OCDAnchor is committed to protecting your privacy and ensuring you have a positive experience on our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (www.ocdanchor.com), use our mobile applications, and access our services.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our platform. By accessing and using OCDAnchor, you acknowledge that you have read and understood this Privacy Policy.

We are a Section 8 Company registered in India, operating under the laws of India, particularly the Information Technology Act, 2000, and the Companies Act, 2013. This Privacy Policy complies with applicable Indian data protection laws and regulations.

If you have any questions about this Privacy Policy or our privacy practices, please contact us using the information provided in Section 11.

2.1 Information You Provide Directly:

Account Registration Information: • Full name or display name • Email address (primary contact) • Phone number (optional but recommended) • Date of birth • Gender/Gender identity (optional) • Address/Location information • User preferences and communication preferences

Health and OCD-Related Information: • Information about OCD diagnosis (voluntary) • OCD subtypes you experience or are interested in • Treatment history and current treatments • Mental health provider information (optional) • Symptoms and challenges (in journal entries or posts) • Recovery goals and progress tracking • Any other health-related information you choose to share

Communication Data: • Messages you send to support • Forum posts and community discussions • Chat messages with other users • Feedback and suggestions you provide • Complaint and appeals submissions • Any other communication you initiate

Payment Information: • Payment method details (credit/debit card, UPI, etc.) • Billing address and name • Transaction history and invoices • Payment status and preferences • Refund requests and communications

Profile Information: • Profile picture or avatar • Bio and personal description • Interests and preferences • Links to social media profiles (if connected) • Language preferences

2.2 Information Collected Automatically:

Device Information: • Device type (smartphone, tablet, desktop) • Operating system and version • Browser type and version • Device identifiers (IMEI, IDFA if applicable) • IP address • Device settings and configurations

Usage Information: • Pages visited and time spent on each page • Features used and frequency of use • Search queries and filters applied • Links clicked within the platform • Actions performed (bookmarks, likes, shares) • Session duration and frequency of visits • Referral source (how you found OCDAnchor) • Download history • Print or export activities

Cookies and Tracking Technologies: • First-party cookies set by OCDAnchor • Third-party cookies from analytics providers • Pixel tags and beacons • Web storage (localStorage, sessionStorage) • Similar tracking technologies [See Section 6 for more details on cookies]

Location Information: • General location based on IP address • GPS coordinates if you grant permission • Location inferred from browser or device settings • State/city level location data for service delivery

2.3 Information from Third Parties:

Social Media Connections: • If you connect your social media account, basic profile information • Public profile data from social media platforms • Friend lists or connections (if you allow)

Therapist Referrals: • Information therapists provide about you (with your consent) • Treatment notes or summaries therapist shares • Progress reports and recommendations

Third-Party Services: • Data from payment processors about transactions • Analytics data from Google Analytics and similar services • Fraud detection data from security services • Customer support data from third-party platforms

Public Sources: • Publicly available information about you (if indexed) • Information about your profession or credentials (if relevant) • Verified public records (if you are a healthcare professional)

3.1 Primary Purposes:

Providing Services: • Creating and maintaining your account • Delivering educational content and resources • Facilitating peer support connections • Connecting you with qualified therapists • Processing appointments and bookings • Providing journaling and mood tracking tools • Sending service notifications and updates • Responding to your inquiries and requests

Communication: • Sending transactional emails (confirmations, receipts) • Account notifications and security alerts • Service updates and maintenance notifications • Personalized recommendations • Newsletter and educational content (with consent) • Appointment reminders and follow-ups • Response to your messages and inquiries

3.2 Secondary Purposes:

Improvement and Optimization: • Analyzing platform usage patterns • Identifying and fixing bugs and technical issues • Enhancing features and user experience • Testing new features and improvements • Understanding user preferences and needs • Optimizing performance and loading times • A/B testing different versions of pages

