1. Who We Are
StartupsIndia ("we", "our") is operated by Startups India, a startup incubation platform headquartered in Hyderabad, Telangana, India. We provide news, communities, mentorship, funding, events, courses, bookmarks, and user profiles through our website and Android app (package: in.startupsindia.app).
Privacy contact: [email protected]
2. Data We Collect
We collect data in three ways: information you give us, content you create, and technical data from our infrastructure.
2.1 Account & Profile Information
- Full name and email address
- Phone number (optional)
- Username and profile photo (stored on Cloudinary)
- Bio, website URL, professional role (Founder, Investor, Journalist, etc.)
- Selected topics and interests (used to personalise your feed)
- Password (stored as a secure hash — never plaintext)
If you use Google Sign-In, we receive your name, email, and profile photo from Google with your consent.
2.2 User-Generated Content
- Comments you post on articles and community threads
- Articles, posts, and images you upload
- Articles you like or bookmark
- Communities you join and your activity within them
- Content reports you submit
2.3 Device & Notification Data
- Firebase Cloud Messaging (FCM) token — a unique device identifier used exclusively to deliver push notifications. Disable anytime in device Settings.
- Device type and OS version (for compatibility and analytics).
2.4 Diagnostics & Crash Data
- Firebase Crashlytics collects crash reports including stack trace, device model, OS version, and app version. Reports do not include your name, email, or message content.
- Firebase App Check verifies traffic comes from our genuine app. It does not collect personal data.
3. How We Use Your Data
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Create & manage your account | Name, email, password, profile details | Contract performance |
| Personalise your news feed | Selected topics & interests | Legitimate interest / consent |
| Enable social features | Comments, likes, bookmarks, community activity | Contract performance |
| Send push notifications | FCM token | Consent (opt-in) |
| Content moderation & safety | User-generated content, reports | Legitimate interest |
| Security & fraud prevention | Account data, Firebase App Check signals | Legitimate interest |
| Troubleshoot app crashes | Crash reports (Crashlytics) | Legitimate interest |
| Comply with legal obligations | Account data (limited, time-bound) | Legal obligation |
4. Third-Party Services
We use the following sub-processors to operate our platform:
All data transmitted between the app and these services is encrypted using TLS (HTTPS). Firebase data resides on Google servers, primarily in the United States, under Google's standard contractual clauses.
5. Data Sharing
We share personal data only in these limited circumstances:
- Service Providers — Firebase and Cloudinary as described in Section 4, acting as data processors under our instructions.
- Legal Obligations — If required by a court order, government authority, or applicable law.
- Business Transfer — In the event of a merger or acquisition. We will notify you before data is subject to a different privacy policy.
- Safety — To protect the rights, property, or safety of StartupsIndia, our users, or the public.
6. Data Security
- All data in transit is encrypted via TLS/HTTPS.
- Passwords are never stored in plaintext; Firebase Authentication manages credentials using industry-standard hashing.
- Firestore security rules restrict each user's data to their own UID.
- Firebase App Check blocks unauthorized API calls from non-genuine clients.
- Access to production systems is restricted to authorised team members using multi-factor authentication.
If you believe your account has been compromised, contact us immediately at [email protected].
7. Data Retention & Deletion
Active Accounts
We retain your account data and user-generated content for as long as your account is active or as needed to provide our services.
Account Deletion
When you delete your account — either in-app (Profile → Settings → Delete Account) or via our web deletion request form — the following data is permanently removed within 30 days:
- Firebase Authentication account (login credentials)
- Firestore user profile document
- Topic preferences and personalisation data
- Your UID from liked/bookmarked article arrays
- Profile photo on Cloudinary
- Comments, posts, and community activity linked to your account
Limited Retention After Deletion
- Legal & tax records — up to 7 years (Indian law requirement).
- Fraud/abuse logs — up to 90 days to prevent re-registration abuse.
- Unresolved disputes — until the matter is closed.
- Crash analytics — anonymised, not linked to your identity.
Processed within 7 business days · All personal data permanently deleted within 30 days
8. Your Rights
Under India's DPDP Act, GDPR, and similar frameworks, you may have the right to:
To exercise any right, email [email protected]. We respond within 30 days.
9. Children's Privacy
StartupsIndia is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has created an account, contact us at [email protected] and we will delete the account promptly.
10. Changes to This Policy
We may update this Privacy Policy to reflect changes in practices, technology, or legal requirements. Material changes will be communicated via in-app notification or email. Continued use after changes take effect constitutes acceptance.
11. Contact Us
For privacy questions, access requests, deletion requests, or concerns: