Privacy Policy

GetNyay is an AI-assisted consumer complaint drafting platform operated by Wealth Building Academy LLC (“we,” “our,” or “us”). This Privacy Policy describes how we collect, use, store, share, and protect personal information when you access or use our website at https://getnyay.in (the “Platform”).

By creating an account or using the Platform in any way, you acknowledge that you have read and understood this policy. If you do not agree, please discontinue use and contact us to delete your account.

This policy applies to all users of the Platform regardless of location, though it is primarily designed for Indian consumers who use the service to draft complaints.

GetNyay is a product of Wealth Building Academy LLC, a limited liability company registered in the State of Illinois, United States of America. The Platform is operated exclusively online at https://getnyay.in.

For all privacy-related matters, contact us at: privacy@getnyay.in

We collect personal data in several categories depending on how you use the Platform:

3.1 Account Information

• Full name (as provided at registration)
• Email address (used for account authentication and communication)
• Phone number (optional, if provided)
• Account password (stored in hashed form by Supabase Auth — we never see or store plaintext passwords)
• Registration date and last login timestamp

3.2 Complaint Information

• Complaint category and sub-category (e.g., banking fraud, telecom billing)
• Company or institution name you are complaining against
• Description of the incident or grievance
• Monetary amount involved
• Incident dates and reference numbers (order IDs, transaction IDs, policy numbers)
• Complaint draft text generated with AI assistance
• Escalation history and complaint status

3.3 Uploaded Evidence & Documents

• Files, images, PDFs, or screenshots you upload as supporting evidence
• File metadata (filename, file size, upload timestamp, MIME type)

3.4 Payment Information

Payments on the Platform are processed by Stripe, Inc. We do not store your full card number, CVV, or bank account details. When you complete a payment, Stripe shares with us:

• Confirmation that a successful payment occurred
• The Stripe session ID and payment intent ID
• Amount charged and currency
• Your billing email address (if provided to Stripe)
• Payment status (paid, failed, refunded)

Stripe’s full privacy policy is available at stripe.com/privacy.

3.5 Usage & Analytics Data

• Pages visited, features used, and navigation patterns
• Complaint drafting steps completed
• Errors encountered and support interactions
• Time and duration of sessions

3.6 Technical & Device Information

• IP address
• Browser type and version
• Operating system
• Device type (mobile, desktop, tablet)
• Referring URL
• Country/region (inferred from IP)

We use collected data for the following purposes:

• Creating and managing your account
• Generating and storing your complaint drafts
• Processing payments via Stripe and unlocking purchased content
• Sending transactional emails (account confirmation, payment receipts)
• Responding to your support queries and grievances
• Improving the accuracy and quality of complaint templates
• Detecting and preventing fraud, abuse, or misuse of the Platform
• Complying with applicable laws, including tax and financial record-keeping obligations
• Conducting aggregate, anonymised analytics to understand how users interact with the Platform

We do not sell your personal data to third parties. We do not use your complaint content for advertising targeting. We do not share complaint details with the companies you are complaining against.

We use AI providers including Anthropic (Claude) and OpenAI to assist with content generation. When your complaint data is sent to these providers for processing, it is subject to their data processing terms. We instruct these providers to process data only for the purpose of generating the requested complaint draft and not for model training.

AI-generated complaint drafts are logged in our system for quality assurance, fraud detection, and platform improvement purposes. Logs may be reviewed by our team in anonymised or pseudonymised form.

Please do not include unnecessary personal details, passwords, OTPs, or financial credentials in the complaint description fields you submit for AI processing.

We share personal data only with trusted third-party providers necessary to operate the Platform. These providers are contractually prohibited from using your data for their own purposes:

We may also share personal data if required to do so by applicable law, court order, or regulatory authority, or to protect the rights, safety, or property of GetNyay or its users.

GetNyay is operated from the United States (Illinois) and uses US-based cloud service providers. When you use the Platform from India, your personal data is transferred to and processed in the United States.

These transfers are carried out under applicable data protection frameworks. Our service providers maintain standard contractual clauses, SOC 2 compliance, and industry-standard security measures to protect your data during international transfer.

By using the Platform, you acknowledge and consent to the transfer of your personal data to the United States for the purposes described in this policy.

We retain personal data for as long as necessary to provide the service and fulfil legal obligations:

• Account data and complaint records: retained while your account is active, plus 30 days after account deletion to allow for recovery
• Payment records (Stripe transaction data): retained for a minimum of 7 years to meet financial record-keeping obligations
• Uploaded evidence files: retained while your account is active and for 30 days after deletion
• Server and access logs: retained for up to 90 days for security and abuse detection purposes
• AI usage logs: retained for up to 12 months in anonymised or pseudonymised form

For detailed information on deletion requests, see our Data Retention & Deletion Policy.

We implement industry-standard security measures to protect your personal data:

• All data in transit is encrypted using TLS/HTTPS
• Database-level encryption at rest via Supabase
• Row Level Security (RLS) in our database ensures users can only access their own data
• Authentication handled by Supabase Auth with secure session tokens
• Payment data handled entirely by Stripe — we never receive card numbers
• Access to production data is restricted to authorised personnel only

Depending on your location and applicable law, you may have the following rights regarding your personal data:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Correction: Request correction of inaccurate or incomplete data
• Right to Deletion: Request deletion of your account and associated data (subject to legal retention requirements)
• Right to Data Portability: Request your complaint data in a machine-readable format
• Right to Withdraw Consent: Withdraw consent for AI processing where applicable
• Right to Object: Object to processing of your data for certain purposes

To exercise any of these rights, email privacy@getnyay.in with your registered email address and the specific request. We aim to respond within 30 days.

We may need to verify your identity before fulfilling a request. Some data may be retained beyond deletion requests where required by law (e.g., payment records).

If we become aware that we have inadvertently collected data from a minor under 18, we will delete it promptly. If you believe a minor has used the Platform, please notify us at privacy@getnyay.in.

GetNyay does not require this category of information to draft a complaint. Including such data in uploaded evidence or complaint descriptions creates unnecessary security risk for you. You are solely responsible for any consequences arising from uploading excessively sensitive information to the Platform.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. When we make material changes, we will:

• Update the effective date at the top of this page
• Notify registered users by email for significant changes
• Display a notice on the Platform for a reasonable period following the update

Continued use of the Platform after a policy update constitutes acceptance of the revised terms. If you do not accept the updated policy, you may close your account by contacting us.

For any privacy-related questions, requests, or concerns: