Legal
Privacy Policy
1. Who We Are
Rishta is a matrimonial application operated by Zypher LLC, a company registered in the State of Wyoming, United States of America.
Zypher LLC
5830 E 2nd Street, Suite 7000-18077
Casper, Wyoming 82609, USA
General enquiries: support@rishtaapp.in
Although Zypher LLC is incorporated outside India, this Privacy Policy is written to comply with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000 and IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Consumer Protection (E-Commerce) Rules, 2020, insofar as they apply to processing personal data of individuals in India.
2. Data We Collect
We collect only the data needed to provide our service. The table below describes each category, why we collect it, and our lawful basis.
| Data Category | Examples | Purpose | Lawful Basis |
|---|---|---|---|
| Identity & Contact | Full name, email address, mobile number | Account creation, authentication, OTP delivery | Consent (registration) |
| Birth Data | Date, time, and place of birth | Astrological compatibility computation (Kundli, natal chart, Manzil al-Qamar). Locked and made immutable after first verification — never edited again. | Consent (explicit, at onboarding) |
| Profile Data | Religion, denomination, community, caste, height, education, profession, bio | Matchmaking and discovery | Consent (profile creation) |
| Photos | Profile photograph | Profile display and identity verification to confirm a real person is registering. | Consent (explicit, at upload step) |
| Location | City / state of residence; birth location coordinates | Matching preferences (distance), astrology calculation | Consent |
| Matching Preferences | Age range, religion, location radius, community preferences | Filtering and ranking of potential matches | Consent |
| Communications | In-app chat messages between matched users | Enabling conversation between mutually interested users | Contract (service delivery) |
| Payment Data | Subscription plan, transaction ID, billing date | Subscription management. Card details are processed entirely by Stripe — we never store raw card numbers. | Contract; Legal obligation (accounting) |
| Device & Usage Data | Device OS, app version, session timestamps, feature interactions | Service reliability, bug diagnosis, usage analytics | Legitimate interest (service improvement) |
We do not collect Aadhaar numbers, PAN numbers, financial account details, or any government-issued identity numbers. We do not collect data from minors — see Section 9.
3. How We Use Your Data
- To create and manage your account and authenticate your identity.
- To compute spiritual and astrological compatibility between users based on the birth data you provide.
- To generate AI-assisted compatibility narratives for matched pairs.
- To surface profiles that match your stated preferences in the Discover feed.
- To enable in-app chat between mutually interested users only.
- To process subscription payments and manage your billing cycle.
- To send service notifications (match alerts, message notifications) via push notification and email.
- To detect and prevent fraud, fake profiles, and abuse.
- To improve and debug the application.
- To comply with applicable law and respond to lawful government requests.
We do not use your data to serve third-party advertisements. We do not sell, rent, or trade your personal data to any third party for their own marketing purposes.
4. Data Storage and Security
Where your data is stored
All personal data is stored exclusively on cloud infrastructure located within India. There are no cross-border transfers of personal data to any other country. Your data does not leave India.
Security measures
- All data in transit is encrypted using TLS 1.2 or higher.
- All data at rest is encrypted using AES-256.
- Database access is restricted to authenticated application services within a private VPC; no public database endpoints are exposed.
- Birth data is cryptographically locked after verification — no staff member or engineer can alter it.
- Passwords are never stored; authentication is handled via OTP (one-time password) only.
- All production deployments require code review and pass automated security checks before release.
Data breach notification
In the event of a personal data breach that is likely to result in harm to you, we will notify you and the relevant authority as required under the DPDP Act 2023 without undue delay.
5. Data Sharing and Disclosure
We share your data only in the following limited circumstances:
Service providers (data processors)
We use a small number of trusted third-party services to operate the platform. Each is bound by a data processing agreement and may only use your data as directed by us:
- Supabase — cloud infrastructure, database hosting, and media storage (servers located in India)
- Stripe Inc. — payment processing. Stripe processes card data directly; we receive only a transaction reference and subscription status.
- Twilio Inc. — OTP SMS delivery for phone number verification
- Google Firebase — push notification delivery (FCM), phone authentication
- Pinecone — vector database for contextual AI knowledge retrieval (no personal identifiers stored)
Other users
Your profile information (name, photo, religion, community, age, location, bio) is visible to other Rishta users when you appear in their Discover feed or when a mutual interest is established. Your birth data (date, time, exact coordinates) is never shown to other users in raw form — only derived compatibility scores and narratives are shared.
