Privacy Policy

Last Updated: May 2026

Welcome to Cyber Himaya ("we," "our," or "us"). We operate an AI-driven digital safety framework through automated interfaces on WhatsApp and Telegram. This document outlines our data collection, analysis processing practices, and our commitment to Indian data compliance standards.

1. Data Fiduciary Status & Consent

In accordance with the Digital Personal Data Protection (DPDP) Act, Cyber Himaya acts as a Data Fiduciary. We process your data exclusively based on the explicit, affirmative consent provided by you before initializing any heuristic evaluation or scanning routines.

2. Data Collection and Minimization Protocols

We believe in strict data minimization. We only collect details essential to providing threat intelligence analysis:

• Identity Identifiers: Masked phone numbers (WhatsApp) or internal routing IDs (Telegram) to maintain active scan balances and prevent resource abuse.
• Submitted Telemetry: Uniform Resource Locators (URLs) and application packages (.apk files) uploaded via our dashboard.

3. Zero Retention System Architecture

To maximize data security, our platform runs a customized extraction execution environment:

• Payload Processing: All files uploaded for dynamic or static threat analysis are cached within automated isolated directories (/tmp) and are permanently purged instantly upon generating your security report.
• Metadata Archival: System cryptographic hashes, logs, and billing timestamps are retained securely for a rolling window of 180 days to fulfill regulatory requirements overseen by the Indian Computer Emergency Response Team (CERT-In).

4. Third-Party Ecosystem Interfaces

To safely isolate threats, telemetry data is queried against leading global security vendors and contextual threat intelligence systems, including OpenAI's GPT models, MetaDefender, and public phishing databases. No conversational personal logs or identifying parameters are ever passed downstream.

5. Your Rights & Data Erasure Request

Under Indian digital data laws, you maintain complete ownership of your personal digital footprint. You have the right to revoke processing permissions at any time. Upon request, your account record and credit balances will be permanently removed from our active relational database instances.

6. Grievance Redressal Officer

For any complaints, data deletion execution inquiries, or infrastructure security notifications, you may reach out directly to our Grievance Redressal Desk at: support@cyberhimaya.com.