Effective Date: February 1, 2026
Last Updated: February 1, 2026
Indexa ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.
Core Principle: Indexa is built on privacy-first principles. We collect minimal data, do not track users, and do not sell personal information to third parties.
Search Queries:
- Your search queries are NOT stored permanently on our servers
- Queries are processed in real-time and discarded immediately after search
- No user profiles or search history are maintained
- No IP address logging for individual searches
Cookies:
- We use session-only cookies for basic functionality (language preference, UI state)
- No tracking cookies or third-party cookies
- All cookies expire when you close your browser
- No persistent user identifiers
Browsing Information:
- We do NOT collect:
- Your browsing history
- Your location data
- Your device fingerprint
- Your IP address (except for basic rate limiting)
- Your user-agent or device type
- Analytics about your behavior
User Accounts (Optional - OwlGuard): If you create an account, we collect:
- Email address
- Password (hashed with bcrypt, never stored in plain text)
- Display name (optional)
- Account creation date
Profile Information:
- Avatar/profile image (stored on your request only)
- User preferences and settings
- Search history (only if you enable it in settings)
Support Communications:
- Email messages sent to support
- Bug reports and feedback
- Contact information you provide
Search Processing:
- Your queries are analyzed to return relevant results
- Queries are used to:
- Improve search result quality
- Detect spam and abuse
- Build popular query statistics (anonymized)
- No personal attribution - queries are never linked to your identity
AI Assistant (Dufus):
- Processes queries to generate answers
- Does NOT train on your conversations (no model fine-tuning)
- Conversations are NOT logged long-term
- No personal data used in responses
Image & Shopping Search:
- Your search terms are processed normally
- Product data is publicly indexed (not personal to you)
- No personal recommendations or tracking
OwlGuard Authentication:
- Verify your identity
- Maintain session security
- Provide account recovery options
- Implement access controls
Preferences & Settings:
- Remember your language preference
- Store your UI customizations
- Manage notification settings
We may use information to:
- Comply with law enforcement requests (with proper legal process)
- Prevent fraud, abuse, or security incidents
- Enforce our Terms of Service
- Protect against legal liability
- Real-time Processing: Discarded immediately after search
- Query Statistics: Anonymized popular queries retained for 30 days
- No User Attribution: Queries never linked to identifiable users
- Automatic Deletion: All temporary data purged weekly
- Retained Until: Account deletion or 1 year of inactivity
- Deletion Request: You can request complete account deletion anytime
- All personal data removed within 30 days
- Search history deleted immediately
- Cannot be reversed
- Exception: Legal holds may require retention per law
- Embedding Cache: Deleted every 24 hours
- Result Cache: Expired after 1 hour
- Render Cache: Cleared weekly
- Rate Limiting Data: Deleted after 24 hours
We do not engage in the following practices:
- Personal data sold to advertisers or brokers
- Tracking data shared with third parties
- Behavioral profiles sold or licensed
- Data sold to data brokers under any circumstances
Legal Compliance:
- Law enforcement with valid legal process (warrant, subpoena)
- Court orders and regulatory requirements
- Government agencies (only required minimum information)
Service Providers:
- CDN and DDoS protection providers - only see encrypted traffic
- Domain registrars (for domain hosting)
- These partners sign Data Processing Agreements
Business Transfers:
- If Indexa is acquired, your data privacy rights transfer to buyer
- We notify you of any material changes
In Transit:
- HTTPS/TLS encryption for all connections
- Perfect Forward Secrecy enabled
- HTTP Strict Transport Security (HSTS)
At Rest:
- Database encryption with secure key management
- Passwords hashed with bcrypt (salted, never plaintext)
- Access controls and authentication
Infrastructure:
- DDoS protection
- Rate limiting to prevent abuse
- Regular security audits
- Vulnerability disclosure program
We implement industry-standard security, but no system is 100% secure. We cannot guarantee absolute security against sophisticated attacks.
Right to Know:
- See what personal information we have
- Request data export in standard format
- Available within 30 days of request
How to Request:
- Email: privacy@indexa.in
- Include account information if applicable
Deletion Request:
- Request deletion of your account and data
- Processed within 30 days
- Some data may be retained per legal requirements
Data Accuracy:
- Correct inaccurate information
- Update your profile
- Request amendment of records
Communication Preferences:
- Unsubscribe from newsletters
- Opt-out of optional features
- Manage notification settings
Search History:
- Disable search history logging
- Delete existing history
- Browse anonymously
- We honor browser "Do Not Track" signals
- We do not build tracking profiles regardless
If you're in the EU, you have:
- Right to access personal data
- Right to rectification
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object
- Rights related to automated decision-making
GDPR Compliance:
- Legal basis: Legitimate interest (improving search)
- Data Protection Officer: privacy@indexa.in
- Data controller: Indexa Inc.
