Privacy Policy

This Privacy Policy describes how Tejas ("we", "us", or "our") collects, uses, stores, and shares information when you use the Tejas mobile application and this website (together, the "Service"). We wrote this in plain English because your understanding matters more than our legal cover.

By using the Service you agree to the practices described below. If any part is unclear, email us at privacy@tejas.app and we'll answer.

1. The short version

• We collect the minimum we need to personalise your daily guidance — a small set of profile basics.
• Your profile data is used only to generate your own daily line. It is never sold, never used for ads.
• We do not share your personal data with advertising networks or data brokers.
• You can delete your account and all associated data at any time from inside the app or by emailing us.
• All data is encrypted in transit (TLS 1.2+) and at rest on Google Cloud infrastructure.

2. Information we collect

2.1 Information you provide directly

• Account information: email address, display name (optional), authentication tokens.
• Profile basics: a small set of personal fields (including date of birth, time of birth, and place of birth). These initialise your personal model so Tejas can generate guidance specific to you. We treat them with the same care as medical data.
• Profile preferences: chosen palette, dark-mode preference, notification settings, language.
• Support correspondence: messages you send us via email or in-app feedback forms.

2.2 Information collected automatically

• Device information: device model, operating system version, app version, language, time zone.
• Usage information: which screens you visit, which features you use, crash reports, and performance metrics.
• Anonymised identifiers: a randomly generated installation ID so we can correlate crashes and feature usage without identifying you personally. This is not tied to any advertising identifier.

2.3 Information we deliberately do not collect

• Precise location (GPS). We never request location permission.
• Contacts, photos, calendar, or microphone.
• Advertising identifiers (IDFA / Android Advertising ID).

3. How we use your information

• To generate the personalised daily guidance that is the core of the Service.
• To authenticate you and keep your session secure.
• To improve the app — fix crashes, understand which features are used, and prioritise engineering work.
• To send service-related communications (account recovery, security alerts, policy updates).
• To respond to your support requests.
• To comply with legal obligations and enforce our Terms of Service.

We do not use your information for targeted advertising, profile scoring for third parties, or to train generative AI models outside the Service itself.

4. How we store and secure your information

• Data is stored on Google Cloud Platform (Firebase Firestore and Google Cloud Storage), primarily in the Mumbai, India region (asia-south1).
• All traffic between your device and our servers is encrypted using TLS 1.2 or higher.
• Data at rest is encrypted using Google-managed keys.
• Access to production systems is limited to engineers who need it, gated by multi-factor authentication.
• Sensitive profile fields are never written to human-readable application logs.

5. Service providers we rely on

We use a small number of trusted third-party services to run Tejas. Each of them has signed a data-processing agreement with us and can only use your data on our behalf:

• Google Firebase — authentication, database, push notifications, crash reporting, analytics.
• Google Cloud Run — the servers that generate your personalised guidance.
• Google Cloud Storage — encrypted backups.
• Google Gemini API — generating the daily natural-language guidance. Inputs to the model are anonymised; we do not send your email or display name.
• RevenueCat or Google Play Billing — subscription management (only if you subscribe).

6. Sharing and disclosure

We share your personal data only in these situations:

• With the service providers listed above, as strictly needed to operate the Service.
• In response to a lawful request from a government authority — where we will push back on overbroad requests and notify you where legally permitted.
• In connection with a merger, acquisition, or sale of assets — in which case your data would be subject to this same Privacy Policy until updated.
• With your explicit consent for a specific purpose you agreed to.

We will never sell your personal information.

7. Your rights and choices

Depending on where you live, you may have the following rights. We honour these regardless of your location:

• Access — request a copy of the personal data we hold about you.
• Correction — update inaccurate profile details directly in the app, or by emailing us.
• Deletion — delete your account and all associated data from Settings → Account → Delete account, or by emailing privacy@tejas.app. Full step-by-step instructions, retention windows, and what gets kept are on our account deletion page. Deletion takes up to 30 days from primary systems and 90 days from encrypted backups.
• Data portability — request a machine-readable export of your data.
• Withdraw consent — turn off analytics and notifications from Settings, or unsubscribe from marketing email using the link in every marketing message.
• Object to processing — email us and we'll evaluate your request under applicable law.

8. Data retention

• Your account profile and personal data are kept for as long as your account is active.
• If you delete your account, we remove the data within 30 days from primary systems and within 90 days from encrypted backups.
• Anonymised, aggregated analytics may be retained indefinitely, as they cannot be linked back to you.
• We retain transactional records (receipts, billing history) for as long as legally required, typically 7 years.

9. Children

Tejas is not intended for anyone under 13 years of age (or under 16 in the European Economic Area). We do not knowingly collect information from children. If you believe a child has provided us with personal data, email privacy@tejas.app and we will delete it.

10. International data transfers

We are headquartered in India. If you access the Service from elsewhere, your data may be transferred to, stored, and processed in countries other than your own. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.

11. Changes to this policy

When we make a material change to this policy we will notify you in-app and by email at least 30 days before the change takes effect. The "Last updated" date at the top of this page always reflects the current version.

12. Contact

If you have any question about this policy or how we handle your data, reach out:

• Email: privacy@tejas.app
• Postal: Tejas, India (full postal address available on request at privacy@tejas.app)
• Data Protection Officer: privacy@tejas.app

This policy is governed by the laws of India, without regard to conflict-of-law principles.