Privacy Policy
Last updated: May 2026
Compliant with the Information Technology Act, 2000 and IT Rules 2021 (India)
Plain English summary: We collect your email and hashed password — nothing else that can identify you. Your anonymous username is all anyone ever sees. We do not sell data, run ads, or track you. Under Indian law, we may be compelled by a court order to disclose account data — we will resist this and notify you wherever legally permitted. If you have concerns, contact our Grievance Officer directly.
1. Who We Are
SafeChair is an anonymous peer-support platform that allows professionals to share experiences of workplace sexual harassment. SafeChair operates as an "intermediary" as defined under Section 79 of the Information Technology Act, 2000 (India) and complies with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.
2. What Data We Collect
We collect the minimum data necessary to operate the platform: • Email address — used only for account login. Never shown publicly. • Password — stored as a one-way cryptographic hash (bcrypt, 12 rounds). We cannot read your password. • Anonymous username — chosen by you at sign-up. This is the only identity visible to other users. • Posts and comments — the stories and responses you write on the platform. • Account timestamps — when your account was created and when posts were made. We do NOT collect: • Your real name • Your phone number • Your location or IP address • Device identifiers or browser fingerprints • Cookies beyond what is strictly necessary for session management
3. What We Never Do With Your Data
• We do not sell your data to any third party, ever. • We do not use your data for advertising or profiling. • We do not share your email or account details with other users. • We do not use your content to train AI models. • We do not send unsolicited marketing emails.
4. How Your Data Is Stored
Your data is stored in a PostgreSQL database hosted on secure infrastructure. Passwords are hashed and cannot be reversed. Email addresses are stored in plaintext for login purposes only and are never exposed through any API response or public interface. We take reasonable technical and organisational precautions to protect your data against unauthorised access, disclosure, or loss.
5. Anonymity — What It Means and Its Limits
SafeChair is designed to be anonymous. Your real name, email address, and employer are never shown to any other user on the platform under any circumstances. However, you must understand one important limitation: Anonymity under SafeChair is strong but not absolute under Indian law. If a competent court in India issues a valid legal order requiring us to disclose account registration data (such as an email address associated with a specific post), we are legally obligated to comply. We will always: • Notify you of such an order where we are legally permitted to do so. • Resist overbroad or unlawful disclosure requests. • Disclose only the minimum information required by the order. We will never voluntarily disclose your identity. We will only do so under compulsion of a valid court order.
6. Who Can See Your Posts
Stories and comments you post on SafeChair are public — visible to anyone, including users who are not logged in. Your anonymous username is attached to your posts. No other information about you is shown. We strongly recommend you do not include personally identifying information in your story (such as your real name, your employer's full legal name if you are concerned about identification, or names of specific individuals).
7. Grievance Officer (IT Rules 2021 — Mandatory)
In compliance with Rule 3(2) of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, SafeChair has appointed a Grievance Officer: Name: Tushar Naik Email: tusharnaik16@gmail.com Platform: SafeChair (safechair.app) Any user may raise a grievance relating to content on the platform or use of their personal data by writing to the above contact. • Acknowledgement of grievances: within 24 hours of receipt. • Resolution: within 15 days of receipt. If your grievance relates to content that exposes private information or is sexually explicit without consent, it will be treated as a priority and addressed within 24 hours.
8. Government and Law Enforcement Requests
SafeChair complies with valid legal orders from Indian courts and law enforcement agencies in accordance with the Information Technology Act, 2000 and applicable Rules. Upon receipt of a lawful government order, SafeChair will: • Take down the relevant content within 36 hours, as required by the IT Rules 2021. • Preserve relevant records for the duration required by law. • Disclose only the minimum data required by the order. SafeChair will not comply with informal requests, requests without proper legal basis, or requests from foreign governments without appropriate legal process.
9. Data Retention
• Account data (email, username, hashed password) is retained for as long as your account is active. • Posts and comments are retained indefinitely after posting unless you request deletion. • Upon account deletion, your email address and password are permanently removed. Your posts are attributed to "Deleted User" — they remain visible as part of the community record. • You may request full deletion of your posts at any time by contacting the Grievance Officer.
10. Your Rights
You have the following rights in relation to your data: • Access: Request a copy of the personal data we hold about you. • Correction: Request correction of inaccurate data. • Deletion: Request deletion of your account and personal data. • Portability: Request your data in a machine-readable format. To exercise any of these rights, contact the Grievance Officer at tusharnaik16@gmail.com. We will respond within 15 days.
11. Third-Party Services
SafeChair uses the following third-party infrastructure: • Vercel — hosting and deployment (vercel.com/legal/privacy-policy) • PostgreSQL (local or cloud) — database storage These providers process data only as necessary to deliver the service and are bound by their own privacy policies. We do not integrate advertising networks, analytics trackers, or social login providers.
12. Cookies
SafeChair uses only one cookie — a session cookie required to keep you logged in. We do not use advertising cookies, tracking cookies, or third-party analytics cookies. No cookie consent banner is required because we do not use non-essential cookies.
13. Children's Privacy
SafeChair is not intended for users under the age of 16. We do not knowingly collect data from minors. If you believe a minor has registered on the platform, please contact the Grievance Officer immediately.
14. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by updating the "Last Updated" date on this page. Continued use of SafeChair after changes are posted constitutes acceptance of the updated policy.
15. Governing Law
This Privacy Policy is governed by the laws of India, including the Information Technology Act, 2000 and the IT Rules 2021. Any disputes arising under this policy shall be subject to the exclusive jurisdiction of competent courts in India.