Parichaya

Privacy Policy

Last updated: January 2025

Parichaya (परिचय) is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights regarding your personal information.

1. Data We Collect

Account Information

  • Email address (for authentication and notifications)
  • Username (public, used for your page URL)
  • Password (stored as a secure hash, never in plain text)

Content You Provide

  • Profile photo
  • Bio text
  • Links and link titles
  • Website content (projects, experience, skills, etc.)
  • Payment transaction IDs and optional screenshots

Automatically Collected Data

  • Analytics events: page views, link clicks, device type, referrer, and country (derived from Cloudflare CF-IPCountry header)
  • IP address: used temporarily for rate limiting (5 events per minute per IP per username) and not stored long-term
  • Session data: used to deduplicate analytics events (one page view per session via sessionStorage)

2. How We Use Your Data

Service Delivery

  • Rendering your link page and personal website
  • Processing subscription payments and verification
  • Authenticating your account and managing sessions

Analytics

  • Providing page view and engagement metrics to paid subscribers via their analytics dashboard
  • Aggregating daily analytics data for dashboard performance

Notifications

  • Subscription activation and rejection emails
  • Renewal reminder emails (21 days, 7 days, and 1 day before expiry)
  • Account-related communications (password resets, verification)

3. Data Storage

Your data is stored using the following services:

  • Supabase PostgreSQL: Account data, content, subscriptions, analytics events, and all relational data. Protected by Row Level Security (RLS) policies ensuring you can only access your own data.
  • Cloudflare R2: Profile photos and uploaded assets, stored at structured paths (avatars/user_id/ and assets/username/).

4. Data Retention

  • Active accounts: Data is retained for as long as your account is active.
  • After deactivation: Analytics data is retained for 60 days after subscription deactivation, then permanently deleted.
  • Account deletion: When you request account deletion, your account enters a 30-day soft-delete period. After 30 days, your username is released. Content and personal data are permanently deleted after this period.
  • Payment records: Transaction records in the payment audit log are retained for legal and accounting purposes.

5. Your Rights

You have the right to:

  • Access: View all personal data we hold about you through your dashboard.
  • Deletion: Request complete deletion of your account and associated data. This initiates the 30-day soft-delete process.
  • Export: Request a copy of your data including your profile information, links, website content, and analytics history.
  • Correction: Update your profile information, bio, links, and website content at any time through the dashboard.

6. Third-Party Services

Parichaya uses the following third-party services to operate the platform:

  • Supabase: Database hosting, authentication, and Row Level Security. Your data is stored in Supabase-managed PostgreSQL.
  • Cloudflare: CDN, edge caching, Workers (compute), R2 (file storage), Turnstile (bot protection), and DDoS/WAF protection. Cloudflare processes requests and may temporarily access IP addresses for security purposes.
  • Resend: Email delivery for notifications, reminders, and account communications. Your email address is shared with Resend for delivery purposes only.
  • eSewa: Payment method. We display eSewa QR codes for payment. We do not have direct access to your eSewa account; we only verify transaction IDs against the merchant dashboard.
  • Khalti: Payment method. We display Khalti QR codes for payment. We do not have direct access to your Khalti account; we only verify transaction IDs against the merchant dashboard.

We do not sell your personal data to any third party. Data shared with third-party services is limited to what is necessary for service operation.

7. Security

We protect your data through:

  • Row Level Security (RLS) on all user-owned database tables
  • Password breach checking via HaveIBeenPwned (k-anonymity API)
  • Cloudflare Turnstile for bot protection on authentication forms
  • Content Security Policy (CSP) headers on all responses
  • HTML sanitization to prevent stored XSS attacks
  • HTTPS-only traffic via Cloudflare proxy

8. Cookies and Tracking

Parichaya uses minimal cookies required for authentication (session tokens). We do not use third-party tracking cookies or advertising pixels.

Analytics tracking uses sessionStorage (not cookies) to deduplicate page views within a single browser session. This data is not shared with external analytics providers.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated via email to registered users. The “Last updated” date at the top of this page indicates when the policy was last revised.

10. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at privacy@parichaya.page.