30minutes.io
PricingContact
Log in

Privacy policy.

Last updated 17 July 2026

30minutes.io is a service of TwoEpic Ventures, a sole proprietorship of Saisharan Vardhaman Gandhi, registered in Maharashtra, India (GSTIN 27CZXPG5933Q1Z8).

This explains what personal data we hold, why we hold it, and how to get it back or have it deleted. It is written under India's Digital Personal Data Protection Act, 2023.

1. Two different kinds of data — this distinction matters

Your data — your email, your subscription, what you told us about your business. We decide how this is used, so under the DPDP Act we are the Data Fiduciary and you are the Data Principal.

Your customers' data — the leads who fill in the contact form on your website. That data is yours, not ours. We only store it so we can show it to you. For it we are a Data Processor acting on your instructions; you are the Fiduciary and answerable to those people.

In practice: we will never market to your leads, sell them, profile them, or use them to train anything.

2. What we collect, and exactly why

WhatWhy we need itHow long
Your email addressIt is how you log in — we send you a one-time code instead of storing a password. Also how we tell you about a failed payment.While your account exists
Login codesTo sign you in. Stored hashed, single-use, and they expire in 10 minutes.10 minutes
What you told us about your businessIt is what your website is generated from. There is no other source.While your site exists
Your payment gateway keys, if you add themSo your website can take payments into your account. Encrypted (AES-256-GCM) before they reach our database; there is no column that could hold an unencrypted one. We store the last four characters so you can tell which key is which. We never show you the key again.Until you delete them
Your leads (name, email, phone, message)To show you who contacted you. Encrypted at rest. This is your customers' data, held for you.Until you or they delete it
Payment recordsBecause tax law requires us to keep invoices. We never see or store your card or UPI details — our payment gateway handles those and we never receive them.8 years (Income Tax Act)
Visitor counts on your siteSo you can see whether anyone is visiting. Counts and pages, not people. No cross-site tracking, no advertising pixels, no third-party analytics.While your site exists

That is the complete list. We do not collect anything "just in case". If it is not above, we do not have it.

3. Consent

We ask for the data above at the point we need it, for the purpose stated next to it. You can withdraw consent at any time by emailing privacy@30minutes.io — though withdrawing consent to hold your email means closing your account, because it is how you log in.

We do not use dark patterns. Nothing here is pre-ticked, buried, or worded to be confusing.

4. What the AI sees

Building your website means sending what you told us about your business to an AI model. That means your business description leaves our servers and goes to our AI provider.

  • Your leads are never sent to an AI model. Nor are your gateway keys, nor your login codes.
  • We do not use your data to train any model, and we do not permit our providers to.
  • Some of our processors are outside India. The DPDP Act permits this except to countries the Government restricts.

5. Who else touches your data

  • Our AI provider — generates your site from your description.
  • Our hosting provider — serves your website and stores our database.
  • Cashfree Payments — takes your subscription payment. They receive your payment details directly; we never do.
  • Our email provider — delivers your login codes.

Each is bound to use the data only to do that job. We do not sell your data. We do not share it for advertising. There is no third party we would give it to for money.

6. How it is protected

  • Gateway keys and leads are encrypted at rest with AES-256-GCM. It is authenticated encryption: tampered data fails to decrypt rather than decrypting to something wrong.
  • No passwords exist to be stolen — we use one-time codes.
  • Access to production data is limited to the proprietor.
  • We keep an audit log of who changed what. It records that a key changed, never the key.

If there is a breach, we will tell you and the Data Protection Board of India — what happened, what was exposed, and what we are doing. We will not sit on it.

7. Your rights, and how to actually use them

Email privacy@30minutes.io. We reply within 7 days and act within 30.

  • See what we hold — we send you everything, in a readable file.
  • Correct it — tell us what is wrong.
  • Delete it — we erase your account and your site. We keep only invoices, which tax law obliges us to keep, and nothing else.
  • Take it with you — download your whole site from your account, right now, without asking us.
  • Nominate someone to exercise these rights if you die or become incapacitated (DPDP §14).
  • Complain — to our Grievance Officer below, and then to the Data Protection Board of India if we have not sorted it out.

8. If you are someone's lead

If you filled in a form on a website built with us and want your data removed: contact the business whose site it was — the data is theirs and they decide. If you cannot reach them, email us at privacy@30minutes.io and we will pass it on and help.

9. Children

This is a service for businesses and is not for under-18s. We do not knowingly collect children's data. If we learn we have, we delete it.

10. Grievance Officer

As required by DPDP §13 and the IT Rules, a named person — not a ticket queue:

Saisharan Vardhaman Gandhi
TwoEpic Ventures
Shop No. 1, Gagan Enclaves, S. No. 613, Market Yard, Pune, Maharashtra 411037, India
privacy@30minutes.io

We acknowledge within 48 hours and aim to resolve within one month.

PricingContactTermsPrivacyRefunds & cancellation

TwoEpic Ventures — proprietorship of Saisharan Vardhaman Gandhi

Shop No. 1, Gagan Enclaves, S. No. 613, Market Yard, Pune, Maharashtra 411037, India

GSTIN 27CZXPG5933Q1Z8

© 2026 TwoEpic Ventures. 30minutes.io is a trading name.