Privacy Policy

1. Who We Are

Kalaloka ("Platform", "we", "us", "our") is a content reading and writing platform operated by DigiYogi, based in Bangalore, Karnataka, India. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use Kalaloka at kavi.digiyogi.com and any associated mobile applications.

By using Kalaloka, you agree to the collection and use of your information as described in this policy. If you do not agree, please do not use our services.

2. Information We Collect

2.1 Information You Provide

• Account Information: Phone number (for OTP login), name, display name, profile picture, bio, and language preferences.
• Social Login Data: If you sign in with Google or Facebook, we receive your name, email address, and profile picture from those services. We do not receive or store your social media passwords.
• Content: Stories, poems, articles, comments, messages, and any other content you create or share on the Platform.
• Financial Information: UPI ID or bank details (for creator payouts only). Payment processing for subscriptions and purchases is handled by third-party payment processors — we do not store your full payment card details.
• Communications: Messages you send through in-app chat, support requests, and feedback.

2.2 Information Collected Automatically

• Device Information: Device type, operating system, browser type, screen resolution, and unique device identifiers.
• Usage Data: Pages visited, stories read, reading time, search queries, features used, and interaction patterns.
• Reading History: What content you read, how long you spend on each piece, and your reading preferences.
• IP Address and Location: Your IP address and approximate geographic location (city/state level, not precise GPS).
• Log Data: Access times, error logs, referring URLs, and pages viewed before and after visiting the Platform.

2.3 Cookies and Tracking Technologies

We use cookies, local storage, and similar technologies. See our Cookie Policy for full details.

3. How We Use Your Information

We use the information we collect to:

• Provide the Service: Create and manage your account, display content, enable reading and writing features, process payments, and facilitate creator payouts.
• Personalize Your Experience: Recommend stories, customize your feed, suggest authors to follow, and tailor content to your reading preferences and language.
• AI Features: Generate audio narrations of published content, provide writing suggestions, and power content discovery. Your reading patterns and content interactions help improve these AI features.
• Analytics and Improvement: Understand how users interact with the Platform, identify popular content and features, fix bugs, and improve overall performance.
• Communication: Send service-related notifications (new chapters, followers, gifts received), respond to support requests, and share Platform updates.
• Safety and Security: Detect fraud, prevent abuse, enforce our Terms of Service and Community Guidelines, and protect users.
• Legal Compliance: Comply with applicable laws, regulations, and legal processes.

4. How We Share Your Information

We do not sell your personal information to third parties. We may share your information in the following limited circumstances:

• Public Profile and Content: Your display name, profile picture, bio, and published content are visible to other users. This is the core purpose of the Platform.
• Payment Processors: We share necessary transaction details with payment processors (e.g., Razorpay) to process subscriptions, purchases, and creator payouts.
• Analytics Providers: We use PostHog for product analytics. PostHog receives anonymized usage data to help us understand how the Platform is used. PostHog's privacy practices are governed by their own privacy policy.
• Hosting and Infrastructure: Our servers and cloud infrastructure providers may process your data as part of providing their services to us.
• Legal Requirements: We may disclose information if required by law, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business Transfers: If DigiYogi is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

5. Data Retention

• Account Data: We retain your account information for as long as your account is active. If you delete your account, we will delete or anonymize your personal information within 90 days, except where we are required to retain it by law.
• Published Content: Content you publish on the Platform may be retained even after account deletion, as it is licensed to the Platform under our Terms of Service. Author attribution may be anonymized upon request.
• Usage and Analytics Data: Aggregated and anonymized analytics data may be retained indefinitely for business analysis.
• Financial Records: Transaction records are retained for a minimum of 8 years as required under Indian tax and financial regulations.
• Chat Messages: Messages are retained for 2 years after the last activity in a conversation, unless you delete them earlier.

6. Your Rights and Choices

You have the following rights regarding your personal information:

• Access: You can request a copy of the personal data we hold about you.
• Correction: You can update or correct your account information at any time through your profile settings.
• Deletion: You can request deletion of your account and personal data. Note that some data may be retained as described in Section 5.
• Withdraw Consent: Where we process data based on your consent, you can withdraw that consent at any time. This will not affect the lawfulness of processing done before withdrawal.
• Communication Preferences: You can opt out of promotional notifications through your account settings. Service-related notifications (such as payment confirmations) cannot be opted out of.
• Data Portability: You can request an export of your content and account data in a machine-readable format.

To exercise any of these rights, email us at support@kalaloka.buzz. We will respond within 30 days.

7. Data Security

We take reasonable technical and organizational measures to protect your personal information, including:

• Encryption of data in transit (HTTPS/TLS) and at rest where applicable.
• Secure authentication using OTP verification and encrypted tokens (JWT).
• Access controls limiting employee access to personal data on a need-to-know basis.
• Regular security reviews and monitoring.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Children's Privacy

Kalaloka is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will take steps to delete it promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@kalaloka.buzz.

9. Compliance with Indian Law

9.1 Information Technology Act, 2000

We comply with the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. We implement reasonable security practices to protect sensitive personal data as defined under these rules.

9.2 Digital Personal Data Protection Act, 2023 (DPDPA)

We are committed to compliance with the Digital Personal Data Protection Act, 2023 and any rules notified under it. In accordance with the DPDPA:

• We process personal data only for lawful purposes with your consent or for legitimate uses permitted by law.
• We collect only the data that is necessary for the purposes stated in this policy.
• We maintain the accuracy of personal data and allow you to correct inaccurate information.
• We retain personal data only for as long as necessary to fulfill the stated purposes.
• We implement reasonable security safeguards to protect personal data.
• You may exercise your rights as a Data Principal, including the right to access, correction, erasure, and grievance redressal, by contacting us.

Our designated Grievance Officer for DPDPA compliance can be reached at support@kalaloka.buzz. Grievances will be acknowledged within 48 hours and resolved within 30 days.

9.3 Intermediary Guidelines (IT Rules, 2021)

As an intermediary under the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, we maintain a Grievance Officer who can be contacted at the email address above.

10. Third-Party Links

The Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy policies before providing any personal information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you through the Platform or by email. The "Last Updated" date at the top reflects the most recent revision. Your continued use of Kalaloka after changes are posted constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or how we handle your data, contact us:

• Email: support@kalaloka.buzz
• Platform: Kalaloka (a product of DigiYogi)
• Address: Bangalore, Karnataka, India