Last Updated: October 11, 2025
Effective Date: [Date]
This Privacy Policy describes how Lytortech Private Limited ("we", "us", "our", "Company") collects, uses, stores, and protects your personal data when you use the Notivibe mobile application ("App", "Service"). This policy complies with India's Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable regulations.
1.1 Our Commitment
We are committed to protecting your privacy and handling your personal data transparently, securely, and in compliance with applicable laws.
1.2 Who This Policy Applies To
All Notivibe users (Senders and Receivers)
Parents/guardians managing child accounts
Children under 18 using the App with parental consent
1.3 Data Controller
Lytortech Private Limited is the Data Fiduciary (data controller) responsible for your personal data.
We process your personal data under the following legal bases:
2.1 Consent
You provide explicit consent during account creation and app permissions
For children under 18: Verifiable parental consent is obtained
Consent is freely given, specific, informed, and unambiguous
You may withdraw consent at any time
2.2 Contractual Necessity
Processing necessary to provide services under our Terms and Conditions
Account management, authentication, and service delivery
2.3 Legal Obligations
Compliance with Indian laws and regulations
Tax, accounting, and statutory record-keeping
2.4 Legitimate Interests
Fraud prevention and security
Service improvement and analytics
Customer support and communications
3.1 Information You Provide Directly
Account Registration Data:
Full name
Email address
Phone number
Profile picture (optional)
Age/Date of birth (for age verification)
Parent/guardian details (for child accounts)
Verification Documents (for parental consent):
Aadhaar details or Aadhaar virtual token
DigiLocker credentials
Other government-issued ID (as required)
Payment Information:
Processed securely through Razorpay (we do not store card details)
Billing address and transaction history
3.2 Data Collected Automatically
Location Data:
Precise GPS coordinates (latitude, longitude)
Accuracy level (in meters)
Timestamp of each location update
Geocoded address (street, city, state, postal code)
Location provider (GPS, network, fused)
When Collected:
Every 30 minutes when location sharing is enabled
When the app is in the foreground or background (requires background location permission)
Continuously if configured for real-time tracking
Location Sharing Control:
You can enable/disable location sharing at any time
Location history is automatically deleted after 7 days
Notification Data:
App name (e.g., WhatsApp, Instagram)
Notification title and content
Timestamp of notification
Sender app package name
Notification priority and category
When Collected:
When a monitored app generates a notification
Requires Notification Listener Service permission
App Usage Data:
List of installed applications
App usage duration (screen time per app)
App open/close timestamps
App categories (social, productivity, games, etc.)
Screen-on time and device usage patterns
When Collected:
Every 30 minutes when app tracking is enabled
Requires Usage Access permission
Device Information:
Device model, manufacturer, and OS version
Unique device identifiers (Android ID, Firebase Installation ID)
Device language and timezone
Battery level and charging status
Network type (WiFi, mobile data)
App Interaction Data:
Login/logout timestamps
Features used within the app
Settings and preferences
Error logs and crash reports
3.3 Data from Third-Party Sources
Firebase Services (Google):
Authentication tokens
Anonymous analytics
Crash reports
Google Maps:
Geocoding results (address from coordinates)
4.1 Primary Service Functions
Notification Sharing:
Capture and relay notifications from Sender to Receiver
Display notification content, app source, and timestamps
Maintain notification history for 30 days
Location Tracking:
Provide real-time location of Sender to authorized Receivers
Display location on maps with address details
Store location history for 7 days for route tracking
Send location update notifications to Receivers
App Usage Monitoring:
Track and report app usage duration
Generate screen time summaries
Identify potentially harmful apps (parental control feature)
Provide usage reports to authorized Receivers
4.2 Account and Service Management
Create and authenticate user accounts
Verify parental consent for child users
Process Share Code connections
Manage subscriptions and payments
Provide customer support
4.3 Security and Fraud Prevention
Detect and prevent unauthorized access
Identify suspicious activity or Terms violations
Protect against abuse and harassment
Enforce Terms and Conditions
4.4 Service Improvement
Analyze usage patterns (anonymized)
Identify bugs and performance issues
Develop new features
Conduct A/B testing
4.5 Communications
Send service-related notifications (essential)
Notify about policy changes
Provide customer support responses
Marketing communications (opt-in only)
5.1 Within the App (Authorized Sharing)
Sender to Receiver:
Notifications, location, and app usage data shared ONLY with connected Receivers via valid Share Code
Senders control what data is shared through app settings
Receiver Access:
Receivers can view shared data from connected Senders
No access to data from users without established Share Code connection
5.2 Third-Party Service Providers
We share data with trusted service providers who process data on our behalf:
Firebase (Google LLC):
Purpose: Authentication, database, analytics, crash reporting
Data: Account details, device info, usage analytics
Location: Data stored in Google Cloud servers (India/Singapore region)
Privacy Policy:
Google Maps Platform:
Purpose: Geocoding (convert coordinates to addresses)
Data: GPS coordinates
Privacy Policy:
Razorpay:
Purpose: Payment processing
Data: Billing information, transaction details
Location: India
Privacy Policy:
5.3 Legal and Regulatory Disclosures
We may disclose your data when required by law:
Court orders, subpoenas, or legal processes
Government authorities (police, regulatory bodies)
Tax authorities
Data Protection Board of India
5.4 Business Transfers
In case of merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. You will be notified 30 days prior.
