IK ONKAR – Privacy Policy
Effective Date: December 20, 2025
Last Updated: December 20, 2025
App Name: IK ONKAR – Sikh Quotes & App Lock
Developer: Blue Sparrow (Solo Developer)
Location: India
1. Introduction
Welcome to IK ONKAR ("we," "our," or "us"). We are committed to protecting your privacy and ensuring transparency about how we handle your information. This Privacy Policy explains our practices regarding the collection, use, and protection of information when you use the IK ONKAR mobile application (the "App").
This policy applies to users worldwide, including those in the European Union (EU), European Economic Area (EEA), United Kingdom (UK), United States (US), California, Canada, Australia, and all other jurisdictions where the App is available.
Contact Information:
- Website: https://bluesparrow.dev
- General Inquiries: info@bluesparrow.dev
- Privacy Inquiries: privacy@bluesparrow.dev
2. Information We Collect
2.1 Information You Provide Directly
Account Information:
- Email address (when you create an account)
- Authentication credentials (managed securely through Google Sign-In or Appwrite)
Feedback and Support:
- Any information you voluntarily provide when contacting us for support
- Feedback, suggestions, or bug reports you submit
2.2 Information Generated Through App Use
Local Data (Stored Only on Your Device):
- Reflection and meditation session records
- Quote favorites and preferences
- Achievement progress and statistics
- App settings and preferences
- Streak and usage statistics
Important: This data is stored locally on your device using encrypted storage. We do not have access to this data, and it is not transmitted to our servers.
2.3 Information from Third-Party Services
Authentication Services:
- When you sign in with Google, we receive basic profile information (email, display name) as authorized by you
- Authentication tokens are stored securely on your device
Subscription Services (RevenueCat):
- Anonymous subscription status
- Purchase history related to your subscription
- RevenueCat does not share personally identifiable billing information with us
2.4 Information We Do NOT Collect
We want to be explicitly clear about what we do NOT collect:
- We do NOT track which apps you use or how often
- We do NOT collect browsing history or web activity
- We do NOT collect location data
- We do NOT use advertising tracking or analytics SDKs
- We do NOT collect biometric data
- We do NOT sell or share your personal data with advertisers
- We do NOT create behavioral profiles
3. How We Use Your Information
3.1 Primary Uses
We use the information we collect to:
- Provide App Functionality: Enable core features including app blocking, reflection tracking, and spiritual content delivery
- Authenticate Your Account: Verify your identity and maintain account security
- Process Subscriptions: Manage premium features and subscription status
- Respond to Support Requests: Address your questions, feedback, and technical issues
- Improve the App: Understand aggregate usage patterns to enhance features (using only anonymized, aggregated data)
3.2 What We Don't Do
- We do NOT use your data for targeted advertising
- We do NOT sell your personal information to third parties
- We do NOT share your data with data brokers
- We do NOT use your data to build marketing profiles
4. Data Storage and Security
4.1 Local Storage
The majority of your data is stored locally on your device:
| Data Type | Storage Method | Location |
|---|---|---|
| Reflection History | Drift (SQLite) encrypted database | Device only |
| Preferences | Encrypted SharedPreferences | Device only |
| Auth Tokens | flutter_secure_storage (encrypted) | Device only |
| Subscription Cache | Encrypted cache | Device only |
4.2 Cloud Storage
Minimal data is stored in the cloud:
- Authentication: Account credentials managed by Appwrite (secure, encrypted)
- Subscription Status: Managed by RevenueCat (anonymized)
4.3 Security Measures
We implement appropriate technical and organizational measures to protect your data:
- Encryption at rest for local data storage
- Secure HTTPS communication for all network requests
- OAuth 2.0 for secure authentication
- No storage of raw passwords
- Regular security reviews of our codebase
5. Data Sharing and Disclosure
5.1 Third-Party Service Providers
We work with the following service providers who may process data on our behalf:
| Provider | Purpose | Data Processed | Privacy Policy |
|---|---|---|---|
| Appwrite | Authentication & cloud sync | Email, account ID | https://appwrite.io/privacy |
| RevenueCat | Subscription management | Anonymous purchase data | https://www.revenuecat.com/privacy |
| Google (Firebase) | Push notifications | Device token only | https://policies.google.com/privacy |
5.2 When We May Disclose Information
We may disclose your information only in the following limited circumstances:
- With Your Consent: When you explicitly authorize us to share information
- Service Providers: To trusted partners who assist in operating our App (as listed above)
- Safety and Protection: If we believe disclosure is necessary to protect health, safety, or property
- Compliance: To comply with applicable laws, regulations, or valid governmental requests
5.3 We Do NOT
- Sell your personal information to any third party
- Share your data with advertisers or marketing companies
- Transfer your data to data brokers
- Use your data for purposes unrelated to app functionality
6. Your Privacy Rights
6.1 Universal Rights (All Users)
Regardless of your location, you have the right to:
- Access: Request information about what personal data we hold about you
- Correction: Request correction of inaccurate personal data
- Deletion: Request deletion of your personal data (including account deletion)
- Data Export: Export your reflection data as an infographic
- Opt-Out: Disable notifications and optional features at any time
- Withdraw Consent: Revoke previously granted permissions
6.2 European Union, EEA, and UK Users (GDPR)
Under the General Data Protection Regulation (GDPR), you have additional rights:
- Right to Portability: Receive your data in a structured, commonly used format
- Right to Restriction: Request limitation of processing of your data
- Right to Object: Object to processing based on legitimate interests
- Right to Lodge a Complaint: File a complaint with your local data protection authority
Legal Basis for Processing:
- Contract: Processing necessary to provide the App services
- Consent: Processing you have explicitly consented to
- Legitimate Interests: Processing for service improvement (using only anonymized data)
6.3 California Residents (CCPA/CPRA)
Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to Know: Request disclosure of personal information collected
- Right to Delete: Request deletion of personal information
- Right to Opt-Out: We do not sell personal information, so no opt-out is necessary
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights
Notice of Collection: We collect the categories of information described in Section 2 for the purposes described in Section 3.
