Privacy Policy
🔒 Short version: Your chat data stays on our servers, is never sold, never shared with third parties, and is only used to provide the Kotha service to you.
1. What we collect
When you use Kotha, we collect:
- Account info: Your email address, display name, and (if you use Google login) your Google profile photo.
- Chat data: WhatsApp chat exports you upload — text messages, images, videos, and audio files.
- Usage data: AI message counts, plan type, and basic access logs (for abuse prevention).
- Payment info: Processed entirely by Razorpay — we never see or store your card details.
2. How we use your data
- To display your chats beautifully in the Kotha app.
- To power the AI roleplay feature — your chat history is sent to our AI provider to generate responses.
- To enforce plan limits (free vs. paid AI message counts).
- To send transactional emails (account verification, password reset).
We do not use your data for advertising, analytics profiling, or any purpose beyond providing the Kotha service.
3. Data storage & security
All data is stored on our servers (AWS Mumbai region, India). Chat files are stored in a private directory accessible only to your account — path traversal protection is enforced at the server level.
Sessions use secure HTTP-only cookies. Passwords are hashed with bcrypt and never stored in plaintext.
4. AI processing
When you use the AI chat feature, portions of your imported chat history are sent to our AI provider (via secure API) to generate contextual responses. This data is used only for generating your response and is not used to train AI models.
5. Third-party services
- Google OAuth: Used for sign-in. We receive your name, email, and profile picture.
- Razorpay: Handles all payment processing. We never see your card details.
- Google Analytics: Basic anonymous page-view analytics. No personal data is shared.
6. Data deletion
You can delete individual chats from within the app at any time. To delete your entire account and all associated data, contact us at privacy@onlinekotha.com. We will process deletion requests within 7 days.
7. Cookies
We use a single session cookie (HTTP-only, secure) to keep you logged in. We do not use advertising cookies or third-party tracking cookies.
8. Children's privacy
Kotha is not directed to children under 13. We do not knowingly collect personal information from children under 13.
9. Changes to this policy
We may update this policy occasionally. Significant changes will be notified via email. Continued use after changes constitutes acceptance.
10. Contact
For privacy concerns: privacy@onlinekotha.com