Overview
This Privacy Policy applies to all services provided by Discotive ("Discotive," "we," "us," or "our"), accessible at discotive.com and through our native applications. We operate under a strict principle of minimal data collection: we aggregate only what is mathematically necessary to compute your score and operate the Career Engine. Nothing more.
By maintaining a Discotive account, you agree to the cryptographic and data handling terms described herein. This ledger is effective as of January 1, 2026, governed by Indian law (IT Act 2000 and DPDP Act 2023), with full GDPR alignment for international nodes.
Data We Collect
Data collection is isolated into three deterministic categories: identity baselines, execution metrics, and technical edge metadata.
- ◆Core Identity: Name, email address, username (Required for account instantiation).
- ◆Geographic & Academic: Country, state, educational institution (Used strictly for leaderboard segmentation).
- ◆Vector Positioning: Domain, niche, and career goals (Used to align feed opportunities).
- ◆Public Display: Profile photo, bio, and social graph links (Optional, public-facing).
- ◆Ledger Mutations: Discotive Score changes with atomic timestamps and delta reasons.
- ◆Consistency Engine: Daily ping/login metrics calculated in IST timezone.
- ◆Vault Pointers: Asset metadata including title, category, and SHA-256 hash (File contents remain isolated).
- ◆Module Tracking: Learn pathway progression and completion flags.
- ◆Session Telemetry: Firebase Analytics page views (Strictly anonymised).
- ◆Error Logging: Sentry crash reports (Sanitized of PII).
- ◆Security Tokens: App Check handshakes (Validated in-flight, never stored).
- ◆Network Diagnostics: Vercel Speed Insights (Aggregate latencies only).
Asset Vault Security
The Asset Vault is the core of your proof-of-work. We apply enterprise-grade cryptography to ensure assets cannot be forged, scraped, or modified.
- ◆Storage Layer: Binaries sit in Firebase Storage behind strict RBAC rules.
- ◆Upload Pipeline: Clients stream directly to Storage buckets; files never bottleneck through our API servers.
- ◆Verification: Admins verify hashes server-side before an asset achieves VERIFIED status.
- ◆Isolation: Firestore security rules drop cross-user queries at the network layer.
- ◆Atomic Purges: Deleted files are simultaneously wiped from Storage and Firestore.
Score Engine & Audit Trail
The Discotive Score is entirely deterministic. It is computed using atomic Firestore transactions, meaning race conditions cannot manipulate rankings.
- ◆Immutable Logging: Every score mutation writes to a tamper-evident score_log subcollection.
- ◆Read-Only Trails: Score log entries are write-once. You can read, but never modify, your history.
- ◆Validation: Score transactions demand fresh Firebase Auth tokens + App Check verification.
- ◆Decay Mechanics: Server-side CRON (Cloud Scheduler) calculates consistency penalties.
- ◆Edge Isolation: All scoring math runs server-side. The client cannot spoof calculations.
AI & Data Processing
Discotive integrates Google Gemini for the Autofill AI copilot. We proxy everything securely to prevent key leakage and data bleeding.
- ◆Minimal Context: Gemini API calls inject only the strict context needed for the prompt.
- ◆Identity Shield: Autofill AI receives your name, score, and domain|passwords and Vault binaries are omitted.
- ◆No Memory Retention: Conversational history is ephemeral and not stored on Discotive DBs.
- ◆Google Compliance: Processed exclusively under Google's Cloud AI Platform enterprise privacy SLAs.
Your Rights
Operators own their data. These rights apply universally, irrespective of your geographic node or jurisdiction.
Disputes & Contact
If you detect a vulnerability or require a manual data purge, escalate the request directly to our command center.
Discotive is operated by Discotive Hubs, based in Jaipur, Rajasthan, India. This operational charter is legally binding.