Privacy Policy

1. Introduction

Welcome to Rikonect. This Privacy Policy explains how Rikonect Technologies Private Limited ("Rikonect," "we," "us," or "our") collects, uses, shares, and protects your personal information when you use our platform, website, and services (collectively, the "Service").

We are committed to protecting your privacy and being transparent about how we handle your data. Your privacy is at the core of everything we build.

Legal Compliance: This Privacy Policy is designed to comply with applicable Indian data protection laws, including:

• The Information Technology Act, 2000
• The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
• The Digital Personal Data Protection Act, 2023 (DPDP Act)

By using the Service, you consent to the practices described in this Privacy Policy. Please also review our Terms & Conditions.

2. Information We Collect

We collect information to provide and improve our Service. The types of information we collect include:

Account Information

• Email address: Used for authentication and communication
• Name: Your display name on the platform
• Profile photo: Optional image you choose to upload

User-Generated Content

• Memories: Personal experiences and reflections you record
• Notes: Text content you create within the platform
• Surveys: Your responses to self-assessments and questionnaires
• Posts: Content you share with others

Social Data

• Friends: People you connect with on the platform
• Invitations: Invites you send or receive
• Relationships: How you categorize your connections

Usage Analytics

• Page views: Which pages you visit within the Service
• Feature usage: Which features you interact with
• Session data: Duration and frequency of your visits

3. How We Collect Information

We collect information in the following ways:

• Directly from you: When you create an account, fill out your profile, create content, or communicate with us
• Automatically: Through analytics tools when you interact with the Service
• From third parties: When you sign in using Google OAuth, we receive basic profile information from Google

Social Login (Google OAuth)

When you choose to sign in with Google, we receive the following information from your Google account:

• Email address: Your primary Google email address
• Name: Your Google profile name
• Profile picture: Your Google profile photo (if available)

We do not receive or store your Google password. Google handles the authentication process, and we only receive the information listed above after you authorize the connection. You can revoke this access at any time through your Google account settings.

4. How We Use Information

We use the information we collect to:

• Provide the Service: Create and manage your account, enable features, and deliver functionality
• Personalize your experience: Tailor content and features based on your preferences and usage
• Improve the Service: Analyze usage patterns to enhance features and fix issues
• Communicate with you: Send important updates, respond to inquiries, and provide support
• Ensure security: Detect and prevent fraud, abuse, and security threats
• Comply with legal obligations: Meet regulatory requirements and respond to legal requests

5. Legal Basis for Processing

We process your personal information based on the following legal grounds under applicable data protection laws:

• Consent: When you create an account, you consent to our collection and use of your information as described in this Privacy Policy. You may withdraw your consent at any time by deleting your account or contacting us.
• Contract Performance: Processing necessary to provide the Service you have requested, including account creation, content storage, and feature delivery.
• Legitimate Interests: Processing necessary for our legitimate business interests, such as improving the Service, preventing fraud, and ensuring security, where these interests are not overridden by your rights.
• Legal Obligations: Processing necessary to comply with our legal obligations under applicable Indian laws, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023.

6. Information Sharing

We do not sell your personal information. We share information only in the following circumstances:

Third-Party Service Providers

We work with the following third-party service providers who process data on our behalf:

• Google Cloud Platform (Mumbai, India): Our cloud infrastructure provider that hosts our servers and databases. All data is stored in Google Cloud's Mumbai (asia-south1) region in India. Google Cloud complies with ISO 27001, SOC 2, and other security certifications.
• Google OAuth (Authentication): We use Google OAuth for secure social login. When you sign in with Google, Google processes authentication on their servers and shares only your basic profile information with us as described in Section 3.
• Amplitude (Analytics): We use Amplitude for usage analytics. Amplitude receives usage event data to help us understand how users interact with the Service. We do not share personally identifiable information with Amplitude. Amplitude's privacy policy is available on their website.

Other Sharing Circumstances

• With your consent: When you choose to share content with friends or make content public
• Legal requirements: When required by law, court order, or government request
• Protection of rights: To protect the rights, property, or safety of Rikonect, our users, or others
• Business transfers: In connection with a merger, acquisition, or sale of assets, in which case you will be notified via email and/or prominent notice on our website

7. Cookies and Tracking

We use the following technologies:

• HTTP-only session cookies: Essential cookies that manage your login session securely. These cookies cannot be accessed by JavaScript and are automatically deleted when you close your browser or log out.
• Amplitude SDK: For analytics purposes, Amplitude may use local storage to track user interactions. This data helps us improve the Service.

