Legal

Privacy Policy

Last updated: May 2026  ·  Effective date: June 1, 2026

INDRA Identity, Inc. ("INDRA," "we," "us," or "our") operates the website at getindra.net and zeroidentity.ai (the "Services"). This Privacy Policy explains what personal data we collect, how we use it, and your rights regarding that data.

1. Data We Collect

We collect the following categories of personal data:

  • Identity & contact data: Your name, work email address, and company name when you join our waitlist or contact form.
  • Usage data: IP address, browser type, operating system, pages visited, time and date of your visit, and referring URL — collected automatically via our infrastructure.
  • Communication data: Any messages you send us through our contact form or email.
  • Technical data: Anonymized invocation telemetry and latency metrics for alpha participants (no credential content, no agent payload data).

We do not collect passwords, API keys, authentication tokens, or agent payload content. Our Zero State architecture means identity credentials flow through our network ephemerally and are never stored at rest.

2. How We Use Your Data

  • To operate and manage the alpha/beta waitlist program
  • To respond to your inquiries and provide customer support
  • To send product updates, alpha program communications, and announcements (with your consent where required)
  • To analyze usage patterns and improve our Services
  • To detect fraud, abuse, and security threats
  • To comply with applicable legal obligations

We process your data on the following legal bases under GDPR: contract performance (when processing is necessary to fulfill the alpha program), legitimate interests (security, fraud prevention, product improvement), and consent (marketing communications).

3. Cookies & Tracking Technologies

We use the following types of cookies:

  • Strictly necessary cookies: Session management and theme preference (dark/light mode). These cannot be disabled as they are required for the site to function.
  • Analytics cookies: We use Cloudflare Web Analytics (privacy-preserving, cookieless) to understand aggregate usage patterns. No personal identifiers are shared with analytics providers.

We do not use third-party advertising cookies, cross-site tracking pixels, or fingerprinting technologies.

4. Third-Party Data Processors

We disclose data to the following sub-processors in order to deliver our Services:

  • Cloudflare, Inc. — Edge network, DNS, DDoS protection, D1 database (waitlist storage), and Email Routing. Data may be processed in the US and EU. Cloudflare's privacy policy: cloudflare.com/privacypolicy
  • Cloudflare R2 — Static asset storage (images). Data is stored in the US.

We do not sell your personal data to third parties. We do not share your data with advertising networks.

5. Data Retention

  • Waitlist data (email, name, company): Retained until 12 months after the close of the general availability launch, or until you request deletion.
  • Contact form submissions: Retained for 24 months for customer support purposes.
  • Usage/analytics data: Aggregate, anonymized data retained indefinitely. IP addresses are not stored beyond 24 hours.
  • Alpha invocation telemetry: Retained for 90 days post-session, then purged.

6. Your Rights (GDPR & CCPA)

Depending on your jurisdiction, you have the following rights:

  • Right of access: Request a copy of all personal data we hold about you.
  • Right to erasure ("right to be forgotten"): Request deletion of your personal data, subject to legal retention obligations.
  • Right to rectification: Request correction of inaccurate personal data.
  • Right to restriction of processing: Request that we limit how we use your data.
  • Right to data portability: Receive your data in a machine-readable format.
  • Right to object: Object to processing based on legitimate interests.
  • Right to opt out of sale (CCPA): We do not sell personal data. California residents may submit a "Do Not Sell" request, though it will have no practical effect as no selling occurs.
  • Right to non-discrimination (CCPA): We will not discriminate against you for exercising any privacy right.

To exercise any of these rights, email us at legal@getindra.net. We will respond within 30 days (GDPR) or 45 days (CCPA).

7. International Transfers

INDRA is a US-based company. If you are located in the European Economic Area (EEA), UK, or Switzerland, your personal data may be transferred to and processed in the United States. We rely on Cloudflare's Standard Contractual Clauses (SCCs) and data processing agreements for such transfers.

8. Children's Privacy

Our Services are directed to enterprise professionals and are not intended for individuals under 16 years of age. We do not knowingly collect personal data from minors.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced via email to waitlist subscribers at least 30 days before taking effect. The "Last updated" date at the top of this page will always reflect the most recent revision.

10. Contact

For privacy-related inquiries, data subject requests, or to lodge a complaint:

If you are in the EEA and believe we have not adequately addressed your concern, you have the right to lodge a complaint with your local data protection authority.