← Back to NammaPetti

Privacy Policy

Last updated: March 2026

NammaPetti ("we", "our", or "us") operates the NammaPetti application and website (collectively, the "Service"). This Privacy Policy explains how we collect, use, store, and protect your information when you use the Service. By using the Service, you consent to the practices described in this policy.

1. Information We Collect

1.1 Information You Provide

• Account information: Name, email address, phone number, and authentication credentials when you register.
• Vault content: Documents (Aadhaar, PAN, insurance policies, property papers, etc.), financial account details, nominee information, and any other data you choose to store.
• Legacy contacts: Names and contact details of family members you designate for legacy access.
• Communications: Messages you send to our support team.

1.2 Information Collected Automatically

• Device information: Device type, operating system, browser type, and unique device identifiers.
• Usage data: Pages visited, features used, timestamps, and interaction patterns (anonymized and aggregated).
• Log data: IP address, access times, and referring URLs.

2. How We Use Your Information

• Provide the Service: Store, organize, and retrieve your documents and financial information securely.
• Alerts and notifications: Send document expiry reminders, renewal alerts, and nominee update prompts.
• Legacy access: Facilitate authorized access transfer to your designated family members as per your configured protocols.
• Service improvement: Analyze anonymized usage patterns to improve features and user experience.
• Security: Detect and prevent fraud, unauthorized access, and other malicious activity.
• Legal compliance: Comply with applicable Indian laws and regulations.

3. Data Security & Encryption

We take the security of your data extremely seriously. Your vault content is protected with:

• End-to-end encryption: All documents and sensitive data are encrypted on your device before being transmitted to our servers. Only you (and your authorized legacy contacts) hold the decryption keys.
• Zero-knowledge architecture: We cannot read, access, or decrypt your vault content. Even in the event of a server breach, your data remains encrypted and unreadable.
• Encryption at rest: All data stored on our servers is encrypted using AES-256 encryption.
• Encryption in transit: All communications between your device and our servers use TLS 1.3.
• Infrastructure: Our servers are hosted on enterprise-grade cloud infrastructure with SOC 2 compliance.

4. Data Sharing & Third Parties

We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:

• With your consent: When you explicitly authorize sharing with legacy contacts or family members.
• Service providers: With trusted infrastructure and analytics providers who are bound by strict confidentiality agreements and process data only on our behalf (e.g., cloud hosting, email delivery).
• Legal requirements: When required by Indian law, regulation, legal process, or enforceable government request.
• Safety: To protect the rights, property, or safety of NammaPetti, our users, or the public.

Due to our zero-knowledge architecture, even when compelled by law, we can only provide encrypted data that we cannot decrypt.

5. Data Retention

• Active accounts: Your data is retained for as long as your account is active.
• Account deletion: When you delete your account, all vault content is permanently and irreversibly deleted from our servers within 30 days.
• Backups: Encrypted backups are purged within 90 days of account deletion.
• Anonymized data: Aggregated, anonymized usage statistics may be retained indefinitely as they cannot be linked back to you.

6. Your Rights

Under the Digital Personal Data Protection Act, 2023 (DPDPA) and applicable Indian law, you have the right to:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete personal data.
• Erasure: Request deletion of your personal data and account.
• Data portability: Export your vault content at any time through the app.
• Withdraw consent: Withdraw your consent for data processing at any time (this may affect your ability to use the Service).
• Grievance redressal: Lodge a complaint with our Grievance Officer or the Data Protection Board of India.

To exercise any of these rights, contact us at hello@nammapetti.com.

7. Cookies & Tracking

• Essential cookies: We use strictly necessary cookies to maintain your authentication session and remember your preferences.
• Analytics: We may use privacy-respecting, anonymized analytics to understand how the Service is used. No personal data is shared with analytics providers.
• No third-party tracking: We do not use advertising cookies, social media trackers, or any third-party tracking technologies.

8. Children's Privacy

NammaPetti is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

9. International Data Transfers

Your data is stored on servers located in India. If any data is transferred outside India, we ensure adequate safeguards are in place as required by the DPDPA and any rules notified thereunder.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice within the app at least 15 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

11. Contact Us

For general questions about this Privacy Policy or your data, contact us at:

Email: hello@nammapetti.com
Website: nammapetti.com