Research and Analytics: • Conducting anonymous research on OCD and support (with consent) • Analyzing aggregated usage statistics • Understanding OCD support needs • Evaluating effectiveness of resources • Contributing to mental health awareness • Publishing anonymized research findings

Personalization: • Customizing your experience based on preferences • Recommending relevant content and resources • Suggesting OCD types or topics of interest • Personalizing educational content • Customizing notification frequency and types • Remembering your preferences and settings

3.3 Legal and Safety Purposes:

Compliance and Legal Obligations: • Complying with laws, regulations, and legal processes • Responding to subpoenas or government requests • Complying with court orders • Fulfilling contractual obligations • Maintaining required business records

Fraud Prevention and Security: • Detecting and preventing fraud and abuse • Identifying unauthorized access attempts • Monitoring for suspicious activities • Preventing misuse of the platform • Protecting user accounts and data • Complying with anti-money laundering laws • Identifying and addressing security threats

Protection of Rights: • Protecting OCDAnchor's intellectual property rights • Enforcing Terms and Conditions • Protecting user safety and privacy • Defending against legal claims • Resolving disputes

3.4 Marketing (with Consent):

Promotional Communications: • Sending promotional emails and newsletters • Informing about special offers or events • Sharing relevant course or subscription offers • Informing about platform updates and new features • Marketing communications (only with opt-in consent)

3.5 Restrictions on Use:

We will NOT: • Sell your personal information to third parties for profit • Share health information without explicit consent • Use health data for discriminatory purposes • Process data beyond stated purposes without new consent • Retain data longer than necessary • Share data with competing OCD platforms • Use data to create profiles for non-consented purposes

4.1 When We Share Your Information:

With Therapists: • Your name and contact information • OCD-related information you choose to share • Appointment history and preferences • Your consent and authorization status • Only information necessary for therapy provision

With Service Providers: OCDAnchor may share information with third parties who provide services on our behalf: • Payment processors (for transaction processing) • Email service providers (for sending communications) • Analytics providers (Google Analytics, Mixpanel) • Hosting providers (AWS, DigitalOcean) • Cloud storage providers • Customer support platforms • Security and fraud detection services

Service providers are bound by confidentiality agreements and data processing agreements limiting their use of data to providing services on our behalf.

With Legal Requirements: • Government authorities when legally required • Law enforcement responding to legal process • Courts and judicial authorities • Regulatory bodies overseeing charities/companies • When necessary to protect life and safety

With Your Consent: • Any other sharing requires your explicit opt-in consent • You can withdraw consent at any time • Sharing will be clearly disclosed before occurring

4.2 Information We Do NOT Share:

Health Information: • Your OCD diagnosis and health details are NOT shared with marketers • Health data is NOT sold to any third parties • Health information is NOT used for profiling or discrimination

Sensitive Data: • Mental health diagnoses and conditions • Mental health treatment details • Therapy session information • Psychiatric medication information • Suicidal ideation or crisis information

Personal Identifiers: • Your full name is not shared with advertisers • Contact information is not shared with marketers • Location data is not sold to third parties • Device identifiers are not shared without consent

4.3 Data Retention by Third Parties:

• Third-party data retention is governed by their privacy policies • OCDAnchor is not responsible for third-party data practices • Third parties must comply with our data processing agreements • Users can review third-party privacy policies independently

4.4 Aggregated and De-identified Data:

OCDAnchor may use aggregated, anonymized data that cannot identify you: • Statistical analysis of platform usage • Trends in OCD awareness and support • Research on effectiveness of resources • Contributing to mental health knowledge • Sharing anonymized findings in research or reports

Aggregated data cannot be combined with other data to identify you.

