LAST UPDATED: July 5, 2026 • JURISDICTION: INDIA

Privacy Policy

Our Commitment: Consisto respects your privacy. Our core philosophy is data minimization and Zero-Knowledge architecture wherever possible. We only collect what is strictly necessary to run the service.

1. Information We Collect

To provide and maintain the Consisto platform, we collect the following types of information:

  • Account Information: Name, email address, institution ID (if applicable), and encrypted authentication hashes.
  • Usage Data: Application telemetry, login timestamps, and broad feature usage statistics (e.g., how many times the focus timer was used) to improve our service.
  • User-Generated Content: Study notes, habits, Kanban boards, and whiteboards. Note: Sensitive elements like Journal entries are End-to-End Encrypted (E2EE) and cannot be read by us.
  • Verification Data: For account recovery, we may utilize third-party services (like Didit) to verify identity. We do not store your government ID images on our servers.

2. How We Use Your Information

We use the collected data for various purposes:

  • To provide, operate, and maintain the Consisto platform.
  • To authenticate users and secure accounts against unauthorized access.
  • To process transactions via our payment gateway (Razorpay).
  • To send administrative notices, product updates, and security alerts.
  • To comply with legal obligations and resolve disputes.

3. Data Sharing and Third-Party Subprocessors

We do not sell your personal data. We only share information with trusted third-party subprocessors strictly necessary to operate the Service:

  • Firebase (Google): For cloud infrastructure, database hosting, and authentication.
  • Razorpay: For processing subscription payments. (We do not store full credit card numbers).
  • Didit: For identity verification during the account recovery process.
  • Brevo: For transactional email delivery.

All subprocessors are bound by strict confidentiality and data protection agreements.

4. Data Retention and Permanent Deletion

We retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. You have the right to request the deletion of your account at any time.

Upon initiating an account deletion, your account enters a 48-hour cooldown period. During this time, access is restricted but data is held intact in case of a compromised account or accidental click. Once the 48 hours expire, an automated system permanently purges all Personally Identifiable Information (PII) and E2EE encrypted blobs from our databases. This action is irreversible.

5. Your Rights

Depending on your jurisdiction (e.g., under the GDPR or DPDP), you may have the right to:

  • Access, update, or delete the information we have on you.
  • Object to our processing of your Personal Data.
  • Request that we restrict the processing of your personal information.
  • Request the portability of your Personal Data in a structured, machine-readable format.

To exercise any of these rights, please contact our Data Protection Officer at privacy@consisto.in.