Privacy Policy

Last updated: July 10, 2026

MasalaSearch ("we", "our", or "us") respects your privacy and is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and other applicable data protection laws.

1. Data Controller

The data controller responsible for the processing of personal data on this website is:

MasalaSearch
Email: privacy@masalasearch.com


2. Information We Collect

We collect only the information necessary to operate, secure, and improve our website and API services.

Server Log Data

When you access our website or API, our servers automatically process certain technical information, including:

  • IP address
  • Date and time of the request
  • Browser and operating system information
  • User agent
  • Requested URL
  • HTTP status codes

This information is processed for security, troubleshooting, fraud prevention, and maintaining the reliability of our services.

Search Queries

Search queries submitted through our API or live demo are processed solely to return relevant search results. Anonymous or aggregated query data may be retained to improve search quality, relevance, and system performance. We do not intentionally associate search queries with identifiable individuals.

Analytics

We use Google Analytics to better understand how visitors use our website. Google Analytics may collect information such as pages visited, device information, browser type, approximate location, and interactions with our website through cookies and similar technologies.

Where required by applicable law, analytics are enabled only after you provide consent through our cookie banner. You can withdraw your consent at any time.


3. Infrastructure Providers and Data Processors

We work with trusted service providers to securely operate and improve MasalaSearch. These providers process data on our behalf only where necessary and, where required, under Data Processing Agreements (DPAs) in accordance with the GDPR.

Our primary service providers include:

  • Vercel – Website hosting, API routing, and edge infrastructure.
  • Supabase – Database hosting, authentication, and backend services.
  • Cloudflare – Content Delivery Network (CDN), DNS, caching, and Web Application Firewall (WAF) to improve performance and protect our services.
  • Upstash – Serverless Redis used for caching, rate limiting, and performance optimization.
  • Google Analytics – Website analytics used to understand how visitors interact with our website. Analytics cookies are used only with your consent where required.
  • Apple – Apple business services, including iCloud, are used for internal business operations such as secure document storage, communications, and workflow management.

We aim to store and process data within the European Economic Area (EEA) whenever reasonably possible. Where one of our service providers processes data outside the EEA, appropriate safeguards are applied in accordance with the GDPR.


4. Cookies

We use cookies and similar technologies to provide and improve our services.

These may include:

  • Strictly necessary cookies required for website functionality, security, and remembering your cookie preferences.
  • Analytics cookies used by Google Analytics to help us understand website usage, subject to your consent where required.

We do not use advertising or marketing cookies.


Depending on the purpose of processing, we rely on one or more of the following legal bases under Article 6 GDPR:

  • Performance of a contract or providing requested services.
  • Compliance with legal obligations.
  • Our legitimate interests, including maintaining the security, reliability, and improvement of our services.
  • Your consent, where required (for example, analytics cookies).

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements.

Technical logs are retained only for an appropriate period necessary to maintain the security and stability of our services.


7. Your Rights

If you are located in the European Economic Area (EEA), you have the following rights under the GDPR:

  • Right of access
  • Right to rectification
  • Right to erasure ("right to be forgotten")
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent at any time where processing is based on consent
  • Right to lodge a complaint with a competent supervisory authority

To exercise your rights, please contact:
privacy@masalasearch.com


8. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction.

Our services use industry-standard SSL/TLS encryption for data transmitted between your browser and our servers. We continuously monitor and improve our security practices to help safeguard our infrastructure.


9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data processing practices.

The updated version will always be published on this page with the revised "Last updated" date.

If you have any questions regarding this Privacy Policy or our handling of personal data, please contact us at privacy@masalasearch.com.

DocsTermsPrivacy