1. Who We Are

Consisto ("we", "us", "our") is a productivity platform operated from India. This Privacy Policy explains how we collect, use, and protect your information when you use https://app.consisto.in.

For any privacy concerns, contact us at consistency@consisto.in.

2. Information We Collect

Account Information: When you register, we collect your email address, full name, and a hashed password. We never store your plain-text password.

Content You Create: Your journal entries, kanban tasks, whiteboard data, and timer logs are stored in our database, associated with your account. Journal entries are stored server-side to enable sync across devices.

Usage Data: We record the last time you accessed your account (last_seen) to compute active user statistics and for session management. We do not track individual page views or build behavioural profiles.

Payment Information: Payments are processed via Razorpay. We store only the Razorpay order/payment IDs and amount — no raw card numbers ever touch our servers.

Referral Codes: If you sign up via a referral link, we record which referral code was used, linked to your account.

3. How We Use Your Information

• To provide, maintain, and improve the Consisto service
• To authenticate you and manage your session securely
• To process subscription payments via Razorpay
• To send transactional emails (e.g. payment confirmation) — no marketing without consent
• To generate anonymous aggregate analytics (total users, signups per day) for internal use
• To detect and prevent fraud, abuse, or security incidents

4. Data Storage & Security

Your data is stored on servers hosted in India. We implement industry-standard security: bcrypt password hashing, CSRF protection on all forms, prepared statements to prevent SQL injection, and HTTPS everywhere.

Journal entries and sensitive user content are stored encrypted at rest where feasible. Your password is hashed using bcrypt with a cost factor of 12 and is never recoverable even by us.

5. Data Sharing

We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes. Data is shared only:

• Razorpay — to process payments (subject to their privacy policy)
• Firebase (Google) — for authentication via Google Sign-In (subject to Google's privacy policy)
• When required by law or valid legal process

6. Cookies & Sessions

We use a single, secure HTTP-only session cookie to keep you logged in. We do not use third-party tracking cookies or advertising cookies. Session cookies expire after inactivity or when you log out.

7. Your Rights

• Access: You can view all your data from your Account page.
• Deletion: You may request account deletion by emailing consistency@consisto.in. We will delete your account and associated content within 30 days.
• Portability: Contact us if you need an export of your data.
• Correction: You can update your name and email from the Account settings page.

8. Data Retention

We retain your data for as long as your account is active. If you delete your account, your data is permanently removed from our systems within 30 days, except where retention is required by law (e.g. payment records for tax/legal purposes).

9. Children's Privacy

Consisto is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has created an account, contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes via the app or by email. Continued use after changes constitutes acceptance of the updated policy.

11. Contact

For any privacy questions, data requests, or concerns, contact us at:
consistency@consisto.in