Zyntragram

Privacy Policy

Effective date: 22 May 2026

This Privacy Policy explains how Zyntragram (“we”, “us”, “our”) collects, uses, and shares information when you use the Zyntra mobile application and related services (the “Service”). Zyntragram is operated from India and complies with the Digital Personal Data Protection Act, 2023 (“DPDPA”) and applicable rules under the Information Technology Act, 2000.

By using the Service, you agree to the practices described here. If you do not agree, please do not use the Service.

1. Information we collect

1.1 Information you provide

When you create an account or use the Service, we collect:

• Account details: username, date of birth, and gender.
• Password (for Registered and Verified accounts). Passwords are stored as cryptographic hashes; we never store your plain-text password.
• Email address (optional at signup; required to upgrade to a Verified account).
• Profile information you choose to add: display name, bio, languages, and profile photo.
• Content you create: messages, posts, comments, reactions, and any media you upload.
• Reports and feedback you submit to our Trust & Safety team.

1.2 Information collected automatically

• Device and technical data: device model, operating system, app version, language, and time zone.
• IP address and approximate location: derived from your IP at signup and during use; we store country and (optionally) state. We do not collect GPS or precise location.
• Usage and diagnostic data: session activity, screen interactions, error logs, and crash reports used to operate and improve the Service.
• Device push token: a Firebase Cloud Messaging (FCM) token used to deliver push notifications.
• Online presence: when you are connected to the Service, so peers can see your online/offline status (subject to your privacy settings).

1.3 Information from third parties

We may receive limited information from Firebase, Google AdMob, and other service providers we use to operate the app — for example, anonymized attribution and device-integrity signals from Firebase App Check.

2. Lawful basis for processing

Under the Digital Personal Data Protection Act, 2023, we process your personal data on the following lawful bases:

• Your consent — given when you create an account, enable optional features, or submit content. You may withdraw consent at any time (see Your rights).
• Certain legitimate uses permitted by the DPDPA — including responding to medical/safety emergencies, complying with legal obligations, preventing fraud, and providing the Service you have requested.

3. How we use information

We use the information we collect to:

• Create and operate your account and provide the Service’s features.
• Deliver messages, posts, and notifications you and other users send.
• Personalize content, recommendations, and matchmaking suggestions.
• Show ads (currently provided through Google AdMob in eligible regions and account tiers; see Third-party services).
• Detect, prevent, and respond to fraud, abuse, spam, and policy violations.
• Protect users, the public, and Zyntragram — including responding to reports submitted to our Trust & Safety team.
• Communicate with you about account activity, security alerts, and product updates.
• Comply with legal obligations and respond to lawful requests.

4. Sharing and disclosure

We do not sell your personal information. We share information only in the following circumstances:

• With other users: profile fields you mark public (subject to your privacy settings), messages and posts you send to a recipient or audience, and presence/activity that you have not restricted.
• With service providers that help us operate the Service (see Section 4). They are bound to use your information only to provide their services to us.
• For legal reasons: if required by applicable law, court order, or government request, or to protect rights, safety, or property.
• In a business transfer: if Zyntragram is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you and provide choices where required by law.

5. Third-party services

We rely on the following providers to deliver the Service:

• Firebase (Google) — push notifications (FCM), media storage, and device-integrity checks (App Check).
• Google AdMob — serves advertising in eligible tiers and regions. AdMob collects device identifiers and ad-interaction data per Google’s policies.
• Amazon Web Services (AWS) — hosting and media storage (S3) for the Service’s backend.
• MongoDB Atlas — managed database service.

Each provider has its own privacy and data-handling practices. We recommend reviewing their policies for details.

6. Your rights under DPDPA

As a Data Principal under the DPDPA, you have the following rights:

• Right to information: obtain a summary of the personal data we hold about you and the processing activities undertaken.
• Right to correction and erasure: request that we correct inaccurate or misleading data, complete incomplete data, or erase data that is no longer necessary for the purpose it was collected for.
• Right to grievance redressal: contact our Grievance Officer (see Section 13) about any concern relating to your personal data or this Policy. We will respond within the timelines prescribed by applicable law.
• Right to nominate: nominate another individual to exercise these rights on your behalf in the event of your death or incapacity.
• Right to withdraw consent: where we rely on your consent, you may withdraw it at any time. Withdrawal does not affect processing that took place before withdrawal, and may limit features available to you.

To exercise any of these rights, email support@zyntragram.com from the email address associated with your account.

7. In-app choices and controls

• Privacy settings: control who can see your profile, online status, last seen, messages, posts, and tags from inside the app (Settings → Privacy & Safety).
• Notifications: manage push and in-app notification preferences from Settings.
• Block and report: block users and report content that violates our community guidelines from within the app.
• Deactivate your account: Settings → Account → Deactivate. Your account becomes inaccessible to others while remaining recoverable. See Data retention.

8. Age requirement

The Service is intended for individuals who are at least 18 years old. You must be 18 or older to create an account or use the Service. We do not knowingly collect personal information from anyone under 18, consistent with the Digital Personal Data Protection Act, 2023 (India). If you believe a person under 18 has provided us information, please contact us at support@zyntragram.com and we will take reasonable steps to delete that information.

9. Security and breach notification

We follow “reasonable security practices and procedures” as required by Section 43A of the IT Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the security obligations under the DPDPA. These include encryption in transit (HTTPS/TLS), hashed password storage, device-bound session tokens, principle-of-least- privilege access controls, and routine review of our safeguards.

Account recovery uses a one-time recovery code (shown only once at setup) and, for accounts with a verified email, an email-based OTP. Keep your recovery code somewhere safe.

Breach notification: in the event of a personal data breach, we will notify the Data Protection Board of India and affected users in the manner and within the timelines prescribed by the DPDPA and its rules.

No method of transmission or storage is 100% secure; we cannot guarantee absolute security but work continuously to improve our safeguards.

10. Data retention

We retain account information for as long as your account is active. When you deactivate your account, your profile becomes inaccessible to others. If you sign in again, your account is automatically reactivated.

You may request deletion of your account and associated personal information at any time by emailing support@zyntragram.com. We will delete or anonymize your information within a reasonable period, subject to lawful exceptions (e.g., fraud-prevention records, dispute history, and obligations under applicable law).

11. International transfers

Zyntragram operates from India, and our service providers (such as AWS and Google) may process your information in regions outside India. Section 16 of the DPDPA permits such transfers except to countries restricted by the Central Government by notification. We rely on contractual safeguards and the providers’ own security commitments for cross-border processing.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the app or by other reasonable means. The “Effective date” at the top reflects the latest version.

13. Grievance Officer

In accordance with Section 8(10) of the DPDPA and Rule 3(2) of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, the following officer has been designated to address your grievances:

• Name: Pradeep Yenkuwale
• Designation: Grievance Officer, Zyntragram
• Email: support@zyntragram.com

We acknowledge complaints within 24 hours and aim to resolve them within 15 days of receipt, as required under applicable law.

14. Contact us

For general questions about this policy or your data, email us at support@zyntragram.com. For grievances, please contact our Grievance Officer (see Section 13).