1. Introduction
HeriTrack ("we", "us", "our", or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the "Service").
This Privacy Policy applies to users in India and Australia, and complies with:
- India's Digital Personal Data Protection Act, 2023 (DPDPA)
- Australia's Privacy Act 1988 and Australian Privacy Principles (APPs)
- Google Play Store Privacy Policy Requirements
2. Information We Collect
2.1 Information You Provide Directly
Account Registration Information:
- Full name
- Email address
- Phone number
- Password (encrypted)
Profile Information:
- Username/Display name
- Profile picture (optional)
- Spiritual preferences
Location Data:
- GPS coordinates (only when location services enabled)
- Location history within the app (quests visited, sthaans explored)
2.2 Information Automatically Collected
- Device type and model
- Operating system and version
- App usage data and analytics
- Crash reports and performance data
3. How We Use Your Information
- Service Delivery: Create and maintain your account, deliver the HeriTrack service
- Personalization: Customize content based on your quest history and preferences
- Analytics: Analyze usage patterns to improve our service
- Communication: Send transactional emails and push notifications
- Safety: Detect and prevent fraud or abuse
4. Data Sharing
We do NOT sell your personal information to third parties for marketing purposes.
We may share data with:
- AWS (Amazon Web Services): Cloud hosting (ap-south-1 region)
- Google Maps: Location-based features
- AWS Cognito: Authentication services
- Law enforcement: Upon valid legal request
5. Data Retention
| Data Type |
Retention Period |
| Account data |
While account is active |
| Location history |
During membership |
| Analytics data |
13 months |
| Crash reports |
90 days |
| Legal/Compliance data |
7 years |
6. Data Security
- Encryption: Data encrypted in transit (TLS 1.2+) and at rest
- Access Control: Role-based access to sensitive data
- Monitoring: Continuous security monitoring
- Incident Response: 72-hour breach notification (DPDPA requirement)
7. Children's Privacy
HeriTrack is intended for users 13 years and older. Users under 18 must have verified parental/guardian consent as required by DPDPA 2023.
8. Your Data Rights
India - DPDPA 2023 Rights
- Right to Confirmation and Access
- Right to Correction
- Right to Erasure (right to be forgotten)
- Right to Data Portability
- Right to Withdraw Consent
- Right to Lodge Complaint with Data Protection Board
Australia - Privacy Act Rights
- Right to Know what information we hold
- Right of Access to your information
- Right of Correction
- Right to Complain to OAIC
9. Accessing This Policy in the App
iOS & Android
- Open the navigation drawer (tap the hamburger menu or swipe from the left edge)
- Expand the Account section at the bottom of the drawer
- Tap "Privacy & Data"
During first-time onboarding, you are also presented with a link to this Privacy Policy on the Consent screen before you can proceed.
Web
Visit heritrack.com/privacy directly, or follow the same drawer navigation as described above when logged in.
11. Regulatory Authorities
India: Data Protection Board of India, Ministry of Electronics and Information Technology
Australia: Office of the Australian Information Commissioner (OAIC) - www.oaic.gov.au