DevVandana← Home

Legal

Privacy Policy

Last Updated: 1 July 2026

1. Introduction

This Privacy Policy explains how Dev vandana ("Dev vandana", "we", "us", or "our"), a mobile application offering devotional content, virtual puja and darshan experiences, daily check-ins, a community feed, festival content, and a virtual coin ("Divya Kalash") system, collects, uses, stores, shares, and protects information about users ("you", "the user", or "Data Principal") of our Android and iOS applications (the "App").

We are committed to protecting your privacy and handling your personal data responsibly, in keeping with the trust that a spiritual and devotional platform requires. This Policy is designed to comply with India's Digital Personal Data Protection Act, 2023 and the Digital Personal Data Protection Rules, 2025 (together, the "DPDP Act"), the Information Technology Act, 2000 and applicable rules, and, where relevant to users outside India, other applicable data protection laws.

This document is a comprehensive draft template based on the features described in your Bhakti Mitra Devayan / Dev vandana product specification (coin economy, subscriptions, check-ins, community feed, notifications) and general Indian data-protection requirements. It is not legal advice. Please have it reviewed and finalised by a qualified lawyer before publishing it, and insert your actual company name, CIN/registration details, addresses, and contact information wherever bracketed placeholders appear.

2. Scope and Applicability

This Policy applies to all users of the App, regardless of location, and to all personal data we collect through the App, our servers, customer support channels, and related services (including payment processing via Google Play Billing, Apple StoreKit, and Razorpay). It does not apply to third-party websites, apps, or services that may be linked from within the App; we encourage you to review their privacy policies separately.

By creating an account, checking in, purchasing a coin pack or subscription, or otherwise using the App, you agree to the collection and use of information as described in this Policy. If you do not agree, please do not use the App.

3. Information We Collect

3.1 Information You Provide Directly

  • Account information: name, mobile number, email address, and password or OTP-based login credentials.
  • Profile information: profile photo (optional), preferred deity/tradition, language preference, and date of birth (optional — used only to grant birthday bonus coins).
  • Community content: posts, comments, images, and other content you choose to share in the community feed.
  • Customer support communications: messages, screenshots, or other information you share when contacting support (email, chat, or live agent for Param Bhakt subscribers).
  • Payment-related information: billing name and, where applicable, limited transaction identifiers. We do not collect or store full card numbers, UPI PINs, or bank credentials — these are handled directly by Google Play Billing, Apple StoreKit, or our payment gateway partner, Razorpay.

3.2 Information Collected Automatically

  • Device information: device ID, device model, operating system and version, unique advertising/analytics identifiers, and app version.
  • Usage data: daily check-in activity, streak counts, puja/aarti session activity, screens viewed, features used, session duration, and coin ("Punya") transaction history.
  • Log data: IP address, crash logs, and diagnostic data, used to maintain app stability and security.
  • Push notification tokens: used to deliver check-in reminders, festival notifications, and reward alerts.
  • Approximate location: general/region-level location (not precise GPS, unless separately requested) may be used to personalise festival calendars and content for your region, where permitted by your device settings.

3.3 Information from Third Parties

  • Purchase confirmation and receipt-validation data from Google Play Billing (Android) and Apple StoreKit (iOS), used solely to verify and credit purchases server-side.
  • Payment status and limited transaction metadata from our payment gateway partner (Razorpay) for subscription and coupon-code processing.
  • Analytics and crash-reporting data from third-party SDKs (see Section 6).

Developer note for implementation: consistent with the product spec, punya_balance, streak_count, and coin_transactions are stored and computed server-side only; the App must never transmit a locally-modified balance to the server, and this Policy should be updated if new data fields are added to the data model.

