Privacy Policy - Your Data Protection and Rights with TamizhConnect

This Privacy Policy explains how TamizhConnect (operated by Tharviyan Limited, Company No. 12127865) collects, uses, and protects your data. We are committed to safeguarding your personal information and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and other applicable data protection laws.

1. Information We Collect

We collect different types of information to provide and improve our Tamil genealogy and family history services while ensuring the security and privacy of your personal data. The information we collect helps us understand your needs, provide better services, and maintain the integrity of your family tree data.

  • Identity Information: name, email address, phone number, and account credentials
  • Payment Information: processed securely by PCI-DSS-compliant partners (Stripe/PaymentSense); card numbers are not stored on our servers
  • Usage Information: analytics data to improve features, understand how you use our services, and enhance user experience
  • Family Tree Data: names, relationships, genealogical information, cultural notes, and heritage details you provide
  • Technical Information: browser type, IP address, device information, and browsing behavior on our platform

2. How We Use Your Information

We use your personal data for specific, legitimate purposes related to providing our genealogy services and improving the TamizhConnect platform. Our data processing activities are conducted lawfully under the UK GDPR and always with your consent or for legitimate business interests.

  • Account Management: Create, maintain, and secure your user account and associated family tree data
  • Service Provision: Provide and manage access to our Tamil genealogy tools, historical records, and family history features
  • Payment Processing: Process payments and manage subscription entitlements through secure payment partners
  • Communication: Send service notifications, updates, and respond to your inquiries
  • Service Improvement: Analyze usage patterns to improve our services and user experience
  • Security: Protect against fraud, unauthorized access, and maintain platform security

3. Legal Basis for Processing

Our legal basis for processing your personal data varies depending on the specific processing activity:

  • Consent: When you explicitly agree to our use of your data, particularly for marketing communications
  • Contractual necessity: When processing is necessary to provide you with our services
  • Legitimate interests: For security, fraud prevention, and platform improvement purposes
  • Legal obligation: When required by law to process certain information

4. Data Security Measures

We implement comprehensive security measures to protect your personal data and family tree information from unauthorized access, alteration, disclosure, or destruction. Our security practices are regularly reviewed and updated to address emerging threats and technological changes.

  • Transport Security: Encryption in transit using HTTPS/TLS 1.3 protocols
  • Application Security: Role-based and row-level security for application data (via Supabase)
  • Access Controls: Multi-factor authentication and strict access controls for our systems
  • Data Encryption: Encryption at rest for sensitive personal information
  • Regular Audits: Security audits and vulnerability assessments conducted regularly

5. Data Sharing and Third Parties

We do not sell, trade, or rent personal data to third parties. We share limited data only with trusted partners who assist us in operating our services, conducting business, or serving our users, and only when necessary to provide our Tamil genealogy services.

  • Payment Processors: Stripe and PaymentSense for secure payment processing
  • Database Services: Supabase for secure data storage and management
  • Analytics Providers: PostHog and Amplitude for service improvement (data is anonymized where possible)
  • Legal Compliance: Governmental authorities or law enforcement when legally required

All third-party processors are under contractual obligations to maintain the same level of data protection consistent with this policy and applicable law.

6. Data Retention

We retain your personal data only as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The criteria we use to determine retention periods include:

  • The length of time required to provide our services to you
  • Whether we have ongoing legitimate business needs to process your data
  • Whether your account remains active
  • Legal or regulatory obligations that require us to retain data

For users who have deleted their accounts, we retain anonymized usage data for analytical purposes but do not maintain personally identifiable information beyond what is legally required.

7. Your Data Protection Rights (UK GDPR)

Under the UK GDPR, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Have inaccurate personal data corrected
  • Right to erasure: Request deletion of your personal data under certain circumstances
  • Right to restrict processing: Request limitation of how we use your personal data
  • Right to data portability: Receive your personal data in a structured, commonly used format
  • Right to object: Object to processing based on legitimate interests or direct marketing
  • Right to withdraw consent: Withdraw consent previously given for data processing

You may exercise these rights by emailing privacy@tamizhconnect.com. We will respond to all requests in accordance with applicable data protection law. Please note that certain data may be retained where permitted by law, such as for legal compliance or exercising legal rights.

8. International Data Transfers

While we primarily process data within the UK and EU, some of our service providers may process your data in countries outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place to protect your personal data, including standard contractual clauses approved by the UK government.

9. Children's Privacy

Our services are not directed to children under the age of 16, and we do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child under age 16, we will take steps to delete such information.

10. Updates to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other operational considerations. We will notify you of any material changes through our website or via email. Your continued use of our services after such changes constitutes your acceptance of the revised policy.

Business Entity: Tharviyan Limited (Company No. 12127865)
Registered Office: 5 Brayford Square London E1 0SG United Kingdom
Contact: support@tamizhconnect.com | +44 1689 810072

For information about our service delivery and fulfilment process, please see our Service Delivery Policy.

For information about our event ticketing policies, please see our Ticketing Policy.