Privacy Policy

1. Who we are

Direct Dubai is operated by Rahul Nanda (Bengaluru, India). Contact: hello@direct-dubai.com.

2. What we collect

• Google account name and email (via OAuth — we never see your password)
• Profile fields: nationality, current country of residence, travel purpose, employment status, passport expiry month/year
• Pre-check answers and scan inputs
• Payment record (amount, status, Razorpay order ID — no card numbers stored here)
• Consent timestamps, IP address, and user agent (audit trail)
• Analytics events via PostHog (page views, funnel steps — no keylogging)

3. How we use it

• To generate and deliver your CALIBER report
• To process payment and verify the webhook before generating a report
• To send your report by email
• To resolve disputes and credit a free re-scan if granted
• To improve the engine and ruleset (aggregated, never individual profiling)
• Marketing emails only with your explicit consent

4. Data retention

Scan data and payment records are retained for 3 years from the date of the scan (for dispute and audit purposes). You may request deletion at any time; we will delete personal data that is not required for active disputes or regulatory obligations within 30 days.

5. Third parties

• Supabase — database and auth (Singapore)
• Razorpay — payment processing (India)
• Anthropic — AI explanation generation (US); scan inputs are sent server-side only
• PostHog — analytics (EU/US)
• Resend — transactional email

No data is sold to third parties.

6. Your rights

Under India's DPDP Act and applicable GDPR principles, you have the right to access, correct, or request deletion of your personal data. Email privacy@direct-dubai.com.