Privacy Policy — Saarathi

This Privacy Policy explains how Basavaiah LLC (“Basavaiah,” “we,” “us,” or “our”), the publisher of the Saarathi mobile application and the website at saarathi.us (together, the “Service”), collects, uses, shares, and protects information about you.

We have written this policy to be readable. If anything is unclear, write to us at privacy@saarathi.us and we will explain.

1. Who we are

Basavaiah LLC is a limited liability company registered in the Commonwealth of Virginia, United States. Our mailing address is:

Basavaiah LLC
8401 Mayland Dr, Ste A
Richmond, VA 23294-4648
United States

For all privacy-related questions, requests, or complaints, contact privacy@saarathi.us.

2. What this policy covers

This policy applies to:

The Saarathi mobile application on iOS and Android.
The Saarathi web application at saarathi.us/app.
The Saarathi marketing website at saarathi.us and www.saarathi.us.

It does not cover third-party websites or services that we link to. Those services have their own privacy policies, which you should review.

3. Information we collect

3.1 Information you provide directly

Account information. Your email address, your display name, and a password (which is stored only as a salted hash — we never see your password in clear text).
Profile information. A profile photo (avatar), language preference, and any interests or categories you select.
Content you create. Posts, articles, events, comments, playlists, and any images you upload. This content is what makes the Service useful and is stored on our servers.
Activity you take. Likes, saves, RSVPs, and event subscriptions.
Messages. Notifications, broadcasts, or feedback you send through the Service.
Communications with us. Email, support tickets, and any correspondence with our team.

3.2 Information collected automatically

Device information. Device model, operating system version, app version, and language settings.
Network information. IP address (used briefly for delivering requests and for abuse prevention; not stored long-term against your account).
Usage information. Anonymous, aggregated events such as which screens are opened, what content is viewed, and which features are used. These events are designed not to identify you personally.
Push notification token. If you grant notification permission, your device’s push token, so that we can deliver notifications to you.
Crash and diagnostic information. If the app crashes, technical information about the crash so that we can fix the bug. This does not include the content you have created.

3.3 Permissions we request on your device

We only request a device permission when a feature you have chosen to use needs it. You can deny or revoke any permission in your device settings; the corresponding feature will then be unavailable but the rest of the app will keep working.

Permission	Why we ask
Photo library	So you can attach an existing photo to a post, event, or your profile.
Camera	So you can take a new photo to attach to a post, event, or your profile.
Notifications	So we can deliver activity notifications, event reminders, and publisher broadcasts.
Microphone (Android, optional)	Only used if a future feature lets you record audio. We do not access the microphone unless you initiate a recording.
Media library / storage (Android)	So that uploads and downloads work, and so we can show you media you have saved.

3.4 Information we do not collect

To be clear about what is not happening:

We do not collect your precise GPS location.
We do not access your contacts.
We do not access your calendar.
We do not collect health or fitness data.
We do not currently collect financial or payment data. If we introduce paid features that require payment information, we will update this policy first.

4. How we use information

We use the information described above for the following purposes, and no others:

To operate the Service — authenticate you, deliver content to you, save what you create, and let you interact with other users.
To communicate with you — deliver push notifications you have opted into, respond to your support requests, and tell you about important changes to the Service.
To recommend content — show you Vachanas, posts, events, and publishers we think you may find interesting, based on what you have engaged with.
To keep the Service safe — detect abuse, spam, and violations of our Community Guidelines; investigate reports; and enforce our Terms of Service.
To improve the Service — understand which features are useful, which screens are confusing, and what to fix or build next. This is done with aggregated, anonymous usage data.
To comply with law — respond to lawful requests from authorities and meet legal obligations.

5. Legal basis (for users in the EU, UK, and similar jurisdictions)

Where the General Data Protection Regulation (GDPR), UK GDPR, or similar law applies, our legal bases for processing your information are:

Contract. Processing necessary to provide the Service you have asked us to provide.
Legitimate interest. Operating, securing, and improving the Service, where this is not overridden by your rights.
Consent. For optional things like push notifications, where you have given permission. You can withdraw consent at any time in your device settings.
Legal obligation. Where the law requires us to keep or disclose data.

We do not sell or share personal information in the sense defined by California’s CCPA / CPRA. We share information only in the limited circumstances below.

