and you, the user, are the Data Principal. For privacy and data-rights queries, write to support@deepx27.fun. For abuse, security or grievance matters, contact our Grievance Officer at cyber@deepx27.fun.

2. Notice & lawful basis (DPDP §6)

We process your personal data on the basis of your free, specific, informed, unconditional and unambiguous consent, given by signing up and using the service. You may withdraw consent at any time — withdrawal does not affect the lawfulness of processing carried out before withdrawal, and may limit your ability to use the service.

3. Categories of personal data we collect

  • Account data: email address, optional display name and avatar, and authentication identifiers.
  • Scan inputs: images, audio, video, and text you upload or paste for analysis.
  • Scan results: model verdicts, scores, detected metadata (EXIF), and generator attribution.
  • Usage telemetry: credit balance, redemptions, and minimal logs needed to operate the service and prevent abuse.

4. Purpose limitation

We process your personal data only to (a) run the scan you requested, (b) display your history and credit balance, (c) prevent fraud, abuse and unauthorised access, (d) comply with applicable Indian law including the IT Act, 2000 and CERT-In Directions, and (e) improve detection accuracy in aggregate, anonymised form. We do not sell your personal data and we do not use your scan content to train third-party models.

5. Retention — 7-day auto-wipe (DPDP §8(7))

Every scan and uploaded file is permanently deleted 7 days after creation. An hourly server job purges expired records from both our database and storage, in line with the storage-limitation principle under the DPDP Act. Deletion is irreversible — download any reports you wish to keep before the deadline shown on each history row.

Account data (email, profile, credits) is retained while your account is active and erased on request. To delete your account, email support@deepx27.fun.

6. Sub-processors & cross-border transfer (DPDP §16)

We rely on the following processors to deliver the service:

  • Supabase — managed Postgres, authentication, storage
  • Hive AI — image / video / voice deepfake classification
  • Google AI Studio — text-context analysis
  • Cloudflare — edge hosting and TLS termination

These sub-processors may process your personal data on servers located outside India. Such transfers are permitted under Section 16 of the DPDP Act, except to countries that the Central Government may notify as restricted from time to time.

7. Your rights as a Data Principal (DPDP §11–14)

You have the right to:

  • Access a summary of your personal data and processing activities (§11).
  • Correct, complete, update and erase your personal data (§12).
  • Grievance redressal through our Grievance Officer (§13).
  • Nominate another individual to exercise your rights in case of death or incapacity (§14).
  • Withdraw consent at any time (§6(4)).

To exercise any right, email support@deepx27.fun or contact the Grievance Officer below. We respond within 30 days. If unsatisfied, you may approach the Data Protection Board of India.

8. Children (DPDP §9)

The service is not intended for individuals under 18 years of age. We do not knowingly process personal data of children without verifiable consent of a parent or lawful guardian, and we do not undertake tracking, behavioural monitoring, or targeted advertising directed at children.

9. Security safeguards (DPDP §8(5))

All traffic is served over HTTPS with TLS. Database access is governed by row-level security so users can only read their own scans. Credentials are hashed and at-rest encryption is provided by our infrastructure providers. To report a vulnerability, email cyber@deepx27.fun.

10. Breach notification (DPDP §8(6) & CERT-In)

In the event of a personal-data breach, we will notify the Data Protection Board of India and each affected Data Principal as required under the DPDP Act, and report qualifying cyber incidents to the Indian Computer Emergency Response Team (CERT-In) within the 6-hour window prescribed by the CERT-In Directions dated 28 April 2022.

11. Grievance Officer (DPDP §8(9) & IT Rules 2021 Rule 3(2))

  • Name: [To be appointed]
  • Email: cyber@deepx27.fun
  • Acknowledgement: within 24 hours of receipt
  • Resolution: within 15 days (IT Rules 2021), and within 30 days for DPDP rights requests

12. Changes to this policy

We may update this Notice as the product or applicable Indian law evolves. The "Last updated" date at the top reflects the most recent change. Material changes will be communicated by email or in-app notice.

See also: Terms of Service · Contact / Grievance Officer.