Privacy policy.

Strict Wolf is operated by Clorse Private Limited, a company incorporated under the Companies Act, 2013, with its registered office in Bangalore, Karnataka, India. For the purposes of the Digital Personal Data Protection Act, 2023 (the "DPDP Act"), Clorse Private Limited is the Data Fiduciary that determines the purpose and means of processing your personal data.

References to "Strict Wolf", "we", "us", or "our" mean Clorse Private Limited. References to "you", "your", or "the operator" mean the individual using our website, web application, or mobile applications.

This policy explains what personal data we collect, why we collect it, how we use and share it, how long we keep it, and the rights you have under applicable Indian law. It applies to your use of strictwolf.com, our iOS and Android applications, and any related services we operate.

We may update this policy from time to time. The "Last updated" date at the top of this page indicates the most recent revision. Material changes will be notified by email to the address on your account.

Account and profile

• Name, email address, and password (or Google account identifier if you sign in with Google).
• Demographic information you provide during onboarding: age, sex, height, weight, country of residence, and time zone.
• Goal selection, macro targets, and committed menu choices for each contract.

Payment information

• Razorpay payment identifiers and order references. We do not store full card numbers, CVV codes, or banking credentials. These are handled directly by Razorpay under their PCI-DSS compliance.
• Invoice and transaction history associated with your contracts.

Verification media

• Three-second video recordings of your meals, captured live in the mobile application.
• Frames extracted from those recordings for AI verification.
• AI-generated estimates of food identity and macronutrient content, stored alongside the original media.

Withdrawal and KYC

• Permanent Account Number (PAN) and Aadhaar reference for payout KYC, collected only at the time you initiate a withdrawal.
• Bank account or UPI handle used to receive your payout.

Technical and usage data

• Device type, operating system, and application version.
• IP address, approximate location derived from IP, and authentication session timestamps.
• Application logs and error reports.

We process your personal data for the following purposes, each with a lawful basis under the DPDP Act:

• To operate your account, deliver the contract you signed, and verify your meals as committed.
• To process payments, settle daily compliance, and execute end-of-contract payouts.
• To detect, prevent, and address fraud, abuse, or attempts to game the verification.
• To comply with applicable Indian law, including tax, anti-money-laundering, and KYC obligations.
• To communicate with you about your contract, including transactional emails and security notices.
• To improve the verification model and our service. Where we use your data for product improvement, identifying information is removed where reasonably possible.

We do not sell your personal data. We do not use your meal media for advertising, model training by third parties, or any purpose beyond the verification of your contract.

We share personal data only with the following categories of recipients, each of whom is bound by contractual confidentiality and data protection obligations:

• Razorpay Software Private Limited, our payment processor and payout provider, for the purpose of accepting your contract payment and disbursing your withdrawal.
• Replicate, Inc., a hosted model provider, which receives only the frames extracted from your meal videos and the committed item list, for the sole purpose of producing the verification result.
• Supabase, Inc., our hosting and database provider, which stores your account and contract data.
• Google Cloud (Cloud Run) for application hosting and Resend for transactional email delivery.
• Professional advisers, auditors, and regulators where we are required by law to disclose information.

We will disclose personal data when required by court order, regulatory request, or as necessary to protect our rights, our operators, or the safety of any person.

Some of our service providers, including Replicate, Resend, and certain Google Cloud regions, may process data outside India. Where data is transferred outside India, we rely on the lawful bases permitted under the DPDP Act and ensure that recipients are subject to adequate contractual safeguards. By using Strict Wolf, you consent to such cross-border transfers where they are necessary to deliver the service.

• Meal videos and extracted frames are retained for the duration of your active contract and deleted within thirty (30) days after the contract settles or is cancelled.
• Account and contract metadata (the fact that a contract existed, its outcome, and the corresponding financial records) is retained for a period of eight (8) years to comply with Indian tax and accounting requirements.
• KYC records collected for payout are retained for the period required by applicable anti-money-laundering law, currently five (5) years from the date of the transaction.
• Marketing email subscriptions are retained until you withdraw consent or request deletion.

After the applicable retention period, personal data is securely deleted or anonymised.

Under the DPDP Act, you have the following rights with respect to your personal data:

• The right to access a summary of the personal data we hold about you and the processing activities we undertake.
• The right to correct or update inaccurate, incomplete, or misleading personal data.
• The right to request erasure of personal data that is no longer necessary for the purpose for which it was collected, subject to legal retention requirements.
• The right to withdraw your consent at any time, where processing is based on consent.
• The right to nominate another individual to exercise your rights in the event of your death or incapacity.
• The right to grievance redressal in respect of any act or omission by Strict Wolf regarding your personal data.

To exercise any of these rights, write to contact@strictwolf.com. We respond to verified requests within thirty (30) days.

In accordance with the DPDP Act and applicable Indian law, you may contact our Grievance Officer for any concern relating to your personal data:

• Email: grievance@strictwolf.com
• Address: Clorse Private Limited, Bangalore, Karnataka, India
• Response time: Within thirty (30) days of receipt of a complete grievance.

Strict Wolf is intended exclusively for adults aged twenty-five (25) and older. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, write to grievance@strictwolf.com and we will delete it.

We use industry-standard administrative, technical, and physical safeguards to protect your personal data. Data is encrypted in transit and at rest. Access to operator data is restricted to authorised personnel on a need-to-know basis. No system is perfectly secure, and we cannot guarantee absolute security; we will notify you and the Data Protection Board of India of any breach affecting your personal data in accordance with the DPDP Act.

We use a small number of strictly necessary cookies and similar technologies to operate the website, including authentication session cookies and security cookies. We do not use advertising cookies or third-party tracking cookies. Where analytics are introduced in future, this policy will be updated and your consent will be requested.

Questions about this policy or our handling of your personal data may be sent to contact@strictwolf.com, or by post to Clorse Private Limited, Bangalore, Karnataka, India.