5.5 We DO NOT:
Sell your personal data to third parties
Share data with advertisers
Use data for targeted advertising
Share data with data brokers
6.1 Retention Periods
Data Type
Retention Period
Account data
Until account deletion or 3 years of inactivity
Location data
7 days (auto-deleted)
Notification history
30 days (auto-deleted)
App usage data
30 days (auto-deleted)
Payment records
7 years (tax compliance)
Support tickets
3 years
Audit logs
1 year
6.2 Deletion Process
Automated deletion occurs on schedule
Manual deletion available through account settings
Permanent deletion within 30 days of account closure
Backup copies deleted within 90 days
6.3 Legal Hold
Data required for ongoing legal proceedings or investigations may be retained longer.
7.1 Verifiable Parental Consent
For users under 18 years of age:
We require verifiable consent from parents/legal guardians
Consent obtained through government-authorized mechanisms (Aadhaar, DigiLocker)
Parents must verify their identity and age
Virtual tokens or physical documents may be required
7.2 Parental Rights
Parents/guardians have the right to:
Access all data collected from their child's account
Request data corrections or updates
Withdraw consent at any time
Request data deletion (with 48-hour notice before deletion)
Export data in machine-readable format (JSON, CSV)
Review data processing activities
7.3 Prohibited Activities for Children
We do NOT:
Track children for behavioral advertising
Use children's data for targeted marketing
Engage in behavioral profiling of children
Process data in ways detrimental to child well-being
7.4 Data Minimization for Children
We collect only data necessary for service provision
No unnecessary data collection or processing
Regular audits to ensure minimal data collection
7.5 Age Verification
Self-declaration during registration
Verification through parental authentication
Immediate account suspension if age misrepresentation detected
Under India's DPDP Act 2023, you have the following rights:
8.1 Right to Access
Request confirmation of data processing
Obtain copies of your personal data
Receive data in machine-readable format (JSON, CSV)
Response within 15 days
8.2 Right to Correction
Request correction of inaccurate data
Update incomplete data
Response within 7 days
8.3 Right to Erasure
Request deletion of your data
Delete account and all associated data
Exceptions: Legal obligations, ongoing disputes
8.4 Right to Data Portability
Export your data to another service
Provided in structured, commonly-used format
8.5 Right to Withdraw Consent
Withdraw consent at any time through app settings
Data processing ceases within 48 hours
Service may be affected or terminated
8.6 Right to Nominate
Nominate another person to exercise your rights in case of death or incapacity
8.7 Right to Grievance Redressal
File complaints with our Data Protection Officer
Escalate to Data Protection Board of India
How to Exercise Rights:
Email: [dpo-email]
In-app: Settings → Privacy → Data Rights
Written request to registered office address
9.1 Technical Safeguards
Encryption:
Data in transit: TLS 1.3 encryption
Data at rest: AES-256 encryption
End-to-end encryption for sensitive fields
Access Controls:
Role-based access control (RBAC)
Multi-factor authentication (MFA)
Principle of least privilege
Infrastructure Security:
Firewalls and intrusion detection systems
Regular security audits and penetration testing
Secure API authentication (OAuth 2.0, JWT tokens)
Firebase Security Rules enforcement
9.2 Organizational Safeguards
Employee background checks
Confidentiality agreements (NDAs)
Security training for all staff
Incident response plan
9.3 Data Breach Response
In case of a data breach:
Internal team notified immediately
Breach assessment and containment (within 24 hours)
Affected users notified (within 72 hours)
Data Protection Board notification (as required)
Detailed breach report provided to affected users
Breach Notification Includes:
Nature of the breach
Data affected
Potential consequences
Remedial measures taken
Contact information for queries
10.1 Data Localization
Primary data stored in India (Firebase Mumbai region)
Critical personal data (as defined by government) NOT transferred outside India
Traffic data and flow metadata remains in India
10.2 Cross-Border Transfers
Google Cloud infrastructure may process data in Singapore region (Asia-Pacific)
Transfers comply with DPDP Act requirements
Adequate safeguards through Standard Contractual Clauses (SCCs)
11.1 What We Use
Session Cookies: Authentication and session management
Analytics Cookies: Firebase Analytics (anonymized)
Functional Cookies: User preferences and settings
11.2 Third-Party Cookies
Google Firebase Analytics
Can be disabled in device settings
11.3 Do Not Track
We honor Do Not Track signals where technically feasible.
12.1 Opt-In
Marketing emails require explicit opt-in consent
Promotional notifications (in-app) can be disabled
12.2 Opt-Out
Unsubscribe link in every marketing email
Settings → Notifications → Disable marketing
12.3 Essential Communications
Service updates, security alerts cannot be opted out
Required for account security and service delivery
13.1 Updates
We may update this policy to reflect legal, operational, or service changes
Material changes notified via email and in-app notification (30 days' notice)
13.2 Acceptance
Continued use after changes constitutes acceptance
You may delete your account if you disagree with changes
13.3 Version History
Available at: [app website]/privacy-policy/history
14.1 Data Protection Officer
Email: [dpo-email]
Phone: [dpo-phone]
Address: Lytortech Private Limited, [full address], Telangana, India
14.2 Grievance Redressal
Submit complaints to DPO (response within 15 days)
If unresolved, escalate to Data Protection Board of India:
14.3 General Inquiries
Email: [support-email]
Phone: [support-phone]
Last Updated: October 11, 2025
This Child Safety Policy outlines our commitment to protecting children under 18 years of age who use Notivibe with parental consent. This policy is designed to comply with India's Digital Personal Data Protection Act, 2023, and international best practices.
1.1 Our Mission
Notivibe is designed to help parents monitor and protect their children in the digital world. We are committed to:
Safeguarding children's privacy and data
Preventing misuse of monitoring features
Ensuring data processing is in the child's best interest
Transparency with parents and children
1.2 Scope
This policy applies to all users under 18 years of age using Notivibe.
2.1 Who Needs Consent
All users under 18 years must have verifiable parental/guardian consent
No exceptions for older teenagers (17 years)
2.2 Verification Process
Step 1: Parent Registration
Parent creates account using their own credentials
Parent verifies identity through:
Aadhaar authentication
DigiLocker virtual token
Government-issued photo ID + selfie verification
Step 2: Child Account Creation
Parent creates child profile linked to parent account
Child's age verified through birth certificate or school ID
Parent explicitly consents to data collection
Step 3: Consent Confirmation
Parent reviews all data collection practices
Explicit checkboxes for each data category:
Notification sharing
Location tracking
App usage monitoring
Parent acknowledges understanding of:
What data is collected
How data is used
How to withdraw consent
Child's rights
2.3 Consent Documentation
All consent records stored securely
Timestamp and IP address logged
Available for parent review at any time
Retained until child turns 18 + 3 years (legal compliance)
3.1 Data Minimization Principle
We collect ONLY data necessary for the service:
Essential Data:
Child's first name (not full name)
Age/grade level
Device identifier (for tracking)
Monitoring Data (with parental consent):
Location updates (every 30 minutes)
App notifications (from parent-selected apps)
App usage duration and patterns
Data We NEVER Collect from Children:
Biometric data
Financial information
Sensitive health data
Social security or Aadhaar numbers
Passwords or authentication credentials (beyond Firebase)
3.2 Purpose Limitation
Children's data used ONLY for:
Providing monitoring services to parents
Ensuring child safety
Service improvement (anonymized)
3.3 Prohibited Uses
We NEVER:
Use children's data for behavioral advertising
Create marketing profiles of children
Sell children's data to third parties
Engage in behavioral tracking beyond parental monitoring
Process data in ways detrimental to child well-being
Share data with advertisers or data brokers
4.1 Age-Appropriate Notifications
Children receive clear, simple notifications when:
Location tracking is active (persistent notification)
App usage monitoring is enabled
A new notification is shared with parent
Parent accesses their data
4.2 Child-Friendly Explanations
In-app guide explaining monitoring in simple language
Visual indicators (icon in notification tray) showing active tracking
No hidden or deceptive monitoring
4.3 Child's Right to Know
Children have the right to understand what data is collected
Parents encouraged to discuss monitoring with children
Educational resources provided to parents
5.1 Access Rights
Parents can access:
All data collected from child's device
Location history (7 days)
Notification history (30 days)
App usage reports (30 days)
Account activity logs
Access Methods:
Real-time dashboard in parent app
Email reports (daily/weekly)
Data export (JSON, CSV, PDF)
5.2 Control Rights
Parents can:
Enable/disable each monitoring feature independently
Select which apps to monitor
Set location update frequency (15-60 minutes)
Pause monitoring temporarily
Add/remove connected devices
5.3 Correction Rights
Parents can:
Update child's profile information
Correct inaccurate data
Delete specific data entries