4.5 Business Transfers:

In case of merger, acquisition, or sale: • Your data may be transferred as part of business assets • You will be notified of any material changes to this privacy policy • The acquiring entity must agree to honor this Privacy Policy • You have the right to opt-out or delete your account

5.1 Security Measures:

Encryption: • All data in transit is encrypted using TLS/SSL protocols • Sensitive data is encrypted at rest using industry-standard encryption • Password data is hashed using secure algorithms (bcrypt, argon2) • API communications are encrypted end-to-end

Access Controls: • Access to personal data is restricted to authorized personnel • Employee access is limited to "need-to-know" basis • Role-based access controls limit access by job function • Access logs are maintained for audit purposes • Multi-factor authentication for staff access to sensitive systems

Infrastructure Security: • Firewalls protect against unauthorized access • Intrusion detection systems monitor for attacks • Regular security patches and updates • Vulnerability scanning and penetration testing • DDoS protection and mitigation • Redundant systems and backup protocols

Data Backup: • Regular encrypted backups of user data • Backups stored in secure, geographically diverse locations • Backup integrity tested regularly • Rapid recovery procedures in case of data loss • Backup retention follows regulatory requirements

5.2 Data Storage Location:

Primary Storage: • OCDAnchor data is primarily stored on servers in India • Complies with India's localization requirements • Data centers follow industry-standard security practices • Physical security of data centers meets international standards

Secondary Storage: • Backup data may be stored in secure Indian data centers • For future international expansion, data may be stored in compliant locations • Any cross-border data transfer complies with applicable regulations • Users will be notified of significant storage location changes

5.3 Data Retention Periods:

Active Account Data: • Personal and account data retained as long as account is active • Continues for 12 months after account deactivation unless deleted • Longer retention required for legal or contractual obligations • Health-related data may be retained longer for continuity of care

Transaction Data: • Payment and transaction records retained for 7 years • Required for audit and compliance purposes • Tax records retained per Income Tax Act requirements

Communications: • Email and support communications retained for 2 years • Forum and community posts retained as long as account is active • Direct messages retained until deleted by users or 2 years of inactivity • Deleted posts are archived for 30 days, then permanently removed

Analytics Data: • Raw analytics data retained for 26 months • Aggregated analytics retained indefinitely (cannot identify users) • User identifiers removed from analytics after 26 months

Legal Holds: • Data subject to legal holds retained as required • Data required by regulatory bodies retained as required • Data in disputes retained pending resolution

Deleted Data: • Upon account deletion, personal data is deleted within 30 days • Some data anonymized rather than deleted for analytics • Backup copies retained for 90 days then purged • Legal hold data retained longer if required

5.4 Data Deletion:

Right to Deletion: • Users can request data deletion at any time • Deletion request should be submitted through account settings • OCDAnchor will delete data within 30 days (with exceptions) • Users will receive confirmation of deletion

Exceptions to Deletion: • Data required for legal obligations • Data needed to resolve disputes • Data necessary for safety or fraud prevention • Backup data (deleted after 90 days) • Aggregated, anonymized data that cannot identify you • Data subject to legal holds • Data necessary to comply with financial regulations

Anonymization: • Some data is anonymized rather than deleted • Anonymized data cannot identify you • Anonymized data may be retained indefinitely

5.5 Security Incident Response:

In Case of Data Breach: • OCDAnchor will investigate the breach promptly • Affected individuals will be notified without undue delay • Notification will be in writing via email or registered mail • Notification will describe the breach and types of data involved • Notification will include steps users should take • Notification will include OCDAnchor's contact information • Regulatory authorities will be notified if required by law

Users' Responsibilities: • Report suspected security breaches immediately • Use strong, unique passwords • Do not share account credentials • Maintain device security and software updates • Secure your internet connection when accessing the platform

6.1 What Are Cookies?

Cookies are small text files stored on your device that contain information about your browsing behavior. OCDAnchor uses cookies to enhance your experience and analyze platform usage.

