Privacy Policy
1. Who we are
Sirisora ("we", "us", "our") is a small, independent product that helps families track everyday habits with a gentle, positive points system. The service is operated from India and is offered as a website at sirisora.com.
2. What we collect
We collect the minimum information needed for the app to work:
- Your account: the email address and name your Google account shares when you sign in.
- Your family setup: the household name you choose.
- Your kids' first names and a chosen avatar: entered by you, the parent.
- Tasks and behavior entries: the labels you create (e.g. "brushed teeth"), point values, and the timestamped history of points earned or lost.
- Settings: sound and speech preferences.
- Technical data: standard server logs (IP address, browser, timestamps) kept briefly by our hosting provider for security and abuse prevention.
We do not collect a child's last name, date of birth, photo, location, phone number, or biometric data. We do not knowingly collect any data from children directly — only what a parent chooses to enter on their child's behalf.
3. Why we collect it
- To authenticate you and keep your data scoped to your account.
- To run the app's features — show stats, history, streaks, the kid view, and so on.
- To diagnose bugs and prevent abuse.
We do not sell your data, share it with advertisers, use it to train AI models, or send marketing emails.
4. Children's data and parental consent
Sirisora is designed for use by parents on behalf of their children. By creating a household and entering information about your child, you confirm that you are the child's parent or legal guardian and that you consent on their behalf to the processing of that information as described here.
In line with India's Digital Personal Data Protection Act, 2023, we treat all data entered about a child as data requiring verifiable parental consent. The information stored is minimal (a first name, an avatar, and behavior history); no profiling, tracking, or targeted advertising is performed against children.
5. Where your data lives
Your data is stored in a managed PostgreSQL database operated by Supabase. Row-Level Security ensures that one household's data cannot be read or modified by another. Sign-in is handled by Google OAuth via Supabase Auth.
6. Your rights
You can, at any time:
- Access the data in your household — the entire app is a view onto it.
- Correct any information by editing kid names, tasks, settings, or history inside the app.
- Delete a kid, a task, a history entry, or your entire household.
- Withdraw consent by signing out and emailing us to delete your account, after which we will erase your household and all associated rows within 30 days.
- Export your data — email us and we will send you a JSON dump of your household.
7. Cookies and local storage
We use the browser's local storage to keep you signed in (a session token issued by Supabase Auth) and to remember your UI preferences. We do not use third-party tracking cookies or analytics that profile you.
8. Security
All traffic is served over HTTPS. Authentication tokens are short-lived and automatically refreshed. The database enforces Row-Level Security on every query. No system is perfectly secure, but we follow the practices appropriate for a small app handling family data.
9. Changes to this policy
If we materially change how we handle your data, we will update the date at the top and, where reasonable, notify signed-in users in the app itself.
10. Contact and grievances
For any privacy question, data request, or grievance under the DPDP Act, 2023, email hello@sirisora.com. We aim to respond within 7 working days.