⬅ Back
1. Regulatory Compliance Frameworks
Consistency Tracker is designed and operated in adherence to international data privacy regulations, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and India's Digital Personal Data Protection (DPDP) Act. We respect user rights, including access, correction, and erasure.
2. Minimally Invasive Device Permissions
We believe in data minimization. Device permissions are requested exclusively when you actively trigger corresponding actions:
- Microphone Permission: Used exclusively to record and capture voice prompts for our Voice-to-Task AI converter. Audio streams are captured transiently, converted to text via web speech APIs, and never recorded or transmitted in the background.
- Camera/Photo Permissions: Used only when you capture photos for daily card scanning (OCR task extraction), profile customization, or group chat. The camera preview runs locally on your device; image data is only sent to the server when you actively tap the Capture button.
- Local Storage & Cookies: Used strictly to persist your active authentication JWT tokens, interface preferences (such as light/dark theme), and system wake lock settings for the Pomodoro timer.
- Mobile App Usage & Statistics Sync: If you explicitly grant permission to share application usage data within our mobile app, we collect local focus metrics (such as Pomodoro session statistics and app open counts). This data is securely synchronized with our web servers to construct your unified progress charts and maintain consistent cross-device habit streaks.
3. AI Processing Safety (Google Gemini)
We integrate Google Gemini API to power AI features such as OCR Handwriting Scan and AI Insights.
- Transient Pipeline: Images and text tasks sent to the AI API are transmitted securely via HTTPS and processed ephemerally.
- No Public LLM Training: Google Gemini API terms guarantee that our API requests are not used to train public LLM models, and no data is stored permanently on their servers.
4. Payment Security & Isolation (Razorpay)
All subscription and transaction flows are fully delegated to Razorpay via their secure, PCI-DSS compliant checkout frame.
Consistency Tracker does not access, see, or store your credit/debit card numbers, CVVs, net banking credentials, or UPI details on our servers.
5. Infrastructure Subprocessors
We only share information with trusted infrastructure subprocessors required to maintain the platform's reliability:
- MongoDB Atlas: Secure cloud database storage.
- Firebase: Delivery of real-time messaging notifications and chat synchronization.
- Cloudinary: Secure user profile images and uploaded group media.
- Vercel: Web application hosting.
🔒 Right to Be Forgotten & Account Deletion
Clicking Delete Account in your user profile settings initiates an immediate, permanent purge of your user document, habits, streaks, milestones, and uploaded files from our databases.
Chat History Retention Notice: To preserve the integrity and conversational context for other members, messages you post inside public or private chat groups are retained in the group history. By participating in these groups, you consent to your group messages remaining visible within those shared channels.