Privacy Policy

We collect the minimum data needed to run checks and deliver reports. We delete check results after 7 days. We don't sell your data. We only search publicly available databases: eCourts, MCA, phone directories, and other government records that anyone can access. If information about someone isn't in those public sources, we won't find it. But having verified information from public records is better than going in with none.

In this document, “Safi,” “we,” and “us” mean the company that operates getsafi.ai. Full company details are at the end of this page. Under the Digital Personal Data Protection Act, 2023 (DPDP Act), Safi is a “Data Fiduciary” and determines the purpose and means of processing your personal data. Our Data Protection Officer can be reached at privacy@getsafi.ai.

This section serves as the privacy notice required under Section 5 of the DPDP Act, 2023 and Rule 3 of the DPDP Rules, 2025.

We collect your phone number to verify your identity via OTP, and your payment information is handled by our payment processor (we never see or store your card or UPI details). When you run a check, we collect the name and phone number of the person you're checking, your use case selection, and any optional details you provide (company name, social handle, city, etc.). We also collect standard technical data (device type, pages visited, error logs) to keep Safi running smoothly.

We use this data to provide the Safi service, process payments, improve how Safi works, communicate with you about your checks, and prevent fraud and abuse. All processing is based on your consent.

Public records about the person you check

When you run a check, we search publicly available records including eCourts India (81+ million court cases, publicly accessible at ecourts.gov.in), the Ministry of Corporate Affairs (company registrations and director details), phone directory listings, sanctions and watchlist databases, and publicly available social media profiles and news articles.

Your personal data (phone number, check history) is processed based on your consent. Public records about the person you check are exempt: under Section 3(c) of the DPDP Act, information published by authorised government agencies or made publicly available by the individual is classified as “public information” and is not considered personal data under the Act.

By accepting our Terms of Service and running a check, you give us consent to process your personal data for the purposes described above. Your consent is freely given (you can use the free check without payment), specific (limited to the stated purposes), informed (this notice describes exactly what we collect and why), and clear (you actively accept the Terms of Service before your first check).

You can withdraw consent at any time by emailing privacy@getsafi.ai or deleting your account. Withdrawal does not affect the legality of processing done before withdrawal. If you withdraw consent, we will delete your personal data within 30 days (except where retention is required by law).

Yes, for a few specific things. When you give us your phone number, you agree to receive text messages (SMS), WhatsApp messages, and voice calls from us for:

• One-time verification codes when you sign in.
• Safety alerts and check-ins during a Go session (our “Watch Over Me” feature), sent to you and to the safety contacts you have added.
• Voice calls from Aya, our safety voice, when a Go session safety trigger fires (you held SOS without sliding to cancel, you tapped uneasy, you went off your planned route, your check-in ran late) or when you ask Aya to call you back to debrief a session.
• Voice calls from Aya to your squad if a safety call to you ends with us not reaching you. We call squad members one at a time, in your set order, until someone commits to checking on you.
• Alerts about new findings on people you have added to your watchlist.
• Operational notifications about your account, for example payment receipts or expiry reminders.

Message and call frequency varies based on how you use Safi. Standard message and data rates from your carrier may apply. We do not send marketing or promotional messages.

In India, messages are sent primarily via WhatsApp Business. SMS is used as a fallback when WhatsApp delivery fails. To stop receiving messages, reply STOP to any SMS or WhatsApp message from us. You can also register your number on India's Do Not Disturb registry, the National Customer Preference Register, at nccptrai.gov.in.

To get help, reply HELP or email hello@getsafi.ai. Stopping messages will also stop the safety alerts above, so we recommend keeping them on while you are an active Safi user. You can also disable Aya voice calls in your account settings; safety triggers fall back to SMS-only alerts when Aya is off.

Our current providers are Twilio (SMS, WhatsApp connectivity, and voice telephony), the WhatsApp Business API via Twilio (WhatsApp messaging), and ElevenLabs (Aya's voice synthesis and live transcription).

Aya is the voice we use to check on you. When something on your phone signals you might need help (you held SOS without sliding to cancel, you tapped uneasy, you went off your planned route, your check-in ran late), Aya calls you to make sure you're okay before we alert your squad. You can also tap “Talk to Aya about it” after a session to debrief out loud.

When Aya calls, here's what we keep:

• The transcript of the conversation, encrypted, for 30 days. After that, it's gone automatically.
• A short record of the call (when she called, how long it lasted, what she concluded). We keep this for as long as your account is active so you can see your safety history.
• For “Talk to Aya about it” reflection calls only, Aya generates 3 first-person notes from the call (“your notes from tonight”). They're yours alone, never shared with your squad. You can edit or delete them any time.

What we don't keep: the audio. Aya runs on ElevenLabs, who handle her voice and the live transcription. We don't ask them to record the audio, and we don't store it on our side either.

What you can do:

• Read every transcript via Account → Privacy receipts.
• Delete a transcript early. We clear the transcript and any notes immediately.
• Share a transcript with someone you choose, via a one-time link that expires in 24 hours. You can redact lines before you share, and revoke the link any time.
• Disable Aya in your account settings. Voice triggers fall back to SMS-only safety alerts.

Under the DPDP Act, you give us specific consent for voice features the first time Aya would call you. The consent prompt explains what Aya does, what we keep, and how to disable it. You can withdraw consent any time in your account settings, and we will stop placing voice calls to you (safety triggers fall back to SMS).

After the call ends, the post-call transcript runs through Anthropic (Claude) so we can tell whether you sounded fine or whether your squad needs to step in. Anthropic processes the transcript text only, not the audio, under their zero-retention API policy.

We work with a small number of trusted service providers to process payments, deliver messages, generate reports, track errors, and understand how people use Safi. Each provider only receives the minimum data needed to do their job, and all are contractually required to protect your data in compliance with the DPDP Act.

We do not sell, rent, trade, or otherwise monetise your personal data. We do not share your data with data brokers or advertisers.

As a Data Principal, you have the right to access your personal data (Section 11), request corrections (Section 12), request erasure (Section 12), withdraw consent (Section 6), file a grievance (Section 13), and nominate someone to exercise your rights on your behalf (Section 14). While not required by law, we will provide a summary of your data in a structured format upon request. To exercise any of these rights, email privacy@getsafi.ai. We will verify your identity via OTP and respond within 30 days.

If someone believes they have been checked on Safi, they can contact us at privacy@getsafi.ai. We will verify their identity and, if data exists within the 7-day window, provide a summary of what publicly available information we found. If data has already been deleted, we will confirm that. We will never reveal who checked them, how many times, or which use case was selected.

Report details are automatically deleted after 7 days. In rare cases involving legal disputes, data may be retained for up to 30 days. Basic check history (what you checked and when) is kept while your account is active. Your account data (phone number) is kept while your account is active and deleted within 30 days of account closure. Payment records are retained as required by law (typically 7 years). Analytics data is kept for 90 days.

Under Rule 8 of the DPDP Rules, 2025, if you do not use Safi for 1 year, we will notify you before erasing your account data. We are implementing this requirement ahead of the full compliance deadline.

Your data is encrypted in transit and at rest (AES-256), protected by row-level database security, and accessible only to essential systems. Check results are automatically deleted after 7 days. Voice call transcripts are encrypted at rest and automatically deleted after 30 days.

If we experience a personal data breach that affects your data, we will notify the Data Protection Board of India as soon as practicable and notify you via WhatsApp, SMS, or email with details of the breach and steps you should take. Under the DPDP Act and Rules, all breaches must be reported regardless of severity.

Safi is operated from the UAE. Your data may be processed in the UAE, the United States, and other countries where our service providers operate. Under Section 16 of the DPDP Act, personal data may be transferred outside India except to countries specifically restricted by the Central Government. We ensure that all transfers are protected by appropriate contractual safeguards.

We use essential cookies to keep Safi working (authentication and session management) and optional analytics cookies to understand usage patterns. You can opt out of analytics cookies when you first visit. We don't use advertising or third-party tracking cookies.

Safi is not for anyone under 18. We do not knowingly collect or process personal data of children as defined under the DPDP Act. If we learn that a user is under 18, we will terminate their account and delete all associated data.

Grievance Officer: The Data Protection Officer
Email: grievance@getsafi.ai

We will acknowledge your complaint within 24 hours and provide a resolution within 30 days. If you are not satisfied, you may file a complaint with the Data Protection Board of India.

If we make material changes, we'll notify you via WhatsApp or in-app notice at least 30 days before they take effect. Your continued use of Safi after the effective date means you accept the updated policy.

If any provision of this policy is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary, and the remaining provisions will remain in full force and effect.

Safi is operated by Safi Technologies L.L.C-FZ, a limited liability company registered in Meydan Free Zone, Dubai, United Arab Emirates (license 2647207.01). Our registered office is at Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, United Arab Emirates.

Privacy and data rights: privacy@getsafi.ai
Grievances: grievance@getsafi.ai
General questions: hello@getsafi.ai