6.1 Service providers (“sub-processors”) that help us run the Service

Provider	What they do for us	What they receive
Supabase Inc.	Hosted database, authentication, and file storage. The system of record for the Service.	Account information, content you create, activity, push tokens.
Cloudflare, Inc. (Cloudflare R2)	Object storage for uploaded images, audio, and video files.	Image, audio, and video files you upload, plus file metadata.
Google LLC (Firebase Cloud Messaging)	Delivery of push notifications to Android and iOS devices.	Push tokens and the contents of notifications we send to you.
Apple Inc. (Apple Push Notification Service)	Delivery of push notifications to iOS devices.	Push tokens and the contents of notifications we send to you.
Expo Inc. (Expo Application Services)	Mobile app build and over-the-air update delivery.	Anonymous build and update telemetry. No user content.

Each provider is bound by their own privacy and security commitments. We keep this list up to date; when we add a sub-processor we update this policy.

6.2 Other content you make public

Content you publish in the Service — for example, a post you publish to your subscribers, an event you create, or a public comment — is visible to other users of the Service in the way the Service is designed to show it. That is its purpose. You are responsible for what you choose to publish.

6.3 Legal disclosures

We may disclose information if we believe in good faith that doing so is necessary to:

Comply with a law, regulation, subpoena, court order, or other lawful request from a government authority.
Investigate or prevent fraud, abuse, security incidents, or violations of our Terms or Community Guidelines.
Protect the rights, property, or safety of Basavaiah LLC, our users, or the public.

6.4 Business transfers

If Basavaiah LLC is involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction. We will notify users before any such transfer takes effect and any new owner will be bound by this Privacy Policy or one no less protective.

7. How long we keep information

Account information is kept for as long as your account exists.
Content you create is kept for as long as your account exists, unless you delete it sooner.
Anonymous usage events are kept in aggregated form indefinitely; individual events are pruned within 12 months. After you delete your account, the link between any remaining events and your identity is severed within 30 days, and individual events follow the standard 12-month pruning thereafter.
Crash logs are kept for up to 90 days.
Communications with our team are kept for as long as needed to resolve your issue and meet our legal obligations.

When you delete your account, we delete or anonymize the information associated with it according to the schedule on the Account deletion page.

8. Your rights and choices

Subject to applicable law, you have the following rights over your information:

Access. Request a copy of the information we hold about you.
Correction. Ask us to fix information that is wrong or out of date.
Deletion. Ask us to delete your account and the information associated with it. See Account deletion.
Export (portability). Ask us to provide your account data in a portable format.
Withdraw consent. Where we rely on consent, withdraw it at any time. For push notifications, you can do this in your device settings.
Object or restrict. Object to or restrict certain processing.
Complain. Lodge a complaint with your local data protection authority.

To exercise any of these rights, write to privacy@saarathi.us from the email address tied to your account. We will respond within 30 days.

8.1 If you are a California resident (CCPA / CPRA)

You have the right to know what personal information we collect, to delete it, to correct it, and not to be discriminated against for exercising these rights. We do not “sell” or “share” personal information in the meaning of the CCPA. The categories of personal information we collect are described in Section 3; the purposes in Section 4; the recipients in Section 6.

9. Children

Saarathi is not directed at children under 13 (or under 16 in the European Economic Area and United Kingdom). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact privacy@saarathi.us and we will delete it.

10. How we protect information

We take reasonable steps to protect the information we hold:

All traffic between the Saarathi app, the website, and our servers is encrypted in transit using HTTPS/TLS.
Passwords are stored only as a salted hash; we never see your password.
Our database uses row-level security to make sure your data is only readable by you and the people who should see it.
Access to production systems is limited to a small number of authorized personnel and is logged.

No method of transmission or storage is perfectly secure. If we learn of a security incident that materially affects your information, we will notify you and the appropriate authorities as required by law.

11. International transfers

Basavaiah LLC is located in the United States, and our sub-processors operate in the United States and other countries. If you are accessing the Service from outside the United States, your information will be transferred to, processed in, and stored in the United States. Where required, we rely on standard contractual clauses or equivalent safeguards for such transfers.

12. Changes to this policy

We may update this policy from time to time. When we make a change that materially affects how we handle your information, we will:

Update the “Last updated” date at the top of this page.
Post a notice in the app, by email, or both, at least 14 days before the change takes effect, where reasonably possible.

Continued use of the Service after a change means you accept the updated policy.

13. Contact

Email: privacy@saarathi.us
Mail: Basavaiah LLC
8401 Mayland Dr, Ste A
Richmond, VA 23294-4648
United States
Support: saarathi.us/support