RISHTA AUNTIE

PRIVACY POLICY

Effective Date: June 8, 2026

Last Updated: June 8, 2026

This Privacy Policy (this “Privacy Policy” or “Policy”) describes how Rishta Auntie LLC (“Rishta Auntie”, “we”, “us”, or “our”) collects, uses, discloses, retains, and protects personal information of users (“you” or “User”) in connection with the Rishta Auntie mobile application for iOS and Android (the “App”), our website located at https://www.rishtaauntie.app (the “Website”), and all related features, content, products, and services we offer (collectively, the “Services”).

Rishta Auntie is a South Asian matchmaking platform intended exclusively for adults eighteen (18) years of age or older who are seeking marriage-minded connections. By accessing or using the Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree, do not access or use the Services.

Operating Region. The Services are offered in the United States (all 50 states and the District of Columbia) and Canada. The Services are not directed to, intended for, or offered to individuals located outside of the United States or Canada, including without limitation residents of the European Economic Area, the United Kingdom, or Switzerland.

Contact. Questions about this Privacy Policy may be directed to support@rishtaauntie.app or by mail to Rishta Auntie LLC, 329 S. Oyster Bay Rd #1033, Plainview, NY 11803, USA.

Eligibility and Adults-Only Service
Information We Collect
Sensitive Personal Information
Biometric Information (Selfie Verification)
Information Collected Automatically
Information from Third-Party Sources
How We Use Your Information
How We Share Your Information
Cross-Context Behavioral Advertising and “Sale” / “Share” Disclosures
Cookies, SDKs, and Similar Technologies
Mobile Device Permissions
Marketing Communications (Email, SMS, Push)
Data Retention
Data Security
User-Generated Content and Public Information
Safety, Moderation, and CSAM
No Background or Sex Offender Screening
International Data Transfers and Storage
Your Privacy Rights — General
California Privacy Rights (CCPA/CPRA)
Other U.S. State Privacy Rights
Canadian Privacy Rights (PIPEDA)
Quebec Privacy Rights (Law 25)
How to Submit a Privacy Rights Request
Do Not Track and Global Privacy Control
Third-Party Services and Links
Changes to This Privacy Policy
Contact Us

1. Eligibility and Adults-Only Service

In Short: The Services are restricted to individuals who are at least 18 years old. We do not knowingly collect personal information from anyone under 18.

The Services are intended exclusively for adults eighteen (18) years of age or older. By creating an account or otherwise using the Services, you represent and warrant that you are at least 18 years old, that all registration information you submit is truthful and accurate, and that you will maintain the accuracy of such information.

Rishta Auntie does not knowingly collect, solicit, or maintain personal information from any individual under the age of 18. The Services are not directed to children. If we become aware that we have collected personal information from a child under 18, we will promptly deactivate the account, delete the information from our active systems in accordance with applicable law, and take reasonable measures to remove such information from our records.

If you believe that a child under 18 may have provided us with personal information, or if you are a parent or guardian who becomes aware of such a situation, please contact us immediately at support@rishtaauntie.app so that we may take appropriate action.

2. Information We Collect

In Short: We collect information you provide to us directly, information we collect automatically when you use the Services, and limited information from third-party sources.

The categories and specific elements of personal information we collect depend on how you interact with the Services. We collect the following categories of personal information:

2.1 Account Registration and Profile Information

When you create an account and build your profile, we collect:

Identity and contact information: first name, last name, display name, username, email address, mobile phone number, date of birth, age, gender, and a unique user identifier (UUID).
Account credentials and authentication data: password (stored in hashed form), sign-up method (phone or email), social login provider used (Google, Apple), phone verification status, push notification token (from OneSignal), and notification identifier.
Photographs, videos, and audio: profile photographs, profile and chat videos, profile and chat voice notes, and any images, video, or audio you choose to share through the Services.
Selfie verification media: a real-time selfie image or short video captured for identity verification purposes (see Section 4).
Profile description content: tagline; “vibes” (the descriptive self-summary you select); answers to in-app prompts (“questions”); description of yourself; and personality type (a self-reported indicator used by the Rishta Compass matching feature — see Section 7).
Demographic and background information: height, family origin, community, ethnicity, languages you speak, country, and approximate location (derived from address using Google Maps).
Religious and spiritual information: religion, denomination, level of practicing, and level of praying. This information is collected at sign-up to enable religiously and spiritually compatible matching.
Education and professional information: education level, college or university, major, occupation, job title, company, and “dream job.”
Lifestyle and relationship preferences: diet, smoker status, drinking status, whether you have children, whether you want children, willingness to relocate, marriage history (e.g., never married, divorced), and desired marriage timeline.
Account and subscription status: status color (indicating free or premium/paid status), creation date, last updated date and time, login status, privacy settings (e.g., hide profile, notifications, view of blocks/reports), and subscription tier.
In-app activity data: users you have liked or interacted with (“myLikes”), users you have blocked (“blocklist”), users you have reported or who have reported you (“isReported”), and messages or content you exchange with other users (including chat text, images, video, and voice notes).
Account deletion data: if you delete your account, we collect your stated reason for deletion (“deleteReason”) and any additional description you choose to provide (“deleteDescription”).

2.2 Subscription, Payment, and Transaction Information

Rishta Auntie offers a freemium model. All premium subscriptions and in-app purchases are processed exclusively through Apple’s in-app purchase system on iOS and Google Play Billing on Android. We do not collect, store, or process your payment card number, bank account information, or other payment credentials. The applicable platform (Apple or Google) processes your payment in accordance with its own terms and privacy policies. We may receive limited information from the platform confirming your subscription status, transaction identifier, subscription tier, and renewal or cancellation status.

2.3 Customer Support and Inquiry Information

When you contact our customer support team, whether through in-app channels, our admin panel API, or by email, we collect the contents of your communications, your contact information, and any other information you choose to provide so that we can respond to and resolve your inquiry.

2.4 User-Generated Content and Communications

We collect content you submit, post, transmit, or otherwise make available through the Services, including without limitation profile content, photographs, videos, voice notes, voice calls, in-app text messages (chat), prompt answers, and any other content you generate. We collect metadata associated with such content (e.g., timestamps, sender/recipient identifiers, message status). Future features may include video calling; if and when such features are launched, the same general categories apply.

3. Sensitive Personal Information

In Short: We collect categories of personal information that are treated as “sensitive” under certain U.S. state privacy laws, including religion, ethnicity, and biometric data. We collect this information because it is essential to the matchmaking purpose of the Services.

Certain U.S. state privacy laws (including the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA/CPRA”), the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, the Oregon Consumer Privacy Act, the Texas Data Privacy and Security Act, and similar laws in other states) classify certain categories of personal information as “sensitive” and impose additional requirements on their use.

We collect the following categories of sensitive personal information:

Religious or philosophical beliefs (religion, denomination, level of practicing, level of praying);
Racial or ethnic origin (community, family origin, ethnicity);
Precise or approximate geolocation (derived from your address and device, used in approximate form to match users by geography and to display country flags and city information — see Section 5);
Biometric information (a selfie image or short video used for identity verification — see Section 4); and
The contents of your private communications with other users on the Services (messages, voice notes, voice calls, and any future video calls), to the extent treated as sensitive under applicable law.

