Privacy Policy

This Privacy Policy describes how SystemCity (https://systemcity.io), operated by Mohit Kumar, collects, uses, discloses, and safeguards your personal information when you use our Platform. This policy is published in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023.

By using SystemCity, you consent to the practices described in this policy.

a) Information you provide directly

• Account information: Email address, name, and profile picture — provided via Auth0 (Google or GitHub sign-in)
• API keys: If you choose the "Remember Key" storage mode, your encrypted API keys for AI providers (OpenAI, Gemini, Anthropic)
• Payment information: Processed entirely by Stripe. We do not store your card number, CVV, or full bank details on our servers
• Support requests: Any information you share when contacting us via email

b) Information collected automatically

• Usage data: Pages visited, features used, architecture designs created, evaluation history, credit transactions
• Device & browser data: Browser type, operating system, screen resolution, and language preferences
• Log data: IP address, access timestamps, and error logs for security and debugging purposes

c) Information from third parties

• Auth0: Authentication provider — supplies your name, email, and profile image at sign-in
• Stripe: Payment confirmation, transaction IDs, and subscription status

• To provide, maintain, and improve the Platform's features
• To process credit purchases and manage your account balance
• To deliver AI-powered evaluations of your system designs
• To save your architecture designs and evaluation history
• To communicate with you regarding support requests, service updates, or policy changes
• To detect and prevent fraud, abuse, or security incidents
• To comply with legal obligations under Indian law

We do not sell your personal data. We may share information with:

• AI Providers (OpenAI, Google, Anthropic): Your architecture data is sent to these services for evaluation. No personally identifiable information is included in evaluation requests — only the system design content.
• Stripe: Payment processing. Stripe receives your payment details directly — we only receive a transaction confirmation and payment status.
• Auth0: Authentication provider. Handles your login credentials.
• Hosting providers: Infrastructure services that host our application and database.
• Legal authorities: If required by law, court order, or government regulation applicable in India.

We implement the following security measures:

• All data in transit is encrypted using TLS/HTTPS
• API keys stored in "Remember Key" mode are encrypted using AES-256-GCM before storage
• "Session Only" keys never leave your browser and are discarded when the tab closes
• Passwords are managed by Auth0 and never stored on our servers
• Database access is restricted and secured with authentication

While we strive to use commercially acceptable means to protect your data, no method of electronic storage is 100% secure. We cannot guarantee absolute security.

• Account data: Retained as long as your account is active
• Evaluation history: Retained as long as your account is active
• Payment records: Retained for 7 years as required by Indian tax and accounting laws
• Server logs: Retained for up to 90 days for security and debugging

Upon account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

Under applicable Indian law, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete personal data
• Delete your account and associated personal data
• Withdraw consent for data processing (which may result in loss of Platform functionality)
• Grievance redressal — see the Grievance Officer details in Section 11

To exercise any of these rights, email systemcityio@gmail.com.

SystemCity uses essential cookies for authentication (Auth0 session cookies) and theme preferences. We do not use third-party advertising trackers or analytics cookies.

SystemCity is not intended for users under 18 years of age. We do not knowingly collect personal data from minors. If we discover that a minor has registered, we will delete the account and associated data promptly.

We may update this Privacy Policy to reflect changes in our practices or applicable law. We will notify registered users of material changes via email. Continued use of the Platform after updates constitutes acceptance of the revised policy.

In accordance with the Information Technology Act, 2000 and the rules made thereunder, the Grievance Officer for the purpose of this Privacy Policy is: