Privacy Policy

Effective Date: April 7, 2026

Bhairav Labs (OPC) Private Limited ("Bhairav Labs", "we", "us", "our") operates the website bhairav.ltd and mobile applications including Venmurasu. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our products and services.

1. Information We Collect

1.1 Personal Information

Information you provide directly when creating an account, making a purchase, or contacting us:

Name, email address, phone number
Billing and shipping address
Account credentials (username, encrypted password)
Profile information and preferences
Communications you send to us (support requests, feedback)

1.2 Payment Information

When you make purchases through our apps or platforms, payment processing is handled by third-party processors (Razorpay, Stripe). We do not store your full credit/debit card numbers, CVV, or banking credentials. We may receive and store:

Transaction IDs and order history
Last four digits of card number (for reference)
Billing address associated with payment
UPI ID or wallet identifier (where applicable)

1.3 Usage Data

We automatically collect information about how you interact with our services:

Pages visited, features used, reading history (e.g., in Venmurasu)
Time spent on pages and in-app screens
Clicks, taps, scrolls, and navigation patterns
Search queries within our platforms
Crash logs, error reports, and performance data

1.4 Device and Technical Information

Device type, model, operating system, and version
Unique device identifiers (IDFA, GAID, IDFV)
IP address and approximate geolocation
Browser type and version
Screen resolution, language, and timezone
Network type (Wi-Fi, cellular)

2. How We Use Your Information

We use the collected information for the following purposes:

Service delivery: To create and manage your account, process transactions, deliver purchased content (books, subscriptions), and provide customer support
Personalization: To recommend content, remember preferences, and customize your experience across our platforms
Communication: To send transactional emails (receipts, order confirmations), service updates, and - with your consent - promotional communications
Analytics and improvement: To understand usage patterns, diagnose technical issues, and improve our products and services
Security: To detect and prevent fraud, abuse, and unauthorized access to accounts
Legal compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests

3. Third-Party Services

We use third-party service providers to operate and improve our services. These providers have access to your information only to perform tasks on our behalf and are obligated to protect it:

3.1 Payment Processors

Razorpay: Payment processing for Indian transactions (UPI, cards, net banking, wallets). Subject to Razorpay's Privacy Policy
Stripe: International payment processing. Subject to Stripe's Privacy Policy

3.2 Analytics

Google Analytics / Firebase Analytics: Usage analytics, crash reporting, and performance monitoring
Apple App Analytics: iOS app usage metrics and crash data

3.3 Cloud Infrastructure

Cloud hosting providers: Our services are hosted on cloud infrastructure (AWS, Google Cloud, or equivalent) with data centers that may be located outside India
Content delivery networks: For faster content delivery globally

3.4 App Distribution

Apple App Store: Subject to Apple's Privacy Policy
Google Play Store: Subject to Google's Privacy Policy

4. Data Sharing

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We may share your information only in these circumstances:

Service providers: With vendors who assist in operating our services (hosting, analytics, payment processing), bound by contractual confidentiality obligations
Legal requirements: When required by law, subpoena, court order, or governmental regulation applicable in India or other relevant jurisdictions
Safety and rights: To protect the safety, rights, or property of Bhairav Labs, our users, or the public
Business transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of the transaction. You will be notified of any such change
With your consent: In any other case, we will share your information only with your explicit consent

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law.

Account data: Retained while your account is active and for 90 days after deletion request, to allow for recovery
Transaction records: Retained for a minimum of 8 years as required under Indian tax and financial regulations (Income Tax Act, GST Act)
Usage and analytics data: Retained in anonymized or aggregated form for up to 3 years
Support communications: Retained for 2 years after resolution
Server logs: Automatically purged after 12 months

When data is no longer needed, it is securely deleted or irreversibly anonymized.