Types of Cookies Used:

Essential Cookies (Cannot be disabled): • Session cookies for login functionality • Cookies preventing fraud and detecting abuse • Cookies remembering consent preferences • Cookies enabling platform security features • Necessary for basic platform operation

Performance Cookies (Analytics): • Google Analytics cookies tracking usage patterns • Mixpanel cookies analyzing user behavior • Hotjar cookies recording session replays (if enabled) • Cookies measuring page load times • Cookies analyzing which features are used most

Preference Cookies: • Cookies remembering your language preference • Cookies storing notification preferences • Cookies remembering your theme choice • Cookies storing accessibility preferences • Cookies remembering recent searches

Marketing Cookies: • Cookies from social media platforms • Retargeting cookies from advertising networks • Cookies tracking conversion and campaign performance • Cookies enabling interest-based advertisements • May be shared with advertising partners

6.2 Third-Party Cookies:

Google Analytics: • Tracks usage patterns and user behavior • Identifies traffic sources and user flows • Privacy Policy: https://policies.google.com/privacy • Opt-out available through Google Analytics Opt-out

Social Media Pixels: • Facebook pixel for conversion tracking • LinkedIn pixel for professional content tracking • Twitter pixel for engagement tracking • Privacy policies governed by respective platforms • Users can adjust privacy settings on social platforms

6.3 Cookie Management:

Disabling Non-Essential Cookies: • Visit our cookie preferences center on the platform • Select which cookie types to allow or disable • Essential cookies cannot be disabled (required for function) • Preferences are saved in a persistent cookie

Browser Settings: • Most browsers allow you to refuse cookies or alert you • You can delete cookies through browser settings • Instructions vary by browser (Chrome, Firefox, Safari, Edge) • Disabling cookies may reduce platform functionality

Do Not Track (DNT): • If your browser sends DNT signals, we respect them • Some analytics may be disabled if DNT is enabled • Third parties may not honor DNT signals

6.4 Consequences of Disabling Cookies:

If you disable cookies, you may experience: • Inability to remain logged in • Loss of personalization and preferences • Some features may not function properly • Reduced platform performance • Need to re-enter information on each visit

6.5 Cookie Retention:

Session Cookies: • Automatically deleted when you close your browser • No manual deletion required

Persistent Cookies: • Retained for duration specified by cookie • Typically 1 year to 3 years • Can be manually deleted through browser settings • Can be managed through our preferences center

7.1 Your Rights in India:

Right to Access: • You have the right to know what information we hold • You can request a copy of your data • Request must be submitted in writing • Response provided within 30 days • Data provided in machine-readable format if possible • Free of charge for one request per year

Right to Correction/Rectification: • You can correct inaccurate or incomplete information • You can update outdated information • Changes made directly through account settings • Or request correction through support • OCDAnchor will verify changes before updating • We will notify affected services of corrections

Right to Deletion ("Right to Be Forgotten"): • You can request deletion of your data • Subject to legal and operational exceptions • See Section 5.4 for deletion details • Deletion confirmed within 30 days • Some data may be anonymized instead of deleted

Right to Data Portability: • You can request a copy of your data in machine-readable format • Available in formats like JSON or CSV • Can transfer data to other services • Request submitted through account settings or support • Provided within 30 days at no charge

Right to Restrict Processing: • You can request restriction of data processing • Applies when accuracy, purpose, or legality is disputed • We will restrict processing during verification • Some services may be unavailable during restriction

Right to Object: • You can object to marketing communications • Opt-out of newsletters and promotional content • Object to targeted advertising • Object to specific processing purposes • We will honor objections within 30 days

Right to Lodge a Complaint: • Right to complain to data protection authorities • India's data protection authority can be contacted • Grievances can be submitted through our process • No penalty for submitting complaints • Right to escalate to legal/regulatory bodies

7.2 How to Exercise Your Rights:

Submitting Requests: • Submit requests through account settings "Data Privacy" section • Email: privacy@ocdanchor.com with subject "Data Access Request" • Include your account email and specific request • Include verification information for security • Provide proof of identity if requesting for first time

