Privacy Policy for Winter

Last Updated: December 5, 2025

Introduction

Winter ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.

By using Winter, you agree to the collection and use of information in accordance with this policy.

Information We Collect

1. Personal Information

When you create an account or use our services, we may collect:

2. Payment Information

When you make purchases or transactions through our app, we collect:

Note: We do not store your complete credit card or debit card numbers. All payment card data is securely handled by Razorpay in compliance with PCI DSS standards.

3. Images and Media

4. Device Information

5. Technical Information

6. Communication and Notification Data

How We Use Your Information

We use the collected information for the following purposes:

1. Service Delivery

2. Service Improvement

3. Communication

4. Security and Fraud Prevention

Data Storage and Processing

Cloud Storage

Database Storage

Payment Processing

Local Storage

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

1. Service Providers

These providers are contractually obligated to protect your data.

2. Payment Processing

3. Legal Requirements

We may disclose your information if required to do so by law or in response to:

4. Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections.

Your Rights and Choices

1. Access and Control

2. Permissions Management

You can manage app permissions through your device settings:

Note on SMS/Phone Permissions:

3. Payment Data Rights

4. Account Deletion

To delete your account:

  1. Contact us at support@winterapp.com
  2. We will process your request within 30 days
  3. Payment transaction records may be retained for legal and compliance purposes (typically 7 years as required by financial regulations)
  4. Some data may be retained for legitimate business purposes

Data Retention

Security Measures

We implement appropriate technical and organizational security measures:

However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

Children's Privacy

Winter is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately, and we will take steps to delete such information.

Third-Party Services

Our app uses the following third-party services:

Cloudinary

MongoDB Atlas

Razorpay

SMS Service Provider

Push Notification Services (e.g., Firebase Cloud Messaging)

We are not responsible for the privacy practices of these third-party services. We encourage you to review their privacy policies.

SMS and Phone Communication

OTP Verification

Phone Number Usage

Payment-Related Communications

Push Notifications

Types of Notifications

We may send push notifications for:

Managing Notifications

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from your jurisdiction. We take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy.

All data is processed and stored securely on servers located at https://codebinary.in and through our third-party service providers who maintain data centers in compliance with international security standards.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be reflected by updating the "Last Updated" date at the top of this policy. We will notify you of significant changes through:

Your continued use of Winter after changes are posted constitutes acceptance of the updated policy.

Do Not Track Signals

We do not currently respond to Do Not Track (DNT) signals from web browsers or mobile operating systems.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

We do not sell personal information.

GDPR Compliance (EU Users)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For data protection inquiries, please include "Privacy Policy" in the subject line.
For payment-related inquiries, please include "Payment" in the subject line.

Consent

By using Winter, you consent to this Privacy Policy and agree to its terms.