Purpose of collection and use. We collect and use sensitive personal information solely for the following purposes: (i) to provide the core matchmaking functionality of the Services (including matching you with other users based on religious, cultural, linguistic, and geographic compatibility); (ii) to verify that you are a real human being and not a fraudulent or duplicate account (selfie verification); (iii) to facilitate communications between you and other users you choose to interact with; (iv) to maintain the safety, security, and integrity of the Services; and (v) to comply with our legal obligations.

We do not use sensitive personal information to infer characteristics about you beyond the matchmaking, verification, safety, and operational purposes described above. We do not sell sensitive personal information. We do not use sensitive personal information to train artificial intelligence or machine learning models.

Right to limit. California residents and residents of certain other states have a right to limit our use of sensitive personal information in certain circumstances. Because we use sensitive personal information only for the purposes permitted under applicable law (such as providing the service you requested, ensuring security and integrity, and short-term, transient use), this limitation right generally does not require any change to our processing. See Sections 20 and 21 for further details.

4. Biometric Information (Selfie Verification)

In Short: We capture a selfie image or short video to verify that you are a real person and that you match the photos on your profile. We do not generate or sell biometric identifiers.

As part of our identity-verification feature (“Selfie Verification” or “Velfie Verification”), Rishta Auntie captures a selfie image or short video of your face. Our trained human moderators visually compare the selfie to the photographs you have uploaded to your profile to assess whether you are a real human being and whether the profile photographs appear to depict you.

How we use selfie data. Selfie images and videos are used solely for: (i) identity verification at sign-up and as needed during the life of your account; (ii) fraud prevention and the detection of duplicate, fake, or impersonating accounts; (iii) the safety and security of the Services and our users; and (iv) compliance with legal obligations.

Human review only; no biometric identifier generation. Selfie verification is performed by trained human moderators on the Rishta Auntie team. We do not use automated facial-recognition software, machine-learning facial-matching algorithms, or third-party biometric vendors to generate, extract, or store mathematical representations of your face (such as faceprints, face geometry templates, face embeddings, or other biometric identifiers as those terms are defined under the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act (CUBI), Washington’s biometric statute (RCW 19.375), or similar laws).

Storage and retention. Selfie images and videos are stored on our hosting infrastructure (Amazon Web Services, in the northeastern United States) for as long as your account remains active. When your account is deleted or otherwise terminated, selfie media is deleted or rendered inaccessible in accordance with the retention schedule described in Section 13, subject to limited retention for legal, fraud-prevention, safety, dispute-resolution, and backup purposes.

Disclosure. Selfie images and videos are not sold, shared for cross-context behavioral advertising, or disclosed to advertising partners. They may be disclosed only as described in Section 8 (e.g., to our cloud hosting provider acting as our service provider/processor; to trained moderators on our team; to law enforcement or other parties as required by law; or as needed to protect the rights, property, and safety of Rishta Auntie, our users, and others).

Your consent. By electing to submit a selfie for verification, you provide your express, written consent (as that term is used in BIPA and similar laws) to our collection, storage, use, and deletion of the selfie image or video for the purposes described in this Section 4. You may withdraw consent at any time by deleting your account (in which case your selfie will be deleted in accordance with Section 13). Refusing or withdrawing consent may prevent you from completing identity verification and may limit your ability to use certain features of the Services.

5. Information Collected Automatically

In Short: We automatically collect device, log, and usage data when you use the Services, including approximate location, IP address, and information about your device and how you interact with the App.

When you access or use the Services, we and our service providers automatically collect certain information about your device and your use of the Services. This information generally does not identify you directly, but may, when combined with other information, be treated as personal information under applicable law.

5.1 Device and Technical Information

We collect information about the computer, phone, tablet, or other device you use to access the Services, including:

Internet Protocol (IP) address and, where applicable, proxy server information;
Mobile device identifiers (such as Apple’s IDFA, Google’s Advertising ID (AAID), Firebase Installation IDs, and other device or advertising identifiers, subject to your device-level permissions);
Device manufacturer, model, and hardware information;
Operating system and version;
Mobile network and carrier information;
Browser type and version (when accessing the Website);
Language and locale settings;
App version and configuration information; and
Time zone setting.

5.2 Usage and Log Data

We collect log and usage data that is automatically generated when you interact with the Services, including:

Date and time stamps of your access and activity;
Pages, screens, and features you view or interact with;
Searches you run and matches you view, like, or interact with;
Frequency and duration of your sessions;
Referring and exit URLs (for the Website);
Diagnostic, performance, and error data, including crash logs and system activity (sometimes called “crash dumps”); and
Other information about how you use the Services.

5.3 Location Information

Approximate location. The Services use Google Maps to derive approximate location information based on the address you provide and from your device. We collect city- and country-level location information to (i) display your city and country on your profile and a country flag in the user feed, (ii) match you with other users based on geographic proximity and preferences, and (iii) support fraud prevention, safety, and analytics.

Device-level location permission. On Android and iOS, the App may request permission to access location information from your mobile device while the App is in use. If you grant this permission, we and Google Maps may collect location information of varying precision (typically city-level or approximate location) for the purposes described above. You may revoke this permission at any time through your device’s settings. If you revoke this permission, certain location-dependent features (such as proximity-based matching) may be limited or unavailable.

Google Maps. Our use of Google Maps is subject to Google’s Google Maps/Google Earth Additional Terms of Service (https://maps.google.com/help/terms_maps/) and the Google Privacy Policy (https://policies.google.com/privacy).

5.4 Inferences

We may derive inferences from the information described above to better serve our users and improve the Services, such as inferences about your match preferences, language, location, and engagement patterns. We do not use inferences for any purpose that would constitute the “sale” of personal information as that term is defined under applicable law.

6. Information from Third-Party Sources

In Short: We may receive limited information about you from third-party services you choose to use to sign up or log in, such as Google or Apple.

We may receive limited information about you from the following third-party sources:

Social login providers. If you elect to sign up for or log in to the Services using a third-party authentication provider, such as Sign in with Google or Sign in with Apple, the provider will share certain account information with us. The information we receive depends on the provider and your privacy settings with that provider. Notably, when you sign in with Apple, Apple may obscure (“relay”) your real email address; in that case, we receive a private relay email address rather than your underlying personal email. We use the information we receive from these providers solely to facilitate the creation, authentication, and operation of your account.
Analytics and infrastructure providers. Our analytics providers (such as Google Analytics for Firebase) may provide us with aggregated and de-identified information about how the Services are used.
Advertising partners (planned). If and when we activate advertising and marketing pixels (including AdMob, the Meta Pixel, and the TikTok Pixel) and related advertising integrations, we may receive limited information from these partners about the effectiveness of our advertising campaigns, such as conversion data and aggregated audience information. See Section 9 below.
Other sources. We may receive information from publicly available sources, from users who report or block other users, and from fraud-prevention or safety vendors, in each case as permitted by law and as needed to operate, secure, and improve the Services.

