1. Introduction
Welcome to 3DGyan ("we," "our," or "us"). 3DGyan is a 3D interactive science learning application designed for students, built and operated by Anirvanta Technologies Pvt Limited ("Company").
We are committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains what information we collect, how we use it, how we share it, and what rights you have — in compliance with the Google Play Store Developer Program Policies, Apple App Store Review Guidelines, the Information Technology Act (India), the Digital Personal Data Protection Act (DPDPA, India), the General Data Protection Regulation (GDPR, EU), and the California Consumer Privacy Act (CCPA, USA).
By using 3DGyan, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the app.
2. Information We Collect
2.1 Information You Provide Directly
| Data Type | When Collected | Purpose |
|---|---|---|
| Full Name | Registration or social sign-in | Display name, personalization |
| Phone Number | Phone+password registration | Account creation, login authentication |
| Password | Phone+password registration | Account authentication (stored as bcrypt hash, never in plaintext) |
| Country Code | Registration | Locale detection, pricing region |
| Email Address | Google or Apple Sign-In | Account identification, communication |
| Grade / Class | Onboarding | Content recommendation, curriculum alignment |
| Education Board | Onboarding (CBSE, ICSE, State Board, etc.) | Curriculum-specific content delivery |
| Language Preference | Onboarding or settings | App language (supports 15 languages) |
| Profile Photo | Optional upload | Display in user profile |
2.2 Information Collected Automatically
| Data Type | Method | Purpose |
|---|---|---|
| Device Information | On app launch | Device model, OS version, app version — compatibility, debugging, analytics |
| Device Fingerprint | On login (SHA-256 hash) | Device binding for premium accounts (1 device limit), session management |
| Usage Analytics | In-app tracking | Subjects viewed, concepts opened, quiz scores, study streaks, time spent |
| Crash Reports & Logs | Sentry SDK | Stack traces, error context — bug fixing and stability |
| IP Address | Server logs | Approximate geolocation (country-level), security, rate limiting |
| Advertising Identifier | Google AdMob SDK (free tier only) | Serving relevant ads to free-tier users |
| In-App Purchase Data | RevenueCat SDK / Google Play / Apple StoreKit | Subscription status, purchase history |
2.3 Information from Third-Party Sign-In
| Provider | Data Received | Storage |
|---|---|---|
| Google Sign-In | Name, email, profile picture, Google user ID | Stored in our database for account identification |
| Apple Sign-In | Name (first auth only), email (optional), Apple user ID | Stored in our database. Apple may provide a relay email. |
3. How We Use Your Information
We use the collected information for the following purposes:
- Account Management — Create and maintain your account, authenticate login, manage sessions across devices
- Content Delivery — Show age-appropriate, grade-specific, curriculum-aligned 3D science content
- Personalization — Customize the learning experience based on your grade, board, and language preferences
- Learning Analytics — Track your study progress, streaks, quiz scores, and concept mastery
- Subscription Management — Process in-app purchases, manage premium entitlements, handle billing through Google Play / Apple App Store
- Advertising — Serve ads via Google AdMob to free-tier users only. Premium users see no ads.
- App Improvement — Analyze usage patterns to improve content, fix bugs, and enhance performance
- Security — Detect and prevent fraud, brute force attacks, unauthorized access, and credential sharing
- Communication — Send important account notifications (e.g., subscription expiry, security alerts). We do not send marketing emails without consent.
4. How We Share Your Information
We do not sell your personal data. We share data only with the following service providers who help us operate the app:
| Service Provider | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Google AdMob | Advertising (free tier) | Device ID, ad interaction data | Google Privacy Policy |
| RevenueCat | Subscription management | User ID, purchase receipts | RevenueCat Privacy |
| Sentry | Crash reporting | Device info, error logs (no PII) | Sentry Privacy |
| MongoDB Atlas | Database hosting | All app data (encrypted at rest) | MongoDB Privacy |
| Google OAuth | Authentication | OAuth tokens (session only) | Google Privacy Policy |
| Apple Sign-In | Authentication | Identity tokens (session only) | Apple Privacy Policy |
We may also disclose your data if required by law, court order, or government request, or to protect the rights, property, or safety of our users or the public.
5. Data Security
We implement industry-standard security measures to protect your data:
- Passwords — Hashed with bcrypt (cost factor 12). We never store plaintext passwords.
- Phone Numbers — Stored as HMAC-SHA256 hashes. The raw phone number is never persisted.
- Tokens — JWT access tokens (15-minute expiry) + refresh tokens (30-day expiry) with SHA-256 hashing and rotation on every refresh.
- Device Binding — Premium accounts are bound to a single device using SHA-256 device fingerprints stored in the device's secure enclave (Keychain on iOS, EncryptedSharedPreferences on Android).
- Brute Force Protection — Accounts are locked for 15 minutes after 5 consecutive failed login attempts.
- Transport Encryption — All API communication uses HTTPS (TLS 1.2+).
- Database Encryption — Data encrypted at rest on MongoDB Atlas.
- Token Reuse Detection — If a refresh token is reused (potential theft), all sessions for that account are immediately revoked.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data (name, hashed phone, email) | Until account deletion |
| Learning progress & quiz history | Until account deletion |
| Device sessions | 31 days (auto-cleanup via TTL index) |
| Crash reports (Sentry) | 90 days |
| Server logs (IP addresses) | 30 days |
| Payment records | 7 years (Indian tax law compliance) |
After account deletion, we remove all personally identifiable information within 30 days. Anonymized analytics data may be retained for product improvement.
