Privacy Policy
Last updated: April 27, 2026
Last updated: April 17, 2026 · Version changelog ↓
1. Introduction
Misar.Blog is operated by Misar AI Technology Pvt. Ltd. ("we", "our", or "us"), a company incorporated in India. We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.
This policy complies with India's Digital Personal Data Protection Act 2023 (DPDPA), the EU/UK General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).
2. Information We Collect
Account Information
When you create an account, we collect your email address, username, and any profile information you choose to provide (display name, bio, avatar). We also record your consent to our Terms of Service, including the version accepted and the timestamp.
Content
We store the articles, comments, and other content you create on the platform. You retain ownership of your content.
Usage Data
We collect analytics data about how you use the platform, including page views, reading time, and interaction patterns. This helps us improve the service.
Payment Data
Payment transactions are processed by Stripe. We store subscription status and payout records but do not store full card numbers.
3. How We Use Your Information
- To provide and maintain the platform
- To process payments and prevent fraud
- To send you notifications about your account and content
- To improve our services through analytics
- To respond to your inquiries and support requests
4. AI Processing Disclosure
We use automated AI systems for the following purposes:
- Content moderation — published articles and comments are screened for policy violations before going live.
- Semantic embeddings — article content is converted to vector embeddings for search and discovery features (Discovery Score). Embeddings are derived data and are not shared.
- Spam detection — user-submitted forms and API requests are rate-limited and screened.
Your content is never used to train AI models. AI decisions that affect your account (e.g. content moderation flags) can be reviewed by contacting [email protected].
5. Data Sharing and International Transfers
We do not sell your personal information. We may share data with:
- Service providers (hosting on Hetzner/Germany, payment processing via Stripe, email delivery via our own mail infrastructure)
- Legal authorities when required by applicable law
- Other users (only your public profile and published content)
International Data Transfers — Stripe
Payment processing is handled by Stripe, Inc. (United States). When you make or receive payments on Misar.Blog, certain payment data is transferred to Stripe's infrastructure in the US. This transfer is governed by Standard Contractual Clauses (SCCs) approved by the European Commission under GDPR Art. 46(2)(c), as documented in Stripe's Data Transfer Addendum. Stripe is also certified under the EU–US Data Privacy Framework.
All other data processing (article storage, analytics, authentication, email) remains within the EU on Hetzner infrastructure in Germany. No other third-country transfers apply.
For data subjects in India: transfers to Stripe fall under the adequacy-equivalent SCC mechanism, consistent with DPDPA §16 cross-border transfer requirements. We maintain a Data Processing Agreement with Stripe.
6. Your Rights
- Access your personal data
- Correct inaccurate data
- Delete your account and data
- Export your content
- Opt out of marketing communications
You can exercise most rights directly from Account Settings. For requests requiring manual review, email [email protected].
7. Cookies
We use essential cookies for authentication and session management. We also use analytics cookies to understand how the platform is used. You can control cookie preferences in your browser settings.
8. Security
We implement industry-standard security measures to protect your data, including encryption in transit and at rest, row-level security on all database tables, CSRF protection, rate limiting, and content sanitization.
9. India — Digital Personal Data Protection Act 2023 (DPDPA)
Data Fiduciary
Misar AI Technology Pvt. Ltd.
Registered in India · Data Protection Board of India (DPBI) registration pending issuance
Grievance contact: [email protected]
Your Rights as a Data Principal
- Right to Information (§11) — This policy lists all data categories, purposes, and retention periods.
- Right to Access & Portability (§11) — Export all your data as JSON from Account Settings → Export Data, or via
GET /api/gdpr/export(authenticated, rate-limited). - Right to Correction (§12) — Update your profile from Dashboard → Settings.
- Right to Erasure (§12) — Delete your account and all associated data from Account Settings → Delete Account. Stripe billing is cancelled first; your data is purged transactionally.
- Right to Grievance Redressal (§13) — Submit a complaint via the form below or email [email protected]. We respond within 30 days. You will receive a ticket reference number.
- Right to Nominate — You may nominate another person to exercise your rights in the event of incapacity. Contact [email protected] to register a nominee.
Consent
We collect your consent at account creation (age declaration + Terms of Service acceptance). Consent is timestamped and version-tracked. Consent for marketing emails is separate and uses explicit opt-in. You may withdraw consent at any time by deleting your account.
Children's Data
Misar.Blog requires users to be 18 years or older. We do not knowingly collect personal data of minors. If you believe a minor's data has been submitted, contact [email protected] immediately for deletion.
Data Localisation
Our infrastructure is currently hosted in Germany (Hetzner). DPDPA does not currently mandate data localisation for the categories of data we process. We will update this section if regulatory requirements change or if sensitive personal data categories are added.
Breach Notification
In the event of a personal data breach, we will notify the Data Protection Board of India (DPBI) within 72 hours of becoming aware. Affected data principals will be notified without undue delay as required under §8(6) DPDPA.
10. California Privacy Rights (CCPA)
If you are a California resident, you have the following rights under the CCPA:
- Right to Know — You may request disclosure of the personal information we collect, use, and share about you.
- Right to Delete — You may request deletion of your personal information via Account Settings.
- Right to Opt-Out — We do not sell your personal information to third parties.
- Right to Non-Discrimination — We will not discriminate against you for exercising your CCPA rights.
To submit a CCPA request, email [email protected] with subject "CCPA Request".
11. Contact Us
Questions about this Privacy Policy or data requests:
- Privacy & Data: [email protected]
- General: [email protected]
- Grievance form: misar.blog/support/privacy
12. Version Changelog
- v2.0 — April 17, 2026: Added DPDPA 2023 section (§9), AI processing disclosure, Data Fiduciary identity, grievance officer contact, consent versioning, children's data policy, breach notification commitment, version changelog.
- v1.0 — February 2, 2026: Initial policy covering GDPR, CCPA, and platform basics.
