Privacy Policy

1. Scope of This Policy

This Privacy Policy ("Policy") describes how Parivaar Pro ("we", "us", "our") collects, uses, stores, and protects information when you use our web application and related services (collectively, the "Service"). By using the Service, you consent to the practices described in this Policy.

This Policy applies to all users of the Service, including those accessing it through guest mode, email login, or Google authentication.

2. Data Controller

Parivaar Pro is the data controller for the information collected through the Service. For any questions or requests regarding your data, contact us at:

3. Information We Collect

3.1 Account Information

3.2 Family Tree Data (User Content)

When you build a family tree, you voluntarily provide information about yourself and family members. This may include:

• Names (first name, last name, nickname)
• Gender and family side designation (paternal, maternal, spouse)
• Dates (birth date, death date)
• Location information (birth place, native/ancestral place, current household)
• Cultural identifiers (religion, caste, gotra/lineage)
• Occupation, biographical notes, and timeline events
• Photographs uploaded to the Service
• Family relationship connections (parent, spouse, child, sibling)

3.3 Payment Information

When you purchase the Lifetime Pro plan, payment processing is handled entirely by our third-party payment processor (currently Razorpay). We receive a transaction confirmation (transaction ID, amount, status, and timestamp) but do not receive, process, or store your credit card number, debit card number, UPI PIN, or banking credentials.

3.4 Technical Information (Automatically Collected)

• Local Storage Data. We store a backup of your family tree in your browser's localStorage as an offline fallback. This data remains on your device and is not transmitted to us unless synchronization occurs.
• Firebase Analytics. Google Analytics for Firebase may collect anonymized usage metrics (e.g., session duration, feature usage counts). These metrics do not contain personally identifiable information.

We do not use cookies for advertising, tracking, or retargeting. We do not embed third-party advertising scripts or social media tracking pixels.

4. How We Use Your Information

5. Data Storage & Security

5.1 Infrastructure

Your data is stored on Google Firebase infrastructure, including Cloud Firestore (database), Firebase Storage (photos), and Firebase Authentication (credentials). Google Cloud maintains SOC 2 Type II, ISO 27001, and ISO 27017 certifications.

5.2 Encryption

• In Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
• At Rest: Data stored in Firestore and Firebase Storage is encrypted at rest using AES-256, managed by Google Cloud's Key Management Service.
• Contact Details (Field-Level Obfuscation): Phone numbers, email addresses, and postal addresses stored in your family tree are additionally obfuscated client-side using AES-256-GCM before being written to Firestore. These fields are stored in a separate, access-controlled sub-collection (users/{uid}/pii) that is strictly owner-only — shared users and public viewers cannot access it.

5.3 Data Isolation

Each user's family tree is stored in an isolated Firestore sub-collection scoped to their unique user ID. Firestore security rules enforce that:

• Only the account owner can read and write their own data.
• Shared users can only read (or edit, if granted) data explicitly shared with them.
• Photo uploads are scoped to the user's own storage folder and validated for file type and size.
• Free-tier member count limits are enforced at the database rules level, not just client-side.

5.4 Security Measures

• Firebase Authentication with support for Google OAuth 2.0 and email/password.
• Database-level security rules that prevent unauthorized cross-account access.
• Photo upload validation (image MIME type only, 10MB maximum).
• Client-side input validation and sanitization on all profile fields.
• Debounced auto-save with retry logic to prevent data loss.
• Local storage backup as offline fallback.

6. Data Sharing & Disclosure

We do not sell, rent, or trade your personal information or User Content to any third party. We share data only in the following limited circumstances:

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access. Request a copy of the personal data we hold about you. You can also export your complete family tree in JSON or GEDCOM format directly from the app at any time.
• Correction. Update or correct inaccurate personal data through the profile editor in the Service.
• Deletion. Request deletion of your account and all associated data. You can delete your account directly from the app via Settings → Account → Delete Account. This permanently and irreversibly deletes your family tree, all member data, contact details (PII), photos, and your authentication record. Alternatively, contact us at hello@parivaarpro.in for manual deletion. We will process all deletion requests within 30 days.
• Data Portability. Export your data in machine-readable formats (JSON, GEDCOM) at any time, free of charge, directly from the app.
• Withdraw Consent. Where processing is based on consent, you may withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.
• Restrict Processing. Request that we limit the processing of your personal data in certain circumstances.
• Object. Object to processing of your personal data for purposes based on legitimate interest.

To exercise any of these rights, contact us through the Service. We will respond within 30 days of receiving a verifiable request.