Sale of Personal Information: We do NOT sell your personal information.
6.4 Canadian Users (PIPEDA)
Under the Personal Information Protection and Electronic Documents Act (PIPEDA):
- You have the right to access and correct your personal information
- You may challenge our compliance by contacting our Privacy Officer
- You may file a complaint with the Office of the Privacy Commissioner of Canada
6.5 Australian Users (Privacy Act 1988)
Under the Australian Privacy Act:
- You have the right to access and correct your personal information
- You may lodge a complaint with the Office of the Australian Information Commissioner
- We comply with Australian Privacy Principles (APPs)
6.6 Brazilian Users (LGPD)
Under the Lei Geral de Prote�e7�e3o de Dados (LGPD):
- You have rights to access, correction, deletion, and data portability
- You may request information about public and private entities with whom data is shared
- You may file a complaint with the ANPD (National Data Protection Authority)
6.7 Indian Users (DPDP Act 2023)
Under India's Digital Personal Data Protection Act 2023:
- You have the right to access, correction, and erasure of personal data
- You may nominate another person to exercise your rights in case of death or incapacity
- You have the right to grievance redressal
6.8 Exercising Your Rights
To exercise any of these rights, please contact us at:
- Email: privacy@bluesparrow.dev
We will respond to your request within 30 days (or sooner as required by applicable law). We may need to verify your identity before processing certain requests.
7. Data Retention
7.1 Local Data
Data stored locally on your device remains until:
- You delete the App
- You use the "Clear All Data" feature in Settings
- You delete your account
7.2 Cloud Data
- Account Information: Retained until you delete your account
- Subscription Data: Retained by RevenueCat per their retention policy
7.3 Account Deletion
When you delete your account:
- All cloud-stored data is permanently deleted
- Local data remains on your device until you uninstall the App
- Subscription history may be retained by RevenueCat for financial/tax purposes (anonymized)
8. Children's Privacy
8.1 Age Restrictions
IK ONKAR is not intended for children under the age of 13 (or the applicable age of digital consent in your jurisdiction, such as 16 in the EU under GDPR-K).
8.2 Parental Rights
If you believe we have collected information from a child under the applicable age, please contact us immediately at privacy@bluesparrow.dev. We will promptly delete such information.
8.3 Compliance
We comply with:
- Children's Online Privacy Protection Act (COPPA) �e2�80�93 United States
- GDPR-K provisions �e2�80�93 European Union
- Age-appropriate design requirements in applicable jurisdictions
9. International Data Transfers
9.1 Data Location
Our service providers may process data in various locations:
- Appwrite: Cloud servers in Frankfurt, Germany (EU)
- RevenueCat: United States (with appropriate safeguards)
- Firebase (FCM only): Global infrastructure
9.2 Safeguards for EU/UK Users
For transfers of personal data outside the EU/EEA/UK, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- Binding Corporate Rules of our service providers
9.3 Your Consent
By using the App, you acknowledge that your information may be transferred to and processed in countries other than your own, with appropriate safeguards in place.
10. Cookies and Tracking Technologies
10.1 What We Use
The IK ONKAR App does NOT use:
- Web cookies
- Advertising identifiers
- Cross-app tracking
- Third-party analytics SDKs
- Fingerprinting technologies
10.2 Local Storage Only
We only use on-device storage for:
- App functionality (preferences, local database)
- Secure token storage (authentication)
11. Third-Party Links and Services
11.1 External Links
The App may contain links to external websites or services. We are not responsible for the privacy practices of these third parties.
11.2 Review Third-Party Policies
We encourage you to review the privacy policies of any third-party services you access through the App.
12. Changes to This Privacy Policy
12.1 Updates
We may update this Privacy Policy from time to time. Changes will be effective when posted.
12.2 Notification
For significant changes, we will:
- Update the "Last Updated" date at the top of this policy
- Provide notice within the App
- For material changes affecting your rights, request your renewed consent where required
12.3 Continued Use
Your continued use of the App after changes constitutes acceptance of the updated policy.
13. Accessibility
We are committed to making our privacy information accessible. If you need this policy in an alternative format, please contact us at privacy@bluesparrow.dev.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
General Inquiries:
Website: https://bluesparrow.dev
Email: info@bluesparrow.dev
Privacy-Specific Inquiries:
Email: privacy@bluesparrow.dev
Response Time: We aim to respond to all privacy-related inquiries within 30 days.
15. Supervisory Authorities
If you are not satisfied with our response to your privacy concerns, you may contact your local data protection authority:
- EU/EEA: Your local Data Protection Authority
- UK: Information Commissioner's Office (ICO)
- United States: Federal Trade Commission (FTC) or your State Attorney General
- California: California Attorney General's Office
- Canada: Office of the Privacy Commissioner of Canada
- Australia: Office of the Australian Information Commissioner (OAIC)
- Brazil: ANPD (Autoridade Nacional de Prote�e7�e3o de Dados)
- India: Data Protection Board of India
This Privacy Policy is provided in English. In case of any discrepancy between translated versions and the English version, the English version shall prevail.
Last Updated: December 20, 2025
Blue Sparrow �e2�80�93 Solo Developer, India