Privacy Policy

Effective 24 April 2026Last updated 7 May 2026v1.4

Anchor is a booking and payment-tracking tool for independent therapists in India. This Privacy Policy describes the personal data Anchor collects, the purposes for which it is processed, and the rights available to data principals under the Digital Personal Data Protection Act, 2023 (the “DPDP Act”).

1. Who we are

Anchor is operated by Shiven Kumar, sole proprietor, with a place of business in Delhi, India, and is reachable at hello@tryanchor.in. The product is served at tryanchor.in.

For the purposes of the DPDP Act, Anchor is the Data Fiduciary in respect of personal data collected directly through the product (account data, billing data, support correspondence). Therapists who use Anchor are independent Data Fiduciaries in respect of the data they collect from their own clients; Anchor is a Data Processor for such data, processing it solely on the therapist’s instructions to deliver the booking and ledger functionality of the product.

2. Definitions

Anchor, we, us, our — the proprietorship and the product collectively.
Therapist — an independent practitioner who has signed up for an Anchor account.
Client — a person who books a session through a Therapist’s Anchor-powered page.
You, your — the reader of this policy, whether Therapist, Client, or visitor.
Personal Data — any data about an identifiable individual, as defined in the DPDP Act.
Tenant — the logical partition of the database that holds one Therapist’s data, isolated from every other Therapist’s.

3. What we collect

3.1 Therapist account data

Display name, email address, optional profile photo and bio.
Timezone, availability schedule, session modes (online or offline), clinic address (if offline), virtual-meeting link (if online).
Fee structure, no-show policy, session-buffer preferences, default fee.
Authentication data: hashed password or Google OAuth identifier.
Google Calendar integration tokens, when a Therapist chooses to connect their Google Calendar so that Anchor can create calendar events with Google Meet links for online bookings. The refresh token is stored encrypted at rest, as described in section 10.

3.2 Client booking data

Full name, email address, and (optionally) phone number, as provided to the Therapist’s booking page.
Mode preference (online or offline) and any note the Client adds at the time of booking.
A ledger token: a randomly generated identifier that allows the Client to view their own session and payment history without creating an account.

3.3 Operational data

Appointments: date, time, duration, status (booked, completed, cancelled, no-show), and fee.
Payments: amount, mode (cash, bank transfer, UPI, etc.), date, and any free-text note recorded by the Therapist.
Allocation records linking individual payments to the sessions they cover.

3.4 What we do not collect

Clinical records, session transcripts, diagnoses, or any other category of medical record.
Card numbers, CVVs, or bank account credentials. Anchor does not process payments; money moves directly between Client and Therapist outside of the product.
Sensitive personal data (caste, religion, health status, biometric data) beyond what a Therapist may incidentally enter into a free-text note.

4. Why we collect it

Personal data is processed only for the purposes set out below. Each purpose is grounded in a Therapist’s or Client’s freely given consent at the point of sign-up or booking, or in the performance of the contract those acts create.

Booking flow — presenting available slots, confirming bookings, and sending confirmation and reminder emails.
Ledger — maintaining each Therapist’s record of who has paid for which session.
Tenant administration — giving each Therapist controlled access to their own clients and sessions.
Product support — investigating issues reported by Therapists or Clients.
Service announcements — notifying active accounts of feature changes, planned outages, or policy updates. Anchor does not send marketing email.

5. Who can see what

A Therapist sees only their own Tenant — their clients, bookings, payments, and notes. The level of access mirrors any CRM or paper ledger they would otherwise maintain.
A Client sees only their own sessions and payments with one specific Therapist, accessed through a private ledger link. No Client has visibility into another Client’s data.
No Therapist can read another Therapist’s data. Tenant isolation is enforced at the database layer through row-level security policies on every relevant table.
Anchor’s operations team holds administrative database access strictly for product support, debugging, and incident response. Client names, email addresses, and phone numbers are encrypted at rest, as described in section 10. A reading of the database, by any party, returns ciphertext rather than plaintext for these fields. Every decryption call is recorded in AWS CloudTrail and is attributable to a specific Therapist account. A Therapist may, at any time, request the access record for their account by emailing hello@tryanchor.in.

6. Third-party processors

Anchor relies on a small set of sub-processors to deliver the product. Each processor receives only the data necessary for its specific function and is bound by its own privacy and security terms. Anchor does not sell, rent, or trade personal data, and does not share personal data for advertising purposes.

