Privacy Policy

Last updated: March 29, 2026

This Privacy Policy explains how OSNT.IN ("we", "us", "our") collects, uses, stores, and protects your information when you use our platform at app.osnt.in and our website at osnt.in (collectively, "the Service").

By creating an account or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use the Service.

Legal Basis for Processing

We process your personal data under the following legal bases as defined by the EU General Data Protection Regulation (GDPR):

Contractual necessity — processing required to provide the Service you signed up for (account management, subscription delivery, payment verification).

Legitimate interest — processing for platform improvement, security, fraud prevention, and service analytics, where our interests do not override your rights.

Consent — processing for optional communications such as product updates or newsletters. You may withdraw consent at any time.

What We Collect

When you create an account via Google Authentication, we receive and store your name, email address, and profile picture URL. We do not receive or store your Google password or any other Google account data.

When you make a cryptocurrency payment, we store the transaction hash, sender wallet address, payment amount, token type, network, and timestamp. We do not have access to your crypto wallet, private keys, or balance. Blockchain transactions are publicly visible by nature.

When you use the platform, we automatically collect your IP address, browser type and version, device type, pages visited, features used, timestamps, and referring URL. This data is collected through server logs, not through tracking scripts or pixels.

We do not collect biometric data, precise geolocation, government identifiers, health information, or any sensitive personal data categories.

How We Use Your Data

We use your email address and name to identify your account, deliver the Service, manage your subscription, communicate essential service information (such as subscription expiry, security alerts, and significant Terms changes), and respond to your support requests.

We use payment data solely to verify cryptocurrency transactions, prevent duplicate payments, maintain financial records, and manage your subscription status.

We use usage data to monitor and improve platform performance, identify and fix bugs, understand feature adoption, detect and prevent abuse or unauthorized access, and comply with legal obligations.

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects on you.

We will never sell, rent, or trade your personal data. We will never use your email for unsolicited marketing without your explicit consent.

Data Retention

We retain your account data for as long as your account is active.

If you delete your account, we will permanently delete all personal data associated with it within 30 days, except where we are required by law to retain certain records (such as payment records for tax or accounting purposes, which may be retained for up to 7 years in anonymized form).

Server logs containing IP addresses are automatically deleted after 90 days.

Aggregated, anonymized data that cannot identify you may be retained indefinitely for analytical purposes.

Data Storage and Transfers

Your data is stored using Supabase (primary infrastructure hosted in the EU, Frankfurt region) and Vercel (global CDN with primary processing in the EU). Both providers maintain appropriate security certifications and data processing agreements.

Some data may be transferred outside the European Economic Area (EEA) when processed by our third-party service providers. In such cases, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

We use industry-standard encryption for data in transit (TLS 1.2+) and at rest (AES-256 or equivalent).

Your Rights

Under GDPR and applicable data protection laws, you have the following rights regarding your personal data.

Right of access — you may request a copy of all personal data we hold about you.

Right to rectification — you may request correction of inaccurate personal data.

Right to erasure — you may request deletion of your personal data. You can delete your account directly from your account settings or by emailing contact@osnt.in.

Right to restriction — you may request that we limit how we process your data in certain circumstances.

Right to data portability — you may request your data in a structured, commonly used, machine-readable format (JSON).

Right to object — you may object to processing based on legitimate interest.

Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at contact@osnt.in. We will respond within 30 days. If we cannot fulfill your request, we will explain why.

You also have the right to lodge a complaint with your local data protection supervisory authority.

AI-Generated Content

OSNT.IN uses artificial intelligence (specifically, large language models provided by Anthropic) to generate daily intelligence briefs from publicly available open-source data. The AI processes aggregated event data from public sources. No personal user data is included in AI prompts or used in brief generation.

AI-generated content may contain inaccuracies. Every brief includes source attribution, confidence levels, and methodology notes. See our Terms of Service for the full AI content disclaimer.

Cookies and Similar Technologies

We use only strictly necessary cookies required for authentication and session management. These cookies are essential for the Service to function and cannot be disabled.

We do not use tracking cookies, advertising cookies, analytics cookies, or any third-party cookies. We do not use pixel tags, web beacons, or similar tracking technologies.

If we introduce analytics tools in the future, we will update this policy and obtain your consent where required.

Third-Party Services

We share data with the following third-party service providers, solely as necessary to operate the Service.

Google LLC provides authentication services. When you log in, Google receives your authentication request. We receive your name, email, and profile picture from Google. We do not share any other data with Google. Google's privacy policy: https://policies.google.com/privacy

Supabase Inc. provides our database, authentication infrastructure, and file storage. Data is stored in their EU (Frankfurt) region. Supabase's privacy policy: https://supabase.com/privacy

Vercel Inc. provides hosting, serverless functions, and content delivery. Vercel's privacy policy: https://vercel.com/legal/privacy-policy

Anthropic PBC provides AI services for brief generation. We send aggregated, anonymized event data (not personal user data) to their API. Anthropic's privacy policy: https://www.anthropic.com/privacy

TronGrid (operated by TRON Foundation) is used to verify cryptocurrency payment transactions on the Tron blockchain. Only transaction hashes are sent for verification. TronGrid does not receive any personal user data.

We do not share personal data with any other third parties unless required by law.

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to anyone.

We may disclose your personal data only in the following circumstances: to comply with a legal obligation, court order, or lawful government request; to protect the rights, property, or safety of OSNT.IN, our users, or the public; to enforce our Terms of Service; or with your explicit consent.

Security Measures

We implement technical and organizational measures to protect your data, including encrypted connections (TLS 1.2+), encrypted data at rest, secure authentication via OAuth 2.0, role-based access controls, rate limiting on API endpoints, CSRF protection, regular security reviews, and incident response procedures.

Despite these measures, no method of electronic storage or transmission is completely secure. We cannot guarantee absolute security. If we become aware of a data breach that affects your personal data, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR.

Children

OSNT.IN is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at contact@osnt.in.

International Users

OSNT.IN is operated from within the European Union. If you access the Service from outside the EU, you acknowledge that your data may be transferred to and processed in the EU and other jurisdictions where our service providers operate, subject to the safeguards described in this policy.

Do Not Track

Some browsers transmit "Do Not Track" signals to websites. Because there is no industry standard for how to respond to these signals, we do not currently alter our data collection practices in response to Do Not Track signals.

Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or for other operational reasons. Changes will be posted on this page with an updated "Last updated" date.

For significant changes that materially affect how we handle your personal data, we will provide prominent notice via email or in-app notification at least 14 days before the changes take effect.

Continued use of the Service after the effective date of changes constitutes acceptance of the updated policy.

Contact and Data Protection Inquiries

For any questions about this Privacy Policy, to exercise your data protection rights, or to raise a privacy concern, contact us at contact@osnt.in.

We aim to respond to all privacy-related inquiries within 30 days.