GDPR Compliance
How AnonyMeets complies with the General Data Protection Regulation (GDPR) and protects your rights.
Fully Compliant
Meeting all GDPR requirements
Data Minimization
Only essential data collected
Transparency
Clear data usage policies
Your Rights
Full control over your data
1. What is GDPR?
The General Data Protection Regulation (GDPR) is a comprehensive data protection law in the European Union (EU) that came into effect on May 25, 2018. It sets strict rules on how companies collect, use, store, and protect personal data of EU citizens.
Even though AnonyMeets is operated by IndMon (based in India), we comply with GDPR standards because:
- We may have users from the EU
- GDPR sets the global standard for data protection
- We believe in respecting user privacy regardless of location
2. Personal Data We Collect
Under GDPR, "personal data" is any information relating to an identified or identifiable person. Here's what we collect:
✅ Data We Collect:
- •Email Address: For authentication and OTP verification (Required)
- •Company Affiliation: To link you to your organization's workspace (Required)
- •Anonymous Username: System-generated (e.g., "Lion_212") - Not personal data
- •Content You Post: Anonymous posts, votes, polls, mood data (Optional)
- •Device Information: Device type, OS version for app functionality
- •Usage Analytics: How you use features (aggregated, non-identifying)
❌ Data We DO NOT Collect:
- ❌Your real name
- ❌Phone number
- ❌Physical address
- ❌GPS location data
- ❌Contact lists
- ❌Photos or media files
- ❌Financial information
3. Legal Basis for Processing Your Data
GDPR requires us to have a lawful basis to process your personal data. We process your data under:
📋 Contractual Necessity
We need your email and company affiliation to provide the AnonyMeets service (creating account, authentication).
✅ Your Consent
You explicitly consent to our Terms & Privacy Policy when signing up. You can withdraw consent anytime by deleting your account.
⚖️ Legitimate Interests
Analytics and crash reports help us improve the app. This is balanced against your privacy rights (data is anonymized).
4. Your GDPR Rights
Under GDPR, you have the following rights regarding your personal data:
Right to Access (Article 15)
You can request a copy of your personal data we hold.
Right to Rectification (Article 16)
You can correct inaccurate or incomplete data.
Right to Erasure / "Right to be Forgotten" (Article 17)
You can request deletion of your personal data.
Timeline: Deleted within 30 days
Note: Anonymous content may remain for historical purposes (not linked to you)
Right to Data Portability (Article 20)
You can receive your data in a structured, machine-readable format.
Format: JSON or CSV file
Timeline: Provided within 7 business days
Right to Object (Article 21)
You can object to processing based on legitimate interests.
How to exercise: App Settings → Privacy → Disable Analytics
Right to Restriction (Article 18)
You can request to limit how we use your data.
5. How We Protect Your Data (GDPR Compliance)
🔐 Encryption
- • TLS 1.2+ for data in transit
- • AES-256 for data at rest
- • Firebase Authentication (Google)
🏢 Data Storage
- • Firebase Firestore (Google Cloud)
- • EU or India data centers
- • Company data strictly isolated
👥 Access Control
- • Limited employee access
- • Role-based permissions
- • Audit logs maintained
🚨 Breach Response
- • 72-hour notification to authorities
- • Immediate user notification
- • Incident investigation protocol
6. Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| Email Address | Until account deletion | Authentication required |
| Anonymous Posts | Until session ends or deleted | Historical workspace data |
| Voting Data | Until poll closes | Democratic process integrity |
| Analytics Data | 26 months | Firebase default (anonymized) |
| Deleted Account Data | 30 days | Complete removal processing |
7. International Data Transfers
Your data may be transferred and stored in servers outside your country:
- Primary Storage: Firebase (Google Cloud) - EU or India data centers
- Safeguards: Google is GDPR-compliant with Standard Contractual Clauses (SCCs)
- Email Service: Resend (GDPR-compliant, EU-based infrastructure available)
8. How to Exercise Your GDPR Rights
Contact Our Data Protection Team
📝 Include in Your Request:
- • Your registered email address
- • Specific right you want to exercise
- • Description of your request
- • Proof of identity (for security)
⏱️ Response Time:
We will respond within 30 days (GDPR requirement)
May extend to 60 days for complex requests (with notification)
9. Right to Lodge a Complaint
If you believe we are not handling your data in compliance with GDPR, you have the right to lodge a complaint:
🇪🇺 EU Citizens:
Contact your local Data Protection Authority (DPA) in your EU member state. Find your DPA: EDPB Website
🇮🇳 Indian Users:
Contact us first at admin@indmon.in. We are committed to resolving issues promptly.
10. Changes to GDPR Compliance
We regularly review our GDPR compliance. Any material changes will be:
- Posted on this page
- Notified via email
- Announced in-app
11. Contact Information
Data Controller
Company: IndMon
Developer and operator of AnonyMeets
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
END OF GDPR COMPLIANCE STATEMENT - ANONYMEETS
© 2026 IndMon. All Rights Reserved.
Protected by GDPR - Your Rights, Our Commitment
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━