Privacy Policy
Operated by: Jaishree Exports — Proprietor: Siddharth Gupta
GSTIN: 23AIVPG9795M1Z6 · Website: www.scanmyshadow.com
Your privacy matters to us. This policy explains exactly what data we collect, how we use it, how long we keep it, and your rights under Indian law. Please read it carefully before using Scan My Shadow.
Scan My Shadow is a digital privacy audit service operated by Jaishree Exports, a proprietorship registered in Madhya Pradesh, India (Proprietor: Siddharth Gupta). This Privacy Policy governs how we collect, process, store, and delete personal data submitted through the service, across both the ₹298 Privacy Audit and ₹998 Deep Dive tiers.
We process personal data in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and all other applicable Indian law.
Under the DPDP Act 2023, Jaishree Exports (Proprietor: Siddharth Gupta) is the Data Fiduciary for all personal data processed through Scan My Shadow. We determine the purpose and means of processing your data and are responsible for its protection.
Siddharth Gupta serves as the designated Grievance Officer for all data-related complaints. Contact details are in Clause 16.
We collect only the minimum data necessary to deliver the service you have requested:
| Data Type | Purpose | Retention |
|---|---|---|
| Mobile phone number | Breach database scan | Retained 6 years (GST / transaction record) |
| Email address (to scan) | Breach database scan | Deleted within 96 hrs of report delivery |
| Report delivery email | Delivery of scan report | Retained 6 years (GST / transaction record) |
| Photograph (face) | Image similarity search across open-web sources | Deleted within 96 hrs of report delivery |
| Payment transaction data | Payment processing + GST compliance | 6 years as mandated by GST law |
| Chat messages sent to Maya (privacy assistant) | Service improvement — understanding user queries | Questions retained in anonymised form; personally identifiable context deleted within 96 hrs |
We do not collect government ID, Aadhaar, PAN, financial account details, or any sensitive personal data beyond what is listed above.
We collect and process your personal data solely for the following lawful purposes:
- To conduct the requested privacy audit scan.
- To generate and deliver your report to the email address provided on the scan submission form.
- To process payment and issue a GST-compliant invoice.
- To communicate with you about your scan (status updates, clarifications).
- To comply with applicable legal, regulatory, and statutory obligations.
We do not process your data for advertising, profiling, resale, research, or any purpose beyond what is listed above.
Scan My Shadow allows users to submit personal data (phone number, email address, photograph) for scanning. Jaishree Exports does not independently verify whether the user has the legal authority or consent to submit any data provided.
By submitting data, the user unconditionally warrants that:
- The data belongs to them personally, or they hold explicit, informed, written consent from the data subject.
- The submission is lawful and complies fully with the DPDP Act 2023, the BNS 2023, the IT Act 2000, and all other applicable laws.
- They accept full and sole legal responsibility for the data submitted.
Submitting another person's data without their consent constitutes a violation of the DPDP Act 2023 and may constitute an offence under the Bharatiya Nyaya Sanhita 2023. Jaishree Exports, its proprietor Siddharth Gupta, its employees, and all service partners bear absolutely no liability — civil, criminal, or regulatory — for consequences arising from data submitted without proper consent. The user alone bears full and exclusive legal responsibility.
Users of Scan My Shadow take full and sole legal responsibility for the submission and use of all data and reports. Users warrant that:
- They own the personal data being submitted, or hold explicit, informed, written consent from the data subject.
- The submission complies fully with the DPDP Act 2023, the BNS 2023, the IT Act 2000, and all applicable laws.
- They will not use this service or report to stalk, harass, blackmail, defame, or intimidate any person.
- They will not share the report with third parties without the data subject's consent.
- They understand misuse is a criminal offense and they alone bear full liability for such misuse.
Scan My Shadow bears zero liability for user misuse. If a user employs this service to commit harassment, stalking, defamation, or other crimes, the user alone bears full criminal and civil liability. Jaishree Exports, Siddharth Gupta, and all staff will comply fully with law enforcement requests and may provide payment records, timestamps, and scan history for investigation purposes.
When you initiate a scan, your data passes through the following systems in sequence:
- Website scan submission form (scanmyshadow.com) — Initial data collection. User submits phone number, email address, and/or photograph, along with their report delivery email, via a secure form on the Scan My Shadow website.
- Make.com (EU-hosted automation) — Orchestrates the scan pipeline. EU hosting selected for data governance compliance.
- Breach database scan tools — Automated query of publicly known breach databases and open digital footprint sources.
- Image search tools — Similarity-based open-web face search. Photograph used solely for scan execution and deleted within 96 hours.
- PDFMonkey — PDF report generation. Data used solely to populate the report template.
- Email delivery — Final report delivered to the report delivery email provided by the user on the scan form.
- Maya (AI chat assistant) — Post-report support. Chat messages may be logged in anonymised form for service improvement purposes.
