Privacy Policy
Last updated: 26 May 2026
This is a plain-language summary of what we collect, why, and what you can do about it. Dhelai is built by Govind Kumar Wadhwa and operated from India. Questions go to support@dhelai.in.
1. Who this applies to
This policy covers the Dhelai mobile app (Android & iOS, package
identifier dhelai.in) and the website dhelai.in. It does
not cover purchases you make on Amazon, Apple Books, or Google Play Books —
those storefronts have their own privacy policies.
2. What we collect
We only collect what we need to make the reading app work. Concretely:
| What | When | Why |
|---|---|---|
| Email, name, profile photo | When you sign in with Google | To identify your account and sync reading progress across devices |
| Reading activity (chapters opened, time spent, words credited) | While you use the app | To show you your own progress, streak, and stats on the profile screen |
| Book likes and saves | When you tap the heart on a book | So your saved list is available across devices |
| Aggregate book opens (anonymous count) | When any user opens a book detail page | To display public "readers" tier on the book page (e.g., "100+ readers") |
| App version + platform (iOS / Android) | On launch | To show the right update prompt and store links |
We do not collect: precise location, contacts, microphone, camera, SMS, call logs, browsing history outside the app, advertising IDs, or any data we don't have a direct use for. We don't use third-party analytics SDKs (no Facebook SDK, no Mixpanel, no Firebase Analytics, no AppsFlyer).
3. Where your data lives
All user data is stored in Supabase (Postgres + Auth), a managed database service. Connections are TLS-encrypted. Row-Level Security policies are configured so each user can only read/write their own rows — staff don't routinely access user data, and we have no admin tools that surface other users' reading.
Google Sign-In hands us your email/name/avatar via OpenID Connect; we do not get a Google password or any other Google account info.
4. Who we share with
We do not sell or rent your data. We share it with:
- Supabase — our database/backend provider (necessary to operate the service).
- Google — for sign-in only. They learn you signed in to Dhelai; they don't see what you read.
- Apple / Google Play Billing — if and when we add in-app purchases, the storefronts handle the payment. We never see card numbers.
- Indian authorities — only if compelled by valid legal process under the Digital Personal Data Protection Act 2023 or related law.
5. Your rights
You can do all of the following at any time, free of charge, by emailing support@dhelai.in from your registered email:
- Access — request a copy of everything we have about you.
- Correct — fix anything that's wrong.
- Delete — wipe your account and all associated reading data. Done within 7 days.
- Export — receive a JSON export of your reading history.
- Withdraw consent — sign out of the app; we'll keep nothing besides what is required for legal/financial records (e.g., past invoices, if any).
6. Children
Dhelai is not directed at children under 13. We don't knowingly collect data from anyone under 13. If you believe a child has signed up, email us and we'll delete the account.
7. How long we keep data
Reading activity is retained as long as your account exists. When you delete your account, we wipe everything within 7 days, except: (a) anonymous aggregate counts (e.g., "this book was opened 1,234 times") which contain no personal identifiers, and (b) records we must keep for legal/financial reasons (e.g., GST invoices for past purchases, if any).
8. Security
All data is encrypted in transit (TLS) and at rest (Supabase managed encryption). Database access is gated by Row-Level Security, requiring a valid auth token tied to your user id. We don't use shared admin passwords; access is per-developer and audit-logged.
9. International transfers
Our Supabase project runs in a single region —
Asia Pacific (Sydney, Australia — ap-southeast-2).
By using Dhelai, you understand your data may be processed and stored in that
region. Australia has strong privacy laws comparable to India's DPDP Act.
10. Changes to this policy
If we change anything material, we'll update the "Last updated" date above and surface a one-line notice in the app. Continued use after the change means you accept the new policy.
11. Contact
Email support@dhelai.in. Replies usually within 48 hours.