Privacy Policy

Last updated: 7 July 2026

Behtar (behtar.co.in) is operated by Shreyansh Gupta, an individual sole proprietor based in India — the data fiduciary / data controller for the processing described here. Contact: shreyiitkgp96@gmail.com.

This policy covers the behtar.co.in website and both Behtar products — the Behtar: Prompt Improver browser extension (Sections 2–4) and the Behtar Card Scanner web app (Section 4A). Each product collects different data for different purposes, described separately below.

The two promises that matter most: your prompt content is never collected or stored by Behtar — it is processed transiently to generate an improvement and never retained. And your email address (collected once the upcoming account system launches) is used solely to track your free-tier usage and, for subscribers, billing — never for marketing.

1. This website

The behtar.co.in website sets no cookies and runs no analytics scripts. It is static content hosted on Cloudflare Pages; Cloudflare may process standard request data (such as IP addresses) to serve and protect the site, per Cloudflare's Privacy Policy.

2. Data the extension collects and processes

Behtar: Prompt Improver is designed around data minimisation: prompts are scored locally in your browser, and only a limited set of identifiers and usage metrics is processed to operate and improve the service.

Today (invite-code beta)

Data pointPurposeRetention
Invite codeAccess verification; pseudonymous identifier in analyticsAnalytics retained up to 3 months
Install IDDaily rate limiting; abuse detectionNot retained in analytics
IP addressRate limiting, handled by Cloudflare infrastructureNot stored by us; Cloudflare may retain per its own policy
Prompt textForwarded to the Anthropic API to generate the improved versionNever stored by us — processed transiently and discarded (see Section 3)
Usage analyticsPer-event metrics: platform, mode, extension version, model used, browser, prompt length (character count only), score, response time, action taken (accepted/dismissed/etc.), optional NPS ratingUp to 3 months

Aggregate usage counts (daily/lifetime improvement counts, per-platform totals, mode preference, session stats) are stored only in your browser's local storage and never transmitted. Only lengths and counts are ever stored locally — never the prompt text itself.

Upcoming (free/paid accounts — launching soon)

When the freemium version launches, activating the extension will require a verified email address. There is no password and no account to manage — just an email so we can track your free usage. Specifically, we will store, on our servers (Cloudflare infrastructure in our account):

Legal basis (GDPR): performance of a contract (Art. 6(1)(b)) — the email is necessary to provide the free/paid service you request, not collected for any secondary purpose. Analytics data is processed under legitimate interest (Art. 6(1)(f)) in operating and improving the service, using pseudonymous identifiers and minimal data. Under India's DPDP Act, we act as a Data Fiduciary and collect this data for the specific stated purpose, with notice at the point of collection.

3. What the Prompt Improver does NOT collect

4. How your prompts are processed

Before any network request is made, your prompt is scored locally in your browser — no data leaves your device during scoring. A prompt is only sent onward if it scores below the weak-prompt threshold and the extension is active. If your prompt scores above the threshold, it is never sent anywhere.

When a weak prompt is improved, the prompt text is sent to our relay server (Cloudflare Workers), which forwards it to the Anthropic API (Claude) for rewriting and returns the result to your browser. The relay is a pass-through: we do not log or store prompt content on servers we control. Anthropic may retain API inputs for up to 30 days under its data handling and safety practices — see Anthropic's Privacy Policy.

4A. Behtar Card Scanner

Behtar Card Scanner is a separate product with its own account system and different data practices — unlike the Prompt Improver, storing your data is its core function (it keeps your scanned contacts for you).

5. Sub-processors and third-party services

The following third parties process data on our behalf. This is the complete list; it will be kept current here.

Sub-processorWhat it processesWhy
CloudflareRelay traffic, account/usage records, site hosting; IP addresses in transitAll of our infrastructure (Workers, Pages, storage) runs on Cloudflare's network
AnthropicPrompt text (Prompt Improver) and card images (Card Scanner), transiently — no user identifiers or account information attachedAI processing: generates improved prompts and extracts contact details from card images; may retain inputs up to 30 days per its policy
ResendYour email address (once accounts launch)Sends the one-time verification code email
Razorpay and/or StripeYour email and payment details (once paid subscriptions launch)Payment processing and subscription billing; payment details go directly to the processor, never to us

International transfers: Cloudflare, Anthropic, Resend, and Stripe are US-based; data may be processed in the United States and other countries where they operate. Where EU/EEA data transfer rules apply, transfers rely on appropriate safeguards such as Standard Contractual Clauses documented in each provider's data processing terms.

6. Data retention

7. Your rights and data deletion

Depending on where you live (including under GDPR and India's DPDP Act), you have the right to access, correct, delete, or restrict processing of your personal data, to object to processing based on legitimate interest, and — in the EU/EEA — to lodge a complaint with your supervisory authority.

To have your data deleted, email shreyiitkgp96@gmail.com from the relevant address. We will delete your account record (email, usage counters) and, for subscribers, delete or anonymise the corresponding customer record with the payment processor. We aim to respond within 7 business days. You can also stop all processing at any time by disabling or uninstalling the extension — no prompt is ever sent while it is disabled.

8. Data breach notification

In the event of a personal data breach likely to result in a risk to your rights, we will notify the relevant supervisory authority within 72 hours of becoming aware, and affected individuals without undue delay, where required by applicable law.

9. Children

The service is not directed at children under 16 in the EU/EEA, or under 13 elsewhere (under 18 where required by India's DPDP Act for processing requiring verifiable parental consent). We do not knowingly collect information from children below these ages.

10. Changes to this policy

We may update this policy from time to time — for example, when the account system and paid subscriptions described above go live. The "Last updated" date at the top reflects the latest version.

11. Contact us

For any privacy question or request: shreyiitkgp96@gmail.com. We aim to respond within 7 business days.