Privacy Policy

1. Introduction

Digital Khalsa ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services (collectively, the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, phone number (if provided)
• Waitlist Information: Name, email, device preferences, referral codes
• Feature Requests: Title, description, optional name and email
• Communications: Messages, feedback, and other communications you send to us

2.2 Automatically Collected Information

• Usage Data: Pages visited, time spent, click patterns, and navigation paths
• Device Information: Device type, operating system, browser type, IP address
• Location Data: General geographic location (city/region level, not precise coordinates)
• Cookies and Tracking: See our Cookie Policy section below

2.3 Third-Party Services

We use third-party services that may collect information:

• Supabase: Database and authentication services
• Netlify: Hosting and analytics
• Google Services: Analytics, fonts, and other services (see Google's privacy policy)

3. How We Use Your Information

We use collected information for the following purposes:

• To provide, maintain, and improve our Service
• To process waitlist signups and beta test invitations
• To respond to your inquiries, comments, and feature requests
• To send you updates, newsletters, and marketing communications (with your consent)
• To monitor and analyze usage patterns and trends
• To detect, prevent, and address technical issues and security threats
• To comply with legal obligations and enforce our terms

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data based on:

• Consent: When you provide explicit consent (e.g., waitlist signup, newsletter)
• Legitimate Interests: To improve our Service, prevent fraud, and ensure security
• Contractual Necessity: To fulfill our obligations under our terms of service
• Legal Obligations: To comply with applicable laws and regulations

5. Data Sharing and Disclosure

We do not sell your personal information. We may share information in the following circumstances:

5.1 Service Providers

We share information with trusted third-party service providers who assist in operating our Service:

• Hosting providers (Netlify)
• Database services (Supabase)
• Analytics providers (Google Analytics)
• Email service providers

5.2 Legal Requirements

We may disclose information if required by law or in response to:

• Court orders, subpoenas, or legal processes
• Government requests or regulatory requirements
• Protection of rights, property, or safety of users or others

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law.

• Account Data: Retained while your account is active and for a reasonable period after closure
• Waitlist Data: Retained until you unsubscribe or request deletion
• Analytics Data: Aggregated and anonymized data may be retained indefinitely
• Legal Requirements: Some data may be retained to comply with legal obligations

7. Your Privacy Rights

7.1 GDPR Rights (EEA Users)

If you are in the EEA, you have the right to (under the General Data Protection Regulation):

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your personal data ("right to be forgotten")
• Restriction: Request limitation of processing
• Data Portability: Receive your data in a structured, machine-readable format
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time (where processing is based on consent)

7.2 CCPA Rights (California Users)

If you are a California resident, you have the right to (under the California Consumer Privacy Act (CCPA)):

• Know: Request disclosure of categories and specific pieces of personal information collected
• Delete: Request deletion of personal information (subject to exceptions)
• Opt-Out: Opt-out of the sale of personal information (we do not sell your information)
• Non-Discrimination: Exercise your rights without discrimination

7.3 PIPEDA Rights (Canadian Users)

If you are in Canada, you have the right to (under PIPEDA):

• Access: Request access to your personal information
• Correction: Request correction of inaccurate information
• Withdraw Consent: Withdraw consent for collection, use, or disclosure
• File a Complaint: File a complaint with the Privacy Commissioner of Canada

7.4 Exercising Your Rights

To exercise any of these rights, please contact us using the information provided in the Contact section below. We will respond to your request within 30 days (or as required by applicable law).

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and store certain information.

8.1 Types of Cookies

• Essential Cookies: Required for the Service to function (cannot be disabled)
• Analytics Cookies: Help us understand how users interact with our Service
• Functional Cookies: Remember your preferences and settings

8.2 Cookie Management

You can control cookies through your browser settings. However, disabling certain cookies may limit functionality of the Service.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or electronic storage is 100% secure.

Security measures include:

• Encryption of data in transit (HTTPS/TLS)
• Secure database storage with access controls
• Regular security assessments and updates
• Limited access to personal information on a need-to-know basis

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.

For EEA users, we ensure appropriate safeguards are in place for international transfers, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions by the European Commission
• Other legally recognized transfer mechanisms

11. Children's Privacy

Our Service is not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children under these ages.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We will delete such information upon verification.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending you an email notification (for significant changes)
• Displaying a notice on our Service

Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or wish to exercise your privacy rights, please contact us: