Privacy Policy

1. Who we are

Bhashu ("the App", "we", "us") is a mobile learning application for Indian languages, available on the Apple App Store and Google Play Store. The App and this website are operated by iMobileMaster Limited, located in the State of Ohio, United States.

For privacy questions, contact us at contact@bhashu.com.

2. What we collect

We collect only aggregate, anonymous usage events — counts of activities across all users combined, with no individual identification. Specifically:

• Event name — e.g., "chapter_opened", "lesson_completed", "game_played", "screen_view"
• Event properties — e.g., chapter ID, lesson type, game ID (never user-identifying)
• Duration on screen, in milliseconds, averaged across the user base
• Platform — iOS or Android, app version number

Each event is sent to our server as a count and immediately aggregated. We do not attach any user identifier, device identifier, advertising ID, IP address, precise or coarse location, or any other identifier to the event before processing or storage.

Voluntary feedback you send through the in-app form. If you tap "Send Feedback" inside the Profile tab of the App and submit a message, we receive: the category you picked (Bug · Suggestion · Praise · Other), your message text, and — only if you choose to provide it — an optional email address for a reply. The email field is clearly labeled as optional and intended for adults; you may submit feedback without it. We also auto-attach the app platform (iOS or Android) and the app version, to help route bug reports to the right release. No device identifier, user identifier, or other personal data is attached to the feedback record.

3. What we do not collect

To be explicit, we do not collect any of the following:

• Names, phone numbers, or contact information. Email addresses are only collected if you voluntarily provide one — through the optional field on our in-app feedback form, or by emailing us directly. We never collect an email address automatically.
• Precise location (GPS) or coarse location (IP-based)
• Advertising identifiers — IDFA on iOS, AAID on Android — we do not request these
• Device identifiers — device model + OS combinations are not used to identify or fingerprint your device
• IP addresses — our server does not log or persist them with event data
• Photos, videos, microphone audio, or any device sensor data
• Contact lists, calendar, call logs, or any other system-level data
• Account credentials, biometric data, or login information from other services
• Browsing history or behavior outside the App
• Any data from third-party tracking SDKs — we do not integrate any (no Facebook SDK, no Google Analytics, no advertising SDKs, no analytics SDKs other than our own first-party aggregate counter)

4. Legal basis for processing

Where applicable law requires us to identify a legal basis for processing data, our basis for collecting aggregate usage events is our legitimate interest in understanding which parts of the App are used so we can improve the product. Because the data is fully aggregated and cannot identify any individual, the privacy impact to any user is zero.

5. In-app purchases

When you buy a book inside the App, the purchase is processed entirely by Apple (App Store) or Google (Play Store). Those platforms tell us only whether the purchase was successful — we never see your payment card details, billing address, or account information.

If you choose to sign in (with Sign in with Apple or Sign in with Google), we record a minimal purchase entitlement so the books you buy stay with you across our family of apps. Specifically, we store: a one-way hash of your sign-in provider's stable user identifier (which cannot be reversed to your real identity, email, or name), which book you bought, when you bought it, which app and platform the purchase originated on, and the signed purchase receipt for audit/re-validation. We do not store your name, email, phone, IP address, or device identifier. Signing in is optional — if you skip it, the App still works locally; the only effect is that you'll need to tap "Restore Purchases" if you ever install a future app in our family on a new device.

Refund decisions are handled by Apple or Google under their respective policies. See Terms of Service §6 for the refund process.

6. How long we keep data

Aggregate event counts are stored for up to 30 days for app-quality analysis. After that, they are automatically deleted via our CloudWatch Logs retention policy. We have no per-user records to delete because we never collect them.

If you email us, we keep the email thread until the conversation is resolved, then delete it within 12 months unless you request otherwise.

In-app feedback submissions. Feedback you send through the in-app form is stored in our AWS DynamoDB database with a retention period of 90 days, after which the entire feedback record (including any optional email address you provided) is automatically deleted by DynamoDB's time-to-live policy. If you provided an email and we reply during the 90-day window, the resulting email thread follows the 12-month-after-resolution rule above. You may request earlier deletion of your feedback at any time by emailing the address in §14.

7. Where data is stored

Aggregate event counts are stored on Amazon Web Services (AWS) infrastructure in the United States, specifically in AWS CloudWatch Logs. AWS is a SOC 2 Type II, ISO 27001, and PCI DSS-certified provider. Because the data contains no personal information, the geographic storage location has no impact on your privacy.

Telemetry endpoint — no IP logging. The API Gateway stage that receives telemetry requests has access logging explicitly disabled at the infrastructure level (enforced by a Terraform postcondition that fails our deployment if the setting is ever changed). The Lambda function that processes requests does not read or log the source IP address or User-Agent header from the request context. CloudWatch metrics for the endpoint contain only aggregate counts (request count, latency, error rate) and do not include per-request IPs.

Website edge analytics. Our website (bhashu.com) is served through Amazon CloudFront, a content delivery network. CloudFront's standard operational reporting includes aggregate, anonymous request counts per country (e.g., "United States: 72%, India: 14%"). These totals are visible only to us as service operators, are not linked to any individual visitor, and are produced by AWS at the edge layer rather than by code we wrote. We do not use this data for profiling, advertising, or any decision affecting an individual user.

Feedback storage — DynamoDB. In-app feedback submissions are stored in an AWS DynamoDB table (us-east-1 region). The table has a time-to-live policy set to 90 days, after which records are automatically purged by AWS. The feedback Lambda is scoped via IAM to write-only on this single table — it cannot read existing rows, scan the table, or touch any other resource. Only authorized project maintainers can query the table via the AWS CLI.

User-account purchase storage — DynamoDB. If you sign in (with Sign in with Apple or Sign in with Google), the minimal purchase entitlement record described in §5 is stored in a separate AWS DynamoDB table (us-east-1 region). The record contains only: a one-way hash of your sign-in provider's stable user identifier (cannot be reversed to identity, email, or name), the book identifier you bought, the timestamp, the originating app and platform, and the signed purchase receipt. Purchase records do not have an expiration date because buying a book is a permanent entitlement; you can request earlier deletion by emailing the address in §14. The purchase Lambda is scoped via IAM to write-and- query-only on this single table — it cannot scan, delete, or touch any other resource. Receipts are validated server-side against Apple's and Google's official verification endpoints to prevent forgery.

8. Third-party processors

We use the following service providers to operate the App and website:

• Amazon Web Services (AWS) — Hosts the website (S3, CloudFront), the version-check endpoint, the in-app feedback endpoint, and the aggregate telemetry endpoint. AWS does not access the aggregate data and is bound by their standard data processing terms.
• Apple (App Store) — Distributes the iOS app and processes iOS in-app purchases.
• Google (Play Store) — Distributes the Android app and processes Android in-app purchases.

We do not use any advertising networks, analytics services (Firebase, Google Analytics, Mixpanel, Amplitude, etc.), CRM platforms, or third-party tracking pixels. Our aggregate telemetry is a first-party endpoint we built ourselves.

9. Security measures

Even though the aggregate data we collect is not sensitive, we apply the following safeguards:

• All communication between the App and our server uses HTTPS / TLS 1.2 or higher.
• AWS infrastructure is configured with least-privilege IAM roles.
• Our server endpoint enforces rate limiting to prevent abuse.
• The telemetry Lambda function is stateless — it writes to CloudWatch and discards.
• We do not store any personally identifying information, so there is no PII to protect.

10. Children and family use (COPPA, GDPR-K, DPDP Act)

Bhashu is designed for children to use. We chose the aggregate-only, zero-PII model specifically so that the App can be safely used by children under the world's strictest child-privacy regulations.

10.1 COPPA (United States, under 13)

Under the Children's Online Privacy Protection Act, an operator may not knowingly collect "personal information" from children under 13 without verifiable parental consent. Bhashu does not collect personal information from anyone — including children — so no parental consent flow is required. There are no profiles, no chat, no social features, no behavioral advertising, and no third-party tracking.

10.2 GDPR-K (European Union, under 16 / age varies by Member State)

Under the General Data Protection Regulation, processing personal data of children under 16 (or under 13-16 depending on Member State law) requires parental consent. Bhashu does not process personal data of any user, including children, so no parental consent mechanism is required.

10.3 DPDP Act (India, under 18)

Under India's Digital Personal Data Protection Act, processing personal data of children under 18 requires verifiable parental consent. Bhashu does not process personal data of any user, so no parental consent mechanism is required.

10.4 No advertising, no profiles, no social features

Bhashu contains no advertising of any kind (no banner ads, no interstitials, no rewarded video, no sponsored content), no user profiles that can be shared publicly, no chat or messaging features, and no user-generated content. Children cannot communicate with strangers through the App.

11. Regional rights (GDPR, CCPA, DPDP)

Many jurisdictions grant their residents specific privacy rights — for example, the right to access, correct, delete, or port their personal data, and the right to opt out of sale or sharing.

Because we do not collect personal data, these rights have no data to operate on. There is nothing for us to access, correct, delete, or transfer. If you've sent us an email and want us to delete the thread, write to contact@bhashu.com and we will.

Specifically:

• EU / UK (GDPR) — Articles 15-22 rights (access, rectification, erasure, restriction, portability, objection): no personal data is held, so no action required.
• California (CCPA / CPRA) — Right to know, delete, correct, opt out of sale/sharing: we collect no personal information and do not sell or share data.
• India (DPDP Act) — Data Principal rights (access, correction, erasure, grievance redressal): no personal data is processed.
• Other states / countries — equivalent rights apply, with the same outcome: no PII to operate on.

12. International transfers

The aggregate data we collect is stored on AWS infrastructure in the United States. Because no personal data is collected, international data transfer protections (Standard Contractual Clauses, adequacy decisions, etc.) are not engaged. If you access the App from outside the United States, you understand and agree that the anonymous aggregate event counts will be processed in the United States.

13. Changes to this policy

We may update this Privacy Policy from time to time. If we change what data we collect or how we use it, we will:

• Update the "Last updated" date at the top of this page.
• If the change is material (for example, adding a new type of data collection or sharing data with a new service provider), we will surface an in-app notice the next time you open the App, before the change takes effect.
• Material changes will not be applied retroactively to data collected before the change.

14. Contact

If you have questions about this Privacy Policy, our data practices, or you'd like to make a request related to your privacy, write to contact@bhashu.com. We read everything and respond within 14 days.

For unresolved privacy concerns, you may also contact your local data protection authority — for example, the U.S. Federal Trade Commission, the EU national supervisory authority for your country, or India's Data Protection Board.