Privacy, by law.
Not just by promise.
We tell you exactly what we collect, why we collect it, for how long — and what we are architecturally unable to share. This policy complies with Indian, European, and California privacy law.
Who We Are
Data Fiduciary: RR AI Labs Pvt. Ltd., India
Platform: B Anon — available on iOS, Android, and banon.app
Under the DPDPA 2023, RR AI Labs Pvt. Ltd. is the Data Fiduciary — the entity that determines the purpose and means of processing your personal data. You are the Data Principal — the individual whose data is processed.
B Anon is also an Intermediary under Section 2(w) of the Information Technology Act, 2000 and is bound by the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, as amended to October 2025.
This policy applies to all users of B Anon worldwide. Sections 1–21 detail our Indian law obligations (DPDPA 2023, IT Rules 2021). Section 22 covers additional GDPR rights for EEA/UK users. Section 23 covers CCPA/CPRA rights for California residents. Questions: privacy@banon.app
How B Anon Works
B Anon is an anonymous one-to-one chat application built with privacy and data minimisation as core architectural principles, intended exclusively for users aged 18 and above.
No real name, phone number, or email required. Appear as an emoji or wear an AR masquerade mask.
Smart Match Engine connects you based on shared interest tags — not follower counts or identity data.
Messages are encrypted on your device. Only the recipient's device can decrypt them. We cannot read content.
Messages are deleted from our servers the moment delivery is confirmed. We hold no chat history.
Personal Data We Collect
We collect only what is strictly necessary to operate, secure, and maintain B Anon. Each category has one specific, stated, lawful purpose — satisfying DPDPA §5 (purpose limitation) and §4 (data minimisation).
Randomised ID generated at install. Not linked to identity.
Encrypted text/media held until delivery.
IP address, OS version, timestamps.
Auth token if user opts in. No email stored.
Live feed for mask rendering. Processed on-device only.
Snapshot of a reported message.
Face Filters & AR Masks
Instead of a real profile photo, you choose how to appear using one of two privacy-preserving options. Your real face is never required, never captured, and never shared.
Pick any emoji. This becomes your anonymous face. No camera access required. Nothing is stored on our servers.
Activate camera to wear a real-time mask rendered by our AR filter engine. Only the mask is visible to others.
What the AR feature NEVER does:
- We do not capture, transmit, or store any facial image or camera frame
- We do not extract, store, or share biometric identifiers (no geometry or face prints)
- No third-party AR SDK receives your camera data
Optional Google Account Linking
B Anon offers an optional feature to link your Google account as a safeguard — protecting your access if your device is lost. This is purely a recovery tool and is never required.
- Receive a basic authentication token used only to associate your anonymous ID with a new device
- Delete the token immediately when you unlink or delete account
- We do not store your email address
- We do not access your Gmail, contacts, or photos
- We do not use linking for ads or profiling
Premium Upgrades
Optional subscriptions unlock features. Purchases are processed by Apple or Google. We never directly handle or store your payment card details.
Data We Never Collect
The following are structurally absent from B Anon. There is nothing to breach or misuse.
Consent Framework
All optional features require explicit opt-in (free, specific, informed, unconditional). Examples: AR mask (OS camera prompt), Push Notifications (OS prompt), Interest tags (In-app choice). You can withdraw consent for any of these at any time via settings.
Message Architecture
All messages use end-to-end encryption (E2EE). B Anon cannot read message content at any point.
Push Notifications
Push notifications carry only a signal that a message is waiting. They do not contain message text or sender info. Content is decrypted only when you open the app.
Abuse Prevention
We analyze limited metadata for abuse patterns. When you report a user, a snapshot of the reported message is preserved in isolated storage for 30 days for moderation review, then permanently deleted.
Third-Party Services & Sharing
We use providers like Google LLC (Firebase, Auth) and Apple APNs purely as Data Processors bound by strict agreements. We do not use ad networks or data brokers.
Disclosure: We disclose data only under valid legal obligations (IT Act §69, DPDPA §7) such as formal court orders. Because we hold no message content, the maximum data we can produce is connection logs and device IDs.
Telecom Identity & SIM Rules 2025
Data Retention & Account Deletion
Personal data is erased as soon as its purpose is fulfilled. You have the Right to Erasure (account deletion) at any time via Settings → Account → Delete Account.
- Message content: deleted immediately on delivery
- Crash/Connection logs: max 90 days
- Account deletion: processed within 30 days. Removes Device ID, Google token, preferences.
Children's Data
Strictly for users 18+. If we become aware of an underage user, the account and data are permanently deleted immediately.
Your Rights as a Data Principal
Request data summary.
Delete your profile data.
File complaints via Officer.
Nominate a successor.
Grievance Officer
- Name: Grievance Officer, RR AI Labs Pvt. Ltd.