Request Processing: • We will respond within 30 days • If unable to respond in 30 days, we will explain and provide timeline • Complex requests may require 60-90 days • No charge for most requests • Requests may be denied if: - Legally required to retain data - Data not held by OCDAnchor - Request is vexatious or repetitive - Honoring request would violate others' privacy

7.3 Parent/Guardian Rights:

For Users Under 18: • Parents/guardians can request information about the minor • Parents can exercise rights on behalf of minor • Verifiable proof of guardianship required • OCDAnchor recommends parental monitoring of minor accounts

7.4 Rights Related to Automated Decision-Making:

When We Use Automated Decisions: • If we make decisions about you automatically (recommendations, content filtering) • You have the right to: - Request human review of automated decisions - Request explanation of decision logic - Challenge or opt-out of automated decisions - Know when automated decision-making is used

Requesting Explanation: • Contact support@ocdanchor.com • Explain which decision or recommendation you question • Provide relevant details • We will explain the decision logic and options within 30 days

8.1 Age Restrictions:

Legal Age Requirement: • OCDAnchor is intended for users 18 years and older • Users under 18 require parental/guardian consent • We do not knowingly collect data from children under 13 without parental consent • If we discover data from child under 13 without consent, we delete it

8.2 Parental Consent:

For Users Ages 13-17: • Parent/guardian must provide informed consent • Consent obtained through account creation process • Parent/guardian can review consent and privacy practices • Parent/guardian can withdraw consent anytime • Account may be suspended if consent withdrawn

How We Verify Consent: • Email verification to parent/guardian email • Click-through acknowledgment from parent/guardian • Self-certification by user and parent/guardian • Limited verification based on information provided

8.3 Parental Controls:

Parents/Guardians Can: • Monitor their minor's platform usage • Review account activity and history • Restrict access to certain features • Set communication limits • Receive activity reports • Contact support for account management help

Request Parental Access: • Complete parental verification process • Provide identifying information for minor • Accept guardian terms and conditions • Receive dashboard for monitoring • Set limits and restrictions through dashboard

8.4 Minor-Specific Protections:

Additional Safeguards: • No marketing or targeted ads to minors • Restricted data collection for minors • Community moderation for safety • Restrictions on direct messaging with strangers • Enhanced privacy settings by default • Regular age verification checks

8.5 What Minors Should Know:

Privacy Tips for Young Users: • Be cautious about sharing personal information • Do not share identifying details in public forums • Be respectful of others' privacy in communities • Report concerning behavior to moderators • Communicate with parents/guardians about online activities • Use strong, unique passwords • Do not meet strangers from the platform in person without parental approval

8.6 Parental Concerns:

If You Have Concerns: • Contact support@ocdanchor.com • Provide detail of your concern • Include account information if applicable • We will investigate within 24-48 hours • Privacy officer available for serious concerns

For Urgent Safety Issues: • Contact local law enforcement • Contact National Centre for Missing & Exploited Children (India) • Contact Cybercrime Helpline: 1800-11-4141

9.1 India-Based Operations:

Data Localization: • OCDAnchor primarily operates from and stores data in India • Complies with India's localization requirements • Data centers located in India meet security standards • No routine transfer of data outside India

Cross-Border Transfers: • International transfers only with: - User explicit consent - Legal requirement - Third-party service necessity - Adequate safeguards in place • Transfer requires Standard Contractual Clauses or equivalent • Users notified before any international transfer

9.2 Compliance with Indian Laws:

Information Technology Act, 2000: • Compliance with IT Act provisions • Data protection measures per IT Rules, 2021 • Interim Guidelines on Online Services • Implementation of reasonable security practices

Companies Act, 2013: • Compliance as Section 8 Company • Governance and accountability measures • Regular audit of practices • Reporting to regulators

Personal Data Protection Framework: • Pending Personal Data Protection Act compliance (when enacted) • Best practices aligned with PDPA draft principles • Privacy by design principles implemented • Privacy impact assessments conducted