Supabase — hosted Postgres database and authentication. Stores account data, encrypted client data, and session records. Data may be hosted on infrastructure outside India.
Vercel — application hosting and request routing. Receives standard request metadata for the duration of each request.
Amazon Web Services (Key Management Service) — cryptographic key management for client PII encryption. Hosted in the Mumbai (ap-south-1) region. AWS KMS receives encrypted key material only; it never sees plaintext client data.
Resend — transactional email delivery for booking confirmations, reminders, and service announcements.
Google — (a) optional OAuth-based sign-in for Therapists who choose it; (b) optional Google Calendar integration for Therapists who connect their calendar, used to create calendar events and Google Meet links for online bookings. Calendar events created by Anchor include the Therapist’s and Client’s names, the session time, and the meeting link.
Namecheap — domain registration for tryanchor.in.

Some of these processors operate outside India. By using Anchor, You consent to the cross-border transfer of personal data to such processors solely for the purpose of operating the product, as permitted by section 16 of the DPDP Act.

7. Retention

Active accounts. Personal data is retained for as long as the Therapist’s account remains active.
Closed accounts. Tenant data is deleted within thirty (30) days of receiving a verified closure request. Aggregated, non-identifying metrics (such as total session count) may be retained for product analysis.
Financial records. Payment logs required for compliance with Indian tax law may be retained for up to seven (7) years and are minimised wherever possible.
Authentication and access logs. Retained for ninety (90) days, after which they are deleted.

8. Your rights under the DPDP Act

Under the DPDP Act, You may exercise the following rights in respect of personal data Anchor holds about You. To exercise any of them, email hello@tryanchor.in from the address associated with the relevant account or booking.

Right of access. Obtain a summary of the personal data Anchor processes about You and the purposes of such processing. Anchor will respond within fifteen (15) days.
Right of correction. Have inaccurate or incomplete personal data corrected or completed. Therapists may correct most fields directly from the dashboard; Clients should contact their Therapist or email Anchor.
Right of erasure. Request deletion of personal data, subject to the retention obligations in section 7.
Right to withdraw consent. Withdraw consent at any time. Following withdrawal, access to the product ends and personal data is deleted in line with section 7.
Right of grievance redressal. Lodge a grievance with the Grievance Officer (section 9 below). If the response is unsatisfactory, escalate to the Data Protection Board of India under section 27 of the DPDP Act.
Right of nomination. Nominate another individual to exercise these rights on your behalf in the event of incapacity or death.

9. Grievance Officer

In accordance with section 8(10) of the DPDP Act, the following person serves as Anchor’s Grievance Officer:

Name:: Shiven Kumar
Email:: hello@tryanchor.in
Response time:: Acknowledgement within 7 days of receipt; substantive response within 15 days.

If a grievance is not resolved to your satisfaction, You may approach the Data Protection Board of India under section 27 of the DPDP Act.

10. Security

Anchor implements technical and organisational measures appropriate to the nature of the data processed and the risks reasonably foreseeable in its operation.

Encryption in transit. All traffic between client browsers and Anchor servers is encrypted using TLS 1.2 or higher.
Encryption at rest of client PII. Client names, email addresses, and phone numbers are encrypted at the field level using AES-256-GCM with envelope encryption. Data Encryption Keys are themselves encrypted under a master key held in AWS Key Management Service (Mumbai region), separate from the application database. A successful decryption requires both database access and an authenticated KMS call — database access alone returns ciphertext only. Each KMS call is bound to the specific Therapist account whose data is being processed, so every decryption event recorded in AWS CloudTrail is attributable to that Therapist. Operator-side activity is logged separately from live-application activity.
Tenant isolation. Row-level security policies in the database prevent any Therapist from reading or writing data belonging to another Therapist, regardless of identifiers they may know.
Authentication. Therapist passwords are hashed using a memory-hard algorithm and are never stored in plaintext. Administrative access to the application database, AWS KMS, and underlying cloud infrastructure is protected by multi-factor authentication.
Key rotation. Annual automatic rotation is enabled on the AWS KMS master key.
No payment data. Anchor does not store card numbers or banking credentials. Payments are recorded as ledger entries by the Therapist; the actual movement of funds occurs outside the product.

11. Children

Anchor is intended for use by adults (18 years and older). Where a Therapist provides services to a minor and records the minor’s personal data in Anchor, the Therapist is responsible for obtaining verifiable consent from the minor’s parent or lawful guardian before doing so, as required by section 9 of the DPDP Act. Anchor does not knowingly collect personal data directly from individuals under 18.

12. Changes to this policy

Anchor may revise this Privacy Policy from time to time. Where a revision is material, every active Therapist account will be notified by email at least thirty (30) days before the change takes effect. The “Last updated” date and version number at the top of this page reflect the most recent revision.

13. Governing law

This Privacy Policy is governed by the laws of India. Any dispute arising out of or in connection with this policy shall be subject to the exclusive jurisdiction of the courts at Delhi.

14. Contact

For questions about this policy or to exercise any of the rights described in section 8, contact hello@tryanchor.in.