Privacy Policy for Winter

Introduction

Winter ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.

By using Winter, you agree to the collection and use of information in accordance with this policy.

Information We Collect

1. Personal Information

When you create an account or use our services, we may collect:

• Authentication Information: Email address or phone number used for account registration and login
• Phone Number: For SMS-based one-time password (OTP) verification during registration and login
• Account Credentials: Encrypted passwords for account security
• User Profile Data: Any information you provide when setting up or updating your profile

2. Payment Information

When you make purchases or transactions through our app, we collect:

• Payment Details: Payment information processed securely through Razorpay, our third-party payment processor
• Transaction Information: Order details, transaction amounts, timestamps, and payment status
• Billing Information: Information required to process payments and comply with tax regulations

Note: We do not store your complete credit card or debit card numbers. All payment card data is securely handled by Razorpay in compliance with PCI DSS standards.

3. Images and Media

• Photos and Images: Images you upload, process, or create using our template features
• Camera Access: Photos taken directly through the app using your device's camera
• Gallery Access: Images selected from your device's photo library

4. Device Information

• Device Identifiers: Device type, operating system version, and unique device identifiers
• Network Information: Network status and connection type
• App Usage Data: Features used, processing history, and interaction patterns

5. Technical Information

• Job Processing Data: Information about image processing requests, including job status, timestamps, and processing parameters
• Error Logs: Technical data about app crashes or errors to improve service quality

6. Communication and Notification Data

• Push Notification Tokens: Device tokens to send you push notifications
• Notification Preferences: Your choices regarding notification types and frequency
• SMS Messages: We may send SMS messages to your phone number for OTP verification during account authentication

How We Use Your Information

We use the collected information for the following purposes:

1. Service Delivery

• Process and edit your images using our templates
• Manage your user account and authentication
• Verify your identity through SMS-based OTP (one-time password) codes
• Process payments and transactions securely through Razorpay
• Send push notifications about image processing status, updates, and app features
• Deliver processed images and content to you
• Provide customer support for payment-related inquiries

2. Service Improvement

• Analyze usage patterns to improve app functionality
• Debug and fix technical issues
• Develop new features and enhance existing ones
• Optimize payment processing and checkout experience

3. Communication

• Send SMS messages with one-time passwords (OTPs) for account verification
• Deliver push notifications about completed image processing, new features, and important updates
• Send service-related notifications and alerts
• Send payment confirmations, receipts, and transaction updates
• Respond to your inquiries and support requests
• Provide updates about the service (if you've opted in)

4. Security and Fraud Prevention

• Protect against unauthorized access and abuse
• Verify user identity and prevent fraud
• Detect and prevent fraudulent transactions and payment abuse
• Maintain system security and integrity
• Comply with legal and regulatory requirements

Data Storage and Processing

Cloud Storage

• Images and templates are stored on Cloudinary, a third-party cloud storage service
• Processed images are temporarily stored during the processing workflow
• We implement industry-standard security measures to protect your data

Database Storage

• User account information is stored in MongoDB databases
• Authentication tokens are securely encrypted
• Personal information is protected using bcrypt encryption
• Payment transaction records are stored securely in compliance with financial regulations

Payment Processing

• All payment transactions are processed through Razorpay's secure payment gateway
• Payment card data is encrypted and handled according to PCI DSS standards
• We do not have access to your complete payment card details
• Transaction data is stored on secure servers at https://codebinary.in

Local Storage

• Some data may be cached locally on your device for performance
• You can clear local data through your device settings

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

1. Service Providers

• Cloudinary: For image storage and delivery
• MongoDB Atlas: For secure database hosting
• Razorpay: For payment processing and transaction management
• SMS Service Provider: Third-party SMS gateway services for delivering OTP verification codes to your phone
• Push Notification Services: Services like Firebase Cloud Messaging (FCM) for delivering push notifications
• Server Infrastructure: https://codebinary.in for hosting our backend services

These providers are contractually obligated to protect your data.

2. Payment Processing

• Transaction Data: Shared with Razorpay to process payments, prevent fraud, and comply with financial regulations
• Financial Institutions: Payment information may be shared with banks and payment networks as required to complete transactions
• Tax Authorities: Transaction information may be shared as required by tax laws and regulations

3. Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal processes (court orders, subpoenas)
• Requests from law enforcement or government authorities
• Protection of our rights, property, or safety
• Prevention of fraud or illegal activities

4. Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections.

Your Rights and Choices

1. Access and Control

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and associated data
• Portability: Request your data in a portable format
• Transaction History: View your payment and purchase history within the app

2. Permissions Management

You can manage app permissions through your device settings:

• Camera: Control access to your device camera
• Photo Library: Manage access to your photos
• Notifications: Enable or disable push notifications at any time
• Phone/SMS: Required for receiving OTP verification codes during authentication
• Internet Access: Required for core app functionality

Note on SMS/Phone Permissions:

• We only use SMS for sending one-time password (OTP) codes for account verification
• We do not read your SMS messages or access your call logs
• Standard SMS rates from your carrier may apply
• You can opt out of SMS verification by using email-based authentication instead