Legal requirements
We may disclose data if required to do so by a court order, government authority, or applicable law. We will notify you of such a request where we are legally permitted to do so.
Business transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred to a successor entity. We will notify you before your data is transferred and becomes subject to a different privacy policy.
6. Data Retention
| Data Category | Retention Period |
|---|---|
| Account & profile data | Until you delete your account, then purged within 30 days. |
| Birth data | Until account deletion, then purged within 30 days. Cannot be retrieved after deletion. |
| Profile photos | Until account deletion or photo replacement, then purged within 7 days. |
| Chat messages | Until account deletion, then purged within 30 days. |
| Payment records | 8 years from transaction date (statutory accounting requirement). |
| Device & usage logs | 90 days on a rolling basis. |
| Anonymised analytics | Retained indefinitely (no personal identifiers). |
If your account is suspended or banned for a violation of our Terms of Service, we may retain records relevant to the violation for up to 3 years for safety and legal purposes.
7. Your Rights as a Data Principal
Under the DPDP Act 2023, you have the following rights with respect to your personal data. You may exercise any of these rights by contacting us at support@rishtaapp.in or through the in-app account settings where available.
Right to access
You may request a summary of the personal data we hold about you and the purposes for which it is being processed. We will respond within 30 days.
Right to correction
You may request correction of inaccurate or incomplete personal data. Note: birth data (date, time, and place of birth) is permanently locked after first verification and cannot be corrected thereafter.
Right to erasure (deletion)
You may delete your account at any time from the app settings (Profile → Delete Account). Upon deletion, all personal data is purged within the retention periods set out in Section 6. Anonymised data derived from your usage may be retained.
Right to grievance redressal
If you believe your rights have been violated or you have a concern about our data practices, you may file a grievance with our Grievance Officer (see Section 11). We will acknowledge within 48 hours and resolve within 30 days.
Right to withdraw consent
See Section 8 below.
Right to nominate
You may nominate another individual to exercise your rights on your behalf in the event of your death or incapacity, in accordance with the DPDP Act 2023. To register a nominee, contact us at support@rishtaapp.in.
8. Withdrawing Consent
You may withdraw consent for any processing that is based on consent (see Section 2) at any time. Withdrawal of consent does not affect the lawfulness of processing that occurred prior to withdrawal.
The consequences of withdrawing specific consents are:
- Birth data processing: Withdrawing consent means your compatibility scores and narratives can no longer be generated. Your profile will be hidden from Discover until consent is re-granted or your account is deleted.
- Photo processing: Withdrawing consent means your profile photo is removed and your profile is hidden until a new photo is uploaded.
- Push notifications: You may disable push notifications at any time from your device settings. This will not affect your ability to use the app.
- All data: Deleting your account (Profile → Delete Account) constitutes full withdrawal of consent and triggers deletion of your personal data per Section 6.
To withdraw consent for a specific data category without deleting your account, contact support@rishtaapp.in.
9. Children's Data
Rishta is a matrimonial platform intended for adults aged 18 and above. We do not knowingly collect personal data from individuals under 18 years of age. If we become aware that a user is under 18, we will immediately suspend the account and delete all associated personal data.
If you believe a minor has registered on our platform, please notify us at support@rishtaapp.in immediately.
10. Sensitive Personal Data
Under the IT Rules 2011, the following data we collect qualifies as Sensitive Personal Data or Information (SPDI): religious beliefs, and certain profile data such as caste and denomination. We collect this data only with your explicit consent and use it solely for the purpose of providing faith-appropriate matchmaking. It is not shared with third parties except as described in Section 5.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you via in-app notification and email at least 14 days before the changes take effect. The updated policy will be published at rishtaapp.in/privacy with a revised effective date. Continued use of the app after the effective date constitutes acceptance of the updated policy.
12. Grievance Officer and Data Protection Officer
In accordance with the Information Technology Act, 2000, IT Rules 2011, and the DPDP Act 2023, the following officer is designated to receive and resolve complaints and data-related grievances:
Grievance Officer & Data Protection Officer
Manish Khanna
Zypher LLC — 5830 E 2nd Street, Suite 7000-18077, Casper, Wyoming 82609, USA
Email: manish@rishtaapp.in
Grievances will be acknowledged within 48 hours and resolved within 30 days of receipt, in accordance with IT Rules 2011.
For general support queries, please contact support@rishtaapp.in.