Privacy Policy

This Privacy Policy explains how Risepair, a service operated by Salvus Industries, collects, uses, stores, and protects your personal data. It is written to comply with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Rules, 2021, and — where relevant — the Aadhaar Act 2016.

1. Who we are

Risepair is operated by Salvus Industries, an MSME proprietorship registered in Kerala, India.

• Business name: Salvus Industries
• GSTIN: 32GBBPP2605G1Z1
• Registered state: Kerala, India
• Grievance officer: Salvus Paul — salvuspaul.dev@gmail.com

2. What data we collect

We collect only the data we need to run Risepair safely. Categories below describe what may be collected over the lifetime of your account.

Account data

• Email address (required for sign-in)
• Name, age, gender, city
• Profile photos you upload

Profile data

• Identity words (e.g. "Builder", "Reader")
• Growth tracks you choose (Fitness, Creative, Learning, Mindful)
• Bio and short prompts you write

Activity data

• Quest check-ins, XP earned, current streak, level
• Matches, likes, passes

Optional verification data (DigiLocker eKYC)

If you choose to verify your identity via DigiLocker eKYC, we receive — with your explicit consent — only the minimum demographic fields needed for age and identity confirmation: name, date of birth, gender, state, and district. We do not store your full Aadhaar number, your Aadhaar photo, or any other Aadhaar field. This follows the data-minimisation requirement of section 7 of the Aadhaar Act 2016 and the supporting UIDAI guidelines.

Optional face descriptors

If you choose to enable photo similarity checks, your photos are processed on-device or on our servers into a 128-dimensional vector (a numeric descriptor) and only the vector is stored. The original photo bytes are not re-derived from the vector.

Communication data

• Messages you send to other users in chat
• Your conversations with Mira, our AI coach

Technical data

• IP address, browser type, device type
• Essential cookies for sign-in
• Anonymised analytics events

3. Why we collect it

• To operate Risepair — sign you in, render your profile, run quests
• For safety — to detect spam, harassment, fake accounts, and to enforce the 18+ age requirement
• To match you with other users whose journeys align with yours
• To respond to your support requests
• To meet our legal obligations under Indian law

4. Lawful basis (DPDP Act)

Under the DPDP Act 2023, our primary lawful basis for processing your personal data is your consent, which you provide when you sign up and at each optional step (photo upload, DigiLocker verification, AI coach conversations). For limited safety-related processing — fraud detection, abuse prevention, account security — we also rely on legitimate interest.

You can withdraw your consent at any time. Withdrawal will not affect processing done before withdrawal, but it will stop further processing of the affected data.

5. How we store your data

• Hosted on Supabase Mumbai (AWS ap-south-1 region) — your personal data has data residency within India.
• Encrypted at rest with AES-256 and encrypted in transit with TLS 1.3.
• Database access uses Postgres Row-Level Security, so one user cannot read or modify another user's rows.
• Administrative actions are logged to an immutable audit table.

6. Who we share data with

We do not sell your personal data. We do not share it with advertisers. We do not provide it to data brokers. We share data only with:

• Service providers who help us operate Risepair, under written data-processing agreements:
  • Supabase — database and authentication (data hosted in Mumbai)
  • Brevo — transactional email (sign-in links, notifications)
  • Groq — AI inference for the Mira coach
  • Vercel — application hosting and CDN
• Law enforcement, only on valid legal request — a court order, summons, or properly issued government notice.

7. Your rights (DPDP Act)

You may, at any time:

• Access — request a copy of your personal data
• Correct — fix anything that is wrong
• Erase — delete your account and personal data
• Withdraw consent — for any optional processing (photos, DigiLocker, AI coach)
• Raise a grievance — write to the grievance officer named below

To exercise any of these rights, email salvuspaul.dev@gmail.com from your account email address. We will respond within thirty (30) days as required by the DPDP Act.

8. Retention

We retain your data while your account is active. When you delete your account, we retain a reduced copy for 30 days to recover the account if deletion was accidental, after which the data is permanently removed from our primary database and from routine backups within ninety (90) further days.

Anonymous aggregate analytics may be retained indefinitely; these contain no identifier that could be linked back to you.

9. Cookies

• Essential cookies — used to sign you in and keep your session active. These cannot be disabled while you use the service.
• Analytics cookies — anonymised, used to understand aggregate usage patterns. No cross-site tracking. No advertising identifiers.

10. Children

Risepair is an 18+ only service. We do not knowingly collect data from anyone under 18. Age is enforced through a combination of: (a) self-declared date of birth at sign-up, (b) optional DigiLocker verification, and (c) safety review of accounts that appear underage. If we learn an account belongs to a person under 18, we delete it immediately.

11. Changes to this policy

If we make material changes to this policy, we will notify you by email and through an in-app banner at least seven (7) days before the changes take effect. The current version's last-updated date appears at the top of this page.

12. Grievance officer

13. Contact

For any general questions about this policy, write to salvuspaul.dev@gmail.com.