Privacy Policy

We collect the minimum data needed to run checks and deliver reports. We delete check results after 7 days. We don't sell your data. We only search publicly available databases: eCourts, MCA, phone directories, and other government records that anyone can access. If information about someone isn't in those public sources, we won't find it. But having verified information from public records is better than going in with none.

Safi is operated by Safi Holdings Ltd, registered in ADGM, Abu Dhabi Global Market, UAE. Under the Digital Personal Data Protection Act, 2023 (DPDP Act), Safi is a “Data Fiduciary.” We determine the purpose and means of processing your personal data.

Data Protection Officer: The Data Protection Officer
Email: privacy@getsafi.ai

This section serves as the privacy notice required under Section 5 of the DPDP Act, 2023 and Rule 3 of the DPDP Rules, 2025.

We collect your phone number to verify your identity via OTP, and your payment information is handled by our payment processor (we never see or store your card or UPI details). When you run a check, we collect the name and phone number of the person you're checking, your use case selection, and any optional details you provide (company name, social handle, city, etc.). We also collect standard technical data (device type, pages visited, error logs) to keep Safi running smoothly.

We use this data to provide the Safi service, process payments, improve how Safi works, communicate with you about your checks, and prevent fraud and abuse. All processing is based on your consent.

Public records about the person you check

When you run a check, we search publicly available records including eCourts India (81+ million court cases, publicly accessible at ecourts.gov.in), the Ministry of Corporate Affairs (company registrations and director details), phone directory listings, sanctions and watchlist databases, and publicly available social media profiles and news articles.

Under Section 3(c) of the DPDP Act, information published by authorised government agencies or made publicly available by the individual is classified as “public information” and is not considered personal data under the Act.

By accepting our Terms of Service and running a check, you give us consent to process your personal data for the purposes described above. Your consent is freely given (you can use the free check without payment), specific (limited to the stated purposes), informed (this notice describes exactly what we collect and why), and clear (you actively accept the Terms of Service before your first check).

You can withdraw consent at any time by emailing privacy@getsafi.ai or deleting your account. Withdrawal does not affect the legality of processing done before withdrawal. If you withdraw consent, we will delete your personal data within 30 days (except where retention is required by law).

We work with a small number of trusted service providers to process payments, deliver messages, generate reports, track errors, and understand how people use Safi. Each provider only receives the minimum data needed to do their job, and all are contractually required to protect your data in compliance with the DPDP Act.

We do not sell, rent, trade, or otherwise monetise your personal data. We do not share your data with data brokers or advertisers.

As a Data Principal, you have the right to access your personal data (Section 11), request corrections (Section 12), request erasure (Section 12), withdraw consent (Section 6), file a grievance (Section 13), and nominate someone to exercise your rights on your behalf (Section 14). To exercise any of these rights, email privacy@getsafi.ai. We will verify your identity via OTP and respond within 30 days.

If someone believes they have been checked on Safi, they can contact us at privacy@getsafi.ai. We will verify their identity and, if data exists within the 7-day window, provide a summary of what publicly available information we found. If data has already been deleted, we will confirm that. We will never reveal who checked them, how many times, or which use case was selected.

Check results are automatically deleted after 7 days, no exceptions. Your account data (phone number) is kept while your account is active and deleted within 30 days of account closure. Payment records are retained as required by law (typically 7 years). Analytics data is kept for 90 days.

Under Rule 8 of the DPDP Rules, 2025, if you do not use Safi for 1 year, we will notify you 48 hours before erasing your account data.

Your data is encrypted in transit and at rest (AES-256), protected by row-level database security, and accessible only to essential systems. Check results are automatically deleted after 7 days.

If we experience a personal data breach that affects your data, we will notify the Data Protection Board of India as soon as practicable and notify you via WhatsApp, SMS, or email with details of the breach and steps you should take. Under the DPDP Act and Rules, all breaches must be reported regardless of severity.

Safi is operated from the UAE. Your data may be processed in the UAE, the United States, and other countries where our service providers operate. Under Section 16 of the DPDP Act, personal data may be transferred outside India except to countries specifically restricted by the Central Government. We ensure that all transfers are protected by appropriate contractual safeguards.

We use essential cookies to keep Safi working (authentication and session management) and optional analytics cookies to understand usage patterns. You can opt out of analytics cookies when you first visit. We don't use advertising or third-party tracking cookies.

Safi is not for anyone under 18. We do not knowingly collect or process personal data of children as defined under the DPDP Act. If we learn that a user is under 18, we will terminate their account and delete all associated data.

Grievance Officer: The Data Protection Officer
Email: grievance@getsafi.ai

We will acknowledge your complaint within 24 hours and provide a resolution within 30 days. If you are not satisfied, you may file a complaint with the Data Protection Board of India.

If we make material changes, we'll notify you via WhatsApp or in-app notice at least 30 days before they take effect. Your continued use of Safi after the effective date means you accept the updated policy.

If any provision of this policy is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary, and the remaining provisions will remain in full force and effect.

Privacy and data rights: privacy@getsafi.ai
Grievances: grievance@getsafi.ai
General questions: hello@getsafi.ai