7. Your Rights
7.1 All Users
- Access — Request a copy of your personal data
- Correction — Update inaccurate data via the app's profile settings
- Deletion — Delete your account and all associated data (Settings > Account > Delete Account, or email us)
- Data Portability — Request your data in a machine-readable format
7.2 EU/EEA Users (GDPR)
Under the General Data Protection Regulation, you additionally have the right to: restrict processing of your data, object to processing, withdraw consent at any time, and lodge a complaint with your local Data Protection Authority. Our legal basis for processing your data is: contract performance (providing the app service), legitimate interest (security, analytics), and consent (optional marketing, advertising identifiers).
7.3 California Users (CCPA)
Under the California Consumer Privacy Act, you have the right to: know what personal information we collect, request deletion, opt out of the "sale" of personal information (we do not sell personal data), and non-discrimination for exercising your privacy rights.
7.4 Indian Users (DPDPA)
Under the Digital Personal Data Protection Act 2023, you have the right to: access your data, correct inaccurate data, erase data, and nominate a person to exercise your rights. You may withdraw consent by deleting your account.
To exercise any of these rights, email us at support@anirvanta.com. We will respond within 30 days.
8. Children's Privacy
3DGyan is an educational app designed for students, including those under 18. We are committed to protecting children's privacy:
- We do not knowingly collect personal information from children under 13 without parental consent
- We do not serve personalized ads to users identified as children
- We do not enable behavioral tracking for users under 13
- Parents/guardians may contact us at support@anirvanta.com to request deletion of their child's data
- We comply with COPPA (US), GDPR-K (EU), and Indian child protection regulations
If we learn that we have collected personal information from a child under 13 without verification of parental consent, we will delete that information promptly.
9. Advertising
- Free tier — Banner ads (home screen), native ads (concept list), and interstitial ads (between concept views) are served via Google AdMob
- Premium tier — Completely ad-free experience
- We do not use Apple's IDFA and do not request App Tracking Transparency (ATT) permission
- You can reset your advertising identifier or opt out of personalized ads in your device settings
10. In-App Purchases
3DGyan offers premium subscriptions (monthly and yearly) through Google Play Billing and Apple App Store. All payments are processed by the respective platform — we never see or store your payment card details. Subscription management (including cancellation) is handled through your Google Play or Apple account settings.
11. International Data Transfers
Our servers are hosted on MongoDB Atlas (cloud infrastructure). Your data may be processed in regions outside your country of residence. Where data is transferred internationally, we ensure appropriate safeguards are in place (Standard Contractual Clauses for EU data, encryption in transit and at rest).
12. Push Notifications
We may send push notifications for: study reminders, streak alerts, subscription expiry notices, and important app updates. You can disable push notifications at any time in your device settings.
13. Offline Data
Premium users can download content for offline use. Downloaded data (3D scene files, textures) is stored locally on your device and is not synced to our servers. You can manage and delete offline content in the app's Downloads section.
14. Account Deletion
You can delete your account at any time:
- Open 3DGyan > Settings > Account > Delete Account
- Or email support@anirvanta.com with the subject "Account Deletion Request"
Upon deletion, we will remove all your personal data within 30 days. Anonymized analytics and legally required records (payment history for tax compliance) may be retained as described in Section 6.
15. Cookies and Local Storage
3DGyan is a mobile application and does not use browser cookies. We use SecureStore (iOS Keychain / Android EncryptedSharedPreferences) to store authentication tokens securely on your device. These are cleared when you log out or delete the app.
16. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. For significant changes, we will notify you through the app or via email. Your continued use of 3DGyan after changes constitutes acceptance of the updated policy.
17. Google Play Data Safety
The following table maps our data collection practices to Google Play's Data Safety section requirements:
| Category | Data Type | Collected | Shared | Purpose |
|---|---|---|---|---|
| Personal info | Name | Yes | No | Account management |
| Personal info | Phone number (hashed) | Yes | No | Authentication |
| Personal info | Yes (social sign-in) | No | Account identification | |
| Financial info | Purchase history | Yes | RevenueCat | Subscription management |
| App activity | In-app actions | Yes | No | Analytics, progress tracking |
| App info | Crash logs | Yes | Sentry | Bug fixing |
| Device info | Device ID (hashed fingerprint) | Yes | No | Device binding, session management |
| Identifiers | Advertising ID | Yes (free tier) | Google AdMob | Advertising |
18. Apple Privacy Nutrition Labels
For the Apple App Store, our data collection is categorized as follows:
- Data Used to Track You: None. We do not use Apple's IDFA and do not request ATT permission.
- Data Linked to You: Name, email (social sign-in), phone hash, user ID, purchase history, usage data
- Data Not Linked to You: Crash data, performance diagnostics
19. Governing Law
This Privacy Policy is governed by the laws of India. Any disputes arising from this policy shall be subject to the exclusive jurisdiction of the courts in Gopalganj, Bihar, India.
20. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
- Email: support@anirvanta.com
- Company: Anirvanta Technologies Pvt Limited
- Address: C/O Raj Kumar, Khajuhatti, Mangru Rai Ke Tola, Baikunthpur, Gopalganj, Gopalganj-841409, Bihar, India