We do not use advertising cookies or trackers. We do not track your IP address for analytics purposes.

8. Do-Not-Track Signals

Some web browsers offer a "Do Not Track" ("DNT") feature that lets you tell websites you visit that you do not want to have your online activity tracked.

We do not use advertising trackers or third-party tracking for marketing purposes. Our analytics are used solely for improving the Service, and we do not track users across websites. Therefore, DNT signals do not change how we operate, as we already limit tracking to essential service improvement purposes only.

9. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specifically:

• Account data: Retained while your account is active
• User content: Retained until you delete it or your account
• Analytics data: Retained for up to 24 months for service improvement
• Legal compliance: Some data may be retained longer if required by law

Upon account deletion, we will delete your personal information within 30 days, except where retention is required for legal purposes.

10. Your Rights

Under applicable data protection laws, including the Digital Personal Data Protection Act, 2023 (DPDP Act), you have the following rights regarding your personal information:

• Right to Access: Request confirmation of whether we process your personal data and obtain a copy of your personal data
• Right to Correction: Request correction or completion of inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data when it is no longer necessary for the purposes for which it was collected
• Right to Restrict Processing: Request restriction of processing in certain circumstances
• Right to Object: Object to processing based on legitimate interests
• Right to Data Portability: Request your data in a structured, commonly used, machine-readable format
• Right to Withdraw Consent: Withdraw your consent at any time where we rely on consent to process your data
• Right to Complain: Lodge a complaint with the Data Protection Board of India or other relevant supervisory authority

How to Exercise Your Rights

• Data Access and Deletion: Contact us at legal@rikonect.com
• Data Export: Request a copy of your data in a portable format by emailing support@rikonect.com

We will respond to your request within 30 days. In certain circumstances, we may need to verify your identity before processing your request.

11. Children's Privacy

The Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13.

If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly. If you believe we may have collected information from a child under 13, please contact us at legal@rikonect.com.

12. Data Security

We implement appropriate technical and organizational measures to protect your personal information in accordance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

Technical Security Measures

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS/SSL (HTTPS)
• Encryption at Rest: Data stored in our databases is encrypted at rest using AES-256 encryption provided by Google Cloud Platform
• Secure Authentication: We use passwordless authentication (magic links) and OAuth to prevent password-related vulnerabilities
• HTTP-only Cookies: Session cookies are HTTP-only and Secure, preventing cross-site scripting attacks
• Access Controls: Strict access controls limit who can access user data within our organization

Infrastructure Security

Our infrastructure is hosted on Google Cloud Platform (GCP) in their Mumbai (asia-south1) data center. GCP maintains industry-leading security certifications including:

• ISO 27001 (Information Security Management)
• ISO 27017 (Cloud Security)
• ISO 27018 (Cloud Privacy)
• SOC 1, SOC 2, and SOC 3 compliance

However, no method of transmission over the Internet is 100% secure. While we strive to protect your information using commercially reasonable measures, we cannot guarantee absolute security. We encourage you to use strong, unique passwords for any services you use and to keep your login credentials confidential.

13. International Users

Rikonect is operated from India. All data is stored and processed on Google Cloud Platform servers located in Mumbai, India (asia-south1 region).

If you access the Service from outside India, please be aware that:

• Your information will be transferred to, stored, and processed in India
• Data protection laws in India may differ from those in your country of residence
• By using the Service, you consent to the transfer and processing of your information in India

We comply with applicable Indian data protection laws, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, which provide robust protections for your personal information.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will:

• Update the "Last updated" date at the top of this policy
• Notify you through the Service or via email for significant changes
• Give you the opportunity to review changes before they take effect

Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

15. Grievance Officer

In accordance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, we have appointed a Grievance Officer to address your concerns regarding data processing.

• Grievance Officer Email: legal@rikonect.com
• Response Time: We will acknowledge your complaint within 48 hours of receiving it
• Resolution Time: We will endeavor to resolve your complaint within 30 days from the date of receipt

If you are not satisfied with our response, you may escalate your complaint to the Data Protection Board of India or other relevant regulatory authority.

16. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• General Inquiries: support@rikonect.com
• Legal & Privacy: legal@rikonect.com
• Company: Rikonect Technologies Private Limited
• Location: Pune, Maharashtra, India