Privacy Policy
Last Updated: January 9, 2026
1. Introduction
MemeBazi ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI face swap service, in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and Information Technology Act, 2000.
2. Data Fiduciary Information
Data Fiduciary: [Your Company Legal Name]
Registered Address: [Company Address]
Contact Email: privacy@memebazi.ai
Data Protection Officer: [DPO Name]
3. Information We Collect
3.1 Personal Data You Provide
- Facial Images: Photos you upload for face swap processing
- Payment Information: Transaction details processed via Razorpay (we do not store card details)
- Contact Information: Email address if provided for support or refunds
3.2 Automatically Collected Data
- Device Information: Browser type, operating system, device identifiers
- Usage Data: Pages visited, features used, timestamps
- IP Address: For security and fraud prevention
4. Purpose of Processing
We process your personal data for the following purposes:
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Facial Images | AI face swap generation | Consent |
| Payment Data | Transaction processing | Contract |
| Device/Usage Data | Service improvement, security | Legitimate Interest |
| Contact Info | Customer support, refunds | Contract |
5. Sensitive Personal Data
Biometric Data: Facial images constitute sensitive personal data under the DPDP Act. We process this data ONLY with your explicit consent, solely for providing the face swap service. We implement enhanced security measures for this data category.
6. Data Retention
- Uploaded Selfies: Automatically deleted within 24 hours of upload
- Generated Content: Stored for 7 days for user download, then deleted
- Payment Records: Retained for 7 years as required by tax laws
- Usage Logs: Retained for 90 days for security purposes
You may request immediate deletion of your data at any time (see Section 9).
7. Data Sharing & Third Parties
We share data with the following third parties:
| Third Party | Purpose | Data Shared |
|---|---|---|
| Replicate Inc. | AI Processing | Facial images (temporarily) |
| Razorpay | Payment Processing | Transaction details |
| Supabase | Cloud Storage | Images, metadata |
We ensure all third parties maintain equivalent data protection standards.
8. Cross-Border Data Transfer
Some of our service providers (Replicate, Supabase) may process data outside India. We ensure such transfers comply with DPDP Act requirements through:
- Contractual clauses ensuring equivalent protection
- Only using providers in jurisdictions with adequate data protection
- Implementing additional technical safeguards
9. Your Rights (DPDP Act)
Under the DPDP Act 2023, you have the following rights:
- Right to Access: Request a summary of your personal data we hold
- Right to Correction: Request correction of inaccurate data
- Right to Erasure: Request deletion of your personal data
- Right to Withdraw Consent: Withdraw consent at any time
- Right to Grievance Redressal: Lodge complaints about data processing
- Right to Nominate: Nominate a person to exercise rights on your behalf
To exercise any of these rights, email us at privacy@memebazi.ai. We will respond within 7 days.
10. Data Security
We implement industry-standard security measures:
- TLS 1.3 encryption for data in transit
- AES-256 encryption for data at rest
- Regular security audits and penetration testing
- Access controls and authentication mechanisms
- Secure development practices (OWASP guidelines)
11. Children's Privacy
Our Service is NOT intended for users under 18 years of age. We do not knowingly collect personal data from minors. If we discover that a minor has provided us with personal data, we will delete it immediately. If you believe a minor has used our Service, please contact us.
12. Cookies & Tracking
We use essential cookies for Service functionality. We do not use third-party advertising cookies. You can disable cookies in your browser settings, though this may affect Service functionality.
13. Data Breach Notification
In the event of a personal data breach that may cause harm to you, we will notify:
- The Data Protection Board of India within 72 hours
- Affected users without undue delay
14. Grievance Redressal
If you have concerns about our data practices, you may:
- Contact our Data Protection Officer at dpo@memebazi.ai
- If unsatisfied, escalate to our Grievance Officer (response within 15 days)
- File a complaint with the Data Protection Board of India
15. Changes to Privacy Policy
We may update this Privacy Policy periodically. Material changes will be notified via email or prominent notice on the Service. Continued use after changes constitutes acceptance.
16. Contact Us
Privacy Inquiries: privacy@memebazi.ai
Data Protection Officer: dpo@memebazi.ai
Grievance Officer: grievance@memebazi.ai
General Support: support@memebazi.ai