Legal Documents
Your privacy and safety are our priority.
Compliance Coverage
This document complies with the DPDP Act 2023, IT Act 2000, SPDI Rules 2011, IT Intermediary Rules 2021, Apple App Store Guidelines, and Google Play Policies.
Jurisdiction: India (Maharashtra)
Contact: support.greyout@gmail.com
Document I: Privacy Policy
How we collect, use, store, and protect your personal data. Covers DPDP Act 2023, IT SPDI Rules, and Grievance Redressal.
01 Who We Are
GreyOut is an anonymous social platform exclusively for verified college students. This Privacy Policy explains how we collect, use, store, and protect your personal data when you access or use the App.
By registering for or using GreyOut, you acknowledge that you have read this Policy and give your free, specific, informed, and unambiguous consent to the processing of your personal data as described herein, in accordance with Section 6 of the DPDP Act, 2023.
02 Information We Collect
2.1 Information You Provide [DPDP Act §4]
| Data Type | Details | Purpose |
|---|---|---|
| Verification Data | College ID image, college name, graduation year | One-time identity verification. Deleted within 30 days of successful verification. |
| Account Credentials | Email address, hashed password | Account creation and login |
| Profile Data | Username (anonymous alias), college, year of study | App functionality. No real name stored on public profile. |
| User Content | Posts, comments, Vent Out messages | Core app functionality |
| Support Data | Grievance reports, abuse flags, support tickets | Safety and moderation |
2.2 Automatically Collected Information
| Device Information | Device model, OS version, unique device identifiers (IDFV/Android ID) |
| Log Data | App crashes, login timestamps, feature usage (anonymised) |
| App Activity | Posts viewed, features accessed, session duration (aggregated) |
| IP Address | For fraud prevention and security. Not linked to your anonymous identity. |
2.3 What We Intentionally Do NOT Collect
- Your real name is never displayed or stored against your public profile.
- We do not collect location/GPS data.
- We do not access your camera, microphone, or contacts unless you explicitly grant permission.
- We do not track your activity on other apps or websites.
- We do not sell your data to advertisers.
03 Sensitive Personal Data
Under the IT (SPDI) Rules, 2011, certain categories of data require heightened protection. GreyOut's Vent Out feature may involve users voluntarily disclosing information relating to mental health, personal relationships, or family circumstances. This constitutes Sensitive Personal Data or Information (SPDI).
Our commitment on SPDI: Vent Out messages are end-to-end encrypted. They are not readable by GreyOut staff in plain text. They are automatically purged 30 days after a Vent Out session ends. They are never used for advertising, training AI models, or any secondary purpose. Access is limited to emergency safety interventions as described in Section 7. You are never required to disclose sensitive information.
04 How We Use Your Data
We process your personal data only for the following specified purposes:
- Account creation and verification: to confirm you are a real college student.
- App functionality: to operate the anonymous feed, college communities, and Vent Out features.
- Safety and moderation: to detect abuse, harassment, illegal content, and threats of harm.
- Customer support: to respond to reports and grievances.
- Product improvement: aggregated, anonymised analytics to improve the App.
- Legal compliance: to comply with court orders, law enforcement requests, or obligations under Indian law.
- Security: to prevent fraud, account takeovers, and platform manipulation.
05 The Anonymity Architecture
GreyOut is built on a principle of structural anonymity. Your real identity (email, college ID) is stored in a separate, encrypted database from your app activity (posts, comments, Vent Out sessions).
What this means in practice: A GreyOut moderator reviewing a reported post cannot see who posted it. The link between your real identity and your app activity is broken by design. Only a court order or verified law enforcement notice compels us to break this link, and only to the extent legally required.
06 Data Sharing and Disclosure
We do not sell, rent, or trade your personal data. We share data only in the following limited circumstances:
6.1 Service Providers
- Cloud Hosting: AWS/Google Cloud / Azure - servers in India (Mumbai region) wherever feasible.
- Push Notifications: Firebase Cloud Messaging (Google).
- Analytics: Anonymised, aggregated data only (no individual user identification).
- Payment Processing: Razorpay / Stripe India - we do not store card details.
