This Privacy Policy describes how Gau Astha ("we", "us", or "our") collects, uses, and protects your information when you use the Gau Astha mobile application and related services (collectively, the "Service"). By using the Service, you agree to the collection and use of information as described in this policy.

1. Information We Collect

1.1 Account & Identity Information

When you register or are added to the platform, we collect:

  • Full name and email address
  • Password (stored as a secure hash — never in plain text)
  • Role within the gaushala (Admin or Staff)

1.2 Staff Profile Information

For staff members, gaushala administrators may add the following information to the platform:

  • Father's name and phone number
  • Aadhaar number (used for staff identification; stored and handled with care)
  • Category, salary, joining date, and work history

1.3 Gaushala & Operational Data

Data entered by your organisation about gaushala operations, including:

  • Cattle records (tag numbers, health history, vaccination, breeding records)
  • Inventory items, shed details, and infrastructure records
  • Daily operation logs including milk production and expense records

1.4 Donor Information

When donations are made through the app, we collect:

  • Donor name and phone number
  • Donation amount and purpose message
  • Payment transaction details (processed via Razorpay)

1.5 Payment Information

Subscription payments and donation transactions are processed by Razorpay. We do not store full card or bank account details on our servers. Razorpay's Privacy Policy governs the handling of payment data. We store only the transaction status, Razorpay Order ID, and Payment ID for record-keeping.

1.6 Device & Usage Data

We may automatically collect limited technical information including:

  • Device type and operating system version
  • App version
  • API request logs for debugging and security purposes

We do not collect precise GPS location data.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Gau Astha Service
  • Authenticate users and enforce role-based access control
  • Process subscription payments and manage plan status
  • Enable donation collection and fund allocation tracking
  • Generate operational reports for gaushala administrators
  • Send important notices about your account or subscription status
  • Investigate and resolve technical issues or security incidents

We do not sell, rent, or share your personal information with third parties for marketing purposes.

3. Data Sharing & Third Parties

We share data only in the following limited circumstances:

  • Razorpay: Payment processing for subscriptions and donations. Subject to Razorpay's Privacy Policy.
  • Amazon Web Services (AWS S3): Secure cloud storage for uploaded images (cow photos, gaushala images). Files are stored in private buckets with access-controlled URLs.
  • Legal compliance: We may disclose information if required by applicable law, court order, or government authority.

4. Data Storage & Security

Your data is stored on secure servers hosted in India. We implement industry-standard security measures including:

  • Passwords stored using bcrypt hashing (never in plain text)
  • All API communication over HTTPS (TLS encryption)
  • JWT-based authentication with short-lived access tokens and secure refresh tokens
  • Role-based access control so staff can only access data permitted for their role
  • Sensitive tokens stored on-device using iOS/Android Secure Enclave (via Expo SecureStore)

While we take all reasonable precautions, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. If you request account deletion:

  • Your personal account data (name, email, password hash) will be permanently deleted within 30 days
  • Operational gaushala data (cattle records, operations) associated with your organisation may be retained for up to 90 days before permanent deletion, unless an administrator requests earlier removal
  • Transaction records related to payments may be retained for up to 7 years for legal and financial compliance purposes

6. Your Rights & Data Deletion

Depending on your location and applicable law, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated personal data
  • Withdraw consent where processing is based on consent

How to Request Account & Data Deletion

You can request the deletion of your personal account and all associated data at any time by emailing us directly:

📧 Send your deletion request to info@boxkey.in with the subject line "Data Deletion Request" and include the email address registered to your account. We will process your request within 30 days.

Upon receiving a valid deletion request, we will:

  • Permanently delete your personal account data (name, email, password hash) within 30 days
  • Remove your staff profile and associated personal details
  • Anonymise or delete operational records linked solely to your account

Please note that transaction records related to payments may be retained for up to 7 years for legal and financial compliance, as described in Section 5 above. Gaushala-level operational data (cattle records, shed logs) entered by your organisation is managed by the Gaushala Admin and may remain unless they also submit a deletion request.

7. Children's Privacy

The Gau Astha Service is intended for use by adults managing gaushala operations. We do not knowingly collect personal information from individuals under the age of 18. If you believe we have inadvertently collected such information, please contact us immediately.

8. Sensitive Information (Aadhaar)

Staff Aadhaar numbers entered into the platform are used solely for internal staff identification purposes by the gaushala administrator. This information is stored securely in our database and is not shared with any third party. Gaushala administrators are responsible for obtaining appropriate consent from staff before entering this information.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes by updating the "Last updated" date at the top of this page. Continued use of the Service after changes constitutes acceptance of the revised policy.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: