ssv.asia respects your privacy and is committed to protecting your personal data.
Last updated: 27 June 2026
SSV.Asia respects your privacy and is committed to protecting your personal data. This Policy explains what we collect, why, your rights, and how we comply with the EU/EEA & UK GDPR, the California Consumer Privacy Act (CCPA/CPRA) and similar US state laws, and India's Digital Personal Data Protection Act, 2023 (DPDP Act).
Data Controller / Data Fiduciary: [FULL LEGAL NAME], sole proprietor, [CITY, STATE], India. Contact: mail@ssv.asia.
1. Information We Collect
We deliberately collect as little as possible. Specifically:
- Email address — used to verify your membership (via Ghost) and as your account identifier. This is the only identity information we require.
- Membership tier / entitlement — which pass or access level your account holds, read from Ghost at sign-in.
- Usage & metering data — request counts, token usage, timestamps, pass type and expiry, daily request counts, and security flags (rate-limit / ban status). Stored per-account in Cloudflare Durable Objects to enforce quotas and prevent abuse.
- Payment metadata — the payment/transaction ID, amount, tier purchased, and refund status, received back from the payment partner. We do not receive or store your card details.
- IP address — processed transiently for rate-limiting and abuse prevention. It is not used to build a profile of you.
- Prompt & query content — what you type into the Expert AI Terminal is transmitted in real time to the AI model, web-search, and retrieval providers needed to answer it. We do not store your prompts in our database; short fragments may appear briefly in server logs for debugging and are not used to profile you.
- Support communications — only if you choose to email us.
What we do NOT collect: we do not ask for your name, postal address, or phone number; we do not store payment card details; we do not build advertising or behavioral profiles; and we do not sell your data.
2. Why We Process Your Data (Legal Bases — GDPR)
- Performance of a contract: to create your account, deliver passes, meter usage, and provide AI responses.
- Legal obligation: tax, accounting, and record-keeping.
- Legitimate interests: security, fraud/abuse prevention, and service improvement (balanced against your rights).
- Consent: for non-essential cookies/analytics and any optional marketing; you may withdraw consent at any time.
Under the DPDP Act, we process personal data on the basis of your consent or for legitimate uses permitted by the Act, after notice. You may withdraw consent at any time (which may limit the Services we can provide).
3. Payments
Payments are processed by our payment partners — Razorpay (INR/UPI; SSV.Asia is seller of record), and Gumroad / Polar.sh (international; Merchant of Record). These partners process your payment data under their own privacy policies. SSV.Asia receives only transaction confirmation and limited metadata (e.g. email, tier, payment ID, amount), never full card details.
4. AI Model Providers & Sub-processors
To deliver the Services we share limited data with trusted sub-processors:
- AI model routing/inference (e.g. OpenRouter and the underlying model providers it routes to) — receives your prompt content to generate responses;
- Web search (Tavily) — receives your search query when you use the search command;
- Knowledge retrieval (Supabase) — hosts the content vault used for retrieval;
- Membership/auth (Ghost) — verifies your email/membership;
- Infrastructure (Cloudflare) — hosts the application and stores usage/metering records.
We share the minimum necessary and do not authorize sub-processors to use your data for their own purposes beyond providing their service to us.
5. International Data Transfers
Some sub-processors are located outside India and the EU/EEA (e.g. in the United States). Where we transfer personal data internationally, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms, as required by the GDPR and the DPDP Act.
6. Cookies
The Expert AI Terminal is a command-line tool and sets no cookies. The SSV.Asia website uses only essential cookies required for member sign-in and security through our membership provider (Ghost). We do not use advertising or cross-site tracking cookies. You can manage cookies via your browser settings.
7. Data Retention
We keep data only as long as needed:
- Email + usage/metering data: kept in your per-account ledger for the life of your account so we can enforce quotas and passes; deleted on account deletion request.
- Payment metadata: retained as long as required by tax/accounting law (typically up to [8] years in India).
- Prompt content: not stored in our database. Transient log fragments are short-lived and rotate out automatically.
- IP-based rate-limit counters: automatically expire within their short rate-limit window.
We delete or anonymize data when it is no longer needed.
8. Your Rights
EU/EEA & UK (GDPR): access, rectification, erasure ("right to be forgotten"), restriction, data portability, objection, and the right to withdraw consent. You may also lodge a complaint with your local data protection authority.
United States (CCPA/CPRA & similar): the right to know/access, delete, and correct your personal information; the right to opt out of "sale" or "sharing" of personal information; and the right to non-discrimination for exercising your rights. We do not sell your personal information, and we do not share it for cross-context behavioral advertising.
India (DPDP Act, 2023): as a Data Principal you have the right to access a summary of your personal data, the right to correction and erasure, the right of grievance redressal, and the right to nominate another person to exercise your rights in the event of death or incapacity.
To exercise any right, email mail@ssv.asia. We will verify your identity and respond within the timeframes required by applicable law.
9. Grievance Officer (India — DPDP Act)
For privacy questions, complaints, or to exercise your rights, contact our Grievance Officer:
[FULL LEGAL NAME], mail@ssv.asia. We aim to acknowledge grievances promptly and resolve them within the period prescribed under the DPDP Act and its rules.
10. Children's Data
The Services are intended for users 18 and older. Under the DPDP Act, processing a child's data requires verifiable parental consent and prohibits tracking/targeted advertising to children; we do not knowingly collect children's data. If you believe a child has provided data, contact us for deletion.
11. Data Security
We use reasonable technical and organizational measures to protect personal data, including:
- encrypted transport (HTTPS/TLS) for all traffic;
- short-lived, HMAC-signed session tokens (not long-lived passwords);
- API keys and secrets held only server-side, never shipped in the client;
- atomic, per-account usage ledgers and IP-based rate-limiting to prevent abuse;
- access controls limiting who can administer the system.
No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
12. Data Breach Notification
If a personal-data breach occurs that is likely to result in a risk to your rights, we will notify the relevant supervisory authority and affected users without undue delay, as required by the GDPR, the DPDP Act, and applicable US state laws.
13. Automated Decision-Making
We do not use your personal data for automated decision-making that produces legal or similarly significant effects about you. AI output is generated in response to your prompts and is not used to profile or score you.
14. US State Privacy Rights & "Do Not Sell"
We do not sell or share your personal information for cross-context behavioral advertising, and we do not process sensitive personal information for inferring characteristics. Residents of California and other US states with privacy laws (e.g. Virginia, Colorado, Connecticut, Utah, Texas) may exercise the rights described in §8. We honor opt-out preference signals such as Global Privacy Control (GPC) where applicable. You may use an authorized agent to submit requests, and we will not discriminate against you for exercising your rights.
15. Sub-processors
The third parties that process limited data on our behalf to deliver the Services are listed in §3 and §4 and include: Ghost (membership/auth), Cloudflare (hosting & usage records), OpenRouter and its underlying model providers (AI inference), Tavily (web search), Supabase (knowledge retrieval), and our payment partners Razorpay, Gumroad, and Polar.sh. We will update this list when sub-processors change.
16. Changes & Contact
We may update this Policy; material changes are shown via the "Last updated" date and, where appropriate, notified in-product or by email. Questions or requests: 📩 mail@ssv.asia
Grievance Officer (India — DPDP Act)
For privacy questions, complaints, or to exercise your rights, contact our Grievance Officer:Ar. Samar Singh Virdi, mail@ssv.asia. We aim to acknowledge grievances promptly and resolve them within the period prescribed under the DPDP Act and its rules.