Privacy & Data Protection

01. Scope

This Privacy Policy explains how Shriji Academy collects, uses, stores, shares, and protects information when you use our mobile app, related student portal pages opened from the app, and associated support services. By using the app, you agree to the practices described below.

The app is designed for students and learners. Some features let authenticated users update their own profile, search for peers by name or interests, follow or block other users, publish short videos, comment, like, share, and report content. Those interactions are visible to other authenticated users only when you choose to use the related feature.

If you open an external login page, payment page, or third-party link from the app, that third party's privacy policy also applies to the information you provide there. Push notification delivery also uses Firebase/Google messaging infrastructure and similar service providers, which receive the technical data needed to send the message.

02. Information We Collect

We collect information in three ways: directly from you, automatically when you use the app, and from third parties that help us provide the service.

• Account and profile information: full name, email address, phone number, student ID, profile photo, bio, interests, and profile details you edit in the app.
• Sign-in and session data: session ID, session token or CSRF token, authentication state, last seen / last logged in timestamps, revoke timestamps, and status needed to validate or end a session securely.
• Device and push data: FCM push token, device ID, platform, app version, and the technical identifiers needed to deliver notifications and keep tokens in sync.
• Notification history: notification titles, bodies, deep links, delivery status, read status, provider message IDs, and timestamps associated with push delivery and read receipts.
• Social and peer discovery data: search terms, interest filters, follow and block relationships, follower/following counters, and report actions you submit about another user or piece of content.
• Shorts and community content: video files, titles, captions, tags, duration, file size, preview or thumbnail URLs, upload status, approval or rejection status, rejection reasons, comments, likes, shares, and view records.
• Support and bug reports: title, description, severity, page route, device ID, platform, app version, app session ID, status history, and resolution notes that help us track and fix issues.
• Technical and server information: IP address, user-agent, timestamps, error details, and diagnostic logs generated when the app or backend reports a problem.
• Files and media you choose to upload: profile pictures and short videos selected through the system picker or camera/gallery permissions when you choose those features.
• Download and local device data: files you save to your device may also be stored locally on your device based on your action and device settings.

We do not intentionally collect: contacts, precise GPS location, microphone recordings, or biometric data unless a future feature clearly needs it and you knowingly grant permission.

03. How We Use Data

We use the information we collect for the following purposes:

1. To create and manage your account, authenticate you, and validate or revoke active sessions securely.
2. To keep profile details, follower counts, and short previews accurate when you update your account or interact with the app.
3. To register push tokens and send notifications, including follow activity, moderation updates, bug-report responses, and app announcements.
4. To power peer search, recommendations, and feed ranking using names, interests, follow relationships, and liked tags.
5. To publish, review, and moderate shorts, comments, likes, shares, and view counts.
6. To process follow, block, and report actions and keep users safe from abuse or unwanted contact.
7. To process bug reports and notify the developer and reporter about status changes or resolutions.
8. To detect fraud, spam, abuse, unauthorized access, and other security threats.
9. To meet legal, regulatory, accounting, safety, or dispute-resolution obligations.

Where we need the data to provide the service, the app may not work properly if you choose not to provide it.

04. Legal Basis & Consent

Depending on where you live, we may process your data based on one or more of the following grounds: your consent, our contract with you, our legitimate interests in operating and securing the app, and our legal obligations.

• Consent: Used for optional processing such as notification permissions, media uploads, and any feature that clearly asks for your approval.
• Contract / service delivery: Used to provide the educational services you request when you sign in and use the app.
• Legitimate interests: Used for security, fraud prevention, content moderation, troubleshooting, and service improvement.
• Legal obligations: Used when we must keep records, respond to lawful requests, or comply with applicable rules.

You can withdraw optional consent at any time, but some core app features may stop working if the related data is no longer available.

05. Sharing & Third Parties

We share information only when necessary and only with trusted parties that help us operate the app or when we are legally required to do so.

1. Service providers: Hosting, database, server infrastructure, Firebase/Google messaging for push delivery, email/support providers, and similar vendors that process data for us under appropriate safeguards.
2. Other authenticated users: Depending on the feature, your profile information, short videos, captions, comments, likes, shares, and follow state may be visible to other authenticated users.
3. Moderators and support staff: Report reasons and details, bug reports, rejected shorts, and review decisions may be visible to staff who operate safety, moderation, and support workflows.
4. Legal and safety reasons: We may disclose information if required by law, court order, regulatory request, or to protect the rights, safety, and security of the app, our users, or the public.
5. Business transfers: If we restructure, merge, or transfer the service, your information may be transferred as part of that transaction under continued privacy protections.
6. External payment or login pages: If you are redirected to a third-party sign-in or payment flow, that third party handles the data you submit there under its own policy.

