How RegVision handles your data across our compliance workspace, public
landing teardown, and sales scheduling. We process the minimum data
necessary for the stated purpose — nothing more. No analytics cookies on
the marketing site (v1).
Effective: 18 May 2026 · Last updated: 18 May 2026
01What We Collect
RegVision processes only the data you explicitly submit
for compliance assessment or demo teardown. We do not scrape production
sites from the public landing page. Categories include:
Public landing teardown - demo video; work email if you request the full report; sector selection
Get in touch / callback — name, designation, role, work email, preferred callback windows, optional notes
Regulatory-delta waitlist — email for fortnightly updates
API collections — JSON files containing request/response bodies (e.g. Postman or HAR exports) submitted via the authenticated workspace
Video files — MP4, MOV, AVI, MKV, WEBM uploads submitted for frame-level compliance analysis
OCR-extracted text — text programmatically extracted from uploaded video frames and images during the scan pipeline
Audio transcriptions — speech-to-text output generated from the audio track of uploaded videos during the scan pipeline
OCR text and audio transcriptions are derived artifacts — they
are generated by our pipeline from your uploaded content and are not submitted
independently.
02Why We Process (Purpose Limitation)
All processing is governed by a single, stated purpose:
Sole Purpose
Compliance decision-support against India's regulatory corpus (DPDP, RBI,
IRDAI, SEBI) — and no other purpose.
We explicitly do not use your data for:
Marketing, advertising, or promotional outreach
User profiling, behavioural analysis, or audience segmentation
Sharing with, or selling to, any third party
Training machine learning models on your content
Any purpose unrelated to DPDPA compliance assessment
03How Long We Keep It
Retention depends on which surface you use. Public landing teardown
is separate from the authenticated workspace.
Public landing teardown
Official work email provided: upload retained until our team reviews and sends your report, then permanently deleted.
Decline or personal email: upload deleted immediately; we store no identifying data — only an anonymous aggregate counter increments.
No action: upload deleted when the session expires (within 24 hours).
We do not send submitted videos, extracted frames, OCR text, or audio transcriptions to any third-party AI provider.
Analysis runs on our controlled Google Cloud infrastructure. Uploaded
videos are encrypted at rest by Google Cloud; reviewer access uses a short-lived download link.
Temporary local processing files are removed after processing.
Authenticated workspace (pilot)
Data Category
Retention Period
Raw processing artifacts
Deleted immediately after scan completion
Frames · audio segments · embedding vectors
Purged on pipeline completion
Analysis evidence
90 days from scan completion
Findings · analysis units · OCR excerpts
Auto-deleted after 90 days
Compliance reports
1 year from scan completion
Summary reports · export artefacts
Auto-deleted after 1 year
You may request earlier deletion at any time (see Your Rights below).
Upon request, all your data — regardless of category — will be purged within
30 days.
04Who Can Access
Access to your uploaded data and compliance results is strictly limited:
Only authenticated API key holders who originally uploaded the data can view their own scan results and reports
No third-party access — we do not share, sell, or expose your data to any external entity
No cross-customer visibility — one customer's data is never accessible to another
Internal access — RegVision engineering staff may access data solely for pipeline debugging, incident response, or at your explicit request
Access Principle
If you did not upload it, you cannot see it. Data sovereignty belongs to
the data fiduciary who submitted it.
05Your Rights
Under the DPDPA and our own commitment to data minimisation, you have the
following rights with respect to your data on RegVision:
Right to erasure — request full deletion of your uploaded data, scan results, and compliance reports at any time
Right to access — request a copy of all data we hold that is associated with your API key
Right to portability — export your compliance reports in JSON, CSV, or text format directly from the dashboard
How to Exercise Your Rights
Email support@regvision.agency with the subject line
"Data Request" and your API key identifier. We will process your request
within 30 days.
A self-service deletion and export dashboard is planned for a future release,
enabling real-time data management without requiring email contact.
06Security
We implement security measures appropriate to the sensitivity of the data
we process:
TLS in transit — all data exchanged between your systems and our API is encrypted via TLS 1.2+
Access-controlled storage — uploaded files and derived artifacts are stored in access-controlled infrastructure, scoped per API key
Encryption at rest — uploaded landing videos are stored in Google Cloud Storage with Google-managed encryption at rest
Public landing purge — uploaded videos and purge-scoped derived content are deleted when the visitor declines, when the session expires, or when a reviewed report is delivered
Operational secrets are kept in Google Secret Manager. Public website
files never contain admin keys, database credentials, or cloud credentials.
07Contact
For data access requests, deletion requests, or any questions about this
privacy policy:
For commercial inquiries or partnership discussions, use the same address
with the subject line "Commercial Inquiry".
08Data Processing Agreement
If you require a formal Data Processing Agreement (DPA) between your
organisation and RegVision, download our template below. Customise
it with your organisation's details and return it to
support@regvision.agency for countersignature.