Privacy Policy
1. Introduction
Zutto Digital Private Limited (“Zutto”, “we”, “our”, “us”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use Deepshorts (the “Service”). It is drafted in accordance with the Information Technology Act 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 (“SPDI Rules”), and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021 (“IT Rules 2021”).
By accessing or using the Service, you consent to the practices described here. If you do not agree, please refrain from using the Service.
2. Scope
This Policy applies to all users located in India. We may expand to other jurisdictions in the future and will update this Policy accordingly.
3. Information We Collect
| Category | Data Elements | Source |
|---|---|---|
| User‑supplied | Full name, email address, age/date of birth (self‑declared 18+), profile photo (imported from Google account), in‑app content preferences | During sign‑up / profile edit |
| Automatically collected | Device identifiers (Android ID / IDFV), IP address and coarse location, app usage analytics and event logs, crash & diagnostic reports | Collected via AWS, Firebase, Mixpanel SDKs |
| Payment | Tokenised payment instrument details (handled by payment gateways such as Razorpay/PhonePe; Deepshorts does not store raw card/UPI credentials) | When you purchase a subscription |
We do not collect government ID numbers, biometrics, or other sensitive personal data as defined under the SPDI Rules.
4. Legal Basis for Processing
We process your data on the following grounds:
- Consent — when you voluntarily provide information or grant permissions.
- Performance of Contract — to deliver and manage your subscription.
- Legitimate Interests — to secure and improve the Service, provided such interests are not overridden by your rights.
5. How We Use Your Information
- Create and manage your account.
- Provide personalised content recommendations.
- Process payments and manage subscriptions.
- Diagnose crashes, analyse usage, and improve features.
- Send service‑related communications (e.g., price changes, policy updates).
- Enforce our Terms & Conditions and comply with legal obligations.
6. Disclosure to Third Parties
We share data only as necessary with the following processors, each bound by confidentiality and security obligations:
| Purpose | Vendor / Service |
|---|---|
| Cloud hosting & storage | Amazon Web Services (AWS India regions); select assets cached worldwide via Amazon CloudFront CDN |
| Analytics & diagnostics | Firebase (Google LLC), Mixpanel Inc. |
| Payment processing (future release) | Razorpay Software Pvt Ltd, PhonePe Pvt Ltd |
We will update this list as we onboard additional processors.
7. Cross‑Border Transfers
Primary storage is in India. Certain static assets may transit or be cached in servers located outside India through the CloudFront CDN. We employ contractual safeguards and industry‑standard security measures for such transfers.
8. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data (active users) | For the life of the account |
| Account data after user‑initiated deletion | 30 days (grace period for reversal / billing reconciliation) |
| Usage & analytics logs | 6 months, then anonymised or deleted |
| Payment records & invoices | 8 years (statutory accounting under Indian law) |
| User‑generated content | While account is active; deletions respected within 30 days |
9. Your Rights & Choices
You may exercise the following rights by emailing support@deepshorts.ai:
- Access or obtain a copy of your personal data.
- Correct or update inaccurate data.
- Delete your account and associated data.
- Withdraw consent or object to certain processing.
- Ask how your data is processed.
We will respond within 30 days of receiving a verifiable request.
10. Security Measures
- Transport‑Layer Security (TLS) for all network traffic.
- Encryption at rest for database storage.
- Role‑based access controls and audit logging.
- Regular vulnerability scans and annual penetration testing.
- PCI‑DSS‑compliant payment gateways.
11. Children's Privacy
Deepshorts is intended for users 18 years and older. We do not knowingly collect data from anyone under 18. If you believe a minor has provided personal data, contact us for prompt deletion.
12. Updates to This Policy
We may update this Policy from time to time. We will post the revised version in‑app and send a prominent notice at least 7 days in advance of material changes. Continued use after the effective date constitutes acceptance.
13. Contact & Grievance Officer
Designate required under IT Rules 2021 — to be appointed. In the interim, please direct all grievances or privacy questions to:
Email: support@deepshorts.ai
Postal: Zutto Digital Pvt Ltd, 349, 3rd Floor, ITI Layout, HSR Layout, Bengaluru 560068