7. How We Use Your Information

In Short: We use your information to operate the matchmaking service, verify users, communicate with you, protect users and the platform, and improve the Services. We do not use AI to make matches — our matching is a proprietary, manually coded algorithm.

We use the personal information we collect for the following business and commercial purposes:

7.1 To Provide and Operate the Services

To create, authenticate, and maintain your account and profile;
To provide the core matchmaking functionality of the Services, including showing your profile to other eligible users and showing eligible users’ profiles to you;
To compute match suggestions and compatibility ratings using the Rishta Compass and our proprietary scoring algorithm. Our matching and scoring algorithms are designed and maintained by humans and do not use artificial intelligence or machine learning to evaluate users or generate match recommendations;
To enable user-to-user communications, including in-app text messages, voice notes, voice calls, and (in the future) video calls;
To process your free and premium subscriptions through Apple’s in-app purchase system or Google Play Billing;
To provide customer support and respond to your inquiries; and
To deliver service-related communications such as account confirmations, verification messages, security alerts, and updates to our terms or policies.

7.2 To Verify Users and Protect Safety

To verify that you are at least 18 years old and a real, unique human being;
To detect, investigate, and prevent fraudulent, unauthorized, illegal, abusive, harmful, or otherwise prohibited activity, including the creation of fake or impersonating profiles;
To moderate user content and behavior on the Services through human review (see Section 16);
To investigate and respond to reports of misconduct, including blocking and reporting features;
To enforce our Terms of Use, Community Guidelines, and other policies; and
To protect the rights, property, safety, and wellbeing of Rishta Auntie, our users, and the public.

7.3 To Communicate With You

To send transactional communications, such as verification codes, account notifications, security alerts, and updates;
To send push notifications regarding status updates (active, failed, reverify), profile interactions, new matches, and chat messages;
To send promotional and marketing communications about Rishta Auntie features, offers, and updates by email, SMS/text message, and push notification, subject to your consent and your right to opt out (see Section 12); and
To request feedback and conduct surveys.

7.4 To Improve the Services

To analyze how users interact with the Services and identify usage trends;
To debug, troubleshoot, and fix errors and crashes;
To develop, test, and roll out new features and improvements;
To measure the effectiveness of our marketing campaigns and advertising; and
To conduct internal research and analytics on aggregated and de-identified data.

De-identified data. When we use information to improve the Services, we generally use it in aggregated, de-identified, or pseudonymized form. We commit not to attempt to re-identify de-identified data, and we contractually require our service providers who receive de-identified data to do the same. We do not use personal information to train artificial intelligence or machine-learning models.

7.5 To Comply With Law and Protect Rights

To comply with applicable laws, regulations, and legal processes (such as subpoenas, court orders, and lawful requests from law enforcement);
To establish, exercise, or defend legal claims;
To report child sexual abuse material (CSAM) or other illegal content to the National Center for Missing & Exploited Children (NCMEC) and relevant law enforcement, in compliance with 18 U.S.C. § 2258A and other applicable laws (see Section 16); and
To protect the vital interests of any person.

7.6 With Your Consent

We may use your personal information for other purposes that we describe to you at the point of collection or for which you have otherwise provided consent.

8. How We Share Your Information

In Short: We do not sell your personal information for money. We share information with service providers who help us operate the Services, with other users (as your profile dictates), and as required by law. We may also “share” limited information for cross-context behavioral advertising once advertising pixels are activated — see Section 9.

We disclose personal information in the categories of recipients described below, in each case for the business and commercial purposes identified in Section 7.

8.1 Other Users of the Services

The Services are inherently social. Information that you place on your profile (such as your first name, age, photographs, videos, voice notes, tagline, vibes, prompt answers, religion, denomination, community, family origin, ethnicity, education, occupation, languages, height, lifestyle indicators, location at the city/country level, and any other content you choose to display) is visible to other users of the Services in accordance with the design of the Services and your privacy settings.

When you communicate with another user (e.g., chat messages, voice notes, voice calls, future video calls), your communications and identifiers will be visible to that other user. Information you share with other users may be copied, screenshotted, stored, or shared by them outside the Services in ways we cannot control. Please exercise caution before sharing personal information with other users.

8.2 Service Providers and Processors

We share personal information with third-party vendors, consultants, contractors, and service providers who perform services on our behalf and that are bound by contractual obligations to protect personal information and use it only for the purposes for which we disclose it. Current categories of service providers include:

Cloud hosting and infrastructure: Amazon Web Services (AWS), with data hosted in the northeastern United States.
Analytics: Google Analytics and Google Firebase, including Firebase Crashlytics, Performance Monitoring, and related Firebase services, to understand usage trends and improve the Services.
Push notifications: OneSignal, which delivers push notifications and processes related device tokens.
Mapping and geolocation: Google Maps, which provides mapping and approximate location services.
Authentication: Sign in with Google (Google LLC) and Sign in with Apple (Apple Inc.), to facilitate account sign-up and login.
Payment processing: Apple Inc. (Apple In-App Purchase) and Google LLC (Google Play Billing), which handle all subscription payments. We do not receive or store your payment card or bank information.
Email infrastructure: Google Workspace (Gsuite), which we use for our support and business email communications.
Advertising and marketing (current and planned): Google AdMob for in-app advertising; the Meta Pixel/SDK and TikTok Pixel/SDK for marketing measurement and audience-building (planned). See Section 9 for additional disclosures.

Where we engage a service provider to process personal information on our behalf, we put in place a written contract that limits the service provider’s use of the personal information to the purposes set out in the contract and that requires the service provider to apply appropriate security safeguards.

8.3 Legal, Safety, and Compliance Disclosures

We may disclose personal information when we believe in good faith that disclosure is necessary or appropriate to:

Comply with applicable law, regulation, legal process, or governmental request (including subpoenas, search warrants, court orders, and lawful requests from public authorities, including for national security or law-enforcement purposes);
Enforce our Terms of Use, Community Guidelines, this Privacy Policy, or any other agreement between us and you;
Detect, investigate, prevent, or take action against suspected or actual fraud, security incidents, technical issues, or illegal activity;
Report child sexual abuse material (CSAM) to NCMEC and law enforcement, in compliance with 18 U.S.C. § 2258A and analogous laws; and
Protect the rights, property, safety, or wellbeing of Rishta Auntie, our users, employees, or others.

8.4 Corporate Transactions

We may transfer personal information in connection with, or during negotiations of, any actual or proposed merger, acquisition, financing, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, including any due-diligence process associated with such a transaction. If such a transaction results in a material change in how your personal information is processed, we will notify you in accordance with applicable law.

8.5 Aggregated and De-Identified Information

We may share aggregated, anonymized, or de-identified information that does not identify you personally with third parties for analytics, research, marketing, and other lawful business purposes.

8.6 With Your Consent

We may share personal information for any other purpose that we describe to you at the point of collection or for which you have otherwise provided consent.

9. Cross-Context Behavioral Advertising and “Sale” / “Share” Disclosures

In Short: We do not sell your personal information for money. However, our planned use of advertising pixels (such as Meta Pixel, TikTok Pixel, and AdMob) and use of demographic data for retargeting may qualify as “sharing” or as a “sale” under certain U.S. state privacy laws. You have the right to opt out.

