Sankalp

Sankalp Privacy Policy

Last updated: 2026-07-15

Sankalp is a devotional companion published by Hellovibe Edtech Pvt Ltd, a company registered in India. We are the data controller (under the GDPR) and the data fiduciary (under India's Digital Personal Data Protection Act, 2023) for the personal data described here. This policy explains what we hold, why, and how you can get rid of it.

The short version: Sankalp works fully offline, and collects nothing at all unless you choose to sign in or write to us. If you sign in, we hold your account details and the practice records you sync. If you write to us, we hold your message. That is the whole list. We run no analytics, serve no ads, embed no third-party trackers, and never sell or share your data.

Using Sankalp without an account

Signing in is optional and always skippable. If you use Sankalp without an account, your deities, japa counts, journal reflections, fasting records, streaks, and settings stay on your device and are never transmitted to us. We receive nothing — not even an anonymous ping — unless you deliberately write to us, which is covered below.

Two things stay on your device even when you are signed in. Darshan Lock uses Apple's Screen Time (Family Controls), and the tokens representing the apps you choose to rest are device-bound by Apple's design — we cannot read which apps you picked, and that selection is never synced. Panchang timings need an approximate location to be correct for your sky, so if you grant location access the app requests a coarse, roughly city-level fix and uses it on-device only; it is never sent to our servers.

What we collect when you sign in

You can sign in with Apple, with Google, or with your phone number. Whichever you choose, we receive and store an account identifier for you: your email address (Apple or Google), your phone number (one-time-code sign-in), your name if the provider supplies one, and a user ID we generate. Sign in with Apple lets you hide your real email address, and Sankalp works normally if you do.

Once you are signed in, your practice records sync so they survive a lost phone and reach your other devices. That means: your chosen deities, your onboarding profile (the name you enter, your region, the goals you pick, the rough hours you said you spend on your phone, and the deity of your sankalp vow), your fasting plans and logs, the free-text reflections you write in your journal, your japa counts, and your darshan records — each stamped with the day it happened.

We do not collect device identifiers for advertising, contacts, photos, health data, precise location, or usage analytics. Sankalp contains no advertising SDK and no analytics SDK.

When you write to us

If you send us feedback — from the form in the app, or the one on this site — we store your message, the topic you picked, and any contact detail you chose to give, so that we can answer you and fix what you told us about. You don't need an account to write to us, and you don't have to leave a contact detail unless you'd like a reply.

We keep messages while we work through them and for a reasonable period after, because a bug report is often still useful months later. If you were signed in when you wrote, your message is tied to your account and is deleted along with it. If you wrote to us without an account, tell us and we'll delete your message — but do include enough for us to find it, since an anonymous message has nothing linking it to you.

Your religious data, and why we ask for consent

The records above reveal your religious beliefs and practice. Under the GDPR that is special-category data (Article 9); under the DPDP Act it is personal data deserving particular care. We treat it that way.

Our lawful basis is your explicit consent, given when you choose to sign in and sync — which is why sync is opt-in rather than the default, and why the app is fully usable without it. You can withdraw that consent at any time by signing out (which stops further syncing) or by deleting your account (which removes what we hold). Withdrawing does not affect processing that already happened, and it never costs you access to the app.

What we use it for

We use your account identifier to sign you in and to keep your records separate from everyone else's. We use your synced records to give them back to you — restoring your practice on a new device, keeping your streaks honest across devices, and personalising what the app shows you, such as ranking the deity library by your region and surfacing your chosen Gods.

That is the entire list. We do not profile you, make automated decisions about you, use your data to train models, or send it anywhere for marketing.

Who else processes it

We keep the chain short. Supabase hosts our database and authentication, and stores your account and synced records on our behalf under their data processing terms. Apple and Google act as identity providers when you use their sign-in buttons — they tell us who you are, and we tell them nothing about your practice. If you sign in by phone, Supabase's SMS provider delivers your one-time code. Apple also processes your data as the App Store operator and, for Screen Time, entirely on your own device.

None of these are given the right to use your data for their own purposes. We have no other sub-processors, and we do not sell or share personal data with anyone.

Our servers may sit outside India and outside the EEA, so signing in involves transferring your data across borders. Where the GDPR applies, such transfers rely on the European Commission's standard contractual clauses; where the DPDP Act applies, transfers go only to countries the Indian government has not restricted.

How long we keep it

We keep your account and synced records for as long as your account exists, because their purpose is to still be there when you come back. There is no automatic expiry — a fast you kept three years ago is part of your practice, not stale data.

When you delete your account, we delete your records from our live database immediately; the app deletes its local copy on that device at the same time. Residual copies can persist in encrypted backups for a short period before being overwritten in the ordinary course. If you never sign in, there is nothing for us to keep or delete.

Your rights

You can ask us for a copy of what we hold about you, correct anything wrong, delete it, get it in a portable form, ask us to restrict or object to how we use it, and withdraw your consent. These rights come from the GDPR if you are in the EEA or UK and from the DPDP Act if you are in India; we honour them for everyone regardless of where you live, because drawing that line would be petty.

The fastest route to deletion is in the app: open Account and tap Delete account. It removes your account and every record we hold for you, on every device, straight away — no email, no waiting. For anything else, write to us and we will respond within 30 days.

If we get it wrong, please tell us first — our Grievance Officer is named below and will answer you. You also have the right to complain to a regulator without coming to us at all: the Data Protection Board of India, or your local supervisory authority if you are in the EEA or UK.

Children

Sankalp is not directed at children, and we do not knowingly hold data about anyone under 18. Under the DPDP Act, processing a child's data needs verifiable parental consent, which we are not set up to obtain. If you believe a child has signed in, write to us and we will delete the account.

Security

Your data travels over encrypted connections and is encrypted at rest by our host. Every table is protected by row-level security, so your records can only ever be read by your own signed-in session — the key shipped inside the app cannot reach another person's rows. No system is perfect, and we will not pretend otherwise, but a small surface with no trackers is the strongest privacy measure we have.

Changes

If we change what we collect, we will update this page and its date, and tell you in the app when the change is material. Where the change needs your consent, we will ask before it takes effect rather than assume.

Contact

For questions or requests about your data, write to hello@hellovibe.in and a real person will read it.

If you want to raise a grievance formally, our Grievance Officer under the DPDP Act is Sai Krishna Korukanti, Director of Hellovibe Edtech Pvt Ltd — crishna@hellovibe.in.

Postal address: Hellovibe Edtech Pvt Ltd, 104, Kamala Baghya Nilayam, Jyothinagar, Karimnagar, Telangana, India.