6. Your Rights

6.1 Under the Digital Personal Data Protection Act, 2023 (India)

If you are a resident of India, you have the following rights under the DPDP Act:

Right to access your personal data held by us
Right to correction and erasure of inaccurate or incomplete data
Right to withdraw consent at any time for processing based on consent
Right to nominate another individual to exercise rights on your behalf
Right to grievance redressal

6.2 Under the Information Technology Act, 2000 (India)

We comply with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. You have the right to:

Review and correct your sensitive personal data or information
Withdraw consent for processing sensitive personal data (this may affect your ability to use certain services)

6.3 Under GDPR (European Economic Area)

If you are located in the EEA, you have additional rights under the General Data Protection Regulation:

Right of access to your personal data
Right to rectification of inaccurate data
Right to erasure ("right to be forgotten")
Right to restrict processing
Right to data portability in a machine-readable format
Right to object to processing based on legitimate interests
Right to lodge a complaint with a supervisory authority

To exercise any of these rights, contact us at contact@bhairav.ltd. We will respond to your request within 30 days.

7. Cookies and Tracking Technologies

Our website and applications may use the following tracking technologies:

Essential cookies: Required for basic functionality such as authentication, session management, and security. These cannot be disabled
Analytics cookies: Used to understand how visitors interact with our website (e.g., Google Analytics). You can opt out via your browser settings or Google's opt-out tool
Local storage: Used in our web and mobile apps to store preferences and cached content locally on your device
Device identifiers: Mobile advertising identifiers (IDFA/GAID) may be collected for analytics. You can reset or limit these in your device settings

We do not use cookies or tracking technologies for targeted advertising. You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of our services.

8. Children's Privacy

Our services are not directed to children under the age of 13 (or under 16 in the EEA). We do not knowingly collect personal information from children under these ages.

In compliance with the Children's Online Privacy Protection Act (COPPA) and the DPDP Act, 2023:

We do not knowingly collect, use, or disclose personal information from children under 13 without verifiable parental consent
If we discover that we have collected personal information from a child under 13 without parental consent, we will delete that information promptly
Parents or guardians who believe their child has provided personal information to us may contact us at contact@bhairav.ltd to request deletion

For users between 13 and 18, parental or guardian consent may be required depending on the jurisdiction and the nature of the service.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These include:

Encryption of data in transit (TLS/SSL) and at rest (AES-256)
Secure authentication mechanisms including hashed and salted passwords
Regular security assessments and vulnerability testing
Role-based access controls limiting employee access to personal data
Secure cloud infrastructure with SOC 2 and ISO 27001 certified providers
Incident response procedures for data breaches

While we strive to protect your personal information, no method of transmission or storage is 100% secure. If you have reason to believe your interaction with us is no longer secure, contact us immediately at contact@bhairav.ltd.

10. International Data Transfers

Your information may be transferred to and processed in countries other than India, including countries where our cloud infrastructure providers operate. When transferring data internationally, we ensure appropriate safeguards are in place:

Standard contractual clauses approved by relevant data protection authorities
Data processing agreements with all third-party processors
Compliance with cross-border data transfer requirements under the DPDP Act, 2023 and GDPR

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes:

The "Effective Date" at the top of this page will be updated
For material changes, we will notify you via email, in-app notification, or a prominent notice on our website before the changes take effect
Continued use of our services after the effective date of the updated policy constitutes acceptance of the changes

We encourage you to review this policy periodically.

12. Grievance Officer

In accordance with the Information Technology Act, 2000 and the DPDP Act, 2023, the designated Grievance Officer for Bhairav Labs is:

Grievance Officer
Bhairav Labs (OPC) Private Limited
10/13, Rajeswari Nagar, 2nd Cross Street
Madipakkam, Saidapet
Kancheepuram, India 600091

Email: contact@bhairav.ltd

We will acknowledge your complaint within 48 hours and resolve it within 30 days of receipt.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

Bhairav Labs (OPC) Private Limited
10/13, Rajeswari Nagar, 2nd Cross Street
Madipakkam, Saidapet
Kancheepuram, India 600091

Email: contact@bhairav.ltd
Website: bhairav.ltd