Privacy Policy
Last updated: February 2026
StoriYaari ("we", "us", "our") respects your privacy. This policy explains what data we collect, why, and how you can control it. By using StoriYaari you agree to the practices described here.
1. Information we collect
- Account data — name, email, password (hashed), profile photo, language and timezone.
- Trip & itinerary data — destinations, dates, places you add to trips and bucket lists, notes, expenses, comments, and collaborators.
- Usage telemetry — pages visited, features used, error reports, IP address and basic device info, used to improve the product.
- Payment data — handled by our PCI-DSS compliant providers (Cashfree, Razorpay). We never store card numbers; we only retain a transaction ID and a masked summary for your receipts.
- Cookies — strictly-necessary session cookies (login state) and optional analytics cookies. You can opt out of analytics in your account settings or via your browser.
2. How we use your data
- To run the service: authenticate you, sync your trips across devices, send transactional emails (invitations, password resets, receipts).
- To improve StoriYaari: anonymous aggregate analytics, A/B tests, bug fixes.
- To bill you: process payments for plan upgrades, agency credit top-ups, and subscriptions.
- To keep you informed: optional product updates and tips. You can unsubscribe any time.
3. Sharing your data
We share data only with:
- Service providers who help us run StoriYaari (hosting, email delivery, analytics, payment processors) under strict data-processing agreements.
- Trip collaborators you explicitly add — they see the trips, bucket lists, and comments you share.
- Legal compliance — when required by valid legal process. We notify you unless legally prohibited.
We do not sell your personal data. Ever.
4. International transfers
StoriYaari is operated from India and uses cloud providers with global infrastructure. By using the service you consent to transferring your data to jurisdictions that may have different data-protection laws than your own.
5. Data retention
- Active accounts: kept until you delete your account.
- Deleted accounts: removed within 30 days of deletion request, except billing records we are legally required to keep (typically up to 7 years).
- Anonymous aggregate analytics may be retained indefinitely.
6. Your rights
You can at any time:
- Access or export your trip data (Account → Settings → Export).
- Correct your profile and account details.
- Delete your account and all associated data.
- Withdraw consent to optional analytics or marketing.
- Lodge a complaint with your local data-protection authority.
To exercise these rights, write to contact@storiyaari.com.
7. Children
StoriYaari is not intended for users under 16. We do not knowingly collect data from children. If you believe a child has registered, please contact us and we will delete the account.
8. Security
We use industry-standard safeguards: encrypted transport (HTTPS), encrypted storage at rest, password hashing with bcrypt, role-based access controls, and routine security reviews. No system is 100% secure — please use a strong unique password and enable any two-factor options when available.
9. Changes to this policy
We may update this policy from time to time. Material changes will be announced in-app and via email at least 14 days before they take effect.
10. Contact
Questions about your privacy? Email contact@storiyaari.com or write to us via the contact page.