Other Applicable Laws: • Consumer Protection Act, 2019 • Telecom (Do Not Call) Regulations • Payment Cards Industry (PCI) Compliance • Reserve Bank of India Payment Systems Regulations

9.3 Regional Compliance:

West Bengal Specific: • Registered office in West Bengal • Subject to West Bengal law for disputes • Compliant with state-specific regulations • State regulatory authority engagement

9.4 Regulatory Cooperation:

Cooperation with Authorities: • Cooperation with Ministry of Electronics & IT • Response to RBI and financial regulator inquiries • Cooperation with law enforcement with valid legal process • Transparency reports available upon request

Compliance Documentation: • Privacy policies available for review • Security practices documented • Data handling procedures documented • Audit trails maintained • Regular compliance assessments

10.1 Health & OCD Information:

Special Protection: • OCD and mental health data classified as sensitive • Extra protections implemented for health data • Limited access to authorized personnel only • Enhanced encryption and security • Stricter consent requirements • Clear disclosure of uses • Right to object to processing

How We Protect Health Data: • Separate storage from general account data • Additional access controls and monitoring • Regular security audits specific to health data • Staff training on health data sensitivity • Limited retention periods • Encrypted communications • De-identification when possible

Your Control Over Health Data: • You can limit health information collection • You can request what health data we hold • You can restrict uses of health data • You can delete health data anytime • Health data not used for profiling or discrimination • Health data not sold to third parties

10.2 Biometric Data (if collected):

If Applicable: • Voice or face recognition data (if facial login offered) • Biometric data treated as sensitive • Explicit consent required before collection • Limited retention to purpose period • Cannot be sold or shared • Right to deletion of biometric data • Cannot be used for non-consented purposes

10.3 Payment Card Information:

Limited Handling: • OCDAnchor does not store complete card details • Payment processing handled by secure third parties • Card data encrypted with highest standards • PCI DSS compliance maintained • Never used beyond payment processing • Immediately deleted upon payment completion • Secure deletion procedures implemented

10.4 Location Data:

If Collected: • General location inferred from IP address • GPS coordinates only with explicit permission • Location data used to: - Provide location-specific services - Show nearby therapists - Comply with legal requirements • You can disable location sharing anytime • Location data deleted upon request • Location data not used for profiling

11.1 Third-Party Services:

Payment Processors: • Razorpay, Stripe, or other payment providers • Your card data handled by payment processors • OCDAnchor does not control payment processor privacy • Payment processor privacy policies apply • Separate consent may be required for payment processor

Analytics Providers:

Google Analytics: • Analyzes website usage patterns • Privacy Policy: https://policies.google.com/privacy • You can opt-out: https://tools.google.com/dlpage/gaoptout • Data retention: 26 months default • Deidentification: Yes, by default

Mixpanel: • User analytics and behavior tracking • Privacy Policy: https://mixpanel.com/legal/privacy-policy/ • Opt-out: Available through platform preferences • Data retention: Per Mixpanel policy • Deidentification: Aggregate analytics available

Hotjar (If Enabled): • Session replay and heat mapping • Privacy Policy: https://www.hotjar.com/privacy • Opt-out: Can disable in preferences • Data retention: Per Hotjar policy • Sensitive data redaction: Implemented

Email Providers: • SendGrid, AWS SES, or similar • Email content handled by email provider • Email provider privacy policies apply • Your email is processed per email provider terms • GDPR/local law compliance by email provider

Cloud Hosting: • AWS, DigitalOcean, or similar providers • Infrastructure privacy governed by provider terms • Data centers meet security standards • Compliant with data localization requirements • Backup and disaster recovery per provider terms

11.2 Social Media Integration:

If You Connect Social Accounts: • Profile data imported from social platform • Governed by social platform privacy policy • OCDAnchor has access to basic profile information • Can disconnect social accounts anytime • Disconnecting removes access to social data • Social platforms have their own data retention

