Privacy Policy

Last Updated: February 2026

Compliant with Digital Personal Data Protection Act (DPDPA) 2023, India

Our Core Privacy Promise

ShareLync operates on a Zero-Knowledge Architecture. This means your bio-data is encrypted on your device before it reaches our servers using AES-GCM encryption. We (ShareLync) do not hold the decryption keys, which means we physically cannot read your profile data or personal information. Profile photos are stored securely on Firebase Storage with authenticated access controls. Full photo encryption is on our roadmap.

1. Information We Collect

We collect minimal data necessary to operate the service. This is broken down into the following categories:

Account Information (Visible to Us)

Phone Number - For OTP verification via Firebase Authentication
Firebase User ID - A unique identifier for your account
Device Information - Device type and OS for app compatibility

Encrypted Profile Data (NOT Visible to Us)

The following data is encrypted on your device before upload. To our servers, this appears as random encrypted data:

Personal Details: Full name, date of birth, gender, height, marital status, physical status
Religious Background: Religion, caste, sub-caste, gotra, manglik status
Education & Career: Education level, occupation, employment type, annual income, work location
Location: Country, state, city, residential status
Family Details: Father's occupation, mother's occupation, siblings information, family type, family values
Lifestyle: Diet preferences, smoking habits, drinking habits
About Me: Personal bio/description
Lifestyle Preferences: Your personal preferences and priorities
Profile Photos: Up to 6 photos (compressed and encrypted)

Optional Link Preview Data (Public Card)

When you enable 'WhatsApp Link Preview' in Settings, the following minimal data is stored separately in unencrypted form to power social media link previews:

Display Name - Your name shown in the preview card
Location - City and state for the preview card
Profession - Your occupation shown in the preview
Profile Photo - Your primary photo shown in the preview

Link Preview Control: This feature is optional and enabled by default. You can disable it anytime from Settings → Privacy. Disabling instantly deletes the public card from our servers. All other profile data (salary, education details, family info, religion, caste, lifestyle preferences) is NEVER included in link previews and remains end-to-end encrypted.

Locally Stored Data

Some data is stored only on your device and never sent to our servers:

Profile Slug/Username - Your unique shareable link identifier is stored only locally
Draft Photos - Temporarily stored during profile creation
Cached Profile Data - For offline access

App Analytics & Improvement (Anonymous, First-Party)

To maintain app stability and improve the user experience, we collect anonymous, first-party usage data. This data is processed internally and is not shared with third-party advertising networks or data brokers.

Crash Reports - Technical logs (stack traces) when the app malfunctions, to help us fix bugs
Usage Metrics - Aggregate counts of features used (e.g., 'Profile Created', 'Share Clicked') to understand product performance
Attribution - Anonymous data on how you opened the app (e.g., via a shared link or QR code) to measure our invite system

Privacy Protection: We have disabled the collection of the IDFA (iOS) and Advertising ID (Android). No ad tracking is performed. This analytics data is not linked to your name, phone number, or payment details. We collect this data strictly for the purpose of app functioning, security, and product improvement.

AI-Processed Data (Temporary)

When you upload a biodata document or image for automatic profile creation, it is processed by a third-party AI service to extract profile information:

Uploaded Document - Your biodata PDF or image is sent to Google Gemini AI for text extraction and field mapping
Extracted Fields - The AI reads your document to fill in profile fields (name, education, family details, etc.)
No AI Training - Your data is processed via Google's API and is NOT used to train or improve AI models
Automatic Deletion - Your uploaded document is automatically deleted from our temporary servers within 30 seconds after processing

AI Processing Transparency: The AI only extracts text and structured data from your uploaded document to pre-fill your profile form. You can review and edit all extracted information before saving. The original document is never stored permanently — it is deleted from our servers within 30 seconds of processing.

Age Protection: In compliance with DPDPA 2023, we do not collect analytics data from users under 18 years of age. Our app is intended for adults (18+) only.

