Privacy Policy

2. Information We Collect

2.1 Personal Data You Provide

When you create an account or use our Service, we may collect the following personal data:

• Account Information: Name, email address, and password (encrypted)
• Profile Information: Display preferences, language preferences, and profile settings
• Payment Information: Billing details processed securely through our payment processor (Razorpay). We do not store your complete card details or UPI credentials on our servers
• Communication Data: Information you provide when you contact our support team or communicate with us

2.2 Authentication Through Third-Party Services

If you choose to register or log in using Google OAuth, we may receive the following information from Google:

• Your name
• Email address
• Profile picture (if publicly available)
• Google account identifier

This data is used solely for authentication purposes and to create your KathaSuno account. We do not have access to your Google account password.

2.3 Usage Data and Analytics

We automatically collect certain information about your device and how you interact with our Service:

• Listening Activity: Stories you listen to, playback duration, completion rates, favorite stories, and language preferences
• Device Information: Device type, operating system, browser type, IP address, and device identifiers
• Log Data: Access times, pages viewed, time spent on pages, and navigation paths
• Location Data: General location information derived from your IP address (not precise GPS location)

2.4 Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to enhance your experience:

• Essential Cookies: Required for authentication, security, and basic functionality
• Analytics Cookies: Help us understand how users interact with our Service to improve performance
• Preference Cookies: Remember your settings, language preferences, and playback history

You can control cookies through your browser settings, though disabling certain cookies may affect functionality.

3. How We Use Your Information

We process your personal data for the following specific and lawful purposes:

3.1 Service Delivery

• Create and manage your account
• Provide access to audio stories and content
• Process your subscription and payments
• Deliver personalized content recommendations based on your listening history
• Remember your preferences, playback position, and settings

3.2 Communication

• Send transactional emails (account verification, password reset, subscription confirmations)
• Notify you about changes to our Service, policies, or subscription status
• Respond to your inquiries and support requests
• Send important service announcements and updates

3.3 Service Improvement

• Analyze usage patterns to improve our Service and user experience
• Conduct research and analytics to develop new features
• Monitor and analyze trends, usage, and activities
• Detect, prevent, and address technical issues and fraudulent activity

3.4 Legal Compliance

• Comply with applicable laws, regulations, and legal processes
• Enforce our Terms and Conditions
• Protect our rights, privacy, safety, or property, and that of our users

4. Legal Basis for Processing (DPDP Act Compliance)

We process your personal data based on the following lawful grounds:

• Consent: You have given clear, affirmative consent for us to process your personal data for specific purposes
• Contract Performance: Processing is necessary to fulfill our contractual obligations to provide the Service
• Legal Obligation: Processing is required to comply with applicable laws and regulations
• Legitimate Interest: Processing is necessary for our legitimate business interests (e.g., fraud prevention, security) while ensuring your rights are protected

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We may share your information only in the following limited circumstances:

5.1 Service Providers

We engage trusted third-party service providers who assist us in operating our Service:

• Payment Processing: Razorpay for secure payment and subscription management
• Authentication Services: Google for OAuth authentication
• Analytics Services: Web analytics providers to understand user behavior (aggregated and anonymized data only)
• Cloud Infrastructure: Hosting and storage providers for data storage and processing

These service providers are contractually bound to protect your data and may only use it to perform services on our behalf.

5.2 Legal Requirements

We may disclose your information if required by law or in response to:

• Valid legal process (court orders, subpoenas, warrants)
• Government or regulatory requests
• Requests from law enforcement agencies
• Protection of our legal rights and safety of our users

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred to the acquiring entity, subject to the same privacy protections.

6. Your Rights Under DPDP Act

As a data principal under the DPDP Act, you have the following rights:

6.1 Right to Access

You have the right to obtain confirmation about whether we are processing your personal data and access a summary of such data.

6.2 Right to Correction

You may request correction of inaccurate, incomplete, or outdated personal data. You can update most information directly through your account settings.

6.3 Right to Erasure

You may request deletion of your personal data, subject to legal and contractual obligations. Note that certain data may be retained for compliance purposes.

6.4 Right to Data Portability

You have the right to obtain your personal data in a structured, commonly used, and machine-readable format.

6.5 Right to Withdraw Consent

You may withdraw your consent at any time. However, this will not affect the lawfulness of processing based on consent before its withdrawal.

6.6 Right to Nominate

You have the right to nominate another individual who can exercise your rights in the event of your death or incapacity.

6.7 Right to Grievance Redressal

You have the right to file a grievance with us regarding the processing of your personal data.

To exercise any of these rights, please contact us at: [email protected]

We will respond to your request within 30 days of receipt.

7. Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

• Encryption: Data transmission is secured using SSL/TLS encryption (HTTPS)
• Password Protection: Passwords are hashed using industry-standard algorithms (bcrypt)
• Access Controls: Strict access controls and authentication mechanisms limit data access to authorized personnel only
• Regular Audits: We conduct regular security assessments and vulnerability testing
• Secure Infrastructure: Data is stored on secure servers with firewalls and intrusion detection systems

While we strive to protect your personal data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

• Active Accounts: Data is retained while your account is active
• Closed Accounts: After account deletion, most personal data is permanently deleted within 90 days, except where retention is required by law
• Legal Obligations: Certain data (e.g., transaction records, tax information) may be retained longer to comply with legal, accounting, or regulatory requirements
• Aggregate Data: Anonymized and aggregated data may be retained indefinitely for analytics and research purposes

9. Children's Privacy

Our Service is not intended for children under the age of 18. We do not knowingly collect personal data from children under 18. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at [email protected]. We will take steps to delete such information from our systems.

10. International Data Transfers

Your personal data is primarily stored and processed in India. If we transfer data outside India, we will ensure appropriate safeguards are in place in accordance with the DPDP Act and other applicable laws.

11. Grievance Redressal Mechanism

In compliance with the DPDP Act and IT Act, we have established a grievance redressal mechanism to address your concerns regarding data processing.

Grievance Officer:

Email: [email protected]
Response Time: Within 30 days of receipt of complaint

If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Board of India (once constituted under the DPDP Act).

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will notify you of any material changes by:

• Posting the updated Privacy Policy on our website with a new "Last Updated" date
• Sending an email notification to your registered email address
• Displaying a prominent notice on our Service

Your continued use of the Service after such modifications constitutes your acknowledgment and acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

KathaSuno
Email: [email protected]
Address: [Business Address - To be updated]

14. Language

This Privacy Policy is available in English. In case of any discrepancy between the English version and translations in other languages, the English version shall prevail.