Legal

Privacy Policy

Last updated: May 16, 2025

1. Who We Are

Intractify Technologies (“Intractify”, “we”, “us”, or “our”) operates the Intractify cloud browser platform at intractify.com and the web application at app.intractify.com. We are the data controller for personal data collected through our website and services. Our registered address is Intractify Technologies, India. For privacy matters, you may contact our Data Protection Officer at privacy@intractify.com.

2. What Data We Collect

Intractify collects only the minimum data necessary to provide the service. We collect:

  • Account information: Your name, email address, and profile photo provided via Clerk (our authentication provider) when you create an account. We do not store your password — Clerk handles authentication securely.
  • Session metadata: Session duration, session count per billing period, and the selected browser type and region. We do not store URLs visited, search queries, page content, cookies, or any browsing activity.
  • Payment information: Subscription plan and transaction status. We do not store card numbers or bank details — all payment processing is handled by Cashfree, our PCI-DSS compliant payment gateway.
  • Usage data: Aggregate, anonymised usage statistics (such as session volume trends) for service improvement. This data is never linked to individual users.
  • Technical data: IP address (used only for rate limiting and fraud prevention, discarded after the request is processed), browser type, and operating system (from HTTP headers, used for compatibility).

We never collect, store, or have access to your browsing activity, visited URLs, search queries, cookies set during sessions, or any content you view inside a Intractify browser session.

3. App Permissions (Google Play / Mobile Clients)

If you access Intractify through a mobile application distributed via Google Play, the app may request the following permissions:

  • Internet access: Required to establish encrypted WebSocket connections to Intractify session servers and stream your browser session to your device.
  • Network state: Used to detect connectivity changes and gracefully reconnect sessions when your network switches (e.g., Wi-Fi to cellular).
  • Camera / Microphone (optional, user-granted): Only requested if you enable media passthrough features in a session. These streams are sent to the cloud container and are never stored by Intractify.

No permission data is shared with third parties or used for advertising purposes.

4. How We Use Your Data

We use the data we collect for the following purposes:

  • Providing and maintaining the Intractify service
  • Enforcing plan quotas (session count and duration limits)
  • Processing payments and managing subscription status via Cashfree
  • Sending transactional emails (account confirmation, billing receipts, password reset) via Clerk
  • Detecting and preventing fraud and abuse
  • Responding to support requests and legal inquiries
  • Improving and developing new features based on anonymised aggregate usage patterns

We do not use your data for targeted advertising. We do not sell your data to any third party.

5. Data Retention

We retain data for the shortest time necessary:

  • Session data (browsing content): Never stored. Container and all contents are permanently destroyed at session end with no recovery possible.
  • Session metadata (duration, count): Retained for the current billing period for quota enforcement. Anonymised after 90 days.
  • Account information: Retained while your account is active. Deleted within 30 days of account deletion request.
  • Payment transaction records: Retained for 7 years as required by Indian financial regulations (Cashfree compliance).
  • Audit logs: Retained for 12 months for security and compliance purposes, then automatically deleted.

6. Third-Party Data Processors

We work with the following sub-processors, each bound by data processing agreements:

  • Clerk (clerk.com): Authentication, user management, and transactional email. Stores your name, email, and authentication credentials in compliance with SOC 2 and GDPR.
  • Cashfree (cashfree.com): Payment processing and subscription management. PCI-DSS Level 1 certified. Processes payment card data — Intractify never sees raw card numbers.
  • Cloud infrastructure providers (AWS, GCP, Azure): Run the ephemeral session containers. No personal data is persisted on these providers beyond the duration of a session.
  • Upstash (upstash.com): Serverless Redis used for session state during active sessions. Data is automatically expired at session end.

7. Your Rights (GDPR & CCPA)

Depending on your jurisdiction, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your personal data. See our Data Deletion page for the process.
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interests.
  • Right to opt-out of sale (CCPA): We do not sell personal data. California residents may submit requests to privacy@intractify.com.

To exercise any of these rights, contact us at privacy@intractify.com. We will respond within 30 days.

8. Cookies

The Intractify marketing website uses minimal cookies:

  • Essential cookies: Required for session authentication (set by Clerk) and security (CSRF protection). Cannot be disabled without breaking the service.
  • Preference cookies: Remember your display preferences. Expire after 1 year.

We do not use advertising cookies, tracking pixels, or third-party analytics that profile individual users. Aggregate page view counts may be tracked using privacy-preserving analytics that do not set cookies.

9. Data Deletion

You may request deletion of your account and all associated personal data at any time. Requests are processed within 30 days. Visit our Data Deletion Request page or email privacy@intractify.com with subject “Data Deletion Request”.

10. Security

Intractify uses TLS 1.3 for all data in transit. Session streams are end-to-end encrypted. Data at rest (account information and subscription records in our PostgreSQL database) is encrypted using AES-256. We conduct regular security reviews and follow responsible disclosure principles. To report a security vulnerability, email security@intractify.com.

11. Changes to This Policy

We will notify you of material changes to this Privacy Policy via email (to the address associated with your account) at least 14 days before changes take effect. The updated policy will also be posted on this page with a revised “Last updated” date.

12. Contact Our DPO

For all privacy-related inquiries, contact our Data Protection Officer at privacy@intractify.com. If you are in the EU and believe we have not adequately addressed your privacy concern, you have the right to lodge a complaint with your local Data Protection Authority.