2. How We Use Your Information

We use your data solely for:

Authenticating you via OTP verification

Allowing instant profile deletion

Displaying view counts on your profile

Preventing fraud and platform abuse

Enabling secure profile sharing via links

Enabling secure biodata sharing via links

Improving app stability and performance via first-party analytics

We use first-party analytics (Firebase) to improve app stability and performance. This data is not shared with third-party ad networks.

3. Third-Party Services

We use the following trusted third-party services:

Firebase (Google): For authentication (phone OTP), cloud storage, and privacy-preserving analytics (with Advertising ID disabled). Firebase processes data in accordance with Google's privacy policies and our strict configuration to block ad tracking.
Firestore Database: Stores your encrypted profile data. We only store the encrypted blob - the actual content is unreadable without your unique link.
Google Gemini AI: Used to analyze and extract information from uploaded biodata documents during profile creation. Documents are processed via Google's API and are not used for AI model training. Processing is governed by Google's Gemini API Terms of Service.
Google Cloud Functions: Used to temporarily receive and process uploaded documents for AI extraction. Files are automatically deleted within 30 seconds of processing.

We do NOT sell your data to advertisers or any third parties.

4. Data Sharing & Disclosure

We do not sell, rent, or trade your personal data.

Since we cannot read your encrypted bio-data, we cannot share it with advertisers or third parties even if we wanted to.

Legal Requirements: If required by Indian Law Enforcement agencies under valid legal process, we may share your Account Information (Phone Number, Firebase UID). However, we cannot share your Bio-Data contents as they are end-to-end encrypted and we do not possess the decryption keys.

Profile Sharing: When you share your profile link with someone, they receive access to decrypt and view your profile. You control who receives this link.

Link Previews: When the Link Preview feature is enabled, a minimal public card (name, location, profession, photo) is stored in unencrypted form to generate social media preview cards (e.g., WhatsApp, Telegram, Twitter). This data is publicly accessible via the shared link but contains no sensitive details. You can disable this feature at any time, which immediately deletes the public card.

5. Data Retention & Deletion

You are in control. You can delete your profile at any time from the app settings.

Temporary Upload Processing: When you upload a biodata document for AI extraction, the file is stored temporarily on our servers and is automatically deleted within 30 seconds after processing is complete. No uploaded documents are retained beyond this window.

When you delete your profile:

Your encrypted data is permanently erased from our cloud servers
All active shared links immediately stop working
Your profile photos are deleted from cloud storage
Local data on your device is cleared
This action is irreversible - we cannot recover deleted data

Inactive accounts may be automatically deleted after 12 months of no activity.

6. Data Security

We implement industry-standard security measures:

AES-GCM Encryption: Your profile data is encrypted using AES-GCM before leaving your device
SHA-256 Hashing: Your profile slug is hashed and never stored in plain text on our servers
Secure Transport: All data transmission uses HTTPS/TLS encryption
Firebase Security Rules: Database access is restricted by authenticated user ID
Minimal Public Surface: The optional Link Preview card exposes only 4 fields (name, location, profession, photo thumbnail). All sensitive data (income, education, family, religion, caste, lifestyle preferences) remains exclusively in the encrypted vault.

7. Your Rights (DPDPA 2023)

Under the Digital Personal Data Protection Act 2023, you have the right to:

Access: View all data associated with your account
Correction: Update or correct your profile information anytime
Erasure: Delete your account and all associated data
Grievance Redressal: Contact our Data Protection Officer for any concerns

8. Children's Privacy

ShareLync is intended for use by adults (18+) for the purpose of creating and sharing personal biodatas. We do not knowingly collect data from minors. If we discover a profile belongs to someone under 18, it will be deleted immediately. Parents or guardians who believe their child has provided personal data should contact us immediately.

9. Changes to This Policy

We may update this policy as our technology evolves or as required by law. Significant changes will be notified via:

In-app notification
Email (if provided)
Update notice on this page

Continued use of the service after changes implies acceptance of the updated terms.

10. Contact Us

If you have questions about this privacy policy, want to exercise your data rights, or report a concern:

ShareLync Data Protection Officer

Email: admin@sharelync.app

Response Time: Within 72 hours