Under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA/CPRA”), and similar laws in other U.S. states, the terms “sale” and “share” are defined broadly. “Share” generally includes disclosing personal information to third parties for “cross-context behavioral advertising” — that is, targeting advertising to a consumer based on the consumer’s personal information obtained from the consumer’s activity across businesses, distinctly-branded websites, applications, or services.

Our current and planned advertising practices. Rishta Auntie does not sell personal information in exchange for monetary consideration. However, Rishta Auntie:

Currently displays in-app advertising through Google AdMob, which may use device identifiers and other information for ad delivery, frequency capping, attribution, measurement, and personalization;
Plans to deploy the Meta Pixel/SDK and TikTok Pixel/SDK on the Website and/or App to measure the effectiveness of our marketing campaigns, build custom and lookalike audiences, and retarget users; and
May use limited demographic information (such as age range, gender, country, and language) to retarget users with relevant Rishta Auntie advertising on third-party platforms.

Treatment under state law. To the extent these activities (alone or together) involve disclosures that constitute a “sale” or “share” of personal information under the CCPA/CPRA or comparable laws in Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Indiana, Tennessee, Delaware, New Jersey, New Hampshire, Maryland, Minnesota, Kentucky, Nebraska, Rhode Island, or other states, we disclose that we may “sell” and/or “share” the following categories of personal information for cross-context behavioral advertising purposes: identifiers (such as device and online identifiers), commercial information (such as subscription tier), internet or other network activity information (such as in-app or website usage), inferences drawn about user preferences, and limited demographic information.

We do not knowingly sell or share for cross-context behavioral advertising the personal information of users under the age of 16. Because the Services are restricted to users 18 and older, we do not knowingly process personal information of any user under 18 for these purposes.

We do not sell or share sensitive personal information for cross-context behavioral advertising purposes, and we do not sell or share selfie verification data, the content of chat communications, or precise geolocation for cross-context behavioral advertising.

Your right to opt out. You have the right to opt out of the “sale” or “sharing” of your personal information. You may exercise this right by:

Submitting an opt-out request to support@rishtaauntie.app with the subject line “Do Not Sell or Share My Personal Information”;
Submitting a request through https://www.rishtaauntie.app/contact;
Visiting the “Do Not Sell or Share My Personal Information” link on our Website;
Adjusting your in-app privacy settings (where available); and
On our Website, enabling a recognized opt-out preference signal such as the Global Privacy Control (GPC). We honor GPC signals as a valid opt-out request for our Website as required by California and other applicable state laws.

In addition, you may control device-level advertising identifiers through your iOS or Android device settings (e.g., “Limit Ad Tracking” / “Opt out of Ads Personalization” / “Reset Advertising ID”).

10. Cookies, SDKs, and Similar Technologies

In Short: Our Website uses cookies and similar technologies. Our App uses software development kits (SDKs) and device identifiers. You can manage these through your browser, device settings, or our cookie banner.

We and our service providers use cookies, web beacons, pixels, SDKs, device identifiers, and similar tracking technologies to operate, secure, analyze, and improve the Services.

10.1 Website

On our Website, we use cookies that fall into the following categories:

Strictly necessary cookies: Required for the Website to function, including authentication, security, and basic functionality. These cannot be disabled through our cookie banner.
Functional cookies: Enable enhanced functionality and personalization, such as remembering your preferences.
Analytics cookies: Help us understand how visitors interact with the Website (e.g., Google Analytics).
Advertising and targeting cookies: Used to deliver advertising relevant to you and to measure the effectiveness of advertising campaigns (e.g., AdMob, Meta Pixel, TikTok Pixel, where activated).

Our Website displays a cookie consent banner that allows you to accept or reject non-essential cookies and to manage your cookie preferences. You may also control cookies through your browser settings. We honor recognized opt-out preference signals such as the Global Privacy Control (GPC) on our Website. For more details, please review our separate Cookies Policy.

10.2 Mobile Application

The App does not use HTTP cookies in the traditional sense. Instead, it uses SDKs and device identifiers, including:

Apple’s Identifier for Advertisers (IDFA), subject to your App Tracking Transparency (ATT) choice on iOS;
Google’s Advertising ID (AAID) on Android, subject to your Ads Personalization settings;
Firebase Installation IDs, used for analytics, crash reporting, and core App functionality;
Push notification tokens issued by Apple Push Notification service (APNs) and Firebase Cloud Messaging (FCM), and forwarded to OneSignal for delivery;
Session identifiers, authentication tokens, and other local storage mechanisms used to keep you logged in and to remember your preferences; and
SDKs from our analytics, advertising, crash-reporting, and infrastructure partners (e.g., Google Firebase, Google AdMob, and, where activated, Meta and TikTok SDKs).

You can manage many of these identifiers through your iOS or Android device settings. Note that disabling certain identifiers may impair the functionality of the App.

11. Mobile Device Permissions

In Short: The App asks for specific device permissions to provide its features. You can change these permissions at any time through your device settings.

The App requests the following device permissions:

Camera: to allow you to take and upload profile and chat photographs and videos, and to capture selfie verification media.
Photo library and storage: to allow you to select and upload existing photographs and videos from your device to your profile or to chat.
Microphone: to allow you to record and send voice notes and to participate in voice calls (and future video calls).
Location: to derive your approximate (city/country-level) location for matching, profile display, and feed customization, only while the App is in use.
Notifications (push): to send you transactional alerts (such as new matches, chat messages, and verification status updates) and, with your consent, promotional notifications.
SMS (text messaging): to send you SMS text messages, including verification codes, account notifications, and (with your consent) promotional messages.
Network and connectivity information: to operate the App and assess performance, security, and connectivity.

We do not request access to your device contacts, your SMS message contents, your call logs, your device sensors (beyond what is standard for App functionality), your calendar, your microphone outside of feature use, or your social media accounts (other than for sign-in if you choose Sign in with Google or Sign in with Apple).

You can revoke any permission at any time through your device settings. If you revoke a permission, certain features that depend on that permission may not function properly or at all.

12. Marketing Communications (Email, SMS, Push)

In Short: With your consent where required, we may send you marketing messages by email, SMS, and push notification. You can opt out at any time.

12.1 Email

Rishta Auntie may send you email messages, including (i) transactional and service-related messages (such as account confirmations, password resets, security alerts, and updates to our terms or policies), and (ii) where permitted and not opted out, marketing or promotional emails about Rishta Auntie features, offers, and updates. We use Google Workspace (Gsuite) for our email infrastructure.

You may opt out of marketing emails at any time by clicking the “unsubscribe” link contained in each marketing email or by emailing us at support@rishtaauntie.app. Even after you opt out of marketing emails, we will continue to send you transactional and service-related communications that are necessary for the administration of your account.

Note on Sign in with Apple. If you sign in to the Services using Sign in with Apple and elect to hide your email address, Apple may provide us with a private relay email address instead of your underlying personal email. We will send communications to the relay address provided; messages to the relay address are forwarded by Apple to your personal email.

