Privacy Policy & Data Ethics

1. Our Core Privacy Philosophy

Kavach was built by Piyush Prajapati to be a shield, not a surveillance tool. Because we process potentially sensitive user inputs (such as WhatsApp forwards, voice notes, and screenshots) to detect scams, our architecture is strictly designed around ephemeral processing and zero-retention for media.

2. How We Handle Your Inputs

• URLs & Text: Sent via secure API to Google Safe Browsing and Gemini AI for analysis. We do not store this data unless you explicitly opt-in to the Community Ledger.
• Images & Screenshots: Processed in real-time. QR codes are extracted locally where possible. Images sent to Gemini Vision are analyzed and immediately discarded by our servers. We do not maintain an image database.
• Audio (Voice Notes): Processed ephemerally to detect deepfakes and social engineering tactics. The audio buffer is cleared immediately after the AI verdict is returned.

3. The Community Threat Ledger

To help protect others, users can optionally check the "Anonymously share to Community Ledger" box. If a threat is detected, we log:

1. The type of vector (Link, SMS, Image, Audio).
2. A short text snippet of the payload (e.g., the malicious URL or a fragment of the text).
3. The AI's verdict and reasoning.

We never log personally identifiable information (PII). Media files (images and audio) are never saved to the ledger.

4. Third-Party Processors

To provide enterprise-grade security, we route data through the following trusted providers:

• Google Generative AI (Gemini): Used for zero-day threat synthesis and deepfake detection.
• Google Safe Browsing: Used for deterministic URL blocklist checks.
• Vercel & Upstash Redis: Used for secure hosting, Edge API routing, and strictly enforcing API rate-limits to prevent abuse.
• Firebase Firestore: Used exclusively to host the anonymized Community Threat Ledger.