4. How We Use Your Information

  • To create and manage your account and authenticate you (via mobile number/OTP or email).
  • To operate core features: daily check-ins, streak tracking, Divya Kalash coin earning/spending, puja and darshan content delivery, and the community feed.
  • To process coin pack purchases and subscription payments, verify receipts with Google/Apple, and credit coins or unlock plan benefits.
  • To calculate and grant rewards such as streak bonuses, the monthly loyalty bonus, festival multipliers, birthday bonuses, and the one-time 50%-off Sadhak Annual redemption, including the fraud checks (phone number and device ID validation) needed to enforce "once-ever" limits.
  • To personalise content, including festival-specific content and region-relevant devotional calendars.
  • To send notifications you have opted into: check-in reminders, festival double-coin alerts, streak-risk reminders, reward-progress updates, and subscription-related messages, subject to frequency caps (e.g., no more than one subscription prompt per 48 hours).
  • To detect, investigate, and prevent fraud, abuse of the coin/reward system, unauthorised access, and violations of our Terms of Use.
  • To provide customer support and respond to your queries or grievances.
  • To maintain security, audit logs, and transaction records (including the audit_log and coin_transactions tables described in our technical specification, which are retained and never deleted for integrity and dispute-resolution purposes).
  • To comply with legal obligations, including tax, accounting, and regulatory record-keeping requirements.
  • To analyse aggregated, de-identified usage trends to improve the App.

5. Legal Basis for Processing (India — DPDP Act, 2023)

Under the DPDP Act, we process your personal data primarily on the basis of your consent, which you may give, refuse, or withdraw at any time through the App's settings or by contacting us (see Section 12). Certain limited processing (for example, fraud prevention, security logging, and compliance with legal obligations) may be carried out under "legitimate uses" recognised by the DPDP Act, without requiring separate consent, but only to the extent permitted by law.

Where you withdraw consent for a purpose that is essential to a feature (for example, coin-transaction logging required to operate the Divya Kalash system), we may not be able to continue providing that specific feature, though this will not affect the lawfulness of processing carried out before withdrawal.

6. Third-Party Service Providers

We share limited personal data with the following categories of trusted service providers, solely to operate the App. Each provider processes data under its own privacy policy and, where required, a data-processing agreement with us:

Provider / CategoryPurposeData Shared
Google Play BillingAndroid in-app purchases & subscriptionsPurchase token, transaction ID, product ID
Apple StoreKitiOS in-app purchases & subscriptionsTransaction ID, receipt data, product ID
Razorpay (Payment Gateway)Discount coupon issuance, alternate payment processingBilling name, order/transaction reference (no card/UPI credentials)
Push notification serviceDelivering check-in, festival & reward notificationsDevice push token
Analytics / crash reporting SDKsApp performance, stability, usage analyticsDevice ID, usage events, crash logs
Cloud hosting / database providerSecure storage of account, coin, and transaction dataAll categories described in Section 3

Replace the placeholder analytics/hosting provider names above with your actual vendors (e.g., Firebase, Mixpanel, AWS/GCP, etc.) before publishing, and confirm each vendor's own DPDP/GDPR compliance posture.

7. Data Sharing and Disclosure

We do not sell your personal data. We may disclose information:

  • With the service providers listed in Section 6, strictly to operate the App.
  • With payment processors and app-store platforms as necessary to process purchases and refunds.
  • With law enforcement, regulators, or the Data Protection Board of India, where required by applicable law, court order, or to protect our legal rights.
  • In connection with a merger, acquisition, or sale of assets, subject to continued protection of your data under an equivalent privacy standard.
  • With your explicit consent, for any other purpose not covered above.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Policy, or as required by law, whichever is longer.

  • Coin transaction records (coin_transactions) and the big-reward redemption audit log (audit_log) are retained indefinitely and are never deleted, to preserve transaction integrity, prevent duplicate redemption of one-time rewards, and support dispute resolution.
  • Account and profile data is retained while your account remains active, and for a limited period thereafter (e.g., 12 months) to allow reactivation, after which it is deleted or anonymised, subject to statutory retention requirements.
  • Support communications are retained for as long as needed to resolve your query and for a reasonable period afterward for quality and compliance purposes.