- Razorpay — Payment processing. Financial data does not pass through Scan My Shadow systems.
- Zoho Invoice — GST-compliant invoice generation. Transaction records retained 6 years per statute.
- Google Sheets — Internal operations and employee accountability logging. Not accessible to users.
All third-party processors are bound by their own data protection obligations. We do not share your personal data with any third party beyond what is strictly necessary for service delivery.
We use the following categories of third-party service providers, each acting as a data processor under our instruction:
- Messaging and delivery platforms
- Automation infrastructure (EU-hosted)
- Breach and open-web intelligence databases
- Image similarity search platforms
- PDF generation service
- Payment gateway (PCI-DSS compliant)
- Invoicing and accounting software
Specific tool names are not disclosed in customer-facing documentation to protect operational integrity. All tools used are commercially available, legally operated platforms that access only publicly indexed or breach-disclosed data.
We do not sell, rent, trade, or otherwise transfer your personal data to any third party for commercial purposes.
We operate a strict, legally compliant, time-limited data retention policy:
- Transaction records (phone number and report delivery email submitted on the scan form, Report ID, timestamp, and payment reference): Retained for 6 years as required under GST law and may be disclosed to law enforcement upon receipt of a valid legal order.
- Scan data (email address to be scanned and photograph): Permanently deleted within 96 hours of report delivery and cannot be recovered or produced thereafter.
- Chat messages (messages sent to Maya after report delivery): Personally identifiable context deleted within 96 hours. Questions may be retained in anonymised form for service improvement purposes.
Your email address (to be scanned) and photograph are deleted by design within 96 hours — not as a courtesy, but as a firm policy. They cannot be recovered or produced after that window, including in response to legal requests. The phone number, report delivery email, and transaction record are retained for 6 years as required by law.
As a Data Principal under the Digital Personal Data Protection Act, 2023, you have the following rights:
- Right to access — Request information about the personal data we hold about you.
- Right to correction — Request correction of inaccurate personal data we hold.
- Right to erasure — Request deletion of your data, subject to statutory retention obligations.
- Right to grievance redressal — Raise a complaint with our Grievance Officer (Clause 16).
- Right to nominate — Nominate another individual to exercise your rights in the event of incapacity or death.
Note: Given our 96-hour deletion policy, scan data (ema
Scan My Shadow is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you are a parent or guardian and have reason to believe a minor has submitted data through our service without authorisation, contact us immediately and we will delete it without delay.
We implement reasonable technical and organisational security measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These include:
- Access controls limiting who within Jaishree Exports can view submitted scan data.
- EU-hosted automation infrastructure for enhanced data governance.
- Employee accountability logging for all manual scan operations.
- Prompt and permanent deletion of scan data within the 96-hour window.
No system is completely immune to breach. While we take data protection seriously, we cannot guarantee absolute security of data transmitted over the internet or third-party platforms. In the event of a data breach materially affecting your rights, we will notify you as required under applicable law.
Our core service is delivered via email and does not use browser cookies for functionality. Our website (www.scanmyshadow.com) may use essential cookies for basic site operation only. We do not use tracking cookies, advertising pixels, or behavioural analytics tools of any kind.
Jaishree Exports will cooperate fully with Indian law enforcement agencies, judicial authorities, and regulatory bodies. Upon receipt of a valid, lawful legal order, we will disclose user identity, transaction records (including the mobile number on file), and any other relevant information in our possession — without prior notice to the user.
Scan data (email address and photograph) is permanently deleted within 96 hours of report delivery. After this window, it cannot be produced even under legal order.
Users who submit data illegally or use the service to harm others should be aware that their phone number, report delivery email, payment record, and transaction history are retained and traceable. These will be shared with authorities upon valid lawful request.
Scan My Shadow is operated from India and governed by Indian law. If you are accessing the service from outside India, your data will be processed and stored in accordance with Indian data protection law. By using this service, international users expressly consent to the transfer and processing of their data in India.
We are working toward GDPR alignment for users in the European Economic Area and will update this policy accordingly when applicable.
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational procedures. Material changes will be reflected in the "Effective Date" at the top of this document. The most current version will always be available at privacy.scanmyshadow.com. Continued use of the service after any update constitutes your acceptance of the revised policy.
For any privacy-related queries, requests to exercise your rights under the DPDP Act 2023, or to raise a complaint, contact our Grievance Officer:
- Business: Jaishree Exports
- Grievance Officer / Proprietor: Siddharth Gupta
- Email: [email protected]
- Phone: +91 91831 18483
- Website: www.scanmyshadow.com
- GSTIN: 23AIVPG9795M1Z6
We aim to respond to all privacy queries within 30 days of receipt.
Scan My Shadow is operated by Jaishree Exports, a registered business entity in Madhya Pradesh, India.
© Scan My Shadow · A service by Jaishree Exports · GSTIN: 23AIVPG9795M1Z6