12.2 SMS and Text Messages

Consent. By providing your mobile phone number and opting in to SMS communications (whether at sign-up, in your account settings, or otherwise), you expressly consent to receive text messages from or on behalf of Rishta Auntie, including without limitation account verification codes, account notifications, safety alerts, match and chat notifications, and — with your express prior consent — promotional and marketing messages.

Message frequency. Message frequency varies based on your activity and preferences.

Message and data rates. Standard message and data rates may apply. Rishta Auntie is not responsible for any carrier charges incurred in connection with our SMS messages.

How to opt out. You may opt out of marketing SMS messages at any time by replying “STOP” to any marketing message, by adjusting your in-app notification preferences, or by emailing support@rishtaauntie.app. You may receive a final confirmation message after opting out. Even after opting out of marketing SMS, we may continue to send you transactional and service-related SMS messages (such as verification codes) if you continue to use the Services.

Help. For SMS help, reply “HELP” to any of our messages or contact support@rishtaauntie.app.

Compliance. Our SMS practices are intended to comply with the Telephone Consumer Protection Act (TCPA), the CAN-SPAM Act, the CTIA Messaging Principles and Best Practices, and applicable state laws including Florida’s Telephone Solicitation Act and Washington’s commercial electronic mail law.

12.3 Push Notifications

If you grant the App permission to send push notifications, we may send you transactional notifications (such as new matches, chat messages, status updates, and verification reminders) and, where you have consented, promotional notifications. You may disable push notifications at any time through your device settings or through your in-app notification preferences.

12.4 Marketing on Third-Party Platforms

We advertise the Services on third-party platforms including TikTok, Instagram, and Facebook. These platforms may show our advertisements to you based on information they have collected about you under their own privacy policies. If and when we activate marketing pixels (such as the Meta Pixel and TikTok Pixel), we may use limited information (including device identifiers, age, gender, country, and language) to target our advertisements and measure their effectiveness. Please refer to Section 9 for information about your opt-out rights.

13. Data Retention

In Short: We keep your information for as long as your account is active and for a limited period after deletion as needed for legal, safety, fraud-prevention, and accounting purposes. Inactive accounts are automatically deleted after 12 months.

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including for the purpose of providing the Services, satisfying legal, regulatory, accounting, tax, dispute-resolution, safety, fraud-prevention, security, or reporting obligations, and for the establishment, exercise, or defense of legal claims.

The retention period applicable to any specific category of personal information depends on:

The amount, nature, and sensitivity of the personal information;
The potential risk of harm from unauthorized use or disclosure;
The purposes for which we process the personal information and whether we can achieve those purposes through other means; and
Applicable legal, regulatory, tax, accounting, or other requirements.

13.1 Active Accounts

We retain your profile and account information for as long as your account remains active. “Active” generally means that you have logged in to or otherwise used the Services within the last twelve (12) months.

13.2 Inactive Accounts

Automatic deletion of inactive accounts. We will automatically delete or anonymize accounts that have been inactive for twelve (12) consecutive months, except where retention is required by law, necessary for the establishment, exercise, or defense of legal claims, or required for fraud-prevention, safety, or security purposes. Before automatic deletion, we may notify you and give you an opportunity to reactivate your account.

13.3 Account Deletion by User

If you delete your account, we will deactivate it and delete or anonymize your personal information from our active production systems within a commercially reasonable period, generally within thirty (30) days of your deletion request. We may retain certain information after deletion as set out below.

13.4 Limited Retention After Deletion

We may retain a limited subset of information after account deletion or termination for the following purposes and time periods:

Backup and disaster-recovery copies, which are typically purged within ninety (90) days following deletion in active systems;
Records of blocks, reports, bans, and prior misconduct, which we retain to prevent banned users from creating new accounts and to maintain the safety of the Services, generally for up to seven (7) years;
Records relating to suspected fraud, abuse, illegal activity, or breach of our Terms, generally for up to seven (7) years or longer where required by law;
Records of selfie verification outcomes (e.g., a record that verification was attempted, the date, and the outcome), which we retain in connection with safety and fraud-prevention purposes after deletion of the underlying selfie media;
Transactional records associated with paid subscriptions, which we may retain for accounting, tax, and audit purposes for the periods required by applicable law (typically seven (7) years);
Records of CSAM and child-safety reports made to NCMEC and law enforcement, which we retain in accordance with 18 U.S.C. § 2258A and other applicable law; and
Any other information that we are legally required to retain or that is necessary for the establishment, exercise, or defense of legal claims.

Where we no longer have a legal basis or business need to retain personal information, we will delete it, anonymize it, or, if not feasible (for example, because information is stored in backup archives), isolate it from further processing until deletion is possible.

14. Data Security

In Short: We use commercially reasonable safeguards to protect your information, but no method of electronic transmission or storage is 100% secure.

We have implemented administrative, technical, and physical safeguards designed to protect the personal information we collect and process against accidental, unlawful, or unauthorized loss, access, disclosure, alteration, or destruction. These safeguards include encryption of data in transit using industry-standard protocols (e.g., HTTPS/TLS), encryption of certain data at rest, access controls and authentication requirements, network and application security measures, and procedures for incident detection and response.

Our hosting infrastructure is provided by Amazon Web Services (AWS), with primary data centers located in the northeastern United States.

Despite our reasonable efforts, no method of transmission over the Internet or method of electronic storage is fully secure. Accordingly, while we strive to protect your personal information, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your account credentials and for promptly notifying us of any suspected unauthorized access at support@rishtaauntie.app.

In the event of a data breach or security incident involving your personal information, we will notify you and applicable regulators in accordance with the requirements of applicable law (such as the New York SHIELD Act, the California Civil Code § 1798.82, the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), and analogous laws).

15. User-Generated Content and Public Information

In Short: Information you choose to put on your profile is visible to other users. Be thoughtful about what you share.

The Services allow you to share content with other users and to display content on your profile. Any information that you post to your profile or otherwise make available through public or semi-public features of the Services may be viewed, copied, screenshotted, or shared by other users. Once you have shared content with another user, we cannot control what that user does with the content.

Please exercise caution and good judgment when sharing personal information through the Services, especially sensitive information such as your full name, home address, phone number, financial information, or specific location details. We strongly recommend that you do not share such information through public-facing profile fields and that you communicate within the App’s in-app messaging features rather than sharing off-platform contact information until you are comfortable doing so.

16. Safety, Moderation, and CSAM

In Short: We use human moderators (not AI) to review content and respond to user reports. We have zero tolerance for child sexual abuse material (CSAM) and report it to NCMEC and law enforcement.

16.1 Content Moderation

User safety — and the protection of vulnerable users — is central to Rishta Auntie. We use a combination of hard-coded automated rules, in-app user reporting tools, blocking features, and trained human moderators from the Rishta Auntie team to review and act on user content and behavior. We do not currently use third-party artificial-intelligence moderation tools or external APIs for content classification.

