Last updated · 2026-06-11

Sub-processors

Karigar relies on the third-party providers below to run the service. Each has signed a data-protection agreement covering GDPR + DPDP obligations. Where data leaves India or the EU, the transfer is protected by Standard Contractual Clauses (SCCs) or an equivalent adequacy mechanism. We notify signed-in users 14 days before adding a new sub-processor.

• Hosting & edge compute

  Serves the website and runs our backend functions.

  Global edge; data may be processed outside India under SCCs.

• Database, authentication & storage

  Stores your account, credits, and uploaded/generated photos.

  Outside India — protected by SCCs / adequacy.

• Image generation (AI model)

  The AI model that composes your catalog photo from your upload.

  Outside India — protected by SCCs / adequacy.

• Payments

  Processes credit-pack purchases. We never see your card / UPI details.

  India.

• Bot & abuse detection

  Protects sign-up and generation from automated abuse.

  Global edge; outside India under SCCs.

• Identity (Google sign-in)

  Optional Google OAuth sign-in.

  Outside India — protected by SCCs / adequacy.

• Product analytics

  Privacy-friendly usage analytics — only after you opt in.

  EU.

• Error & crash monitoring

  Captures errors so we can fix bugs. Masks text and inputs.

  Outside India — protected by SCCs / adequacy.

The named providers

For the current named provider behind each category, email support@karigar.studio and we'll share the list.