Privacy Policy
Effective 7 July 2026
This Privacy Policy explains how Vidyora ("Vidyora", "we", "us", "our") -- an app operated by Primesoft International -- collects, uses, shares, retains and protects your personal data when you use the Vidyora app and website. It also explains your privacy rights and how to exercise them, including how to delete your account and data.
Vidyora is an AI‑assisted reading and learning app. You read academic and reference books and chat with AI "mentor" agents that answer your questions using passages from those books (a technique called retrieval‑augmented generation, or RAG).
If you do not agree with this policy, please do not use Vidyora.
1. Who we are and how to contact us
- App / product: Vidyora
- Operator: Primesoft International
- Registered address: available on request
- Privacy contact / point of contact for inquiries: primsoftintel@gmail.com
- Governing jurisdiction: India
For the purposes of the EU/UK GDPR, we are the data controller for the personal data described here. Where required, our representative(s) and/or data protection contact are:
- EU/EEA representative (GDPR Art. 27): [EU/EEA ART. 27 REPRESENTATIVE -- name + address, if appointed]
- UK representative (UK GDPR Art. 27): [UK ART. 27 REPRESENTATIVE -- name + address, if appointed]
- Data protection / grievance officer: [DPO / GRIEVANCE OFFICER NAME + EMAIL, if appointed]
If no formal representative or officer is appointed, our privacy contact above handles all privacy requests.
2. A quick summary
- We collect the account details you give us (email, password, a display name), your learning preferences, the chat messages you send to AI mentors, your reading activity (which books you open and your page position, wishlist), and purchase records if you buy credits or a subscription.
- To answer your questions, we send your chat message and relevant book passages to third‑party AI providers and embedding providers. These providers process this data on our behalf and, per their terms we rely on, do not use it to train their models.
- Payments are processed by Razorpay. Vidyora never receives or stores your card, UPI or bank details -- Razorpay handles those directly.
- We do not sell your personal data, and we do not "share" it for cross‑context behavioural advertising as those terms are defined under US state privacy laws.
- You can delete your account and associated data at any time -- from inside the app, or by using our public deletion page at https://mentora-eta-khaki.vercel.app/legal/delete-account/ or by emailing primsoftintel@gmail.com.
- Vidyora is not directed to children (see Section 12).
3. The data we collect
We only collect what the app actually needs. We do not run third‑party advertising, and Vidyora does not include a third‑party analytics or crash‑reporting SDK.
3.1 Data you provide
| Data | Examples | Why we need it |
|---|---|---|
| Account identifiers | Email address; password (stored only as a secure one‑way hash -- never in plaintext); optional display name; a system‑generated user ID | Create and secure your account; sign you in |
| Learning preferences (persona) | Interests/topics you pick, your stated level and goal at onboarding | Personalise book and mentor recommendations |
| Chat content | The messages you type to AI mentors, and the AI's replies, stored as your conversation history | Provide the core chat feature and let you revisit past conversations |
| Reading activity | Books you open, your last page read, page count, wishlist entries | Save your reading progress; power "continue reading", wishlist and popularity features |
| Purchase requests | The plan or credit pack you choose | Start a checkout |
3.2 Data created as you use Vidyora
| Data | Examples | Why |
|---|---|---|
| Conversation & citation records | Conversation titles (derived from your first message), message ordering, and the book pages the AI cited | Maintain your chat history and show answer sources |
| Wallet & usage records | Credit balance, credit ledger entries, daily message counters, active subscription details | Enforce free/paid limits; run the credit system |
| Payment records | Razorpay order ID, payment ID, amount, currency (INR), what was purchased, paid/pending status | Confirm purchases, grant credits, keep required financial records. These records contain no card/UPI/bank numbers. |
| Session/security data | Hashed refresh tokens, token expiry/rotation state, and rate‑limiting signals such as IP‑based request counts | Keep you logged in securely; prevent abuse and fraud |
| Product analytics events | Append‑only events (e.g. sign‑up, login, chat, reading, payment) with an event type, timestamp, and your user ID | Understand aggregate usage and operate the service |
| Server logs | Standard request/error logs generated by our hosting/backend | Operate, secure and debug the service |
We do not knowingly collect your precise location, contacts, photos, calendar, browsing history, biometric data, or device advertising identifiers.
3.3 Sensitive information
Chat is free‑text, so you could type sensitive information (for example, about your health, beliefs or opinions). We do not ask for and do not want special‑category / sensitive personal data in chat. Please do not include it. Where such data is manifestly volunteered by you, we process it only to respond to your message and rely on your explicit act of providing it (GDPR Art. 9(2)(e)/explicit consent) as our basis.
