Privacy policy

Short version: We collect the minimum needed to run the service. No selling, no ad profiling. Real privacy, not theater.

Effective date: 18 May 2026 · Last updated: 18 May 2026

1. Who we are

ConnectX is operated by Aravind Labs, Bengaluru, India. Contact: hello@aravindlabs.tech.

2. What we collect

From you directly

• Email address — for authentication via magic link.
• Display name — visible to others in rooms.
• Age self-attestation — required at signup (18+).
• Chat messages — stored for 30 days for moderation purposes.
• Reports you submit — kept indefinitely as part of safety records.
• Payment info (Pro tier only) — processed by Razorpay; we receive only transaction status, never card numbers.

Automatically

• Server logs — IP, user agent, timestamp. Rotated every 7 days.
• Room session metadata — when you joined / left, kick events, peak participants. Used for billing and safety. Retained 90 days.
• Audit log — admin actions, room creation, reports. Retained 7 years for legal compliance.

What we do NOT collect or store

• Video or audio recordings — never recorded, never stored. The SFU (LiveKit) forwards streams between participants only.
• Screen share content — same as above.
• Browsing history outside our site.
• Third-party cookies for ad targeting.

3. Third parties

• LiveKit — real-time video/audio routing. Streams pass through their SFU but are not stored. privacy policy
• Razorpay — payment processing for Pro tier. privacy policy
• NVIDIA NIM — AI moderation of chat messages only. Each message is sent to classifier API and discarded. privacy policy
• DiceBear — avatar generation from seed (no personal data).
• Google Fonts — font files only.

4. Cookies

Authentication uses localStorage (JWT token), not cookies. No advertising cookies. No analytics cookies. No tracking pixels.

5. Your rights (GDPR / DPDP Act / CCPA)

• Access — request a copy of all data we have on you
• Rectification — correct any inaccuracies
• Erasure — delete your account and all associated data (except audit log for safety reasons)
• Restriction — pause processing while disputes are resolved
• Portability — receive your data in machine-readable format
• Objection — opt out of any processing
• Complaint — to your local data protection authority

Email hello@aravindlabs.tech with subject [Privacy Request]. Response within 30 days.

6. Data retention

• Account data: until you delete your account
• Chat messages: 30 days
• Server access logs: 7 days
• Room session metadata: 90 days
• Reports / audit log: 7 years (legal compliance)
• Payment records: 7 years (tax compliance, per India Income Tax Act)

7. Children's privacy

ConnectX requires users to be 18 or older. We do not knowingly collect data from minors. If we discover a minor's account, we delete it immediately and notify the registered email. Parents/guardians can report concerns to hello@aravindlabs.tech for immediate action.

8. Security

HTTPS / TLS 1.3 everywhere. Passwords are never used (magic link auth). JWTs are signed and short-lived. Database access restricted to backend service only. Razorpay handles all card data on PCI-DSS infrastructure.

9. International transfers

Our servers are in India. LiveKit's SFU may be in a region closer to participants. Standard contractual clauses apply where data crosses borders.

10. Changes to this policy

Material changes are announced via email and on the homepage 14 days before taking effect.

11. Contact

Privacy questions, requests, complaints: hello@aravindlabs.tech with subject prefix [Privacy].