Our commitment: We do not sell your personal data and we do not share it with ad networks or data brokers for cross-context behavioral advertising.

06. Permissions & Device Access

The app requests only the permissions needed for the features you use.

• Internet: Required to connect to the Shriji Academy server, authenticate your account, load exams, messages, and profile data.
• Notifications: Used to deliver push alerts, exam updates, moderation notices, and important announcements.
• Photos, files, and media: Used only when you choose to upload a profile photo, answer sheet, short video, or other attachment.
• System file access: Used when you download and open documents such as question papers or reviewed PDFs on your device.
• Deep links: Used to return you to the app after sign-in or when you open shared content from a short link.

You can deny non-essential permissions through your device settings, but some features may not work until you allow the relevant access.

07. Local Storage & Cookies

The native app stores limited information on your device so it can remember your login state, device identifier, and preferences such as theme or notification settings.

• Session storage: Used to keep you logged in and to verify your session securely on later launches.
• Device identifier: A locally generated ID helps us recognize the device for security, push-token sync, and abuse prevention.
• Preferences: Theme, font, and similar interface choices may be saved locally for convenience.
• Web cookies: If you open web pages through the app, those pages may use cookies or similar technologies to keep the page working and remember your choices.

You can clear local data by signing out, clearing the app storage, or removing the app from your device, subject to any account data retained on our servers for legal or operational reasons.

08. Retention, Export & Deletion

We keep personal data only for as long as necessary to provide the app, maintain moderation and audit trails, meet legal obligations, resolve disputes, enforce agreements, and maintain security.

• Account and profile data: retained while your account is active and for a reasonable period after sign-out or inactivity if needed for support, security, or compliance.
• Sessions and push tokens: kept while the session or device registration is active, and revoked records may be retained for audit or fraud-prevention purposes.
• Social and content records: follows, blocks, reports, shorts, comments, likes, shares, and view logs may be retained as long as needed for moderation, feed integrity, and dispute resolution.
• Bug reports and delivery logs: retained until resolved and for a limited period afterward to help diagnose recurring issues and confirm notification delivery or read state.
• Backups: information may remain in secure backups for a limited time after deletion before being overwritten.

You may request an export or deletion of your data by contacting us through the details below. We may need to verify your identity before processing sensitive requests. Some data may be retained if the law requires it or if it is necessary to prevent fraud, resolve disputes, or protect the rights of others.

09. Security

We use technical and organizational safeguards designed to protect your data from unauthorized access, loss, misuse, and alteration.

• Encrypted network communication between the app and our servers.
• Token-based authentication and session validation.
• Access controls and least-privilege practices for staff and service accounts.
• Monitoring and logging for security events, abuse, and suspicious activity.
• Secure storage of sensitive session data and careful handling of notification tokens and user identifiers.

No online service can guarantee absolute security, but we work to reduce risk and respond quickly to incidents if they occur.

10. Children & Students

The app is intended for students and learners. If you are under the age required to consent to data processing in your country, you should use the app only with a parent or guardian's involvement where that is required by law.

We do not knowingly collect personal data from children without the appropriate consent. If you believe a child has provided us with information without proper authorization, contact us and we will take reasonable steps to review and remove the data where required.

11. Your Rights & Controls

Depending on your location, you may have rights to access, correct, delete, or restrict certain personal data we hold about you.

• Access: request a copy of the personal data we hold about you.
• Correction: ask us to update inaccurate or incomplete information.
• Deletion: request deletion of your account, profile content, and uploaded media, subject to legal retention limits and moderation records.
• Withdraw consent: revoke optional permissions such as notifications or media access in your device settings.
• Sign out and revoke sessions: log out of the app, end the current session on your device, or remove the device token used for push notifications.
• Portability: request a machine-readable copy of data that you provided, where technically feasible.

To exercise your rights, contact us using the information below. We may ask for verification before completing the request, and some records may remain where law, fraud prevention, or moderation requires it.

12. Changes & Contact

We may update this Privacy Policy from time to time to reflect product changes, legal requirements, or security improvements. When we do, we will update the effective date at the top of this page. For material changes, we may also notify you in the app or by email where appropriate.

If you have a privacy question, account deletion request, profile or shorts removal request, bug report issue, or data complaint, contact us and we will respond as soon as reasonably possible. If the issue is unresolved, you may use any statutory remedy available under applicable law.