6.2 Legal Disclosure [IT Act §79]
We may disclose data under a valid court order from an Indian court, a request from a law enforcement agency under Section 91 CrPC, or obligations under the IT Rules 2021.
6.3 Safety Emergencies
If we identify credible and imminent risk of harm to a user or others, we may disclose the minimum necessary information to emergency services or law enforcement, without prior notice.
07 Content Moderation & Safety
- All posts are subject to automated screening for prohibited content categories.
- A user-initiated reporting system is available on every post and message.
- Reported content is reviewed by human moderators within 24 hours.
- Content violating our policies is removed within 24-72 hours of a valid complaint.
08 Data Retention
| College ID verification image | Deleted within 30 days of successful verification |
| Account credentials | Duration of account + 90 days after deletion |
| Anonymous posts & comments | Duration of account or until deleted by user |
| Vent Out messages | 30 days post-session, then permanently deleted |
| Moderation logs | 2 years (legal obligation) |
| Deleted account data | Fully purged within 30 days of account deletion request |
09 Your Rights
As a Data Principal under the DPDP Act, 2023, you have the right to Access, Correction, Erasure, Grievance Redressal, and the Right to Withdraw Consent. To exercise any of these rights, email privacy@greyout.app. We will respond within 30 days.
Document II: Terms & Conditions
Rules governing your use of the App, prohibited content, anonymity scope, moderation, and dispute resolution.
01 The Agreement
These Terms & Conditions govern your access to and use of the GreyOut mobile application. These Terms are governed by the laws of India, including the Information Technology Act, 2000, the IT Rules, 2021, and the DPDP Act, 2023.
02 Eligibility
You are eligible to use GreyOut only if you meet all of the following conditions:
- You are 18 years of age or older.
- You are currently enrolled as a student at a recognised college or university in India.
- You possess a valid college identity card from your institution.
- You have not been previously banned or suspended from GreyOut.
Providing false information to gain access constitutes fraud and may result in permanent account termination and legal action.
03 Account Registration & Verification
To create a GreyOut account, you must complete our college verification process. By submitting your ID you confirm the document is genuine, consent to us retaining it for up to 30 days for verification, and understand it will be permanently deleted after successful verification.
04 The Anonymity System - Important Clarification
Anonymity on GreyOut is real but not absolute. Your real identity is not visible to other users under any circumstances. However, GreyOut retains the technical ability to link your anonymous activity to your real identity in extreme circumstances: (a) compliance with a valid court order or law enforcement request; (b) prevention of imminent harm; (c) investigation of serious violations. Anonymity is not a shield for illegal activity.
05 User Content & Conduct
5.1 Your Content
You retain ownership of content you post on GreyOut. By posting content, you grant GreyOut a non-exclusive, royalty-free licence to host, display, and moderate that content solely for operating the App.
5.2 Prohibited Content & Behaviour
You must not post, share, transmit, or facilitate any content or behaviour that:
- Is illegal under Indian law (e.g., IT Act Sections 66A-66F, IPC Sections 153A, 295A).
- Threatens, harasses, or bullies any individual or group.
- Is sexually explicit, obscene, or pornographic.
- Targets or endangers a minor.
- Incites violence, communal hatred, or religious discord.
- Constitutes cyberstalking or doxxing.
- Promotes or glorifies self-harm or suicide.
- Spreads misinformation with intent to cause panic or harm.
5.3 Vent Out Feature
Within Vent Out, you must not attempt to identify your matched peer, use the feature for romantic solicitation, provide medical/legal advice, or record/screenshot conversations. GreyOut is NOT a crisis service. If you are in immediate danger, please contact Emergency Services: 112.
06 Disclaimers & Limitation of Liability
Nothing on GreyOut constitutes mental health advice, medical advice, legal advice, or counselling. Vent Out provides peer-to-peer connection, not professional support. GreyOut does not endorse or take responsibility for user-generated content. To the maximum extent permitted by Indian law, the Company's total liability to you shall not exceed INR 1,000 or the amount you have paid us in the preceding 3 months.
07 Grievance Redressal
Any complaint or grievance regarding the App or these Terms should be directed to our Grievance Officer:
Email: support.greyout@gmail.com
Address: Nagpur, Maharashtra, India
Acknowledgement: Within 24 hours of receipt