8. Data Retention

9. International Data Transfers

Your data is stored on Google Cloud infrastructure. While Google Firebase's primary data centres for our configuration are located in the United States, Google maintains compliance with applicable data transfer frameworks. By using the Service, you acknowledge and consent to the transfer and processing of your data in the United States and other jurisdictions where Google operates.

9.1 Data Processing Agreement (GDPR Article 28)

Google acts as a data processor on our behalf when storing and processing your data in Firebase (Firestore, Authentication, Storage, and Analytics). In accordance with Article 28 of the EU General Data Protection Regulation (GDPR), our use of Google Cloud services is governed by Google's Cloud Data Processing Addendum (DPA), which incorporates:

• Standard Contractual Clauses (SCCs) approved by the European Commission for transfers of personal data outside the EEA.
• Technical and organisational security measures as described in Google's Security Whitepaper.
• Obligations on sub-processor management, data breach notification, and audit rights.
• Data deletion and return obligations upon termination of services.

The full text of Google Cloud's Data Processing Addendum is available at cloud.google.com/terms/data-processing-addendum. For Razorpay, payment data processing is governed by Razorpay's own privacy policy and DPA terms, available on their website.

10. Children's Privacy

10.1 Age Restriction & Verification

The Service is not directed to children under the age of 13. In compliance with the US Children's Online Privacy Protection Act (COPPA) and the Digital Personal Data Protection Act, 2023 (DPDP Act, India), we do not knowingly collect, use, or disclose personal information from children under 13.

At sign-up, all users are required to self-declare that they are at least 13 years old, or that they have obtained verifiable parental or guardian consent to use the Service. This declaration is enforced through a mandatory age-confirmation checkbox that must be checked before account creation (email, Google, or guest) is permitted.

10.2 Users Aged 13–18

Users between 13 and 18 years of age may use the Service only with parental or guardian consent. We rely on the self-declaration at sign-up as the consent mechanism. If we become aware that a user under 18 is using the Service without appropriate consent, we will suspend the account and contact the user to obtain guardian verification.

10.3 Minor Family Members in Tree Data

Family tree entries for minor family members (under 18) are considered User Content created by the adult account holder. The account holder assumes responsibility for ensuring they have the right to enter data about minor family members. Such data is subject to the same security protections described in §5 of this Policy.

10.4 Parental Rights

If you are a parent or guardian and believe your child under 13 has provided us with personal information without your consent, please contact us immediately at hello@parivaarpro.in. We will take prompt steps to delete such information and terminate the child's account within 48 hours of verification.

11. Compliance with Indian Law

11.1 Information Technology Act, 2000

This Policy is designed to comply with the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. We implement reasonable security practices as required by Indian law for the protection of sensitive personal data.

11.2 Digital Personal Data Protection Act, 2023 (DPDP Act)

Parivaar Pro is committed to compliance with the Digital Personal Data Protection Act, 2023 ("DPDP Act"). In accordance with the Act:

• Explicit Consent. We obtain your explicit, informed, and freely given consent before collecting and processing your personal data. At sign-up, you are presented with a clear description of the data we collect and the purposes for which it is processed. You may withdraw consent at any time via Settings → Privacy → Withdraw Consent in the app, or by contacting us at hello@parivaarpro.in. Withdrawal of consent will result in account suspension and, upon confirmation, permanent deletion of all associated personal data.
• Purpose Limitation. Your personal data is processed only for the specific purposes disclosed in this Policy (see §4). We do not process personal data for profiling, advertising, automated decision-making, or any purpose beyond operating and improving the Service.
• Data Principal Rights. As a Data Principal under the DPDP Act, you have the right to: (a) access your personal data, (b) correct inaccurate data, (c) request erasure of your data, and (d) nominate another individual to exercise these rights on your behalf. You can exercise rights (a)–(c) directly within the app. For nominations, contact us at hello@parivaarpro.in.
• Data Deletion Mechanism. You may request deletion of all your personal data at any time by navigating to Settings → Account → Delete Accountwithin the app. Upon confirmation, we permanently delete your family tree, member profiles, contact details (PII), uploaded photographs, and authentication record from all systems. Alternatively, send a deletion request to hello@parivaarpro.in. All deletion requests are honoured within 30 days.
• Data Protection Officer. In compliance with the DPDP Act, we have designated a Data Protection Officer (DPO) who is responsible for overseeing our data protection practices and serving as the point of contact for Data Principals and the Data Protection Board of India.

11.3 Grievance Redressal

In compliance with both the IT Act, 2000 and the DPDP Act, 2023, we designate a Grievance Officer who can be reached through the Service or via email. Grievances will be acknowledged within 48 hours and resolved within 30 days.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the Service or via email, and update the "Last Updated" date at the top of this page. Your continued use of the Service after such changes constitutes your acceptance of the updated Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: