Privacy Policy

Last updated: April 2026 — DPDP Act 2023 + GDPR aligned

1. What we collect

When you generate or verify a Lyrics D.N.A™ certificate, we collect: the submitted lyrics/audio content, IP address, device fingerprint, approximate geolocation (city-level, via MaxMind GeoLite2), timestamp, session identifiers, and any KYC data you voluntarily provide (Aadhaar reference, phone number).

PII fields (IP, fingerprint, geolocation) are encrypted at rest using AES-256-GCM before being written to MongoDB.

2. Why we collect it

• To issue a tamper-proof certificate of authorship under the Bharatiya Sakshya Adhiniyam, 2023 Section 63(4)(c) and IT Act, 2000 Section 3A.
• To maintain a forensic audit trail (hash-chained, Bitcoin-anchored) that meets the due-diligence bar of IT Act Section 79.
• To verify authenticity when a third party queries the certificate.

3. Your rights (DPDP Act 2023)

• Access — request a copy of data we hold on you
• Correction — fix inaccurate personal data
• Erasure — subject to statutory retention obligations (audit logs are immutable)
• Grievance — contact our DPO at ip@talantoncore.in

4. Sharing

Certificates are public verifiable artifacts. The content submitter's identity (name, KYC reference) is shown on the certificate when the certificate is pulled via the verify URL. Raw PII (IP, fingerprint, etc.) is never surfaced publicly.

5. Retention

Certificates themselves are permanent by design (blockchain-anchored and archived to Arweave for 200+ years). PII fields may be erased on valid DPDP request, while the certificate's cryptographic evidence remains.

6. Contact

TalantonCore LLP — Graphix-2, A-13, Sector 62, Noida — 201309, Uttar Pradesh, India
Email: ip@talantoncore.in