Privacy Policy

Your trust is our foundation. This document details exactly how Sarothi collects, secures, and handles your academic data.

Status: Active & Enforced

Policy Highlights

1. Data Collection
2. Usage Protocols
3. Security Infrastructure
4. Student Rights

1. Information We Collect

Sarothi minimizes data collection. We only store what is strictly necessary to calculate your syllabus progress and maintain your study history.

A. Personally Identifiable Information (PII)

Account Credentials: If you sign up via Email, we store a hashed version of your password. If you use Google, we only store the authentication token.
Profile Data: Your name, email address, and profile picture URL (provided by Google) are stored to personalize your dashboard.
Academic Context: Your declared educational level (HSC/SSC), batch year, and institution name.

B. Usage & Behavioral Data

To power the "Smart Analytics" engine, we record:

Progress Markers: Every time you check a checkbox (e.g., "Physics Chapter 1"), a timestamped event is logged.
Session Duration: The start and end times of your focused study sessions.
Custom Content: Any private notes, to-do lists, or resource links you manually add to the platform.

2. How We Use Your Data

We do not sell, trade, or rent your personal identification information to others. Your data is used exclusively for:

Core Functionality

Calculating your percentage completion, generating heatmaps, and identifying your weak subjects.

Gamification

Displaying your selected "Public Name" on the Leaderboard. (You can opt-out of this in Settings).

Security

Verifying your identity to prevent unauthorized access to your private study notes.

3. Security Architecture

Your data is hosted on enterprise-grade infrastructure. We employ a "Defense in Depth" strategy.

Database Security

We utilize Supabase (PostgreSQL) as our backend provider. Key security measures include:

Row Level Security (RLS): This is a database-layer firewall. Even if someone accesses the API, the database itself rejects requests to read data that does not belong to the authenticated User ID (UID).
AES-256 Encryption: All data is encrypted at rest on the physical servers.
SSL/TLS: All data transmitted between your browser and our servers is encrypted using Transport Layer Security.

4. Your Data Rights

Sarothi acknowledges that you own your academic data. You retain the following rights:

Right to Access & Portability

You can view 100% of the data we hold on you directly via the Dashboard.

Right to Rectification

If you marked a chapter as "Done" by mistake, you can toggle it off instantly. You can update your profile details at any time.

Right to Erasure ("Right to be Forgotten")

You may request the permanent deletion of your account. Upon this request, your database row is wiped, and your authentication record is removed from the system.

If you have concerns about your data privacy, please reach out directly to the Data Controller.

parthosarothichowdhury4@gmail.com