Privacy Policy

Last updated: April 7, 2026
Platform: SLAP (slap.trymbkm.com)
Data Controller: TRYMBKM

This Privacy Policy explains how TRYMBKM collects, uses, stores, and discloses personal data in connection with SLAP. It should be read with the Terms and Conditions, Cookie Policy, and Data Processing and AI Disclosure.

1. Data Controller

TRYMBKM is the data controller for personal data collected through the Platform, including for GDPR, UK GDPR, India's DPDP Act 2023, and CCPA contexts where applicable.

2. Personal Data Collected

• Account data: email address, password hash for password-based accounts, and profile details needed to operate your account.
• Google Sign-In data: name and email address if you authenticate using Google OAuth.
• Uploaded content: screenshots, extracted text, optional user notes, and related report inputs.
• Generated data: reports, scores, classifications, moderation outcomes, and other AI-derived outputs tied to your use of the platform.
• Payment and billing data: transaction and order metadata processed through Razorpay. Card details are not stored by TRYMBKM.
• Device and log data: IP address, browser, operating system, timestamps, and other security or diagnostic logs.
• Cookie and analytics data: essential cookie data and, if you consent, aggregated Google Analytics usage data.

3. Legal Basis for Processing

• Contract performance: account creation, authentication, payment handling, report generation, and delivery of core platform features.
• Legitimate interests: fraud prevention, abuse prevention, service security, debugging, moderation, and platform administration.
• Consent: optional analytics cookies, voluntary Hall of Shame publication, and any processing that applicable law requires to be consent-based.
• Legal Obligation: compliance with applicable laws and lawful requests.

4. How Data Is Used

• Authenticate users, maintain accounts, and secure platform access.
• Process credit purchases, payments, refunds, and account balances.
• Generate reports and moderation decisions from uploaded screenshots and related inputs.
• Display local pricing using timezone-based currency selection logic.
• Operate, moderate, and investigate Hall of Shame submissions and community reports.
• Respond to support requests, legal requests, abuse reports, and compliance obligations.
• Measure website performance and product usage through Google Analytics only where you have consented.

TRYMBKM does not sell personal data and does not use personal data for advertising or behavioral profiling.

5. Data Sharing and Processors

• Google LLC: Google OAuth authentication, Google Gemini AI processing, and optional Google Analytics.
• Razorpay: payment processing.
• Infrastructure and operational providers: hosting, storage, email, logging, and related technical service providers used to run SLAP.
• Authorities and counterparties: where required by law, regulation, court order, or to protect rights, safety, and platform integrity.

6. International Transfers

Data may be processed in India and in the jurisdictions where our processors operate. For EEA or UK transfers, TRYMBKM will rely on appropriate safeguards where required by law.

7. Data Retention

• Account data: retained while your account is active and through any applicable account-deletion grace period.
• Uploaded screenshot files: stored temporarily for processing and deleted from temporary upload storage after analysis completes.
• Reports and generated outputs: retained until you delete them or your account is fully deleted, unless longer retention is required by law or dispute handling.
• Hall of Shame submissions: may remain published until removed by you, moderation action, or other platform action. If your account is deleted, published entries may be preserved in anonymized form.
• IP logs: retained up to 30 days.
• Transaction records: retained at least 8 years per applicable Indian law.

8. Your Rights and Data Deletion

Subject to applicable law, rights may include access, rectification, erasure, restriction, portability, objection, and withdrawal of consent.

Google OAuth and password accounts: you may request deletion of account data, including sign-in data tied to your account, by contacting us.

Account deletion requests currently enter a 30-day grace period before permanent deletion completes. To exercise rights or request deletion, contact: legal@trymbkm.com. TRYMBKM aims to respond within 30 days of a valid request.

9. Security

TRYMBKM applies technical and organizational safeguards, including encrypted transmission, controlled access, and temporary-file cleanup. Private user-submitted context strings used for AI analysis are encrypted at rest using AES-256-GCM. Password-based credentials are hashed using bcrypt with cost factor 12. Payment details are handled by Razorpay, and raw card data is not stored on TRYMBKM systems. No internet transmission or electronic storage is absolutely secure.

10. Children

The Platform is not for users under 18. If data from a minor is identified, it will be deleted without undue delay. Report concerns to legal@trymbkm.com.

11. Changes to This Policy

TRYMBKM may update this Privacy Policy from time to time. Material changes may be communicated through the platform or the email associated with your account.

12. Supervisory Authority and Complaints

EU users may contact local supervisory authorities; UK users may contact the ICO; India users may seek remedies under the DPDP Act 2023 framework. TRYMBKM encourages contacting us first.

Contact

TRYMBKM
Email: legal@trymbkm.com