Privacy Policy

Last updated: 2026-04-30. This is a template — replace with lawyer-reviewed copy before launch.

1. Who we are

Sillro is operated by Palcron (palcronai@gmail.com). For privacy questions, write to the email above. We act as the Data Fiduciary (DPDPA, India) / Data Controller (GDPR, EU) for the data described below.

2. Data we collect

3. How we use it

4. Retention

We keep your data for as long as your account is active. After you close your account, we hold a 30-day grace period for accidental closure, then permanently delete. Audit log entries are retained for the life of the service and for at least 7 years (statutory requirement for India tax records); automated purging of older audit entries is not yet implemented.

5. Your rights

6. Sub-processors

We use the following sub-processors. Each holds an executed DPA.

7. Security

Encryption at rest (Supabase default), TLS 1.3 in transit, bcrypt-hashed passwords with mandatory ≥32-char JWT_SECRET in production, multi-tenant isolation via Prisma proxy + Postgres Row-Level Security, audit log for every mutating action, daily backups with point-in-time recovery.

8. Contact

palcronai@gmail.com