Privacy Policy
Last Updated: January 30, 2026
1. Introduction
Welcome to NirvanaStory ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our mobile application and related services (collectively, the "Service").
By using NirvanaStory, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.
2. Information We Collect
2.1 Personal Information
When you create an account or use our Service, we may collect:
- Email Address: Used for account creation, authentication, and communication.
- Name: Optional display name for personalization.
- Account Credentials: Password or authentication tokens from third-party sign-in providers (Apple, Google).
- Device Information: Device type, operating system version, unique device identifiers.
2.2 Usage Data
We automatically collect information about how you interact with our Service:
- Stories you've listened to and your progress
- Topics and preferences you've selected
- Session duration and frequency of use
- App features accessed and interactions
- Crash logs and diagnostic information
2.3 Subscription and Payment Information
- Subscription status and plan type
- Trial usage information
- Payment processor tokens (we do not store full credit card details)
- Transaction history and receipts
2.4 Firebase Cloud Messaging Tokens
We collect FCM tokens to send push notifications about new stories, subscription updates, and important account information. You can disable notifications at any time through your device settings.
3. How We Use Your Information
- Provide and Maintain Service: Operate, maintain, and improve our audio streaming and story delivery.
- Personalization: Recommend stories based on your topics and listening history.
- Account Management: Authenticate users, manage subscriptions, and process payments.
- Communication: Send transactional emails, subscription notifications, and respond to inquiries.
- Analytics: Understand how users interact with our Service and improve user experience.
- Security: Detect and prevent fraud, abuse, and unauthorized access.
- Legal Compliance: Comply with applicable laws and regulations.
4. Data Storage and Security
4.1 Where We Store Your Data
Your personal data is stored on secure servers located in the United States. We use industry-standard cloud infrastructure providers (including AWS and MongoDB Atlas) that maintain high security standards.
4.2 Security Measures
- Encryption of data in transit using TLS/SSL
- Encryption of sensitive data at rest
- Secure authentication mechanisms
- Regular security assessments and monitoring
- Access controls and authentication for our systems
Important: While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
4.3 Data Retention
We retain your personal data for as long as necessary to provide our Service. When you delete your account, we will delete or anonymize your personal data within 30 days, except where legally required.
5. Third-Party Services
Payment Processors
- Stripe: Web payment processing. Stripe Privacy Policy
- Apple App Store: iOS in-app purchases. Apple Privacy Policy
- Google Play: Android in-app purchases. Google Privacy Policy
Authentication and Analytics
- Firebase (Google): Authentication, push notifications, and analytics.
- Apple Sign-In: Authentication on iOS devices.
Communication
- SendGrid: Transactional email delivery. SendGrid Privacy Policy
Storage and CDN
- AWS: Data storage and content delivery. AWS Privacy Policy
- Cloudflare: Content delivery and security. Cloudflare Privacy Policy
6. Your Rights (GDPR & CCPA)
6.1 European Union Users (GDPR)
- Right to Access: Request a copy of your personal data.
- Right to Rectification: Request correction of inaccurate data.
- Right to Erasure: Request deletion of your personal data.
- Right to Restrict Processing: Limit how we use your data.
- Right to Data Portability: Receive your data in a machine-readable format.
- Right to Object: Object to processing based on legitimate interests.
6.2 California Users (CCPA)
- Right to Know: Request information about data we collect.
- Right to Delete: Request deletion of your personal data.
- Right to Opt-Out: Opt-out of the sale of personal information (we do not sell personal data).
- Right to Non-Discrimination: We will not discriminate for exercising your rights.
To exercise any of these rights, please visit our GDPR Request page or contact us at nirvanastory@nirvanasparks.com. We will respond within 30 days.
7. Children's Privacy
NirvanaStory is not intended for children under 13 (or 16 in the EU). We do not knowingly collect personal data from children. If we become aware of such collection, we will delete the information.
8. International Data Transfers
Your data may be transferred to and processed in countries other than your own. We take appropriate safeguards including Standard Contractual Clauses approved by the European Commission.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of changes by updating the "Last Updated" date. For significant changes, we may provide additional notice through the app or via email.
11. Contact Us
For privacy inquiries, contact us at:
Email: nirvanastory@nirvanasparks.com
Website: nirvanastory.com