Privacy
Policy.

Last updated: March 15, 2026

1. Introduction

Svarasattva ("we," "us," or "our") operates the website svarasattva.com and the Svarasattva mobile application (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We are committed to protecting your privacy in accordance with the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 of India, as well as applicable international privacy standards.

By using our Service, you consent to the data practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

2. Information We Collect

We collect information that you provide directly to us, as well as information collected automatically when you use our Service.

2.1 Information You Provide

• Account Information: When you register, we collect your name, email address, phone number, and password. You may also sign in using Google OAuth, in which case we receive your name, email, and profile picture from Google.
• Profile Information: Additional details you choose to provide such as your date of birth, profile photo, and learning preferences.
• Payment Information: When you purchase a subscription or course, payment is processed by our third-party payment processor (Easebuzz). We receive transaction confirmations including transaction ID, amount, and status. We do not store your credit/debit card numbers, UPI IDs, or bank account details on our servers.
• Communications: When you contact us via email, the contact form, or customer support, we collect the content of your messages and any attachments.
• Class Participation Data: Attendance records, class schedules, and learning progress within courses.

2.2 Information Collected Automatically

• Device Information: Device type, operating system, browser type and version, screen resolution, and unique device identifiers.
• Usage Data: Pages visited, features used, time spent on pages, click patterns, and navigation paths within the Service.
• Log Data: IP address, access times, referring URLs, and error logs when you interact with our Service.
• Cookies and Local Storage: We use essential cookies for authentication and session management. We do not use third-party advertising or tracking cookies.
• Push Notification Tokens: If you opt in to push notifications, we store your device push token to deliver class reminders and important updates.

3. How We Use Your Information

We use the information we collect to:

• Create and manage your account, authenticate your identity, and provide access to our educational platform.
• Process payments and manage your subscriptions and course enrollments.
• Schedule and deliver live classes, send class reminders, and track your learning progress.
• Send transactional communications such as enrollment confirmations, payment receipts, renewal reminders, and schedule changes.
• Respond to your inquiries, provide customer support, and resolve disputes.
• Improve and optimize our Service, including analyzing usage patterns and fixing technical issues.
• Ensure the security and integrity of our platform, detect fraud, and enforce our Terms of Service.
• Comply with legal obligations and respond to lawful requests from authorities.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. Legal Basis for Processing

We process your personal data on the following legal grounds:

• Contractual Necessity: To perform our obligations under the service agreement when you enroll in courses or subscribe to our platform.
• Consent: Where you have given explicit consent, such as opting in to push notifications or marketing communications.
• Legitimate Interests: To improve our Service, ensure security, and prevent fraud, where these interests are not overridden by your rights.
• Legal Obligation: To comply with applicable laws, regulations, and legal processes.

5. Data Sharing and Disclosure

We may share your information with the following categories of recipients, only to the extent necessary:

• Payment Processors: Easebuzz processes your payments securely. They receive only the information necessary to complete transactions. Their privacy practices are governed by their own privacy policy.
• Authentication Providers: If you sign in with Google, Google receives confirmation of your authentication request. We receive your basic profile information from Google.
• Instructors: Teachers on our platform can see your name, enrollment status, attendance, and class-related information necessary to deliver instruction.
• Service Providers: We use hosting, email delivery, and infrastructure providers who process data on our behalf under strict data processing agreements.
• Legal Requirements: We may disclose your information if required by law, court order, or governmental authority, or to protect our rights, safety, or property.

We do not share your personal data with advertisers or third-party marketing platforms.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with our Service. Specifically:

• Account Data: Retained for the duration of your account and for 3 years after account deletion to comply with legal and tax obligations.
• Payment Records: Retained for 8 years as required by Indian tax and financial regulations.
• Usage Logs: Retained for up to 12 months for security and analytics purposes, then anonymized or deleted.
• Communications: Support correspondence is retained for 2 years after resolution.

You may request deletion of your account and associated data at any time by contacting us. We will process your request within 30 days, subject to any legal retention requirements.

7. Data Security

We implement industry-standard security measures to protect your personal data, including:

• All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher (HTTPS).
• Passwords are hashed using secure, one-way hashing algorithms and are never stored in plain text.
• Access to personal data is restricted to authorized personnel on a need-to-know basis.
• We enforce Content Security Policy (CSP), HTTP Strict Transport Security (HSTS), and other security headers to protect against common web vulnerabilities.
• Payment processing is handled entirely by PCI-DSS compliant third-party processors. We never store card details.

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete personal data.
• Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Data Portability: Request your data in a structured, commonly used, machine-readable format.
• Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• Opt-out of Communications: You can unsubscribe from non-essential emails at any time. You cannot opt out of transactional communications related to your account and active enrollments.

To exercise any of these rights, please contact us at privacy@svarasattva.com. We will respond to your request within 30 days.

9. Children's Privacy

Our Service may be used by minors under the age of 18 for educational purposes. We require parental or guardian consent for users under 13 years of age. Parents or guardians may create and manage accounts on behalf of their children. If we become aware that we have collected personal data from a child under 13 without parental consent, we will take steps to delete that information promptly.

Parents and guardians may contact us at any time to review, update, or request deletion of their child's personal data.

10. Third-Party Services

Our Service integrates with the following third-party services:

• Google OAuth: For account authentication. Subject to Google's Privacy Policy.
• Easebuzz: For payment processing. Subject to Easebuzz's Privacy Policy.
• YouTube: For embedded video content. Subject to Google's Privacy Policy.

We are not responsible for the privacy practices of these third-party services. We encourage you to review their privacy policies.

11. Cookies and Tracking Technologies

We use only essential cookies required for the functioning of our Service:

• Session Cookies: To maintain your authenticated session while using the platform. These expire when you close your browser or after a set period.
• Preference Cookies: To remember your settings such as theme preference. These persist across sessions.

We do not use advertising cookies, analytics tracking pixels, or third-party tracking scripts. We do not participate in cross-site tracking or behavioral advertising.

12. International Data Transfers

Our servers are located in India. If you access our Service from outside India, your information may be transferred to, stored, and processed in India. By using our Service, you consent to the transfer of your information to India, where data protection laws may differ from those in your jurisdiction.

13. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users via email within 72 hours of becoming aware of the breach. We will also notify the relevant authorities as required by applicable law.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we will provide additional notice via email or an in-app notification. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

15. Grievance Officer

In accordance with the Information Technology Act, 2000 and the rules made thereunder, the Grievance Officer for the purpose of this Privacy Policy is:

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: