🔒 Privacy Policy
How we collect, use, and protect your data
Last Updated
January 20, 2025
🔒 Your Privacy is Our Priority
This Privacy Policy explains how Simarahitam Technologies Pvt. Ltd. ("we," "us," or "Vicharalaya") collects, uses, shares, and protects your personal information when you use our application.
1. Information We Collect
1.1 Information You Provide
When you use Vicharalaya, you provide us with:
- Account Information: Name, email address, password (encrypted)
- Profile Data: Optional profile picture, bio, preferences
- Content You Create: Thoughts, ideas, visions, goals, tasks, journal entries, research notes, progress updates, confidence ratings, and reflections
- Payment Information: Processed through third-party providers (Razorpay). We do not store your complete credit card details.
- Support Communications: Messages you send to our support team
1.2 Information Collected Automatically
We automatically collect:
- Usage Data: Features used, time spent, interactions with the app
- Device Information: Device type, operating system, app version
- Log Data: IP address, access times, error logs
- Analytics Data: App performance, crash reports, usage patterns
1.3 Information from Third Parties
- Authentication Services: If you sign in with Google, we receive basic profile information
- Payment Providers: Transaction confirmation and payment status
2. How We Use Your Information
2.1 To Provide and Improve Our Services
- Create and manage your account
- Process your thoughts, ideas, and visions
- Generate AI-powered insights, feasibility scores, and recommendations
- Track your progress and provide analytics
- Send you notifications about your goals and tasks
- Provide customer support
2.2 To Process AI Features
Your content is processed by:
- Third-party AI Providers: For natural language processing, idea validation, research task generation, and challenge detection
- Our Algorithms: For progress tracking, pattern recognition, and analytics
Important: We do NOT train AI models on your personal data. Your specific thoughts and visions remain private.
⚠️ Third-Party AI Data Responsibility
You are solely responsible for any data you provide that is transmitted to third-party AI models.
- Vicharalaya does not control how third-party AI providers process, store, or utilize data sent to their systems
- We make no guarantees about third-party AI provider data handling, retention, or security measures
- Our data governance applies only to content saved in our secure database, not to data transmitted to AI providers
- We are not responsible for any use, misuse, disclosure, or breach of data by third-party AI providers
- By using AI features, you consent to data transmission to third-party AI services and accept associated risks
2.3 For Communication
- Send important service updates and security alerts
- Respond to your inquiries and support requests
- Send promotional emails (you can opt out anytime)
- Notify Founder Circle members of exclusive updates
3. How We Share Your Information
3.1 We Do NOT Sell Your Data
We will never sell your personal information or content to third parties.
3.2 Service Providers
We share data with trusted third-party service providers who help us operate Vicharalaya:
- Firebase (Google): Backend infrastructure, authentication, database storage
- Google Cloud Platform: Cloud Functions, AI processing
- Razorpay: Payment processing for India
- Email Service Providers: Brevo for transactional emails
- Analytics Tools: Firebase Analytics, Crashlytics
These providers are contractually obligated to protect your data and use it only for providing services to us.
3.3 Legal Requirements
We may disclose your information if required by law or in response to:
- Valid legal processes (court orders, subpoenas)
- Government or regulatory requests
- Protection of our rights, property, or safety
- Prevention of fraud or illegal activity
4. Data Security
4.1 Security Measures
We implement industry-standard security measures:
- Encryption: Data in transit (HTTPS/TLS) and at rest in secure database
- Authentication: Secure password hashing, Firebase Authentication
- Access Controls: Role-based access, least privilege principle
- Monitoring: Security logging, intrusion detection
4.2 Your Responsibility
- Keep your password secure and confidential
- Log out from shared devices
- Report suspicious activity immediately
5. Your Rights (GDPR & DPDP Act)
You have the following rights regarding your personal data:
- Access: Request a copy of your data
- Correction: Update or correct inaccurate data
- Deletion: Request deletion of your data (with exceptions for legal retention)
- Export: Download your data in a portable format
- Withdraw Consent: Withdraw consent for data processing at any time
- Object: Object to processing of your data for certain purposes
To exercise these rights, contact us at: privacy@vicharalaya.com
6. Data Retention
6.1 Active Accounts
We retain your data as long as your account is active or as needed to provide services.
- User Content: Visions, goals, tasks retained indefinitely while account is active
- Usage Logs: 90 days
- Payment Records: 7 years (legal requirement)
- Consent Records: Retained for legal compliance
6.2 Subscription End & Cancellation
When your subscription ends or is cancelled:
- Active Retention (1 month): Your data, visions, and goals remain accessible for 1 month after subscription end
- Cold Storage (1 year): After 1 month, data is moved to cold storage for 1 year and can be recovered upon subscription renewal
- Permanent Deletion: After 1 year in cold storage, all user data is permanently deleted and cannot be recovered
- Payment Records Exception: Payment transaction records retained for 7 years regardless of subscription status (legal requirement)
6.3 Account Deletion
When you explicitly request account deletion:
- Soft Delete: 30-day recovery period
- Permanent Deletion: After 30 days, all data deleted from active systems
- No Recovery: Data cannot be recovered after permanent deletion
- Payment Records: Payment transaction records remain for 7 years (legal requirement)
- Anonymized Analytics: May be retained (no personally identifiable information)
7. Children's Privacy
Vicharalaya is not intended for users under 18 years old. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us immediately.
8. International Data Transfers
Vicharalaya operates from India. If you access our services from outside India, your data may be transferred to and stored in India. We ensure appropriate safeguards are in place for such transfers.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by:
- Posting the updated policy in the app
- Sending an email notification
- Displaying a notice on our website
Your continued use of Vicharalaya after changes constitutes acceptance of the updated policy.
10. Contact Us
If you have questions about this Privacy Policy or your data:
- Privacy Inquiries: privacy@vicharalaya.com
- General Support: support@vicharalaya.com
- Company: Simarahitam Technologies Pvt. Ltd., Bangalore, India
Data Protection Officer: For GDPR and DPDP Act related inquiries, contact our Data Protection Officer at privacy@vicharalaya.com