Privacy Policy

This Privacy Policy explains how [LEGAL ENTITY NAME] (“we”, “us”, “our”), the operator of the RTO Test mobile application and rtotest.com (together, the “Service”), collects, uses, and safeguards your information. By using the Service you agree to this Policy.

1. Information we collect

We collect only what we need to run the Service and improve it.

Information you provide

• Account & profile. When you install the app and pick your state, we record your state and language preference. If you create an account we also store your name and mobile number.
• Purchases. If you buy a premium subscription via Google Play or the App Store, those stores process payment and share an anonymised purchase token with us. We never see your card or UPI details.
• Forms. Contact, partner application, and state-request forms on our website ask for your name, email and (for partners) mobile and city. These come to us by email.

Information collected automatically

• Usage data. Mock-test attempts, scores, questions answered. We use this to show your progress and to surface weak areas.
• Device data. Device model, OS version, app version, anonymous device identifier, and approximate locale — used for crash reporting and to prioritise fixes.
• Logs. Standard server logs (IP address, request path, timestamp). Retained for up to 30 days for security and debugging.

2. How we use your information

• Deliver core features — show your state's question bank, track your progress, run mock tests.
• Process and verify in-app purchases.
• Communicate with you about your account, payments, or your form submissions.
• Improve the Service — fix bugs, prioritise new states, identify confusing questions.
• Comply with applicable law.

We do not sell your personal information. We do not show ads inside the app.

3. Service providers

We use a small number of trusted vendors to run the Service. They process information only on our behalf and under contract.

• Supabase — database and file storage (hosted in the AWS Mumbai region for data residency).
• Vercel — hosting for our website and admin panel.
• Resend — transactional email delivery (form submissions, account emails).
• Google Play & Apple App Store — app distribution, payments, crash reporting.

4. Your rights

You have the right to access, correct, export, or delete your personal information. To exercise any of these, email us at [PRIVACY EMAIL]. We respond within 30 days.

You can also delete your account from inside the app at any time — this removes your profile and personal identifiers from our systems. Aggregated, de-identified statistics (e.g. “pass rate by state”) may be retained.

5. Children

The Service is intended for users aged 16 and over (the minimum age for a learner's licence in India). We do not knowingly collect information from anyone under 16. If you believe a child has signed up, contact us and we will delete the account.

6. Security

We use HTTPS for all traffic, encrypt sensitive data at rest, and limit production database access to a small number of administrators. No system is perfectly secure — if you discover a vulnerability, please report it to [PRIVACY EMAIL].

7. Data retention

We keep your account information for as long as your account is active. Server logs are retained for up to 30 days. Purchase records are retained for 7 years for tax and audit purposes, per Indian law.

8. International transfers

Our primary infrastructure is in India (Mumbai). Some service providers may process data in other regions; in all cases we ensure adequate safeguards consistent with the Digital Personal Data Protection Act, 2023.

9. Changes to this policy

We may update this Policy from time to time. We will note the effective date above and, for material changes, notify you in-app or by email.

10. Contact

Privacy questions or requests: [PRIVACY EMAIL].

[LEGAL ENTITY NAME]
[REGISTERED ADDRESS]

This Policy is provided in English. In case of conflict between this version and any translation, the English version controls.