Privacy Policy

1. Introduction

Welcome to Mukhota ("we," "our," or "us"). We are committed to protecting your privacy and ensuring that your identity remains anonymous while you use our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (mukhota.app) and use our anonymous peer-support application.

By accessing or using our Service, you signify that you have read, understood, and agree to our collection, storage, use, and disclosure of your personal information as described in this Privacy Policy and our Terms of Service.

2. The Principle of Anonymity & End-to-End Encryption

Mukhota is fundamentally built on the principle of extreme privacy. We do not ask for your real name, phone number, date of birth, or physical address.

• Anonymous Identity: Your platform identity (e.g., 'Silent Fox #1923') is generated randomly upon signup and is structurally decoupled from your underlying email address.
• End-to-End Encryption (E2EE): All direct messages sent within the 'Conversations' tab are encrypted locally on your device using AES-GCM (256-bit). The encryption keys (RSA-OAEP) are generated client-side. The Mukhota servers never see, hold, or have the technical ability to read your private messages.

3. Information We Collect

Although we prioritize anonymity, we must collect limited information to operate the Service properly.

A. Information You Provide to Us

• Account Information: We collect your email address solely for authentication (e.g., sending login magic links). We strongly recommend using anonymous forwarding emails.
• User Content: Public posts, replies, and reactions you choose to publish to the Feed.
• Preferences: Generic regional metrics (City/State) if you manually select them to filter posts geographically. Location tracking is NEVER active via GPS; it relies completely on your manual selection.

B. Information Automatically Collected

• Device Fingerprinting & Analytics: To prevent abuse and protect the community, we generate an anonymous device fingerprint using advanced browser signals (via FingerprintJS). This fingerprint does not identify you personally, cannot be reversed to extract personal information, and is used solely for abuse prevention and trust scoring.
• Usage Data: We use privacy-respecting analytics tools (such as PostHog) to log standard usage data, including page views, interaction metrics, and error logs, to improve our platform.
• Cookies and Local Storage: We use secure, HttpOnly cookies to maintain your session state securely and LocalStorage to store UI preferences.

4. How We Use Your Information

We use the minimal information we collect for the following purposes:

• To provide, operate, and maintain the platform securely.
• To authenticate your identity and maintain your session.
• To monitor and analyze usage and trends to improve the user experience.
• To detect, prevent, and address technical issues, spam, and fraudulent activity.

5. Automated Content Analysis & Crisis Intervention

To ensure a safe environment, Mukhota employs automated systems to review content before publication:

• Toxicity Checks: We utilize the Google Perspective API to analyze public posts for hate speech, harassment, and toxicity. Highly toxic posts are automatically shadow-banned to protect the community. Data sent to the Perspective API is anonymized and not tied to your account.
• Crisis Intervention: Our systems scan for keywords indicating self-harm or suicidal ideation. If detected, we prioritize your safety by providing immediate contact information for professional crisis helplines (such as iCall and Vandrevala Foundation) rather than publishing the post immediately.

6. How We Share Your Information

We do not sell, rent, or trade your personal information. We only share information in the following limited circumstances:

• Service Providers: We share data with trusted third-party vendors (e.g., Supabase for database hosting, Vercel for web hosting, Google for toxicity scoring) under strict confidentiality agreements.
• Legal Obligations: We may disclose your information if required to do so by law, in response to valid requests by public authorities (e.g., a court or a government agency), or to protect the safety, rights, or property of Mukhota, its users, or the public.

7. Data Retention & Your Right to Disappear

You own your footprint. Posts without an expiry are retained until you delete them or delete your account. Posts with a set expiry (24h or 7d) are automatically removed after the chosen duration.

At any time, navigating to Settings > Delete Account will completely purge your authentication slice, posts, reactions, and encrypted key pairs in real-time. We keep zero backups of deleted accounts.

8. Security of Your Information

We use administrative, technical, and physical security measures to help protect your personal information. This includes strict Row Level Security (RLS) in our databases, advanced CSRF and XSS protections, and secure HttpOnly session cookies. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable.

9. Children's Privacy

Our platform is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under age 13 without verification of parental consent, we will take steps to remove that information from our servers immediately.

10. Grievance Officer & Contact Information (IT Rules 2021)

In compliance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 and the Digital Personal Data Protection Act, 2023, we have appointed a Grievance Officer.

If you have specific concerns or legal inquiries regarding this Privacy Policy, please contact the Grievance Officer or use the in-app reporting tools.