Legal
Last updated: June 2026 · Compliant with India's Digital Personal Data Protection Act, 2023.
Kaiveron is operated by Priyanshu Chandra (Athavita). Under India's Digital Personal Data Protection Act 2023 (DPDP), we are the Data Fiduciary for the personal data you share with us. Contact: info@athavita.com.
We collect information you provide directly: account details (email, username, display name, password hashed with argon2id), content you create (posts, reviews, anime lists, comments, blogs), and engagement data (likes, follows, votes). Server logs include request method, path, status code, latency, and an anonymized request ID. We do not sell your data to third parties. Ever.
Your data powers your experience: anime recommendations, streak tracking, community features, and personalized discovery. We use aggregate analytics to improve the platform. Your watch history stays private by default — you control what's public. Lawful basis under DPDP: consent (for analytics) and contract performance (for the service itself).
Access tokens are short-lived (15 minutes) and stored in memory only, never localStorage. Refresh tokens are httpOnly cookies scoped to /api/v1/auth, rotated on every use. You can revoke all sessions anytime via Settings → Security → Logout All.
Under DPDP §11–§14 you have the right to: access (Settings → Privacy → Export Data), correction (Settings → Profile), erasure (Settings → Account → Delete — immediate cascade), and grievance redressal (info@athavita.com, 7-day SLA). You may withdraw analytics consent at any time via the cookie banner; the service still works without it.
Strictly necessary: aw_refresh (httpOnly, secure, SameSite=Lax) for authentication. Analytics (optional, requires your consent): Google Analytics 4 with anonymized IP — used to count page views and understand which features are valuable. We do not run advertising cookies, ad pixels, or cross-site trackers.
We keep your account data while your account is active. On deletion, content is dropped immediately; security/audit logs are anonymized and kept 365 days. Notifications are pruned after 90 days. Backups roll over within 7 days. Full table in our internal data-retention policy.
Database: AWS RDS in us-east-1 (North Virginia). App servers: AWS App Runner, us-east-1. Frontend hosting: Vercel global edge. Error tracking: Sentry. All transit is TLS 1.2+ with HSTS preload. Data at rest is encrypted by AWS-managed keys.
Kaiveron is not directed to children under 13. If you believe a child has registered, email info@athavita.com and we will delete the account.
Privacy questions: info@athavita.com. We respond within 48 hours. DPDP §13 grievance officer requests: same address, 7-day SLA.