11.3 External Therapist Directory:

Therapist Information: • Therapist details provided by therapist • Therapist responsible for their privacy compliance • OCDAnchor not responsible for therapist data practices • You should review therapist privacy practices • Therapist contact information may be shared with patients • Therapist feedback may be shared (with consent)

11.4 Link to Third-Party Policies:

When Sharing Your Data: • You are subject to third-party privacy policies • OCDAnchor not responsible for third-party practices • Third parties may have different privacy standards • Review third-party privacy policies before using services • Data Protection Agreement requirements with third parties

Links in Platform: • External links may have their own privacy policies • OCDAnchor not responsible for external websites • Third-party websites have their own privacy practices • Use external websites at your own risk

12.1 Data Protection Officer:

Contact Information: • Email: privacy@ocdanchor.com • Address: OCDAnchor, Gitanjali Park, Sonamukhi Bagpota Link Road, Kolkata, West Bengal 700137 • Phone: [To be provided] • Response time: Within 5-7 business days

For Privacy Concerns: • Submit detailed description of concern • Include relevant dates and information • Attach supporting documentation if available • Include your preferred contact method • Escalation available for urgent matters

12.2 Grievance Redressal:

Complaint Process: • Submit complaint through support@ocdanchor.com • Include: Name, contact info, detailed complaint, desired resolution • Initial acknowledgment: Within 24 hours • Investigation completion: Within 15-30 days • Resolution communication: In writing

Appeal Process: • If unsatisfied with resolution, request escalation • Escalation reviewed by Data Protection Officer • Final decision within 15 days of escalation • Escalation available for all privacy issues

Regulatory Complaints: • You can complain to regulatory authorities • National Consumer Commission for consumer issues • Relevant authorities for data protection violations • Filing does not prevent OCDAnchor's internal process

12.3 Communication Preferences:

Managing Preferences: • Email notifications: Adjust in account settings • Marketing emails: Opt-out link in each email • SMS notifications: Disable through account settings • Push notifications: Control through device settings • Community notifications: Customize in preferences • Frequency preferences: Set in account dashboard

Opting Out: • Unsubscribe links in all marketing emails • "Do Not Call" registration for phone calls • SMS opt-out by replying "STOP" • Push notification disabling through device • Marketing opt-out in account settings • Takes effect within 24-48 hours

Essential Communications: • Service notifications will continue • Critical security alerts will be sent • Legal or regulatory notices may be sent • Account or service disruption notices will be sent • Cannot opt-out of essential communications

12.4 Policy Updates & Notifications:

How We Update This Policy: • Updates posted on the platform • Email notification for material changes • 30-day review period for material changes • Grandfathered consent for existing users (when possible) • Effective date clearly indicated • Version history maintained

Accessing Policy History: • Current policy always available on platform • Previous versions available upon request • Changelog of modifications available • Archive of historical versions maintained

How We Notify You: • Email to registered email address • In-app notification when you log in • Homepage banner announcement • Privacy notice in account dashboard • Continued use = acceptance (for non-material changes)

13.1 Your Rights as Indian Users:

Specific to India: • Enhanced right to information about data usage • Right to access data in regional languages (Hindi support coming) • Right to grievance redressal through consumer courts • Eligibility to file complaints with Indian authorities • Compliance with Indian judicial system

Regulatory Bodies: • Ministry of Electronics & IT (MeitY) • Data Protection Authority (when established) • State Consumer Commission • Local police cyber cell for cybercrimes • RBI for financial/payment related issues

13.2 Consumer Rights:

Consumer Protection Act, 2019: • Right to complaint for defective service • Right to compensation for losses • Right to refund for non-delivery • Right to information before purchasing • Protection against unfair trade practices

Filing Consumer Complaints: • Online: https://www.edaakhil.gov.in/ • District Consumer Commission • Provide detailed grievance with documentation • Reference OCDAnchor service agreement