Request re-verification if needed
5.4 Deletion Rights
Parents can:
Delete child's account entirely
Remove specific data categories
Request immediate data deletion (emergency situations)
Schedule automatic deletion on child's 18th birthday
Deletion Process:
Parent initiates deletion request
Confirmation email sent (48-hour notice)
Parent can cancel within 48 hours
After 48 hours, permanent deletion begins
All data removed within 30 days
Deletion confirmation sent to parent
5.5 Withdrawal of Consent
Parents can withdraw consent:
At any time, for any reason
Through app settings or email request
Partial withdrawal (e.g., stop location but continue app monitoring)
Full withdrawal (terminates child account)
Effect of Withdrawal:
Data processing stops within 48 hours
Data deleted per retention policy
Service access terminated
No penalties or fees
6.1 Age Transition (Turning 18)
When child turns 18:
System automatically detects 18th birthday
Parent notified 30 days in advance
Child receives notification and options:
Option A: Convert to adult account (independent control)
Option B: Continue monitoring (requires child's explicit consent)
Option C: Delete account
Parental control automatically disabled on 18th birthday
If no action taken, account suspended (data retained for 90 days)
6.2 Abuse Prevention
Detection Mechanisms:
Unusual login patterns (e.g., parent accessing child account 50+ times/day)
Coercive monitoring indicators (e.g., disabling all child privacy settings)
Reports from children or concerned parties
Response Protocol:
Automated alert to review team
Account flagged for investigation
Parent contacted for clarification
If abuse suspected:
Account suspended
Authorities notified (if legally required)
Child safety resources provided
Reporting Abuse:
Children can report concerns: [child-safety-email]
Anonymous reporting available
24-hour response time for urgent cases
6.3 Third-Party Access
Strict Prohibitions:
Parents cannot share child's data with third parties (except authorized caregivers)
No commercial use of child's data
No sale or transfer of monitoring access
Authorized Caregivers:
Parents can add co-parents/guardians (max 2)
Requires verified identity
Child receives notification of new authorized user
7.1 Responsible Monitoring Guidance
We provide parents with:
Best practices for digital parenting
Age-appropriate monitoring guidelines
How to discuss monitoring with children
Balancing safety and privacy
Recognizing signs of digital distress
7.2 Resource Library
Articles on child online safety
Expert interviews (child psychologists, digital safety experts)
Webinars and workshops
Community support forums
8.1 Enhanced Security
Children's data receives extra protection:
Separate encrypted database partitions
Stricter access controls (limited employees)
Additional audit logging
More frequent security reviews
8.2 Breach Notification
If children's data is breached:
Parents notified within 24 hours (faster than 72-hour standard)
Data Protection Board notified immediately
Free credit monitoring offered (if applicable)
Remedial actions documented
9.1 App Risk Assessment
We provide parents with:
Age ratings for installed apps
Content warnings (violence, sexual content, etc.)
Privacy risk scores (data collection practices)
Recommended alternatives
9.2 Alerts for Harmful Content
Parents receive alerts for:
Apps with age-inappropriate content
Apps requesting excessive permissions
Apps known for privacy violations
Apps flagged by child safety organizations
9.3 No Censorship
We do not block or censor apps (parent's decision)
We provide information, not control
Parents maintain final authority
10.1 Institutional Accounts
Schools/institutions using Notivibe must:
Obtain parental consent for each child
Comply with educational data protection laws
Limit monitoring to school hours (optional setting)
Provide opt-out mechanisms
10.2 Institutional Restrictions
No access to children's personal location outside school hours
No access to non-educational apps
Strict data retention limits (academic year only)
11.1 Child Safety Officer
Dedicated officer for child-related concerns:
Email: [child-safety-officer-email]
Phone: [child-safety-hotline] (24/7)
Response time: 24 hours (urgent), 7 days (non-urgent)
11.2 Complaint Process
Who Can Complain:
Children (anonymous options available)
Parents/guardians
Teachers or social workers
Concerned third parties
Process:
Submit complaint via email, phone, or in-app form
Acknowledgment within 24 hours
Investigation (7-15 days)
Resolution or escalation
Follow-up after 30 days
12.1 Internal Audits
Quarterly reviews of child data practices
Annual third-party privacy audits
Compliance certifications (ISO 27001, etc.)
12.2 Regulatory Compliance
India DPDP Act 2023
IT Act 2000 and Rules
POCSO Act (where applicable)
International standards (COPPA-equivalent)
Material changes to this policy require:
60 days' advance notice to parents (double standard notice period)
Re-consent from parents
Option to delete account if parents disagree