We prohibit the following user content and behavior on the Services:

Sexually explicit images, video, audio, or language;
Nudity or sexually suggestive content;
Harassment, threats, bullying, or stalking, including targeting based on caste, religion, denomination, gender, ethnicity, family origin, sexual orientation, disability, or other personal attributes;
Hate speech and content that promotes or glorifies hatred, discrimination, or violence;
Graphic violence, gore, or threats of violence;
Self-harm or suicide encouragement or instruction;
Impersonation, catfishing, fraudulent or duplicate accounts;
Solicitation of money or payment of any kind;
Spam, scams, illegal goods, or any other unlawful content or activity; and
Child sexual abuse material (CSAM) or any content that sexually exploits or endangers a child.

Users who post, share, or are credibly reported for any of the foregoing may face content removal, temporary suspension, or permanent ban, in our sole discretion.

16.2 Child Sexual Abuse Material (CSAM)

Zero tolerance. Rishta Auntie has zero tolerance for child sexual abuse material (CSAM) and any content that sexually exploits, abuses, or endangers a child. We are an adults-only Service (18+) and do not knowingly allow minors on the platform.

Mandatory reporting. As required by 18 U.S.C. § 2258A, if we become aware of apparent CSAM or related child exploitation on the Services, we promptly report it to the National Center for Missing & Exploited Children (NCMEC) CyberTipline and cooperate with law enforcement to the extent required by law. Accounts involved in CSAM, grooming, or the exploitation of children are permanently banned. We preserve associated data as required by law.

Reporting CSAM. To report suspected CSAM or child-safety concerns on the Services, please email support@rishtaauntie.app. You may also report directly to the NCMEC CyberTipline at https://report.cybertip.org or at 1-800-843-5678.

16.3 Reporting Inappropriate Content or Behavior

If you encounter content that violates our policies or you feel unsafe interacting with another user, please use the in-app report function (available on profiles and chat screens) or contact us at support@rishtaauntie.app. Reports are reviewed by our team; urgent child-safety reports are prioritized for immediate review.

16.4 Safety Tools

To help you stay safe, we provide the following tools and features:

Block and report functions on profiles and in chat;
In-app privacy settings to hide your profile, manage notifications, and review users you have blocked or reported;
Selfie verification (see Section 4) to help confirm that other users are real human beings;
Manual human review of profile photos, taglines, and bios before they go live; and
Educational safety messaging.

17. No Background or Sex Offender Screening

In Short: Rishta Auntie does not run criminal background checks or check public sex-offender registries. You are responsible for evaluating the people you meet through the Services.

Rishta Auntie does not currently conduct criminal background checks, sex offender registry checks, identity-document verification (beyond selfie verification), or other formal screening procedures on users of the Services. We do not vouch for, verify, or guarantee the criminal history, character, identity, marital status, employment status, education, religious affiliation, or any other representation made by any user. While we use selfie verification, human moderation, and user reports to help maintain the integrity of the platform, these tools are not a substitute for your own judgment, due diligence, and caution.

You should always exercise caution when interacting with others on the Services, particularly when deciding to share personal information, communicate off-platform, or meet in person. Use common sense, trust your instincts, meet in public places, tell a trusted friend or family member where you are going, and never share financial information with someone you do not know and trust.

We encourage you to consult publicly available sex-offender registries (such as the U.S. Department of Justice National Sex Offender Public Website at https://www.nsopw.gov for U.S. users, and analogous public resources for Canadian users) and other public records as part of your own due diligence.

By using the Services, you acknowledge and agree that Rishta Auntie has no obligation to investigate the background or identity of any user, and that any introduction or connection through the Services is at your own risk.

18. International Data Transfers and Storage

In Short: Personal information is hosted on AWS servers located in the northeastern United States. If you use the Services from Canada, your information is transferred to and processed in the United States.

Rishta Auntie is headquartered in the United States. Personal information collected through the Services is stored and processed primarily on Amazon Web Services (AWS) infrastructure located in the northeastern United States.

Notice to Canadian users. If you access or use the Services from Canada, your personal information will be transferred to, stored in, and processed in the United States. By using the Services, you acknowledge and consent to the transfer of your personal information to the United States, where it may be subject to access by U.S. courts, law enforcement, and national-security authorities under U.S. law (including under instruments such as the U.S. CLOUD Act and various surveillance statutes). We use contractual and technical measures with our service providers to provide reasonable protection consistent with the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, the Quebec Act respecting the protection of personal information in the private sector (Law 25).

Notice to U.S. users outside of New York. If you access the Services from outside of New York, your personal information may still be hosted on servers located in the northeastern United States.

The Services are not directed to individuals outside of the United States and Canada. If you access the Services from outside these regions, please discontinue use; we make no representation that this Privacy Policy or the Services satisfy laws applicable outside of the United States and Canada.

19. Your Privacy Rights — General

In Short: You have rights with respect to your personal information. The specific rights available to you depend on where you reside.

All users of the Services, regardless of where you reside, may take the following actions at any time:

Review and update your account and profile information through the in-app account settings;
Delete your account through the in-app account-deletion feature, or by submitting a request to support@rishtaauntie.app or through https://www.rishtaauntie.app/contact;
Adjust your in-app privacy settings (such as hiding your profile, managing notifications, and reviewing users you have blocked or reported);
Adjust device-level permissions (such as location, camera, microphone, photo library, and notifications) through your iOS or Android device settings;
Opt out of marketing emails by clicking “unsubscribe” in any marketing email;
Opt out of marketing SMS by replying “STOP” to any marketing text message; and
Disable push notifications through your device settings.

Depending on the jurisdiction in which you reside, additional rights may be available to you. The following sections describe those rights for California, other U.S. states, and Canada.

20. California Privacy Rights (CCPA/CPRA)

In Short: If you reside in California, you have specific rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA).

This Section 20 applies to California residents and supplements other parts of this Privacy Policy. The California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”), provides California residents with specific rights regarding their personal information.

20.1 Categories of Personal Information Collected, Used, Disclosed, and “Sold” / “Shared”

In the preceding twelve (12) months, we have collected and disclosed for a business purpose the following categories of personal information about California residents (as those categories are defined by the CCPA). Depending on whether and when we activate advertising pixels described in Section 9, we may also “sell” or “share” certain categories as indicated below.

Category	Examples	Collected?	Disclosed for Business Purpose?	Sold / Shared?
A. Identifiers	Real name, alias, postal address, phone number, unique personal identifier, online identifier, IP address, email address, account name, device identifier, advertising identifier.	Yes	Yes	Yes (planned)
B. California Customer Records (Cal. Civ. Code § 1798.80(e))	Name, contact information, education, employment, employment history, signature, physical characteristics.	Yes	Yes	No
C. Protected classification characteristics	Age, gender, religion, marital status, ancestry, national origin, ethnicity.	Yes	Yes	No
D. Commercial information	Records of products or services purchased, subscription status and tier.	Yes	Yes	No
E. Biometric information	Selfie image or short video used for identity verification (no biometric template generated).	Yes	Yes	No
F. Internet or other network activity	Browsing history, search history, in-App activity, interactions with the Services and advertisements.	Yes	Yes	Yes (planned)
G. Geolocation data	Approximate (city/country-level) device location. No precise geolocation is sold or shared for cross-context behavioral advertising.	Yes	Yes	No
H. Audio, electronic, visual, or similar information	Photographs, videos, voice notes, voice calls, chat content.	Yes	Yes	No
I. Professional or employment information	Occupation, job title, employer, dream job.	Yes	Yes	No
J. Education information	Education level, college or university, major.	Yes	Yes	No
K. Inferences	Inferences drawn from any of the above to create a profile reflecting preferences, characteristics, and behavior.	Yes	Yes	Yes (planned)
L. Sensitive personal information	Account log-in credentials; religious or philosophical beliefs; racial or ethnic origin; precise geolocation (when device-level permission granted); contents of private communications. See Section 3.	Yes	Yes	No

“Yes (planned)” indicates that, while we do not currently engage in such activity at scale, we may do so once the advertising integrations described in Section 9 (e.g., Meta Pixel, TikTok Pixel, retargeting based on demographic data) are activated. We will update this table as appropriate to reflect changes in our practices.

