Privacy Notice (India DPDP)

Version 2026-06-24 · Last updated 2026-06-24

1. Who we are

SthirApp (Aadinath Ventures) is the Data Fiduciary for account data of firm owners and staff. For customer and loan records you enter, your firm is the Data Fiduciary and SthirApp acts as a Data Processor.

2. Account & operational data (Tier 1)

We collect the following to operate your account, provide support, and manage firms on our admin systems:

  • Your full name - Account identity, support, and device attribution
  • Mobile number - Login OTP, support callbacks, and service messages
  • Firm name and contact details - Account operation, admin firm management, and support
  • City, state, address - Regional support and firm profile
  • Subscription and device metadata - Plan limits, push notifications (if enabled), and security

Marketing (product updates via push/WhatsApp) uses the same contact details only if you opt in. You can withdraw marketing consent anytime in Settings → Help & Privacy.

3. Business vault data (Tier 2)

Data you enter about customers and loans:

  • Customer name, mobile, address, Aadhaar - Loan management on your behalf (you are the Data Fiduciary)
  • Loan, collateral, and transaction records - Business operations on your behalf - encrypted at rest

Sensitive fields are encrypted at rest on our systems using industry-standard encryption. Data in transit uses TLS/HTTPS. Vault data is used only for your firm's business operations. We are rolling out an enhanced client-side vault where decryption keys are held only on your devices.

4. Your rights

Under India's Digital Personal Data Protection Act, you may:

  • Access and correct your personal data
  • Withdraw consent (especially marketing) with ease comparable to giving it
  • Request erasure where applicable (firm owners via in-app request)
  • Export account metadata (Settings → Help & Privacy)
  • Nominate another person to exercise rights in the event of death or incapacity
  • Raise a grievance with us or complain to the Data Protection Board

5. Retention & security

We retain account data while your subscription is active and as required for legal and audit obligations (audit logs may be kept up to 7 years). Personal-data access logs are retained for at least one year. We use encryption, access controls, and monitoring to protect data.

6. Grievance & Board

Grievance Officer: hello@sthirapp.com

You may also file a complaint with the Data Protection Board of India - see MeitY guidance.

7. Related documents

Terms & Conditions · Data Processing Agreement · Account deletion