Nihali — Privacy Policy

Effective date: 5 May 2026  |  App package: com.nihali

1. Who this policy covers

This policy applies to anyone who installs or uses the Nihali mobile application on Android (“the App”).

2. Data controller

The organisation responsible for personal data processed through the App is:

• Legal / trading name: Nihali App
• Contact (privacy & data requests): nihaligroupmanagement@gmail.com
• Postal address (optional but recommended): Bangalore, Karnataka, India

For privacy and data-rights requests, please contact the email listed above.

3. Information we collect

Depending on how you use the App, we may process:

3.1 Account and profile

• Phone number — used for sign-in (one-time password / verification) and account recovery.
• Name and optional email address.
• Profile photo — if you add one, an image may be uploaded to cloud storage and stored as a URL linked to your profile.
• Optional fields you may provide during onboarding or profile, such as residential location text, Aadhaar number, and PAN — only if you choose to enter them in the App.
• Saved addresses (home / work / optional extra) including labels and map coordinates you save for “nearby groups” features.

3.2 Group and ledger data (bookkeeping)

• Information you create in groups: names, descriptions, contribution settings, loan requests, approvals, repayment records, SHG-style journey and related bookkeeping fields you enter.
• Group cover images — if uploaded, stored in cloud storage as URLs.
• Operational mappings such as a normalised phone index used to support invite-by-phone flows within the App.

3.3 Device, permissions, and diagnostics

• Location — if you allow it, coarse/fine location may be used for map-based features (for example choosing an area or nearby groups). You can deny permission and still use many features where location is not required.
• Photos / media — used when you pick a profile or group image from your gallery (as permitted on your device).
• Contacts — if you use a feature that reads contacts (for example inviting by phone), only what is needed for that action is accessed, subject to your device permission.
• Internet — required to sync data and authenticate.
• Basic technical data needed to run the App (for example device type, OS version, crash diagnostics if enabled by libraries) may be processed by our service providers.

3.4 Payments and premium (Google Play)

• If you purchase a subscription or in-app product, Google Play Billing processes payment. We receive entitlement signals needed to unlock features (for example ad-free access or export), not your full card details.

3.5 Advertising (Google AdMob)

• Free usage may show advertisements served through Google Mobile Ads (AdMob). Ad networks may use advertising identifiers and related data according to Google’s policies and your device settings.

4. Why we use personal data (purposes)

• To create and maintain your account and profile.
• To show nearby groups and saved places you configure.
• To record group bookkeeping you and authorised members enter (contributions, loans, SHG records).
• To operate premium features and restore purchases.
• To show ads in the free tier (where applicable).
• To protect accounts, reduce abuse, and improve reliability.

5. Legal bases (India-focused, practical)

Where Indian privacy law applies, we rely on appropriate bases such as performance of the service you request, your consent where required (for example optional fields or certain permissions), and legitimate interests in securing and improving the App, balanced against your rights.

6. Sharing and processors

We use service providers that process data on our behalf, including:

• Google Firebase (Authentication, Firestore database, Cloud Storage for images, and related infrastructure).
• Google Maps Platform (if enabled in the build) for map display, place search, and geocoding.
• Google Play for purchases and subscription management.
• Google AdMob for advertisements.

These providers may process data in accordance with their own privacy notices and your account settings with Google.

7. Retention

We keep personal data while your account is active and as needed to provide the service, comply with law, resolve disputes, and enforce agreements. If you delete your account through the App (where available), we will delete or anonymise personal data associated with that account within a reasonable period, except where a longer retention is required by law or legitimate security/audit needs.

8. Security

We use industry-standard protections for data in transit (HTTPS/TLS) and access controls on backend services. No method of transmission or storage is 100% secure; if you believe your account is compromised, contact us using the email above.

9. Your choices and rights

• You may review and update certain profile fields in the App.
• You may withdraw optional permissions (location, photos, contacts) in Android Settings; some features may then be limited.
• You may request access, correction, export, or deletion of personal data by emailing the contact above. We may need reasonable information to verify your request.
• For Play purchases, you can also manage subscriptions in the Google Play app.

10. Children

The App is not intended for children under 13 (or the minimum age required in your region). If you believe a child has provided personal data, contact us and we will take appropriate steps to delete it.

11. International transfers

Firebase and other Google services may process data in servers located outside India. Where required, we rely on appropriate safeguards offered by our processors and contractual commitments.

12. Changes to this policy

We may update this policy from time to time. We will post the new effective date at the top of this page. If changes are material, we will provide additional notice as required by law or by app stores.

13. Third-party links

The App may open links (for example to Google Play or help pages). Those services have their own policies.