1. Who This Policy Applies To
This policy applies to all users of NishLab products — including Nish-Learn, and any future apps under the nishlab.in domain. By using our services, you consent to the data practices described here.
2. Data We Collect
| Data | Source | Why |
|---|---|---|
| Name, email, profile photo | Google OAuth or email registration | Account creation and identification |
| Authentication tokens | Firebase Auth | Keeping you logged in securely |
| Study progress, chapter status | Your in-app activity | Personalised learning experience |
| Subscription status | System generated | Access control for paid content |
| Referral code, referral history | Referral programme | Reward eligible referrals |
| Feedback messages | In-app feedback form | Product improvement and support |
| Payment records | Razorpay (order ID, status) | Subscription verification |
| Device ID (hashed) | Browser | Prevent referral fraud |
| Terms acceptance timestamp | Onboarding | Legal compliance record |
3. Data We Do NOT Collect
- Payment card numbers or bank details — handled entirely by Razorpay
- Location data beyond what your IP address indicates
- Contacts, camera, microphone, or other device permissions
- Browsing history outside our apps
4. How We Use Your Data
- To provide, maintain, and improve NishLab services
- To manage your subscription and verify payment status
- To send app notifications (feedback replies, admin announcements)
- To detect and prevent fraud or abuse
- To comply with legal obligations under Indian law
5. Data Storage
Your data is stored in Google Firebase Firestore, hosted on Google Cloud infrastructure. Study progress is also stored locally on your device using localStorage and sessionStorage — this data never leaves your device unless you choose to back it up to Google Drive.
Google Drive backups are stored in your own Google Drive account. NishLab has no access to your Drive — the backup is purely between your device and your Google account.
6. Data Sharing
We share your data only with:
- Google Firebase — authentication and database infrastructure
- Razorpay — payment processing (only order-level data, never card details)
- Cloudflare — hosting and content delivery
We do not share your data with any marketing companies, data brokers, or third-party analytics platforms.
7. Your Rights (DPDP Act 2023)
Under the Digital Personal Data Protection Act 2023, you have the right to:
- Access — request a copy of data we hold about you
- Correction — request correction of inaccurate data
- Erasure — request deletion of your account and associated data
- Grievance redressal — raise a complaint about how your data is handled
To exercise any of these rights, email nish.lab.eco@gmail.com. We will respond within 30 days.
8. Data Retention
We retain your data for as long as your account is active. If you request account deletion, we will remove your data within 30 days, except where retention is required by law (e.g., payment records).
9. Cookies and Local Storage
NishLab apps use browser localStorage and sessionStorage to cache study content and track progress locally. We do not use advertising cookies or third-party tracking pixels.
10. Children's Privacy
Our services are not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, contact us immediately.
11. Changes to This Policy
We may update this policy as our services evolve. Significant changes will be communicated via the app. Continued use after changes constitutes acceptance.