Privacy Policy

1. Information We Collect

1.1 Account Information

When you register, we collect information you provide directly:

• Full name and email address
• Phone number (optional)
• Profile avatar (optional)
• Organization details for team accounts — organization name, industry, billing email, address, and GSTIN (if provided)
• Authentication credentials (password hash for email sign-up, or OAuth tokens for Google sign-in)

1.2 Payment Information

Payment processing is handled entirely by our third-party payment gateway. We do not store your credit card numbers, debit card numbers, or UPI PINs on our servers. We receive only transaction confirmations, invoice references, and billing status from the payment provider.

1.3 Usage & Device Data

• Device information — browser type, operating system, screen resolution
• Usage patterns — features used, pages visited, session duration
• IP address and approximate geographic location
• Performance metrics — connection quality, latency, call stability

1.4 Meeting & Session Data

We collect metadata about meetings for service delivery and usage tracking:

• Session details — meeting title, start time, end time, duration
• Participant information — names, email addresses, join/leave times, and roles
• Usage events — number of sessions, total call minutes, participant counts

1.5 Recordings

PeerFlux uses peer-to-peer WebRTC connections for live video and audio. We do not access, monitor, or store the content of your live calls. Recordings are created only when a meeting host explicitly enables the recording feature. When recording is enabled:

• All participants are notified that the session is being recorded
• Recording files are encrypted in transit and at rest
• Recordings are stored securely and accessible only to the account owner and authorized team members (admin role or above)
• Recording metadata (file size, duration, status) is tracked per session

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Process subscriptions, payments, invoices, and billing
• Monitor usage against your plan limits (call minutes, recording storage, participant counts)
• Send transactional communications — account confirmations, billing receipts, security alerts
• Improve service quality, develop new features, and fix bugs
• Detect, prevent, and address fraud, abuse, and security threats
• Comply with legal and regulatory obligations
• Send product updates and promotional communications (with easy opt-out)

3. Data Sharing & Disclosure

We do not sell your personal information to anyone. We may share information only in these circumstances:

• Service providers: Third parties that help us operate the platform — cloud hosting, payment processing, email delivery, and analytics — under strict data processing agreements
• Organization admins: If you are a member of an organization account, admins can view team usage data, member activity, and billing within that organization
• Legal compliance: When required by Indian law, court order, or government request
• Business transfers: In connection with a merger, acquisition, or sale of assets — with advance notice to affected users
• With your consent: For any other purpose only with your explicit permission

4. Data Security

We implement industry-standard security measures to protect your data:

• End-to-end encryption for live video and audio via WebRTC (SRTP/DTLS)
• TLS encryption for all data in transit
• Encryption at rest for stored recordings and backups
• Role-based access controls within organization accounts
• Regular security assessments and vulnerability reviews

While we take every reasonable precaution, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

• Account data: Retained for as long as your account is active
• Recordings: Retained until you delete them or until 30 days after account cancellation/downgrade, whichever comes first
• Billing & invoice records: Retained for a minimum of 8 years as required by Indian tax and accounting regulations
• Audit logs: Retained for 1 year for security and compliance purposes
• Post-deletion: Upon account deletion request, personal data is purged within 30 days; anonymized analytics data may be retained

You can request deletion of your data at any time by contacting us at privacy@peerflux.in.

6. Your Rights

Under applicable Indian data protection laws, you have the right to:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate or incomplete data
• Erasure — request deletion of your personal data
• Withdraw consent — withdraw previously given consent at any time
• Data portability — request an export of your data in a structured format
• Grievance redressal — lodge a complaint with our Grievance Officer or the appropriate regulatory authority

To exercise any of these rights, email us at privacy@peerflux.in. We will respond within 30 days of receiving your request.

7. Cookies & Local Storage

We use a minimal set of cookies and local storage to operate the Service:

• Essential cookies: Session management, authentication tokens, and theme preference (dark/light mode)
• Analytics: Anonymized usage data to understand feature adoption and improve the product

We do not use third-party advertising or tracking cookies. You can manage cookie preferences through your browser settings.

8. Children's Privacy

PeerFlux is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a minor, we will take prompt steps to delete that information. If you believe a minor has provided us with personal data, please contact us at privacy@peerflux.in.

9. Cross-Border Data Transfers

Your data is primarily stored and processed in India. Some of our service providers may process data in other jurisdictions. In such cases, we ensure adequate safeguards are in place in accordance with applicable Indian data protection regulations.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notification and by updating the "Last updated" date at the top of this page. Continued use of the Service after changes constitutes your acceptance of the updated policy.

11. Grievance Officer

In accordance with the Information Technology Act, 2000 and applicable rules, the Grievance Officer for the purposes of this Privacy Policy is:

12. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us: