Privacy Policy

1. Information we collect

We collect information you provide directly (when you sign up, configure your tenant, issue records), and certain technical information automatically (IP, browser, device type) for security and analytics.

Verification records you upload (names, mobiles, ID numbers, photos) are processed and stored on our servers strictly for the purpose of providing public verification on your behalf.

2. How we use your information

• To provide the Ketpy Authenticator service.
• To process payments (off-platform; we don't store payment card data).
• To send transactional emails (onboarding, suspension, password reset).
• To detect and prevent fraud / abuse of the public verification portal.

3. Where your data lives

All data is stored on servers in India. We do not transfer your data outside India without your explicit consent.

4. Your rights under the DPDP Act 2023

You can request access to your data, correction, deletion, and portability at any time by writing to team@ketpy.com.

5. Retention

While your tenant is active: indefinitely. If you stop renewing, we retain your records for a 90-day grace window, then delete unless instructed otherwise.

6. Security

Bcrypt password hashing, CSRF tokens, PDO prepared statements, tenant-isolated DB queries, HttpOnly + SameSite cookies. Full list at /security.

7. Children

Ketpy Authenticator is intended for organizations issuing documents on behalf of their members. Records may pertain to children (e.g. students). The organization is the controller of that data; Ketpy is the processor.

8. Contact

Privacy questions: team@ketpy.com