Legal Last updated: May 2026

Privacy Policy

Plain English summary at the top • Full legal text below • Governs mypariva.com

This is a template policy. MyPariva should have a qualified lawyer review it before publishing to users.

TL;DR — Plain English Summary

Here's what you need to know in 30 seconds: We collect what we need to run the app — your email, phone number, cycle data, and the supporters you add. We never sell your data to advertisers, insurers, or data brokers. Your health data is yours. You can delete your account at any time and all data will be removed within 30 days. We store your data in India. If you have questions, email privacy@mypariva.com.

1. Who We Are

MyPariva Technologies Pvt. Ltd. ("MyPariva", "we", "our", "us") is the data fiduciary for personal data collected through the MyPariva platform at mypariva.com and any associated applications.

Registered address: [Address], Bangalore, Karnataka — 560XXX, India
Data Protection Officer: privacy@mypariva.com

2. Information We Collect

Account information: email address, full name, BCrypt-hashed password, mobile phone number, date of birth, and (if you use Google Sign-In) your Google-provided name, email, and profile photo.

Health data (Sensitive Personal Data under India's DPDP Act 2023):

Menstrual cycle dates (last period, cycle length, period length)
Daily mood, energy levels, and symptom logs
Cycle phase predictions generated by our system

Care network data: names, WhatsApp phone numbers, email addresses, and relation types of supporters you choose to add. We also store their consent status and notification preferences.

Usage data: login timestamps, device type (mobile/desktop), browser user-agent, and IP address (anonymised after 30 days). We use this to detect abuse and improve reliability.

From third parties: if you sign in with Google, we receive your name, email, and profile photo from Google Firebase Authentication. We do not receive your Google password or any other Google account data.

3. How We Use Your Information

Provide the service: generate cycle predictions, show your dashboard, send notifications to your care network
Verify your identity: WhatsApp OTP for phone verification, JWT tokens for session authentication
Send notifications you opt into: WhatsApp and email messages to your chosen supporters, based on your cycle phase
Personalise content: health articles and tips are filtered by your profession and health preferences
Improve predictions: we use aggregated, anonymised cycle data (never individually identifiable) to improve prediction accuracy
Legal compliance: responding to court orders or regulatory requirements from Indian authorities

We explicitly do not: use your health data to train AI models, sell it to insurers, share it with advertisers, or use it for any purpose beyond operating the MyPariva service.

Service providers (data processors):

WhatsApp Business API: to deliver WhatsApp notifications to your supporters (message content and recipient phone number only)
Google Firebase: for Google Sign-In token verification (your Google email and name)
SMTP email provider: to send consent and care notification emails (recipient email and message content only)
Cloud infrastructure: hosting and database services located in India

All service providers are contractually bound to process your data only as instructed by us, and to maintain appropriate security standards.

Legal disclosure: we may disclose personal data if required by a valid court order from an Indian court of competent jurisdiction. We will notify you promptly unless prohibited by law.

Never shared with: advertisers, insurers, employers, data brokers, marketplaces, or any third party for commercial purposes.

5. Your Rights Under India's DPDP Act 2023

Under the Digital Personal Data Protection Act 2023, you have the following rights:

Right of access: request a copy of the personal data we hold about you
Right of correction: request correction of inaccurate or incomplete data
Right of erasure: request deletion of your personal data (account deletion)
Right to grievance redressal: raise a complaint that must be acknowledged within 48 hours and resolved within 30 days
Right to nominate: nominate an individual to exercise your rights in the event of your death or incapacity

To exercise any of these rights, email privacy@mypariva.com with the subject line "Data Rights Request." We will respond within 15 business days.

6. Data Retention

Active accounts: data is retained while your account is active and for up to 30 days after deletion request
Deleted accounts: all personal data erased within 30 days; backup copies purged within 90 days
Audit and security logs: retained for up to 12 months for fraud prevention and security purposes, then permanently deleted
Aggregated anonymised data: may be retained indefinitely, as it cannot be linked back to an individual

7. Security

All data transmitted over the internet is protected by TLS 1.3 encryption
Passwords are hashed with BCrypt — we never store plaintext passwords
Session tokens (JWT) are short-lived and stored securely on the server-side session
Consent tokens in email links are AES-encrypted
We conduct regular security reviews and penetration tests

No system is 100% secure. In the event of a data breach that materially affects your personal information, we commit to notifying you within 72 hours, and to notifying India's Data Protection Board as required by law.

8. Children's Privacy

MyPariva is not directed at children under 13. Users between 13 and 18 must have verifiable parental or guardian consent before creating an account. If we become aware that a child under 13 has provided personal data without consent, we will delete it immediately. Contact us at privacy@mypariva.com if you believe this has occurred.

10. International Users

MyPariva is designed for users in India, and all data is stored on infrastructure located in India. If you access MyPariva from the EU, UK, or another jurisdiction, please note:

For EU/EEA users: we process data on the basis of your consent and our legitimate interests in providing the service, consistent with GDPR principles where applicable
For UK users: we comply with UK GDPR principles to the extent applicable to our service
Cross-border data transfers: data sent via WhatsApp Business API may be processed outside India by Meta Platforms. See Meta's privacy policy for details.

11. Changes to This Policy

We will notify you of material changes to this Privacy Policy by:

Sending a notification to your registered email address at least 30 days before the change takes effect
Displaying an in-app banner when you next log in

Your continued use of MyPariva after the effective date of the updated policy constitutes acceptance of the changes. If you do not agree, you may delete your account before the effective date.

12. Contact & Grievance Officer

For privacy questions, data requests, or complaints:

Data Protection Officer: privacy@mypariva.com
Grievance Officer: [Name, designation — placeholder] | privacy@mypariva.com
Escalation: India's Data Protection Board at meity.gov.in

We acknowledge all grievance requests within 48 hours and aim to resolve them within 30 days.