Privacy Policy

We collect three categories of information.

1. Account information. When you or your team sign up, we collect your name, email address, organisation, and an authentication credential. Credentials are never stored in plaintext.
2. Workspace configuration. We store the keywords, names, channels, and platforms you ask us to monitor on your behalf, along with any preferences you set for sentiment thresholds, alert routing, briefing time, and team membership.
3. Monitoring data. On your instruction, we ingest publicly available content that matches your configured queries. This includes article headlines, summaries, full text where the publisher permits, video metadata, public social posts, and engagement metrics (views, likes, comments, shares). We do not collect private messages, gated content, or material that requires login to view.

We use the collected data to deliver the service you asked for: an aggregated, sentiment-scored, story-clustered view of how your principal is being covered, plus daily briefings and alerts. Account information is used to provide access, send service notifications, and respond to your support requests. Monitoring data is processed to extract sentiment (positive, negative, neutral), cluster related mentions into stories, generate daily AI briefings, and trigger alerts on the conditions you configure.

Your workspace data is isolated from every other workspace at the database layer. We never share workspace data with another customer. We do not sell data. We may disclose information when required by a court order, subpoena, regulatory request, or to comply with applicable Indian law including the Digital Personal Data Protection Act, 2023.

Data is encrypted in transit and at rest. Access to production systems is restricted to authorised engineers with multi-factor authentication. We follow least-privilege access controls and rotate credentials regularly. No system is perfectly secure, however, and we cannot guarantee absolute protection against every possible threat.

Account information is retained for as long as your workspace is active. On request, we will delete your account and associated personal information within thirty days, subject to legal obligations to retain certain records. Mention data is retained per your subscription tier (thirty days on the free tier, longer on paid plans). Sentiment scores, story clusters, and briefings are retained alongside the underlying mentions.

Drishti is built for professional teams (corporate, political, agency, and diplomatic) and is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

Drishti exposes a Model Context Protocol (MCP) server at mcp.getdrishti.inthat lets you connect AI assistants — ChatGPT, Claude (web, Desktop, Code), Gemini, Cursor — to your workspace. Connecting is opt-in: you must sign in with your Drishti credentials and explicitly approve a consent screen.

What an AI assistant can read.Only data the connection’s OAuth scopes authorise. Today’s scopes cover (a) media-mention metadata — headlines, source, URL, sentiment label, source-tier rating, language, published-at — (b) aggregated sentiment counts and trends, (c) clustered story summaries, (d) crisis alerts, and (e) the daily Tier 1 morning brief. The AI never receives full article body text or raw scraped content from third-party platforms.

What it cannot do. Connections are read-only. The AI cannot create, modify, or delete data in your workspace, send WhatsApp / email alerts on your behalf, or access workspaces you do not own.

Tokens and security.When you approve a connection we issue a cryptographically random access token. We store only its SHA-256 hash — the raw token is returned to the AI client exactly once and then never persisted on our side. Tokens are scoped to specific workspaces, expire after one year by default, and can be revoked instantly from Settings → Connected Apps.

What gets logged.Every tool call from a connected AI assistant is recorded in an append-only audit log: tool name, workspace id, result count, latency, and any error. We do not log the response body or the AI’s prompt — only metadata. The log is retained for 90 days for security review and is never sold or shared.

Third-party AI processors.The AI assistant (e.g. OpenAI, Anthropic, Google) processes the data Drishti sends them under their own privacy terms, which apply to the conversation context inside their product. We have no control over how that data is used inside their inference pipelines — consult the assistant’s privacy policy. Choosing not to connect, or revoking a connection, is always available.

We may update this Privacy Policy from time to time as our service or applicable law evolves. The “last updated” date at the top of this page will reflect any change. Continued use of Drishti after a change indicates your acceptance of the updated policy. Material changes will be communicated to workspace administrators by email.

For privacy questions, data subject requests, or to exercise rights under applicable data protection law, write to us at yash@getdrishti.in.

NETRAX INTELLIGENCE (OPC) PRIVATE LIMITED, India.