Dishaya / Privacy Policy
Privacy Policy
The shortest honest version: your words are not our data. Here is exactly what we store, what we never store, and why.
What We Never Store
- Your chat conversations. Chats live in your browser or app, on your device. Cloud prompts are relayed to produce the answer and are not written to our servers.
- Your documents and decks. Generated on our servers, delivered to you, stored only on your device.
- Payment card details. Stripe and Razorpay process payments; card numbers never touch our systems.
We also never train AI models on your content, and we never sell personal data. Both are permanent commitments, not current settings.
What We Store, And Why
| Data | Why | Kept |
|---|---|---|
| Your email address | Sign-in codes, receipts, service notices | Until you delete your account |
| Research reports you create | So you can reopen them from your Library | Until you delete them or your account |
| Plan and usage counters | To meter monthly allowances fairly | Rolling months |
| Payment records (amount, plan, date) | Receipts, taxes, accounting | As law requires |
| Content-free service metadata | Quality, cost, and reliability of answers (never the words of your prompts or answers) | Aggregated over time |
Research Uses The Web
When you run research or turn on web search, your question is sent to web search providers, and the public pages we then read receive an ordinary page request, because that is what finding sources means. We use privacy-respecting search infrastructure and never attach your identity to those queries. Regular chat without web search does not touch the internet beyond producing your answer.
Third Parties We Rely On
Model providers (to generate answers; they receive the prompt being answered, under contracts that forbid training on it), search services (for research), Stripe and Razorpay (payments), and our email service (sign-in codes). Each receives only what its job requires.
Local Mode
With the app's on-device engine, prompts and answers are processed entirely on your own hardware. Nothing about those conversations reaches us at all.
Your Rights
Email [email protected] to access, correct, export, or delete your data. Account deletion removes your email, reports, and counters within 30 days (payment records are kept as law requires). If you are in India, these rights align with the DPDP Act; if in the EU/UK, with the GDPR. We answer within 7 days.
Security
Sign-in codes are hashed, sessions are token-hashed, provider keys are encrypted at rest, and disclosure reports go to the address published at /.well-known/security.txt. No system is perfect; if a breach ever affects your data, we will tell you promptly and plainly.
Changes
Material changes are emailed at least 14 days in advance. The current version always lives at this address.