4. How we use your data, and our legal bases
We use your data only for the purposes below, and we do not use it for materially different, undisclosed purposes.
| Purpose | Data used | Legal basis (GDPR / UK GDPR) |
|---|---|---|
| Create and run your account; provide the library and reader; save reading progress | Account identifiers, reading activity | Contract (Art. 6(1)(b)) |
| Provide AI mentor chat, including sending your message and relevant book passages to AI and embedding providers to generate cited answers | Chat content, persona | Contract (Art. 6(1)(b)) |
| Personalise recommendations | Persona, reading activity | Contract, or consent where you opt into personalisation (Art. 6(1)(a)) |
| Process payments, credits and subscriptions | Purchase requests, payment records, wallet/usage records | Contract (Art. 6(1)(b)) and legal obligation for tax/accounting (Art. 6(1)(c)) |
| Keep the service secure; prevent fraud, abuse and excessive use | Session/security data, usage counters, logs | Legitimate interests (Art. 6(1)(f)) -- securing our service; and legal obligation where applicable |
| Understand aggregate usage and improve the product | Product analytics events (tied to a user ID), logs | Legitimate interests (Art. 6(1)(f)) |
| Send you service/transactional messages (e.g. account, payment, security) | Account identifiers | Contract / legitimate interests |
| Send optional marketing (only if offered and you opt in) | Account identifiers | Consent (Art. 6(1)(a)), withdrawable at any time |
Where we rely on legitimate interests, we have weighed those interests against your rights and concluded they are not overridden; you may object at any time (see Section 11).
We do not use your personal data to train our own AI models. We rely on our AI and embedding providers not to train their models on the content we send them (see Section 6); this reliance is being confirmed against each provider's terms.
5. AI and RAG processing (how mentor answers are generated)
When you send a message to an AI mentor:
- Your message is turned into a numerical representation ("embedding") by an embedding provider so we can find relevant book passages.
- Your message, recent conversation context, and the retrieved book passages are sent to an AI language‑model provider, which generates the answer with citations back to the source pages.
- The answer and its cited sources are saved to your conversation history so you can revisit them.
Because these are third‑party services, your chat message and the relevant book text leave our servers and are processed by these providers for the sole purpose of producing your answer. They act as our processors / service providers. We rely on their terms to require that this content is not used to train their models and is retained by them only as needed to deliver the response and meet their legal obligations. Providers may perform limited automated safety/abuse checks as described in their own policies. The specific providers we use are listed in Section 6.
Mentor answers are AI‑generated and may be imperfect; they are for learning and information, not professional advice.
6. Who we share data with (service providers and third parties)
We do not sell your personal data and do not share it for cross‑context behavioural advertising. We disclose personal data only to the service providers below, who process it on our behalf under contract for the stated purposes:
AI language‑model providers (mentor chat) -- your message, recent context and retrieved book passages:
- established third-party large-language-model (AI) providers
We route requests across these providers for reliability; a given message is handled by whichever provider serves it.
Embedding providers (search/retrieval) -- your message text, to compute embeddings:
- established third-party search and embedding providers
Payments:
- Razorpay -- processes your payment and receives the payment details you enter directly with it. Vidyora receives only transaction metadata (IDs, amount, status), never your card/UPI/bank numbers.
Hosting, storage and delivery:
- Reputable third-party cloud infrastructure and database providers host the Vidyora app and securely store your account, chat, catalogue and related data.
- A content-delivery and security provider helps protect the service and deliver it quickly and reliably.
We may also disclose data (a) to comply with law, legal process or lawful requests; (b) to protect rights, safety and security or prevent fraud/abuse; or (c) in connection with a corporate transaction (merger, acquisition, or asset transfer), in which case we will require the recipient to honour this policy or notify you.
A current list of subprocessors is available on request from primsoftintel@gmail.com.
7. International data transfers
Vidyora and its service providers operate in multiple countries, so your data may be processed outside your country of residence, including outside the EEA, the UK and India.
Where we transfer personal data internationally, we use appropriate safeguards required by applicable law, such as the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum), or transfers to countries recognised as providing adequate protection. You may request more information about these safeguards using the contact details above.
8. Data retention
We keep personal data only as long as necessary for the purposes described, then delete or anonymise it:
- Account data (email, display name, persona): kept while your account is active; deleted when you delete your account (see Section 10).
- Chat history and reading activity: kept while your account is active; deleted with your account. You can also delete individual conversations in the app.
- Session/security data (hashed refresh tokens): short‑lived; expired and rotated tokens are cleared automatically.
- Payment and transaction records: retained after account deletion where we are legally required to keep them (for example, for tax, accounting and anti‑fraud purposes) for the period required by applicable tax, accounting and financial-regulation law, then deleted.
- Aggregate analytics events and logs: kept for a limited operational period; where retained longer they are aggregated/de‑identified so they no longer identify you.
Google Play permits retention of certain data after deletion "for legitimate reasons such as security, fraud prevention or regulatory compliance." Our only such retention is the payment/transaction records described above and any data we are legally compelled to keep.
9. How we protect your data
- Encryption in transit: all data moves over HTTPS/TLS.
- Passwords: stored only as a secure one‑way hash, never in plaintext.
- Session tokens: refresh tokens are stored hashed, are rotated on use, and reuse of a stolen token revokes the session.
- Payment integrity: prices are set server‑side (never by the client) and Razorpay payment signatures are cryptographically verified before any credit is granted.
- Access controls & abuse prevention: access to production data is restricted, and we apply rate limiting and validation to guard against abuse.
No method of transmission or storage is 100% secure, but we work to protect your data using appropriate technical and organisational measures.
10. Account and data deletion
You can delete your Vidyora account and its associated data at any time, in either of two ways:
A. In the app (in‑app path) Open Settings -> Account -> Delete account and confirm. This deletes your account and associated data as described below.
B. Without opening the app (web request) If you have uninstalled Vidyora or cannot sign in, visit our public deletion page: https://mentora-eta-khaki.vercel.app/legal/delete-account/ or email primsoftintel@gmail.com with the subject "Delete my account" from the email address on your account. This page clearly identifies Vidyora / Primesoft International and lets you request deletion without being sent back into the app. We will verify the request (to protect your account) and action it.
What is deleted: your account (email, display name, user ID), your learning preferences, your chat conversations and messages, your reading activity and wishlist, and your credit/wallet balances.
What is retained, and why: we retain payment and transaction records for the period stated in Section 8 where required by tax, accounting, and fraud‑prevention laws, and any data we are legally required to keep. Retained records are kept secure and used only for those purposes. If you ask us to delete only some data while keeping your account, we will do so where feasible and tell you what we could not delete and why.
We action verified deletion requests without undue delay and, where legally required, within the timeframes set by applicable law.
11. Your privacy rights
Depending on where you live, you have some or all of the following rights. We honour these rights globally where practicable.
11.1 Everyone
You can access, correct, or delete your account data using the in‑app tools or by contacting us. You can update your display name and preferences in the app.
11.2 EEA / UK (GDPR & UK GDPR)
You have the right to: access; rectification; erasure ("right to be forgotten"); restriction of processing; data portability; object to processing based on legitimate interests or to direct marketing; and to withdraw consent at any time (without affecting prior processing). Where decisions are automated with legal/similarly significant effects, you have rights around that -- Vidyora does not make such decisions about you. You also have the right to lodge a complaint with your local supervisory authority (for our home jurisdiction, [SUPERVISORY AUTHORITY FOR THE ENTITY'S HOME COUNTRY]), though we hope you'll contact us first.
11.3 California (CCPA/CPRA) and other US states
You have the right to know/access, delete, and correct your personal information, and to data portability. You also have the right to opt out of "sale" or "sharing" of personal information and to limit the use of sensitive personal information -- however, we do not sell or share your personal information and do not use sensitive personal information for purposes requiring an opt‑out. We will not discriminate against you for exercising your rights. You may use an authorised agent to submit requests.
11.4 India (DPDP Act, 2023)
As a Data Principal you have the right to access a summary of your personal data and its processing, to correction and erasure, to grievance redressal, and to nominate another person to exercise your rights in the event of death or incapacity. Please direct grievances to our contact (or the grievance officer, if appointed, listed in Section 1). We process your personal data based on your consent or the legitimate uses permitted under the Act.
11.5 How to exercise your rights
Email primsoftintel@gmail.com or use the in‑app tools and the deletion page at https://mentora-eta-khaki.vercel.app/legal/delete-account/. We will verify your identity before acting and respond within the timeframe required by the applicable law.
12. Children
Vidyora is intended for a general/adult audience and is not directed to children. You must be at least 13 years old (or the minimum age of digital consent in your country -- for example, 16 in some EEA countries) to use Vidyora, and if you are under the age of majority you should use it only with a parent or guardian's involvement.
Vidyora is declared as not designed for children and is not part of Google Play's Designed for Families program. We do not knowingly collect personal data from children under 13. If you believe a child has provided us personal data, contact primsoftintel@gmail.com and we will delete it.
13. Cookies, local storage and similar technologies
Vidyora uses essential local storage and cookies to keep you signed in (for example, storing your session tokens on your device) and to remember basic app state. These are necessary for the app to function. We do not use third‑party advertising cookies or cross‑site tracking. Where local law requires consent for non‑essential storage, we will ask for it before using any such technology.
14. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date above and, where appropriate, notify you in the app or by email. The current version is always available at https://mentora-eta-khaki.vercel.app/legal/privacy/ and is linked inside the app. Your continued use of Vidyora after an update means you accept the revised policy, to the extent permitted by law.
15. Contact us
Questions, requests or complaints about privacy:
- Email: primsoftintel@gmail.com
- Operator: Primesoft International
- Address: available on request
- Account/data deletion: https://mentora-eta-khaki.vercel.app/legal/delete-account/
We will do our best to resolve your concern. If you are in the EEA/UK or India and are unsatisfied, you may also contact your local data protection authority.