Privacy Policy for Ohual

Last updated: December 2025

We Ohual is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App"). This document is designed to meet the requirements of the Apple App Store, Google Play Store, and payment partners like Razorpay, specifically adhering to the Information Technology Act, 2000 (India).

1. Legal Basis for Processing

We process your personal information under several distinct legal frameworks to ensure transparency and compliance:

  • Contractual Necessity: This is our primary basis. We process your name, email, and career goals to fulfill our contract with you—providing personalized AI roadmaps, tracking your progress, and managing your account.
  • Consent: For features that are not strictly necessary for the app to function—such as syncing your GitHub profile, accessing your camera for a profile picture, or receiving push notifications—we rely on your explicit, opt-in consent.
  • Legitimate Interests: We analyze aggregated usage data to improve our AI algorithms, fix bugs, and optimize the user experience. This helps us ensure the App remains high-performing and secure.
  • Legal Obligation: As a service operating in India, we must retain certain financial records (via Razorpay) to comply with tax laws and anti-money laundering (AML) regulations.

2. Detailed Information We Collect

We collect information to build your "Personalized OS for Ambition":

  • Account Data: Essential identifiers including your full name, email address, and account credentials.
  • Student-Specific Data: Detailed career aspirations, academic standing, specific skill gaps, learning style preferences, and uploaded professional documents (resumes/portfolios).
  • Founder-Specific Data: Strategic business information including startup mission, industry sector, competitor analysis, and key performance indicators (KPIs) to tailor the AI's strategic advice.
  • Automated Technical Data: IP addresses, device hardware models, operating system versions, unique device identifiers, and mobile network information used for security and troubleshooting.
  • Gamification & Interaction Data: We track your "streaks," completed micro-tasks, and the specific prompts you send to the AI Mentor to maintain your learning history.

3. Device Permissions & Transparency

Ohual requests permissions only when a feature specifically requires it. You can manage these in your system settings:

  • Storage & Media Access: Used strictly to allow you to select and upload PDF resumes or images for your portfolio. We do not scan your entire gallery.
  • Push Notifications: Used to deliver "Duolingo-style" reminders for your daily micro-tasks and updates on roadmap milestones.
  • Camera Access: An optional permission used if you wish to take a new profile photo directly within the App.
  • Network State: We monitor whether you are on Wi-Fi or cellular data to ensure large AI-generated roadmaps download efficiently without wasting your data plan.

4. AI & Large Language Model (LLM) Disclaimer

Ohual utilizes Google Gemini to provide hyper-personalized mentorship. By using these features, you acknowledge:

  • Nature of Output: AI is a probabilistic tool. While it provides high-quality strategic advice, it can occasionally generate "hallucinations" or incorrect technical facts. Users should treat AI output as a guide rather than absolute fact.
  • Data Processing for AI: When you enter a prompt, that text is sent to Google Gemini’s API for processing. We do not use your private personal identifiers (like your email) to train the public AI models.
  • Prohibited Inputs: Users are strictly prohibited from entering sensitive data (passwords, financial secrets, or government IDs) into the AI chat interface.

5. Cookies, Identifiers, and Analytics

We use industry-standard tracking technologies to provide a seamless experience:

  • Authentication Cookies: These keep you logged in as you move between the Roadmap and Profile sections.
  • Analytics (Supabase/Google): We use anonymized event tracking to see which roadmap steps are most difficult for users, allowing us to refine our content.
  • Mobile Advertising IDs: We may use these to understand how you found Ohual (e.g., via a specific ad) to manage our growth budget effectively.

6. Payments and Financial Security (Razorpay)

Your financial safety is a priority. Ohual implements "Security by Design":

  • PCI-DSS Compliance: All payment processing is handled by Razorpay. Ohual never sees or stores your credit card number or CVV.
  • Billing Information: We only receive confirmation of payment, the last four digits of the card (for identification), and your billing address as required for GST invoicing in India.

7. Third-Party Data Sharing

We do not sell your data. We only share information with partners necessary to run the service:

  • Infrastructure: Supabase (Database/Auth) and Vercel (Hosting).
  • AI Intelligence: Google Cloud/Gemini (Roadmap Generation).
  • Financial Services: Razorpay (Subscription Management).
  • Legal Compliance: We may disclose data if required by a court order or to protect the safety of our users.

8. Your Rights: Deletion and Portability

You own your data. Under Indian IT Rules and global standards (GDPR/CCPA), you have the following rights:

  • The Right to Delete: You can delete your account via Settings > Account > Delete Account. Upon confirmation, all personal data is purged from our active systems.
  • The Right to Access: You may request a copy of the data we hold about you by emailing our support team.
  • Data Retention Policy: We keep your data only as long as your account is active. If an account is inactive for 24 months, we reserve the right to archive or delete the data.

9. Security Architecture

We protect your data using enterprise-grade protocols:

  • End-to-End Encryption: All data moving between your phone and our servers is protected by 256-bit SSL/TLS encryption.
  • Database Security: We utilize Row-Level Security (RLS), meaning even a system-level bug would prevent one user from accidentally seeing another user's roadmap.

10. Contact and Grievance Redressal

In accordance with the Information Technology Act, if you have any concerns or wish to report a privacy violation:

  • Grievance Officer: Privacy Lead, Ohual Team
  • Email: info@ohual.com
  • Response Time: We aim to respond to all privacy-related inquiries within 48 hours and resolve grievances within 15 days.