MeritVault exists to protect things of value — and your personal data is foremost among them. This policy explains, in plain terms, what we collect, why we collect it, and the control you retain over it. We collect only what the marketplace genuinely requires, and never more.
01Information We Collect
We collect information you provide directly, information generated as you use the app, and information from the verification partners listed below. We do not buy personal data from brokers, and we do not track you across other apps or websites.
| Category | What it includes | Why we need it |
|---|---|---|
| Account identity | Phone number, name | To create and secure your account and authenticate you on each device |
| Creator credentials | DigiLocker-verified identity and qualification documents | To verify provenance before a creator may list material |
| Purchases | Transaction records, dossiers acquired, payment confirmations | To grant and restore access to what you have bought |
| Reading activity | Reading progress, bookmarks, study targets | To sync your place across devices and power study planning |
| Device & diagnostics | Device model, OS version, crash logs | To keep the app secure, stable and performant |
02DRM & Forensic Watermarking
Protection of creators' work is the core of MeritVault. You should understand exactly how it works before you purchase.
Forensic Identity Watermark
Every dossier you purchase is embedded with an invisible forensic watermark uniquely tied to your account. If protected material is shared, leaked or redistributed, that watermark allows us — and the creator — to trace the copy back to its origin. By purchasing, you consent to this watermarking. It exists to protect the people whose work you are buying.
03Third-Party Services
We rely on a small, deliberate set of trusted processors. Each receives only the data necessary for its function, and each is bound by its own privacy obligations.
| Service | Purpose | Data shared |
|---|---|---|
| Supabase | Database & authentication infrastructure | Account, purchase and reading data |
| Razorpay | Payment processing | Transaction amount and payment status |
| MSG91 | OTP & transactional messaging | Phone number |
| DigiLocker | Creator identity verification | Government-issued credentials (creators only) |
04Data Storage & Encryption
Sensitive data is encrypted in transit and at rest using AES-256. Authentication tokens and keys are stored in the iOS Keychain and are excluded from device and iCloud backups, so they cannot be extracted from a backup file.
Purchased dossiers are stored in an encrypted, access-controlled container bound to your account. They cannot be opened by other applications, copied into your photo library, or exported as unprotected files.
05Your Rights Under the DPDP Act
As a Data Principal under the Digital Personal Data Protection Act, 2023, you have the right to:
- Access — request a summary of the personal data we hold about you.
- Correction — ask us to correct inaccurate or incomplete data.
- Erasure — request deletion of your data, subject to legal retention duties.
- Grievance redressal — raise a concern with our Grievance Officer and receive a timely response.
- Nominate — appoint another individual to exercise your rights in the event of incapacity or death.
To exercise any of these rights, write to privacy@meritvault.app.
06Data Retention & Deletion
We keep your data only as long as your account is active or as required to provide the service and meet legal, tax and accounting obligations. When you delete your account, we erase your personal data within 30 days, except records we are legally required to retain (such as transaction records for statutory periods). Forensic watermark references tied to delivered dossiers may be retained to protect creators against past leaks.
07Children's Privacy
MeritVault is intended for users aged 16 and above. We do not knowingly collect personal data from anyone under 16. If we learn that we have collected such data, we will delete it promptly.
08Contact
For any privacy question, data request, or grievance, our Data Protection Officer can be reached at privacy@meritvault.app. We aim to respond to every request within the timelines prescribed by the DPDP Act.