Privacy Policy

Last updated: October 22, 2025

This Privacy Policy explains how Kondria collects, uses, shares and protects personal data.

1) Who we are & contact

Data Fiduciary / Operator: Kondria (sole proprietorship), New Delhi, Delhi, India
Grievance Officer: Shivang Shokeen — shivang.shokeen111@gmail.com — +91 95995 75756

2) Scope

This Policy covers websites, apps and services we operate. It does not cover third‑party services that have their own policies.

3) Personal data we process

• Identity & contact: name, email, phone, address.
• Account & authentication: user IDs, role metadata, session tokens (via Clerk).
• Fitness data (optional): goals, workouts, injuries, preferences (if you choose to provide them).
• Transactional: orders, invoices, payment status (via Razorpay; we do not store full card details).
• Usage & device: app interactions, crash logs, approximate location, device info, IP, cookies/SDK identifiers.
• Communications: messages, support tickets, call/visit logs.

4) Why we process (lawful bases)

• Consent: you give consent (e.g., marketing, optional analytics, processing sensitive data).
• Contract: to create your account, provide features, and support.
• Legal obligations: tax/GST, compliance, fraud prevention.
• Legitimate uses permitted by law: e.g., voluntary provision, employment, or other uses as notified by law.

5) How we use data

Provide and secure the Services; personalize content; process payments & orders; communicate with you; comply with law; improve and debug.

6) Sharing and processors

We use processors for core infrastructure and operations:

• Hosting/Edge: Vercel
• Database & storage: Supabase (PostgreSQL)
• ORM: Prisma (application‑level only; not a separate processor of your data)
• Authentication: Clerk
• Payments: Razorpay
• Media: Cloudinary
• Analytics: Google Analytics 4 (optional/consent based)
• Messaging: WhatsApp/SMS/email providers as applicable

Processors must follow security and confidentiality obligations. We may share data to comply with law or protect rights.

7) Cross‑border transfers

Your data may be processed outside India where our processors operate, as permitted by applicable law. We implement reasonable safeguards and contracts with processors.

8) Retention

We retain personal data only as long as needed for the purposes above and to comply with legal obligations, then delete or anonymize it.

9) Your rights

Subject to law, you may request access, correction, updating, or erasure, and withdraw consent. You may also register a grievance with our Grievance Officer and, if unresolved, escalate to the competent authority under applicable law.

Requests & grievances: shivang.shokeen111@gmail.com
Opt‑out of marketing: unsubscribe links or settings.

10) Children

Our Services are not intended for children under 18. If we learn we processed a child’s data without valid consent, we will delete it.

11) Security

We use reasonable technical and organizational measures (encryption in transit, access controls, backups, logging). No system is 100% secure.

12) Cookies & SDKs

See our Cookies & Tracking page for details and control options.

13) Changes

We will update this Policy as practices or laws change. Material changes will be notified in‑product or via email.