20.2 Sources of Personal Information

We collect personal information from the sources identified in Sections 2, 5, and 6 of this Privacy Policy.

20.3 Business and Commercial Purposes

We use personal information for the business and commercial purposes identified in Section 7 of this Privacy Policy.

20.4 Categories of Recipients

We disclose personal information to the categories of recipients identified in Section 8 of this Privacy Policy.

20.5 Your California Rights

Subject to certain exceptions and verification requirements, California residents have the following rights:

Right to Know: the right to request that we disclose the categories and specific pieces of personal information we have collected about you; the categories of sources from which we collected that information; the business or commercial purpose for which we collected, sold, or shared that information; and the categories of third parties with whom we shared or to whom we sold or disclosed that information.
Right to Delete: the right to request that we delete personal information we have collected from you, subject to exceptions provided by law.
Right to Correct: the right to request that we correct inaccurate personal information that we maintain about you.
Right to Opt Out of Sale/Sharing: the right to opt out of the “sale” or “sharing” (for cross-context behavioral advertising) of your personal information. See Section 9.
Right to Limit Use and Disclosure of Sensitive Personal Information: the right, in certain circumstances, to limit our use and disclosure of sensitive personal information to purposes specified in the CCPA. Because we use sensitive personal information only for purposes that are permitted under the CCPA without triggering the right to limit (such as providing the goods or services you requested, ensuring security and integrity, and other permitted purposes), this right generally does not require any change to our processing.
Right to Non-Discrimination: the right not to be discriminated against for exercising your CCPA rights. We will not deny, charge different prices for, or provide a different level or quality of Service because you have exercised any of your CCPA rights.
Authorized Agent: the right to designate an authorized agent to submit requests on your behalf. We may require proof of the agent’s authorization, such as a signed power of attorney.

20.6 Verification

When you submit a Right to Know, Right to Delete, or Right to Correct request, we will take reasonable steps to verify your identity before responding. We may ask you to provide information sufficient to confirm that you are the person about whom we collected personal information (such as your account email, phone number, and other identifying information). We will use information you provide solely for the purpose of verifying your identity.

20.7 Shine the Light

California Civil Code Section 1798.83 (“Shine the Light”) permits California residents who have established a business relationship with us to request information once per calendar year about our sharing of certain personal information with third parties for those third parties’ direct-marketing purposes. To make such a request, please email support@rishtaauntie.app.

20.8 California Minors

The Services are restricted to users 18 years of age or older. We do not knowingly collect personal information from California residents under the age of 18. To the extent we ever do, California residents under 18 who are registered users of the Services have the right to request removal of content they have publicly posted. Such requests should be sent to support@rishtaauntie.app.

21. Other U.S. State Privacy Rights

In Short: Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Indiana, Tennessee, Delaware, New Jersey, New Hampshire, Maryland, Minnesota, Kentucky, Nebraska, Rhode Island, and certain other states have additional rights similar to the California rights described above.

Residents of certain U.S. states other than California have privacy rights under their state’s comprehensive privacy law, including (as applicable):

The Virginia Consumer Data Protection Act (VCDPA);
The Colorado Privacy Act (CPA);
The Connecticut Data Privacy Act (CTDPA);
The Utah Consumer Privacy Act (UCPA);
The Texas Data Privacy and Security Act (TDPSA);
The Oregon Consumer Privacy Act (OCPA);
The Montana Consumer Data Privacy Act;
The Iowa Consumer Data Protection Act;
The Indiana Consumer Data Protection Act;
The Tennessee Information Protection Act;
The Delaware Personal Data Privacy Act;
The New Jersey Data Privacy Act;
The New Hampshire Data Privacy Act;
The Maryland Online Data Privacy Act;
The Minnesota Consumer Data Privacy Act;
The Kentucky Consumer Data Protection Act;
The Nebraska Data Privacy Act;
The Rhode Island Data Transparency and Privacy Protection Act; and
Other similar state laws now or hereafter in effect.

Subject to applicable conditions, limitations, and exceptions, residents of these states may have the following rights:

Right of access / right to know: request confirmation of whether we are processing personal information about you and access to that information.
Right to correct: request correction of inaccurate personal information.
Right to delete: request deletion of personal information.
Right to portability: obtain a copy of your personal information in a portable, technically feasible, and readily usable format.
Right to opt out of targeted advertising, sale, and certain profiling: opt out of processing of personal information for purposes of targeted advertising, the sale of personal information, and certain types of profiling in furtherance of decisions producing legal or similarly significant effects. The Rishta Compass and our matching algorithm do not produce legal or similarly significant effects within the meaning of these laws.
Right to limit use of sensitive data: in certain states, opt-in consent is required to process sensitive personal information. By providing sensitive information during sign-up, you consent to its processing as described in this Privacy Policy. You may withdraw that consent at any time by emailing support@rishtaauntie.app, in which case certain features of the Services may no longer be available to you.
Right to appeal: if we decline to take action on a request, you may appeal our decision by contacting support@rishtaauntie.app within a reasonable time. If we deny your appeal, you may contact your state’s attorney general.

To exercise any of these rights, please follow the process in Section 24.

21.1 Washington and Nevada Notices

Washington My Health My Data Act. We do not knowingly collect “consumer health data” as that term is defined in the Washington My Health My Data Act. Lifestyle attributes that users self-report through the Services (such as diet, drinking, smoking, and family-planning preferences) are not collected by us for health-related purposes.

Nevada residents. Nevada Revised Statutes Chapter 603A provides Nevada residents with the right to opt out of the sale of certain personal information. We do not sell personal information as defined under Nevada law. Nevada residents may nonetheless submit a request to support@rishtaauntie.app.

22. Canadian Privacy Rights (PIPEDA)

In Short: If you reside in Canada (other than Quebec), the Personal Information Protection and Electronic Documents Act (PIPEDA) provides you with rights regarding your personal information.

If you reside in Canada, the federal Personal Information Protection and Electronic Documents Act (PIPEDA), and applicable provincial privacy laws, govern our collection, use, and disclosure of your personal information for commercial activities. We follow the ten fair-information principles set out in Schedule 1 of PIPEDA.

Consent. We rely on your express or implied consent to collect, use, and disclose your personal information for the purposes described in this Privacy Policy. By creating an account and using the Services, you provide your consent. You may withdraw your consent at any time (subject to legal or contractual restrictions and reasonable notice) by contacting support@rishtaauntie.app. Withdrawing consent may limit or prevent your ability to use the Services.