3. Payment Data Rights

• View Transaction History: Access your complete payment and purchase history
• Request Refunds: Contact support for refund requests according to our refund policy
• Update Payment Methods: Add, remove, or update payment methods
• Download Receipts: Access and download transaction receipts and invoices

4. Account Deletion

To delete your account:

1. Contact us at support@winterapp.com
2. We will process your request within 30 days
3. Payment transaction records may be retained for legal and compliance purposes (typically 7 years as required by financial regulations)
4. Some data may be retained for legitimate business purposes

Data Retention

• Active Accounts: Data is retained while your account is active
• Processed Images: Temporary processing data is deleted after 24-48 hours
• SMS/OTP Logs: OTP verification logs are retained for security purposes for up to 90 days
• Notification Data: Push notification history is retained for up to 30 days
• Payment Records: Transaction data is retained for 7 years to comply with financial regulations and tax laws
• Deleted Accounts: Personal data is permanently deleted within 30 days of account deletion, except for payment records required by law
• Legal Requirements: Some data may be retained longer to comply with legal obligations

Security Measures

We implement appropriate technical and organizational security measures:

• Encryption: Passwords and sensitive data are encrypted
• Secure Transmission: HTTPS/TLS encryption for data in transit
• Payment Security: PCI DSS compliant payment processing through Razorpay
• Access Controls: Limited access to personal information
• Regular Audits: Periodic security assessments and updates
• Secure APIs: JWT-based authentication for API access
• Fraud Detection: Automated systems to detect and prevent fraudulent transactions
• Secure Servers: Data hosted on secure servers at https://codebinary.in

However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

Children's Privacy

Winter is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately, and we will take steps to delete such information.

Third-Party Services

Our app uses the following third-party services:

Cloudinary

• Purpose: Image storage and content delivery
• Privacy Policy: https://cloudinary.com/privacy

MongoDB Atlas

• Purpose: Database hosting
• Privacy Policy: https://www.mongodb.com/legal/privacy-policy

Razorpay

• Purpose: Payment processing and transaction management
• Data Shared: Payment information, transaction details, contact information
• Security: PCI DSS Level 1 certified payment gateway
• Privacy Policy: https://razorpay.com/privacy/

SMS Service Provider

• Purpose: Sending OTP verification codes via SMS
• Data Shared: Phone numbers only for the purpose of delivering authentication codes

Push Notification Services (e.g., Firebase Cloud Messaging)

• Purpose: Delivering push notifications to your device
• Data Shared: Device tokens and notification content
• Privacy Policy: https://firebase.google.com/support/privacy

We are not responsible for the privacy practices of these third-party services. We encourage you to review their privacy policies.

SMS and Phone Communication

OTP Verification

• Purpose: We use SMS to send one-time passwords (OTP) for secure account authentication
• Frequency: OTPs are sent only when you request to log in or verify your account
• Opt-Out: You may choose email-based authentication instead of SMS
• Carrier Charges: Standard message and data rates from your mobile carrier may apply
• Content: SMS messages contain only verification codes and basic service information

Phone Number Usage

• No Unsolicited Calls: We do not make unsolicited marketing or promotional phone calls
• Verification Only: Phone numbers are used solely for OTP delivery and account security
• No Sharing: We do not share your phone number with third parties for marketing purposes

Payment-Related Communications

• Transaction Notifications: We may send SMS notifications about payment confirmations and transaction status
• Payment Reminders: Notifications about pending payments or failed transactions (if applicable)
• Opt-Out: You can manage payment notification preferences in app settings

Push Notifications

Types of Notifications

We may send push notifications for:

• Image Processing: Alerts when your image processing is complete
• Payment Confirmations: Notifications about successful payments and transaction receipts
• Account Activity: Security alerts and account-related updates
• Feature Updates: Information about new features and improvements (optional)
• Service Announcements: Important service-related communications

Managing Notifications

• You can enable or disable push notifications at any time through your device settings
• You can customize notification preferences within the app settings
• Disabling notifications will not affect core app functionality
• Critical security and payment notifications may still be sent even if optional notifications are disabled

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from your jurisdiction. We take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy.

All data is processed and stored securely on servers located at https://codebinary.in and through our third-party service providers who maintain data centers in compliance with international security standards.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be reflected by updating the "Last Updated" date at the top of this policy. We will notify you of significant changes through:

• In-app notifications
• Email notifications (if applicable)
• Prominent notice on our website or app

Your continued use of Winter after changes are posted constitutes acceptance of the updated policy.

Do Not Track Signals

We do not currently respond to Do Not Track (DNT) signals from web browsers or mobile operating systems.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of the sale of personal information
• Right to deletion of personal information
• Right to non-discrimination for exercising your rights

We do not sell personal information.

GDPR Compliance (EU Users)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Legal Basis: We process your data based on consent, contractual necessity, and legitimate interests
• Data Protection Officer: Contact information available upon request
• Right to Object: Object to processing based on legitimate interests
• Right to Lodge a Complaint: File a complaint with your local data protection authority

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: support@winterapp.com
• Website: https://codebinary.in
• Address: [Your Company Address]
• Phone: [Your Contact Number]

For data protection inquiries, please include "Privacy Policy" in the subject line.
For payment-related inquiries, please include "Payment" in the subject line.

Consent

By using Winter, you consent to this Privacy Policy and agree to its terms.