Discotive

Pr

Discotive is engineered on a zero-trust architecture. Every piece of data you share is handled with minimal collection and complete operator control. Your execution belongs to you.

Last Updated: January 2026
Version 3.1
GDPR + DPDP Compliant

Overview

This Privacy Policy applies to all services provided by Discotive ("Discotive," "we," "us," or "our"), accessible at discotive.com and through our native applications. We operate under a strict principle of minimal data collection: we aggregate only what is mathematically necessary to compute your score and operate the Career Engine. Nothing more.

🔐
Zero-Trust Architecture
Every service-to-service RPC within Discotive is authenticated using Firebase App Check with reCAPTCHA Enterprise v3. Unauthenticated requests are dropped at the edge before reaching our Cloud Functions or Firestore.

By maintaining a Discotive account, you agree to the cryptographic and data handling terms described herein. This ledger is effective as of January 1, 2026, governed by Indian law (IT Act 2000 and DPDP Act 2023), with full GDPR alignment for international nodes.

Data We Collect

Data collection is isolated into three deterministic categories: identity baselines, execution metrics, and technical edge metadata.

Identity & Profile Data
  • Core Identity: Name, email address, username (Required for account instantiation).
  • Geographic & Academic: Country, state, educational institution (Used strictly for leaderboard segmentation).
  • Vector Positioning: Domain, niche, and career goals (Used to align feed opportunities).
  • Public Display: Profile photo, bio, and social graph links (Optional, public-facing).
Execution & Activity Data
  • Ledger Mutations: Discotive Score changes with atomic timestamps and delta reasons.
  • Consistency Engine: Daily ping/login metrics calculated in IST timezone.
  • Vault Pointers: Asset metadata including title, category, and SHA-256 hash (File contents remain isolated).
  • Module Tracking: Learn pathway progression and completion flags.
Technical Edge Metadata
  • Session Telemetry: Firebase Analytics page views (Strictly anonymised).
  • Error Logging: Sentry crash reports (Sanitized of PII).
  • Security Tokens: App Check handshakes (Validated in-flight, never stored).
  • Network Diagnostics: Vercel Speed Insights (Aggregate latencies only).

Asset Vault Security

The Asset Vault is the core of your proof-of-work. We apply enterprise-grade cryptography to ensure assets cannot be forged, scraped, or modified.

🛡️
SHA-256 Integrity Verification
Every payload uploaded to the Vault is hashed using SHA-256 before storage allocation. This hash is permanently bound in Firestore to the asset metadata, guaranteeing tamper-proof verification on demand.
Vault Security Protocol
  • Storage Layer: Binaries sit in Firebase Storage behind strict RBAC rules.
  • Upload Pipeline: Clients stream directly to Storage buckets; files never bottleneck through our API servers.
  • Verification: Admins verify hashes server-side before an asset achieves VERIFIED status.
  • Isolation: Firestore security rules drop cross-user queries at the network layer.
  • Atomic Purges: Deleted files are simultaneously wiped from Storage and Firestore.

Score Engine & Audit Trail

The Discotive Score is entirely deterministic. It is computed using atomic Firestore transactions, meaning race conditions cannot manipulate rankings.

Ledger Mechanics
  • Immutable Logging: Every score mutation writes to a tamper-evident score_log subcollection.
  • Read-Only Trails: Score log entries are write-once. You can read, but never modify, your history.
  • Validation: Score transactions demand fresh Firebase Auth tokens + App Check verification.
  • Decay Mechanics: Server-side CRON (Cloud Scheduler) calculates consistency penalties.
  • Edge Isolation: All scoring math runs server-side. The client cannot spoof calculations.

AI & Data Processing

Discotive integrates Google Gemini for the Autofill AI copilot. We proxy everything securely to prevent key leakage and data bleeding.

🤖
Zero-Training Policy
By default, your execution data and Vault contents are NEVER used to train AI models|not ours, not Google's. The 'ML Data Contribution' setting (available to Premium nodes) remains opt-in.
AI Edge Handling
  • Minimal Context: Gemini API calls inject only the strict context needed for the prompt.
  • Identity Shield: Autofill AI receives your name, score, and domain|passwords and Vault binaries are omitted.
  • No Memory Retention: Conversational history is ephemeral and not stored on Discotive DBs.
  • Google Compliance: Processed exclusively under Google's Cloud AI Platform enterprise privacy SLAs.

Your Rights

Operators own their data. These rights apply universally, irrespective of your geographic node or jurisdiction.

Right to Access
Pull a complete JSON export of your execution data at any time via Settings → Privacy → Export Data.
Right to Deletion
Terminate your account permanently via Settings → Privacy → Delete Account. All binaries and ledgers purge within 30 days.
Right to Correction
Mutate your profile vectors and preferences directly from the Profile module.
Right to Restriction
Toggle your profile to private, instantly removing your node from public search and leaderboards.

Cookies & Tracking

Discotive maintains a minimal cookie footprint. We deploy only what is required to keep your session alive and secure.

🚫
No Ad Tracking
We deploy zero Google Analytics tracking pixels, Meta Pixels, or third-party ad SDKs. Discotive is built for builders, not advertisers. Our telemetry is self-hosted and PII-free.
Cookie Registry
  • Firebase Auth Token: Secures your session state (Session-scoped).
  • App Check Token: Cryptographic validation (Auto-refreshes hourly).
  • Vercel Analytics: Latency tracking (Privacy-preserving aggregate only).
  • Umami Analytics: Self-hosted product analytics (GDPR compliant, zero cross-site mapping).

Disputes & Contact

If you detect a vulnerability or require a manual data purge, escalate the request directly to our command center.

Privacy Escalations
admin@discotive.com
72-hour response SLA
Security & Bug Bounty
admin@discotive.com
2-hour SLA for critical exploits

Discotive is operated by Discotive Hubs, based in Jaipur, Rajasthan, India. This operational charter is legally binding.