1 Introduction

This Privacy Policy applies to all mobile applications and websites (collectively, “Services”) developed and operated by AUROSTACK TECHNOLOGIES PRIVATE LIMITED (“we,” “our,” or “us”), a company incorporated in India.

This policy explains how we collect, use, store, share, and protect information when you access or use any of our Services. By downloading, installing, or using our Services, you agree to the practices described in this Privacy Policy.

If you have questions about how a specific product handles your data, please refer to that product’s supplementary privacy notice or contact us directly.

2 Scope of This Policy

This policy covers all products and digital services published under the Aurostack brand, including but not limited to:

• Mobile applications available on the Google Play Store and Apple App Store
• Websites and web applications hosted on Aurostack-owned domains
• Any associated backend APIs or cloud services that process user data

This policy does not apply to third-party services, websites, or applications that we may link to. We encourage you to review their privacy policies independently.

3 Information We Collect

We collect only the information necessary to provide and improve our Services. Depending on the specific product, we may collect the following categories of data:

We do not collect sensitive data such as payment card numbers, precise GPS location, photos, microphone recordings, biometric data, or contact lists unless a specific product feature explicitly requires it and you have provided informed consent.

4 How We Collect Information

We collect information through the following means:

• Directly from you – when you register an account, fill in a form, or contact our support team
• Automatically – when you use our apps or websites, via cookies, SDKs, and analytics tools
• From third-party services – when you choose to sign in via Google, Apple, or another provider (we receive only the data those services share with us)

5 Children’s Privacy (COPPA & DPDP)

Some of our products are designed for a family audience, including children under the age of 13. Where a product targets or is likely to be used by children, we take the following steps:

• We do not collect personal information from children under 13 without verifiable parental or guardian consent.
• Where a child account is created, a parent or guardian must provide consent and an email address. The child’s own email is not collected.
• We do not serve behavioural advertising to children under 13.
• We do not disclose a child’s personal information to third parties for their own marketing purposes.
• Parents or guardians may review, correct, or request deletion of their child’s data at any time by contacting us.
• We retain children’s personal data only as long as necessary for the stated purpose, then securely delete it.

Products that do not target children will include appropriate age gates or notices. Please refer to the specific product’s supplementary notice for details.

6 How We Use Your Information

We use the information we collect for the following purposes:

• To create and manage your account and deliver the core functionality of our Services
• To personalise your experience and save your progress or preferences
• To send important service notifications such as updates, security alerts, and policy changes
• To analyse aggregate usage patterns and improve our products and features
• To diagnose technical problems and maintain the stability of our Services
• To respond to your support requests and communications
• To comply with applicable legal obligations

We do not sell your personal information to any third party, for any purpose, at any time.

7 Sharing of Information

We may share data with trusted third-party service providers who assist us in operating our Services, strictly under confidentiality agreements and only to the extent necessary:

• Analytics providers (e.g., Firebase Analytics, Google Analytics) – aggregate, anonymised usage data only
• Cloud infrastructure (e.g., AWS, Google Cloud) – to store and process app and website data securely
• Crash reporting tools (e.g., Firebase Crashlytics) – technical error data with no personal identifiers
• Authentication providers (e.g., Google Sign-In, Apple Sign-In) – only when you choose to use these login methods
• Email delivery services – to send transactional emails such as account verification or password reset

We do not share personal information with advertisers, data brokers, or social networks except where explicitly disclosed in a specific product’s notice. We may disclose information if required by law, court order, or to protect the rights and safety of our users.

8 Cookies & Tracking Technologies

Our websites may use cookies and similar tracking technologies to enhance your experience and gather usage data. Types of cookies we use:

• Essential cookies – required for the website to function; cannot be disabled
• Analytics cookies – help us understand how visitors interact with our website (e.g., Google Analytics)
• Preference cookies – remember your settings and preferences across sessions

You can control or disable cookies through your browser settings. Disabling certain cookies may affect the functionality of our websites. Our mobile apps do not use browser cookies but may use equivalent technologies such as device identifiers or local storage.

9 Data Storage & Security

Your data is stored on secure servers, primarily within Asia Pacific / India. We implement the following safeguards:

• Encryption of data in transit (TLS/HTTPS) and at rest
• Role-based access controls limiting who within our team can access personal data
• Regular security reviews and vulnerability assessments
• Secure deletion protocols when data is no longer required

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach affecting your rights, we will notify affected users as required by applicable law, including India’s Digital Personal Data Protection Act, 2023 (DPDP Act).

10 Data Retention

We retain personal information only for as long as necessary to fulfil the purposes outlined in this policy:

• Account data (name, email) – retained while your account is active; deleted within 30 days of an account deletion request
• Usage & analytics data – retained for up to 12 months in anonymised form
• Crash & diagnostic logs – retained for up to 90 days
• Support communications – retained for up to 2 years for quality and legal purposes
• Children’s data – deleted promptly upon parental request or when no longer needed for the stated purpose

11 Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access – request a copy of the personal data we hold about you
• Correction – ask us to correct inaccurate or incomplete information
• Deletion – request erasure of your personal data (“right to be forgotten”)
• Portability – receive your data in a structured, portable format
• Objection – object to certain types of processing, such as direct marketing
• Withdrawal of consent – withdraw consent at any time where processing is based on consent
• Parental rights – parents or guardians of children under 13 may exercise all the above rights on behalf of their child

To exercise any of these rights, contact us using the details in the section below. We will respond within 30 days. We may need to verify your identity before processing your request.

12 International Users

Our Services are operated from India and primarily governed by the Digital Personal Data Protection Act, 2023 (DPDP Act). If you are located outside India, including in the European Union or the United States, please be aware that your data may be transferred to and processed in India, where data protection laws may differ from those in your country.

By using our Services, you consent to this transfer. Where required by law (e.g., GDPR), we ensure appropriate safeguards are in place for cross-border data transfers.

13 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make significant changes, we will notify users via an in-app notice or email (where provided). The “Last Updated” date at the top of this page will always reflect the most recent revision.

Continued use of our Services after the effective date of an updated policy constitutes your acceptance of those changes. We encourage you to review this page periodically.