SADHANATRACK APP – PRIVACY POLICY
Effective Date: November 27, 2025
Last Updated: November 27, 2025
This Privacy Policy (“Policy”) describes how SadhanaTrack App (“SadhanaTrack”, “App”, “we”, “us”, “our”) collects, uses, stores, discloses and protects your personal information when you access or use the SadhanaTrack mobile application, admin portal, website (if any) and related services (“Services”).
SadhanaTrack is a spiritual self-assessment and daily sadhana tracking application designed to help users log spiritual activities such as Nindra (sleep), Wake-up time, Japa, Pathan, Sravan, Seva, and other spiritual practices. Users may optionally connect with a designated Spiritual Master or Spiritual Head to monitor progress, enable mentorship, and receive guidance.
By creating an account, accessing, or using the Services, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree, please do not use the App.
1. Applicability of this Privacy Policy
This Policy applies to:
- All end users of the SadhanaTrack App
- Spiritual Masters / Spiritual Heads who oversee or guide end users
- Admins who configure parameters and manage user accounts
- Visitors to any website operated for SadhanaTrack
- Communication and support channels connected to the App
This Policy does not apply to any third-party websites, SDKs, analytics tools, or external applications that may be linked from within the App.
2. Legal Basis & Compliance
This Policy is prepared in accordance with:
- Digital Personal Data Protection Act, 2023 (DPDP Act)
- Information Technology Act, 2000
- Information Technology (Reasonable Security Practices & Procedures and Sensitive Personal Data or Information) Rules, 2011
- CERT-In Directions (2022) on logging, security, breach reporting
- Any applicable state or central regulations
3. Information We Collect
We collect the following categories of personal and spiritual-activity information:
3.1 Information You Provide Voluntarily
A. Account Information
- Full Name
- Email ID
- Phone Number
- Gender / Age group
- Country / State (optional)
- Profile information
- Spiritual Master selection, approval requests, mentor mapping
- Login credentials (passwords are stored in hashed form only)
B. Spiritual Activity / Sadhana Data
Used for self-tracking and mentorship:
- Sleep timings (Nindra)
- Wake-up time
- Japa timings + optional rounds
- Day sleep duration
- Pathan duration
- Sravan duration
- Seva (service) duration
- Points scored as per configured scoring logic
3.2 Information Collected Automatically
When using the App, we collect:
- Biometric authentication status (stored locally on device)
3.3 Information Received From Others
- Spiritual Head / Spiritual Master may add, approve, remove, or review users under their group
- Admin may update or validate user information
- If a user assigns themselves to a Spiritual Master, the request and approval details are processed and stored
4. Purpose of Processing Personal Data
Your personal information is processed strictly for the following purposes:
4.1 Core App Functionality
- Creating and managing user accounts
- Allowing users to log spiritual activities
- Calculating sadhana points
- Showing progress dashboards, graphs, and reports
- Allowing Spiritual Masters to view sadhana of approved reportees
- Enabling reminders, alerts, and notifications
- Exporting data (Excel/PDF) for self-review or mentoring
4.2 User Management & Mentorship
- Processing requests for mentor assignment
- Granting role-based access (Admin/Master/User)
- Allowing Spiritual Masters to add or remove downline users
- Allowing Admins to enable/disable accounts
4.3 Communications
- Notifications for approvals on app
4.4 Security & Compliance
- Preventing fraud, misuse, and unauthorized access
- Monitoring logs as required under CERT-In directions
- Complying with legal obligations and data-retention requirements
- Biometric authentication for enhanced security
4.5 Improvements
- Understanding usage patterns
- Improving UI/UX, features, performance
- Debugging errors, crashes, and analytics
We do not sell, rent, publish, or monetize your sadhana data or spiritual activity patterns.
5. Legal Basis for Processing (DPDP Act & GDPR)
Where applicable, we process data under the following legal bases:
A. Consent (DPDP Act Section 6)
For:
- Creating accounts
- Logging spiritual activities
- Mentor mapping
- Email/phone verification
- Receiving alerts and notifications
- Biometric authentication setup
You may withdraw consent at any time (see “Your Rights”)
B. Performance of Contract
To:
- Provide core app functionalities
- Maintain daily sadhana logs
- Provide analytics and downloads
- Administer user-mentor relationships
C. Legitimate Interests
For:
- App security
- Audit logs
- Fraud prevention
- Basic analytics for app improvement
D. Legal Obligations
Under:
- IT Act
- SPDI Rules
- CERT-In Directions
- DPDP Act breach reporting requirements
6. Role-Based Access to Data
Based on the PRD, the App enforces strict role-based access control.
