Privacy Policy - BhasaGrid Docs

1. Introduction

Welcome to BhasaGrid ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.

Data Controller:
BhasaGrid (Individual Developer)
Email: bhasagrid.dev@gmail.com
Support: bhasagrid.dev@gmail.com

By using BhasaGrid, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

Email address (required for authentication)
Password (encrypted and never stored in plain text)
User ID (4-digit randomly generated identifier)
Recovery PIN (6-digit encrypted code)

2.2 Profile Information (Optional)

Display name
Profile photo
Bio/status message
Custom contact nicknames

2.3 Communications

Messages you send and receive (end-to-end encrypted)
Photos and media you share (stored encrypted)
Message metadata (timestamps, delivery status)

2.4 Information Collected Automatically

Device Information: Device type and model, Operating system version (iOS/Android/Web/Desktop), App version, Device language settings.

Usage Information: Login timestamps, Last seen status, Online/offline presence, Feature usage, App performance data (crash reports).

Network Information: IP address (for security and fraud prevention), Network connection type, Geographic location (country-level only, derived from IP).

2.5 Information from Third Parties

Firebase/Google Services: Authentication tokens, Cloud storage metadata, Push notification tokens, Analytics data (if enabled).

3. How We Use Your Information

3.1 Service Delivery

Create and manage your account, authenticate your identity, enable messaging, deliver push notifications, and provide customer support.

3.2 Security and Fraud Prevention

Verify your identity during login, detect/prevent unauthorized access, monitor for suspicious activity, and enforce our Terms of Service.

3.3 Service Improvement

Analyze app performance, fix bugs, develop new features, and improve user experience.

3.4 Legal Compliance

Comply with legal obligations, respond to lawful requests, protect our rights/property, and enforce our policies.

We do NOT: Sell your personal data to third parties, use your messages for advertising, share your data with advertisers, or track you across other apps/websites.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your data based on:

✓ Consent: Login persistence, notifications, photo uploads
✓ Contract Performance: Account creation, message delivery
✓ Legitimate Interests: Security, fraud prevention, service improvement
✓ Legal Obligation: Compliance with laws, court orders

5. Data Sharing and Disclosure

5.1 Service Providers

We share data with trusted third-party service providers:

Firebase/Google Cloud Platform: Authentication, database, storage. Location: USA. Privacy Policy.

Expo/React Native: App framework and updates (crash reports). Privacy Policy.

5.2 Legal Requirements

We may disclose info for court orders, law enforcement requests, national security, or protection of rights.

5.3 Business Transfers

If acquired, data may be transferred with notification.

5.4 With Your Consent

We may share data with third parties if you explicitly consent.

6. Data Security

We implement industry-standard security measures:

6.1 Encryption Standards

E2EE End-to-end encryption for all messages
AES AES-256 encryption for stored credentials
TLS TLS/SSL for data in transit
SEC Platform secure storage (iOS Keychain, Android Keystore)

6.2 Access Controls

Multi-factor authentication, PIN/biometric login, session timeouts, and Decoy PIN.

6.3 Infrastructure Security

Firebase Security Rules, audits, threat detection, and secure development practices.

Note: No method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

7. Data Retention

Data Type	Retention Period
Account Information	Until account deletion
Messages	Until manually deleted by user
Profile Photos	Until replaced or account deleted
Login Credentials	Until user disables persistence
Usage Logs	90 days
Crash Reports	30 days
Deleted Account Data	30 days (backup retention)

After account deletion, we permanently remove all messages, media, profile info, and credentials. Some backups may remain for 30 days.

8. Your Privacy Rights

8.1 Rights for All Users

Access: View your personal data
Correction: Update inaccurate information
Deletion: Delete your account and data
Portability: Export your data
Objection: Opt-out of certain data processing

8.2 Additional Rights (GDPR - EEA Users)

Right to Restriction
Right to Object to legitimate interests
Right to Withdraw Consent
Right to Lodge a Complaint

8.3 Additional Rights (CCPA - California Users)

Right to Know what data we collect
Right to Delete your data
Right to Opt-Out of sales (we don't sell data)
Right to Non-Discrimination

8.4 How to Exercise Your Rights

In-App: Settings → Account → Privacy/Export/Delete.

Email: bhasagrid.dev@gmail.com (include User ID).

9. Consent Management

Login Persistence: Default OFF. Enable via checkbox.
Notifications: Default OFF. Enable via permission prompt.
Photo Uploads: Default OFF. Enable via permission prompt.

Privacy Policy for BhasaGrid