- Standard Contractual Clauses for transfers
If you're in California, you have:
- Right to know what data is collected
- Right to delete personal information
- Right to opt-out of sale (we don't sell)
- Right to non-discrimination for exercising rights
CCPA Compliance:
- Privacy notice at collection
- Automated systems for requests
- No sale of personal information
- Right to access your information
- Right to request correction
- Right to withdraw consent
- Right to complain to privacy commissioner
- Right to access personal data
- Right to correction
- Right to erasure
- Data principal grievance redressal
Age Restriction:
- Indexa is not intended for users under 13
- We do not knowingly collect data from children under 13
- If we learn we have such data, we delete it immediately
13-18 Years Old:
- Parents can request deletion of minor's account
- Minors have same privacy rights as adults
- Contact: privacy@indexa.in for parental consent requests
Data Storage Location:
- Primarily stored in United States (home server infrastructure)
- May use global CDN services
EU to US Transfer:
- Adequate safeguards in place
- Standard Contractual Clauses signed
- Supplementary measures implemented
Necessary (Required):
- Session ID: Maintains login state
- Preferences: Language and UI settings
- CSRF token: Prevents cross-site attacks
Analytics (Optional):
- None - we don't use third-party analytics services
- We track only aggregated statistics (not individuals)
How to Control Cookies:
- Browser settings allow cookie blocking
- Clear cookies in browser preferences
- Use private/incognito browsing
Third-Party Cookies:
- We do NOT use third-party cookies
- CDN providers may set security cookies (see their policies)
Updates:
- We may update this policy periodically
- Changes will be posted with new "Last Updated" date
- Material changes will include notification
Your Consent:
- Continued use after changes = acceptance
- You can request old policies for comparison
Email: privacy@indexa.in
Website: https://indexa.in
Mailing Address:
Indexa Inc.
Privacy Team
[Your Address]
- Privacy requests: 15-30 days
- Data deletion: 30 days
- Support inquiries: 2-3 business days
If unsatisfied with our response:
- File complaint with:
- EU: Your local Data Protection Authority
- US: FTC (Federal Trade Commission)
- Canada: Privacy Commissioner of Canada
- India: Data Protection Board of India
Data Used:
- Current search query only
- Not trained on your data
- Responses generated locally (no external LLM calls to third parties)
Data Not Used:
- Previous searches (unless you enable history)
- Personal account information
- Browsing history
Conversation Storage:
- Stored temporarily in browser cache only
- Not sent to external servers
- Can be cleared anytime
Minimal Collection:
- Email address (verification only)
- Password (hashed, never readable)
- Session tokens (temporary, expire quickly)
No Cross-Service Tracking:
- Auth doesn't track across sites
- Only used to verify identity on Indexa
Image URLs:
- We index publicly accessible images
- No personal photos or private images
- Images collected from public websites
Your Searches:
- Not attributed to you personally
- Used only for search improvement (anonymized)
Product Data:
- Prices, descriptions, reviews are public
- No personal purchasing information collected
- Affiliate links disclosed clearly
Behavioral Data:
- NOT tracked which products you click
- NOT built into profiles
- NOT used for personalization
If Indexa code is released open-source:
- Privacy commitments remain binding
- Users can verify implementation independently
- Forks must include privacy policy
Commitment:
- Publish transparency reports annually
- Document legal requests received
- Show government demand statistics
Security Researchers:
- Report privacy vulnerabilities privately
- Email: security@indexa.in
- Responsible disclosure policy
Personal Data: Any information relating to an identified/identifiable person
Processing: Any operation on data (collection, analysis, storage, etc.)
Consent: Freely given, specific, informed agreement
Data Subject: The person whom data describes
Data Controller: Entity deciding processing purposes/means
Data Processor: Entity processing data on controller's behalf
Legitimate Interest: Business need that doesn't override individual rights
We DO:
- Encrypt your data in transit and at rest
- Discard search queries immediately
- Honor Do Not Track signals
- Comply with privacy laws
- Provide data export/deletion tools
- Be transparent about data use
- Implement security best practices
We DON'T:
- Track or profile you across sites
- Sell personal data to anyone
- Use cookies for tracking
- Build behavioral profiles
- Train AI models on your data
- Share data with advertisers
- Use dark patterns to hide policies
- Retain search history by default
By using Indexa, you acknowledge that you have read this Privacy Policy and agree to its terms.
Your privacy is not a feature—it's our foundation.
Last Updated: February 1, 2026
Version: 1.0
Status: Ready for Public Launch
Privacy Inquiries: privacy@indexa.site
Data Protection Officer: dpo@indexa.site
Security Issues: security@indexa.site
Back to Documentation • Terms of Service • FAQ
© 2026 Indexa Inc. • Your privacy is our foundation