13.3 Taxation & Financial Information:

Data for Tax Compliance: • Payment and transaction records retained for 7 years • Tax year records maintained per IT Act requirements • Invoice generation and GST compliance • Financial statements available for audit • Whistleblower protection for reporting violations

13.4 Regional Data Localization:

Data Storage in India: • Primary data storage: India • Servers located: Within Indian territory • Compliant with localization requirements • Backup infrastructure: Indian data centers • Foreign transfer minimized and controlled

13.5 Special Considerations for West Bengal:

Local Jurisdiction: • West Bengal law governs terms and privacy • Kolkata courts have jurisdiction • West Bengal Consumer Commission for complaints • Compliance with state-specific regulations • Registered office: Kolkata, West Bengal

Support in Regional Language: • English support available 24/7 • Hindi support coming in future updates • Bengali support planned for expansion • Support team fluent in local context • Regional considerations in service design

14.1 Artificial Intelligence & Machine Learning:

Current AI Use: • AI journaling tool for mood analysis • AI-powered content recommendations • Automated moderation of community content • Fraud detection algorithms • Spam and abuse prevention

Future AI Applications: • Personalized therapy recommendations (anonymized) • Predictive analytics for crisis intervention awareness • Advanced content filtering and safety • Accessibility features powered by AI

Safeguards for AI: • AI decisions subject to human review • User right to object to AI decisions • Bias detection and mitigation • Regular auditing of AI systems • Transparency about AI use • No discrimination through AI

14.2 Biometric Technologies:

Potential Future Use: • Facial recognition for secure login (optional) • Voice recognition for accessibility (optional) • Would be optional and user-consented • Explicit opt-in required before use • Separate privacy controls for biometric data

Biometric Data Protection: • Biometric data encrypted with highest standards • Stored separately from regular account data • Limited access to authorized personnel • Right to deletion of biometric data • Cannot be shared with third parties • Cannot be used for non-consented purposes

14.3 Blockchain & Decentralization:

Potential Considerations: • Blockchain technology for data verification (future) • Smart contracts for automated processes (future) • Would require user consent • Privacy and security maintained • Regulatory compliance ensured

14.4 Internet of Things (IoT):

Potential Wearable Integration: • Fitness tracker integration (future, optional) • Mental health tracking devices (future, optional) • Would require explicit user permission • Data handled with same security standards • Users control what data is shared • Can disconnect devices anytime

14.5 Policy Updates for New Technology:

How We'll Handle New Tech: • Privacy impact assessment for new technologies • Update this policy before implementing • User notification and opt-in consent • 30-day review period for major changes • Existing user data protections maintained • Grandfathering options for existing users

15.1 Policy Interpretation:

This Privacy Policy: • Does not create new legal rights beyond applicable law • Does not supersede applicable law • If conflict with law, law prevails • Specific provisions supersede general statements • Headings are for convenience only, not binding

15.2 User Responsibilities:

You Are Responsible For: • Maintaining password confidentiality • Reviewing this Privacy Policy periodically • Reporting security breaches promptly • Accurately providing information • Updating information when changed • Backing up your own data • Using the platform responsibly • Complying with applicable laws

15.3 Acknowledgment:

By using OCDAnchor, you acknowledge that: ✓ You have read and understood this Privacy Policy ✓ You accept how we collect and use information ✓ You understand your rights and choices ✓ You consent to data collection and processing outlined ✓ You are aware of our data sharing practices ✓ You understand our security measures and limitations ✓ You accept our communication practices ✓ You understand this policy may be updated ✓ You can contact us with privacy concerns ✓ You have rights to access and control your data

15.4 Effective Date & Version:

Current Version: 1.0 Effective Date: {new Date().toLocaleDateString('en-IN', { year: 'numeric', month: 'long', day: 'numeric' })} Last Updated: {new Date().toLocaleDateString('en-IN', { year: 'numeric', month: 'long', day: 'numeric' })}

This Privacy Policy replaces all previous versions and policies.