Your rights under PIPEDA. Subject to applicable conditions and limitations, you have the right to:

Request access to the personal information we hold about you;
Request correction of inaccurate or incomplete personal information;
Know how your personal information is being used and to whom it has been disclosed;
Withdraw consent (as described above); and
Lodge a complaint with the Office of the Privacy Commissioner of Canada (https://www.priv.gc.ca) if you believe we have not handled your personal information appropriately.

Cross-border transfer notice. As noted in Section 18, your personal information is transferred to and stored in the United States. While your information is in the United States, it may be subject to access by U.S. courts, law enforcement, and national-security authorities under U.S. law. We use contractual safeguards with our service providers to provide a comparable level of protection.

23. Quebec Privacy Rights (Law 25)

In Short: If you reside in Quebec, the Act respecting the protection of personal information in the private sector (“Law 25”) provides additional rights and protections.

If you reside in the Province of Quebec, Canada, the Act respecting the protection of personal information in the private sector (commonly known as “Law 25” or the “Quebec Privacy Act”) applies to our processing of your personal information.

Privacy Officer. We have designated a Privacy Officer responsible for the protection of personal information at Rishta Auntie. You may contact our Privacy Officer at support@rishtaauntie.app.

Your rights under Law 25. Subject to applicable conditions and exceptions, Quebec residents have the right to:

Be informed of the collection, use, and disclosure of personal information about them;
Access personal information we hold about them;
Request rectification of inaccurate, incomplete, or equivocal personal information;
Withdraw consent to the use and disclosure of personal information, subject to legal or contractual restrictions and reasonable notice;
Request that we cease disseminating their personal information or that we de-index links to their personal information, where the dissemination causes serious injury to the right to reputation or privacy that is justified by the circumstances;
Receive a copy of computerized personal information in a structured, commonly used technological format (right to data portability);
Be informed of any automated decisions that produce legal or similarly significant effects (we confirm that the Rishta Compass and our matching algorithm do not produce such effects); and
Lodge a complaint with the Commission d’accès à l’information du Québec (https://www.cai.gouv.qc.ca/) if you believe we have not handled your personal information appropriately.

Cross-border transfer notice for Quebec residents. As described in Section 18, your personal information is stored in the United States and may be accessed by personnel of our service providers located outside of Quebec. Before transferring your personal information outside of Quebec, we conduct an assessment of the privacy-related factors to ensure that the personal information will receive adequate protection, taking into account the sensitivity of the information, the purposes for which it is to be used, the protective measures (including contractual measures) that apply to it, and the legal framework of the recipient jurisdiction.

24. How to Submit a Privacy Rights Request

In Short: You can exercise your privacy rights by emailing support@rishtaauntie.app or visiting https://www.rishtaauntie.app/contact.

To exercise any privacy right described in Sections 19 through 23, please submit a request through one of the following channels:

Email: support@rishtaauntie.app
Web form: https://www.rishtaauntie.app/contact
Mail: Rishta Auntie LLC, 329 S. Oyster Bay Rd #1033, Plainview, NY 11803, USA

Please describe your request in sufficient detail to allow us to properly understand, evaluate, and respond, including the specific right you are exercising and the state or province in which you reside.

Verification. We will take reasonable steps to verify your identity before fulfilling your request. We may ask you to confirm information we already have on file (such as your account email, phone number, and other account-specific details). If we cannot verify your identity from information we already maintain, we may request additional information for verification purposes; we will use that information only to verify your identity and will delete it as soon as possible thereafter.

Authorized agents. You may use an authorized agent to submit a request on your behalf. If you do so, we may require the agent to provide written proof of your authorization (such as a signed power of attorney) and may require you to verify your identity directly with us or to confirm that you have provided the authorization.

Response timing. We will respond to verifiable requests within the time periods required by applicable law (generally within 30 days for U.S. state law requests, with extensions where permitted, and within 30 days for PIPEDA and Law 25 requests). If we need additional time, we will notify you of the extension and the reason. We will respond to requests free of charge unless the request is manifestly unfounded, excessive, or repetitive, in which case we may charge a reasonable fee or decline to act on the request, as permitted by law.

Appeals. If we decline to act on your request, we will explain the reason. Residents of certain states (such as Virginia, Colorado, Connecticut, Texas, and Oregon) have the right to appeal our decision by emailing support@rishtaauntie.app with the subject line “Privacy Rights Appeal.”

25. Do Not Track and Global Privacy Control

In Short: We honor Global Privacy Control (GPC) signals on our Website as an opt-out of “sale” and “sharing.” At present, there is no industry-wide standard for Do Not Track (DNT) browser signals, and we do not respond to DNT signals.

Do Not Track. Most web browsers and some mobile devices include a “Do Not Track” (“DNT”) feature or setting that signals your preference not to have your online activity tracked. Because no uniform industry or legal standard has been established for recognizing and implementing DNT signals, we do not currently respond to DNT signals.

Global Privacy Control (GPC). We honor recognized opt-out preference signals such as the Global Privacy Control (GPC) on our Website. If we detect a GPC signal sent from your browser, we will treat that signal as a valid request to opt out of the “sale” and “sharing” of personal information associated with the browser used to send the signal, as required by California, Colorado, Connecticut, Texas, and other applicable state laws.

26. Third-Party Services and Links

In Short: The Services may link to or interact with third-party websites and services. We are not responsible for their privacy practices.

The Services may contain links to, or otherwise integrate with, third-party websites, applications, services, and resources (collectively, “Third-Party Services”), including without limitation Google Maps, Google Analytics, Firebase, OneSignal, AdMob, TikTok, Meta (Facebook and Instagram), Apple, the Apple App Store, the Google Play Store, and others. We do not control and are not responsible for Third-Party Services or their privacy or security practices.

Your interactions with Third-Party Services are governed by their own terms of service and privacy policies, which we encourage you to review. The inclusion of a link to a Third-Party Service on the Services does not constitute an endorsement of that Third-Party Service by Rishta Auntie.

27. Changes to This Privacy Policy

In Short: We may update this Privacy Policy from time to time. We will notify you of material changes.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the “Effective Date” and “Last Updated” dates at the top of this Privacy Policy.

Material changes. If we make material changes to this Privacy Policy, we will provide you with prominent notice within the App or on the Website. Because we may not have your email address on file (for example, where you signed in using Sign in with Apple’s private email relay), we may provide such notice through push notifications, in-App banners or modals, or other reasonable means. We may require you to acknowledge or accept the updated Privacy Policy before continuing to use the Services.

Your continued use of the Services after the effective date of any change to this Privacy Policy will constitute your acceptance of the changes. If you do not agree to a change, you must stop using the Services and may delete your account.

28. Contact Us

In Short: Questions, comments, or requests? Contact us at support@rishtaauntie.app.

If you have any questions, comments, complaints, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Rishta Auntie LLC

329 S. Oyster Bay Rd #1033

Plainview, NY 11803

United States

Email: support@rishtaauntie.app

Web: https://www.rishtaauntie.app/contact

— End of Privacy Policy —

Table of Contents