You may request earlier deletion of your account and associated personal data, subject to the exceptions described in Section 10 (e.g., records we must legally retain, or the immutable transaction/audit logs above, which may be anonymised rather than deleted where deletion is not legally permitted).

9. Data Security

We implement reasonable technical and organisational safeguards designed to protect your personal data, including:

  • Server-side-only storage and computation of sensitive balances (e.g., Punya coin balance is never trusted from the client and is validated server-side).
  • Server-side verification of all in-app purchase receipts with Google and Apple before crediting coins or unlocking plans.
  • Authenticated API endpoints for all coin balance reads and writes.
  • Encryption of data in transit (HTTPS/TLS) and, for sensitive fields, encryption at rest.
  • Access controls limiting internal access to personal data on a need-to-know basis.
  • Regular security reviews and monitoring for suspicious or fraudulent activity.

No method of transmission or storage is 100% secure. In the event of a personal data breach, we will notify the Data Protection Board of India and affected users as required under the DPDP Act and Rules.

10. Your Rights

Subject to applicable law (including the DPDP Act), you have the right to:

  • Access a copy of the personal data we hold about you.
  • Correct or update inaccurate or incomplete personal data.
  • Request erasure of your personal data, subject to the retention exceptions in Section 8.
  • Withdraw consent for a specific processing purpose at any time (this will not affect processing already carried out).
  • Nominate another individual to exercise your rights on your behalf in the event of death or incapacity, where supported by the App.
  • Raise a grievance regarding how we handle your personal data (see Section 12) and, if unresolved, escalate it to the Data Protection Board of India.

You can exercise most of these rights directly within the App (Settings → Privacy / Account), or by contacting us using the details in Section 12. We will respond to verified requests within the timelines required by law.

11. Children's Privacy

The App is intended for a general audience and is not directed at children. Under the DPDP Act, a "child" is any individual under the age of 18. If you are under 18, you may use the App only with the consent and involvement of a parent or legal guardian, and we do not knowingly collect personal data from children without such verifiable consent. Certain features — including behavioural monitoring for advertising, profiling, or tracking — are not directed at children. If we become aware that we have collected personal data from a child without appropriate consent, we will take steps to delete it.

12. Grievance Officer & Contact Information

In accordance with the DPDP Act and the Information Technology Act, 2000, we have appointed a Grievance Officer to address your questions, requests, and complaints regarding this Policy and your personal data:

Grievance Officer: [Insert Name]

Email: adminbhaktimitra@gmail.com

Postal Address: [Insert Registered Business Address]

Response Timeline: We will acknowledge and work to resolve grievances within a reasonable period, and in any case no later than the timeline prescribed under applicable law.

If you are not satisfied with our response, you may approach the Data Protection Board of India through its official channels.

13. Notifications and Communication Preferences

You may opt in or out of push notifications, festival alerts, and promotional messages at any time through your device settings or within the App. Please note that essential service communications (e.g., purchase confirmations, security alerts, or grievance-related messages) may still be sent even if promotional notifications are disabled.

14. International Users and Cross-Border Data Transfer

Our servers and service providers may be located in India or other jurisdictions. Where personal data is transferred outside India, we take reasonable steps to ensure it continues to receive an appropriate level of protection, consistent with the DPDP Act's provisions on transfer of personal data outside India (and any country-specific restrictions notified by the Government of India from time to time).

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, features, or legal requirements. We will notify you of material changes through the App or via email/push notification, and will update the "Last Updated" date at the top of this Policy. Continued use of the App after such changes constitutes acceptance of the revised Policy.

16. Governing Law

This Privacy Policy is governed by the laws of India. Any disputes arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of the courts at [Insert City, e.g., New Delhi / Mumbai / Bengaluru].

17. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

App Name: Dev vandana

Company/Entity Name: [Insert Legal Entity Name]

Email: adminbhaktimitra@gmail.com

Address: [Insert Registered Address]