- Email: grievance@banon.app
- Response Time: Acknowledged in 24 hrs, resolved within 15 days.
⚖️ IT Rules 2021: If unsatisfied, you may appeal to the Grievance Appellate Committee (GAC) at grievanceappellate.meity.gov.in
European Economic Area (EEA) & UK — GDPR
If you access B Anon from the European Economic Area (EEA), United Kingdom, or Switzerland, the following additional rights and disclosures apply under the General Data Protection Regulation (GDPR) and the UK GDPR.
Legal Basis for Processing
| Data | Legal Basis (Art. 6) |
|---|---|
| Device ID (anonymous account creation) | Legitimate interest — necessary to provide the service without collecting personal identifiers |
| Approximate location (nearby matching) | Consent — you grant location permission; revocable at any time via device settings |
| Crash & connection logs | Legitimate interest — maintaining app stability and security |
| Google auth token (optional account recovery) | Consent — only processed if you choose to link a Google account; no email address is stored |
Your Rights Under GDPR
In addition to the rights listed in Section 19, EEA/UK users have:
- Right to Rectification (Art. 16) — Request correction of inaccurate data. Note: B Anon collects minimal data (device ID only), so there is typically nothing to correct.
- Right to Restriction of Processing (Art. 18) — Request that we limit how we use your data while a dispute is resolved.
- Right to Data Portability (Art. 20) — Receive your data in a structured, machine-readable format. Contact privacy@banon.app.
- Right to Object (Art. 21) — Object to processing based on legitimate interest. We will cease processing unless we demonstrate compelling legitimate grounds.
- Right to Withdraw Consent (Art. 7(3)) — Where processing is based on consent (location, Google linking), you may withdraw at any time without affecting prior processing.
International Data Transfers
B Anon's servers are located in India. If you are in the EEA/UK, your data is transferred to India. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission (Art. 46(2)(c)) to ensure adequate data protection for any cross-border transfer.
Data Protection Officer
For GDPR-related inquiries, contact our Data Protection Officer at privacy@banon.app.
Supervisory Authority
You have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.
California Residents — CCPA / CPRA
If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you additional rights regarding your personal information.
Categories of Personal Information Collected
| CCPA Category | Data Collected | Purpose |
|---|---|---|
| Unique identifiers | Device ID | Anonymous account creation |
| Geolocation (approximate) | City-level location | Nearby user matching |
| Internet activity | Crash logs, connection metadata | App stability |
| Account identifiers (optional) | Google auth token (no email stored) | Account recovery only |
What We Do NOT Do
- We do not sell personal information. B Anon has never sold and will never sell your data to third parties.
- We do not share personal information for cross-context behavioral advertising.
- We do not use sensitive personal information for purposes beyond what is necessary to provide the service.
- We do not use personal information for profiling or automated decision-making with legal effects.
Your Rights Under CCPA/CPRA
- Right to Know (§1798.100) — Request the categories and specific pieces of personal information we have collected about you.
- Right to Delete (§1798.105) — Request deletion of your personal information. Use Settings → Account → Delete Account or email privacy@banon.app.
- Right to Correct (§1798.106) — Request correction of inaccurate personal information.
- Right to Opt-Out of Sale/Sharing (§1798.120) — B Anon does not sell or share your data, so there is nothing to opt out of.
- Right to Non-Discrimination (§1798.125) — We will not discriminate against you for exercising any of your CCPA rights.
- Right to Limit Use of Sensitive Information (§1798.121) — We only use sensitive data (geolocation) for providing the service.
How to Submit a Request
California residents may submit a verifiable consumer request by emailing privacy@banon.app with the subject line "CCPA Request". We will respond within 45 days. You may also use the in-app account deletion feature for immediate data erasure.
Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms:
- Supervisory Authority: We will notify the relevant supervisory authority (Data Protection Board of India under DPDPA, or the applicable EEA/UK authority under GDPR) within 72 hours of becoming aware of the breach (GDPR Art. 33).
- Affected Users: If the breach poses a high risk to your rights and freedoms, we will notify affected users without undue delay via in-app notification and/or email where available (GDPR Art. 34).
- California Residents: We will comply with Cal. Civ. Code §1798.82 notification requirements for California residents.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or regulatory guidance. When we make changes:
- Material changes (new data categories, new purposes, new third-party sharing) will be communicated via an in-app notice at least 30 days before taking effect.
- Minor changes (clarifications, formatting, legal reference updates) will be reflected in the "Last Updated" date at the top of this page.
- The updated policy will always be available at banon.app/privacy.html.
- Continued use of B Anon after a material change constitutes acceptance of the updated policy. If you do not agree, you may delete your account at any time via Settings → Account → Delete Account.
B Anon is a private anonymous chat app — learn more about our safety guidelines.