6.1 End Users
May view:
- Their own daily activity
- Their own sadhana history
- Their own reports/exports
- End users control whether they join a Spiritual Master, except where assigned by Admin
6.2 Spiritual Masters / Spiritual Heads
May view only:
- Sadhana data of users who have explicitly selected them AND are approved
- Aggregated averages
- Individual activity details (after clicking on a user)
- Historical reports
- No access to private user notes unless shared medically or voluntarily
6.3 Admin
May:
- Configure parameters and scoring
- Add/edit/delete user accounts
- Approve/reject mentor relationships
- View activity logs for security and compliance
- Admin cannot alter spiritual activity data without system logging
8. Data Retention
A. Activity Data
- Retained for 3 years by default
- May be archived thereafter
- Deleted permanently upon account deletion + completion of retention obligations
B. System Logs
- CERT-In requires logs to be stored for 180 days
C. Backups
- Encrypted backups may be retained for 30–90 days
- Automated backup deletion cycles apply
D. Account Deletion
After a verified request:
- Account is deactivated immediately
- Data is deleted within 30–90 days, unless required by law
- Mentor access is removed instantly
9. Data Security Measures
We implement reasonable security practices as required under:
- DPDP Act, 2023
- IT Act & SPDI Rules, 2011
- ISO 27001 principles
- CERT-In cybersecurity directions
Security Measures Include:
- End-to-end encrypted transmission (HTTPS/TLS 1.2+)
- Password hashing (bcrypt/industry-standard)
- Role-based access control (RBAC)
- Multi-factor authentication (for Admins)
- Biometric authentication support (device-level)
- Secure cloud infrastructure (Firebase)
- Database access restrictions
- Regular vulnerability assessments
- Logging of admin activities
- Firewalls, IDS/IPS, and encrypted backups
- Local storage encryption for sensitive data
In case of a personal data breach, mandatory notifications will be sent as required under DPDP and CERT-In guidelines.
10. International Data Transfers
If servers or service providers outside India are used:
- Transfers comply with DPDP Act, contractual safeguards, and global standards
- Data remains encrypted and protected
- Adequate protection measures (SCCs / DPIAs) are implemented
11. Your Rights
Under DPDP Act, IT Rules, and applicable laws, you have the right to:
- Right to Access – request a copy of your personal data
- Right to Correction – correct inaccurate or incomplete data
- Right to Erasure – request deletion of your account and data
- Right to Withdraw Consent – disable mentor mapping or stop using Services
- Right to Nominate – appoint an authorized nominee to manage your account in the event of your death or incapacity
- Right to Data Portability – export your own sadhana data (Excel/PDF)
- Right to be Informed – receive updates on changes to this Policy
To exercise your rights, contact: info@innovatiview.com
12. Children’s Privacy
The App is not intended for individuals under 16 years unless supervised by a parent/guardian. We do not knowingly collect data from minors without valid consent.
14. Third-Party Links
The App may contain links to third-party applications/sites which are not controlled by us. We are not responsible for their privacy practices.
15. Changes to This Policy
We may modify this Privacy Policy periodically; Material changes will be notified via:
- In-app notification
- Email (if applicable)
- Update page within the App
Continued use after changes constitutes acceptance.
16. Contact & Grievance Redressal
In compliance with the IT Act and DPDP Act:
Grievance Officer
- Email: support@sadhnatrack.com
- Response Time: Within 30 days
17. Consent
By clicking “Agree”, creating an account, or using the App, you explicitly consent to this Privacy Policy and allow SadhanaTrack to process your personal and spiritual-activity data for the purposes described herein.
Technical Implementation Details
Data Storage & Processing
- Primary Database: Firebase Firestore (Google Cloud Platform)
- Authentication: Firebase Authentication with email/password and Google Sign-In
- Local Storage: SharedPreferences for app preferences
- Biometric Data: Processed locally on device using platform-specific biometric APIs
- File Storage: Local device storage for PDF/Excel exports with permission handling
Permissions Used
- Storage Permission: Required for generating and sharing PDF/Excel reports
- Biometric Permission: For enhanced authentication (optional)
- Network Access: For Firebase services and data synchronization
Data Encryption
- In Transit: HTTPS/TLS 1.2+ for all network communications
- At Rest: Firebase provides default encryption for data at rest
- Local Data: Sensitive data encrypted using platform-specific secure storage
Third-Party Services
- Firebase: Authentication, Firestore database, Cloud Functions
- Google Sign-In: OAuth authentication provider
- PDF Library: Local PDF generation for reports
- Excel Library: Local Excel file generation for exports
- Permission Handler: Android storage permission management
This Privacy Policy is current as of November 27, 2025, and may be updated to reflect changes in our practices or applicable law.