Privacy Policy — ConceptRa

Last updated: May 3, 2026
App: ConceptRa (Android package: app.brainstudy)
Operator: Sanjeev Kumar (solo developer, India)
Contact: conceptra26@gmail.com

1. What we collect

Information you provide

• Phone number — for OTP-based login.
• Google account name + email — only if you sign in with Google.
• Profile information — name, exam goal (JEE/NEET/Boards), class, school (optional), preferences. You can edit or delete this anytime.
• Photos and PDFs — only if you upload them to ask homework questions. Stored on encrypted Cloudflare R2 storage and processed by our AI to generate answers. Not used for training, not shared with third parties.
• Chat messages — your conversations with the AI Professor and AI Companions are stored so you can review them later. Visible only to you.
• Quiz attempts and progress — to personalize practice and show you stats.

Information collected automatically

• Device information — device model, OS version, app version. Used to debug crashes.
• Usage analytics — which screens you visit, which features you use, anonymized and aggregated. We use PostHog for this. We do not share raw analytics with advertisers.
• Push notification token — if you allow notifications. Stored securely; used only by us to send study reminders and study-buddy match alerts.

What we do NOT collect

• Your contact list.
• Your location (GPS).
• Your messages from other apps.
• Your microphone, camera, or photos unless you actively use the homework-solver feature and grant permission.

2. Why we collect it

• To run the app — log you in, save your progress, deliver chat replies and quiz questions.
• To improve the app — analytics show us which features are used and where users get stuck. We never look at individual users.
• To support you — if you email us, we look up your account to help.
• To prevent abuse — we rate-limit usage to stop bots and brute-force attempts.

3. Where your data is stored

• Database: Amazon Web Services (AWS) — Mumbai region (ap-south-1).
• File uploads (homework photos): Cloudflare R2 (S3-compatible object storage).
• Cache: Upstash (managed Redis), India-region.
• Analytics: PostHog (US-region servers).

All data is transmitted using HTTPS / TLS. Production database and storage volumes are encrypted at rest.

4. Third-party services we use

• Google Sign-In — for Google login. Subject to Google's privacy policy.
• Firebase Cloud Messaging (Google) — to deliver push notifications. We send only your device token and the message content.
• OpenRouter / AI providers (Anthropic, Google Gemini, Qwen) — to generate AI Professor answers and quiz questions. Your message text is sent to these providers to produce a response. We use commercial API plans where the providers commit not to train on your data.
• Razorpay — to process subscription payments. We pass payment-related data to Razorpay; we never see your card details.
• PostHog — anonymized product analytics.
• Cloudflare — for R2 storage and (in future) DDoS protection.
• AWS — for compute, database, and infrastructure.

5. AI-generated content

ConceptRa uses large language models (Claude, Gemini, Qwen via OpenRouter) to generate tutor explanations, quiz questions, and study-buddy chat responses. AI output can be incorrect — always verify important answers. We label AI-generated content within the app.

We do not use your conversations to train these models. Our API agreements with model providers prohibit using customer data for training.

6. Children's data

ConceptRa is intended for students 13 years and older. If you are under 13, do not use this app without a parent or guardian's consent. We do not knowingly collect data from children under 13. If you believe we have, email us and we'll delete the account.

7. Your rights

• Access: request a copy of your data — email us.
• Correction: edit profile data inside the app, or email us.
• Deletion: email conceptra26@gmail.com with subject "Delete my account". We will delete your account, profile, chats, and uploads within 7 days.
• Withdraw consent: stop using the app and request deletion at any time. No questions asked.
• Data portability: we'll export your chats and quiz history as JSON on request.

8. Data retention

• Active account data is kept as long as your account exists.
• Deleted accounts are purged from primary databases within 7 days.
• Backups are retained for 14 days then permanently deleted.
• Aggregated, anonymized analytics may be retained indefinitely.

9. Security

• HTTPS / TLS for all client–server traffic (Let's Encrypt).
• SSL between the app server and database (AWS RDS, force-SSL parameter).
• Phone OTP rate-limited and time-bound (5 minutes).
• Session tokens are device-bound and revocable.
• No payment-card details are stored on our servers (handled by Razorpay).

No system is perfectly secure. If a breach occurs, we will notify affected users by email within 72 hours.

10. Changes to this policy

If we materially change this policy, we will update the "Last updated" date at the top and notify users in-app or by email. Continued use of the app after changes means you accept the updated policy.

11. Contact

Questions, complaints, deletion requests:
conceptra26@gmail.com

Effective date: May 3, 2026.
This privacy policy is offered in good faith. ConceptRa is operated as an individual proprietorship in India.