Privacy policy.

1. Who is responsible for your data

Vivanet Consultancy Services Pvt Ltd ("we", "us"), operator of the lystners platform, is the Data Fiduciary for your personal data under the Digital Personal Data Protection Act, 2023 ("DPDP Act") and the equivalent Data Controller for users in jurisdictions such as the EU and UK. Our registered office is at G-306, Rohan Kritika, Sinhagad Road, Pune, Maharashtra 411030, India.

2. Our privacy principles

Three commitments drive everything below:

• We don't sell your data. We have no ads and no advertising relationships. The subscription fee is our only revenue.
• We collect the minimum we can. A pseudonym, a password hash, country, and payment confirmation are enough to run the platform. We don't ask for your real name or government ID.
• Your private journal is encrypted on your device. We architecturally cannot read it, and counsellors cannot read it. See section 5.

3. Data we collect

We collect only what the service needs to function:

• Account data: your chosen pseudonym, a hash of your password (we never store the password itself), an optional recovery email, and your declared country of residence.
• Payment data: we do not store your card or bank details. Razorpay (our payment processor) handles all payment data and provides us only with a payment status, transaction ID, and subscription state.
• Content you submit: shares, comments, voice notes sent to counsellors, peer-chat messages, and testimonial submissions. Voice notes are stored as audio files only — we do not transcribe them on our servers in the normal flow.
• Journal entries: encrypted ciphertext only. The key is derived from a passphrase you set on your device using Argon2id and never leaves your device. See section 5.
• Session data (counsellor bookings): booking metadata (counsellor, time, status), session-completion records, and any post-session notes the counsellor records. We do not record audio or video of live sessions.
• Technical data: IP address (used briefly for geo-detection and abuse prevention), browser/device user-agent, cookies needed for authentication and session state.
• Communications: messages you send us via the contact form, and any email correspondence.

4. How and why we use your data

• To run the service: creating your account, authenticating you, matching you with peers and counsellors, processing payments and refunds, delivering features.
• For safety and moderation: we run an automated moderation pipeline (pattern matching → tone analysis → context-aware AI → human review when uncertain) on shares, comments, and peer-chat to catch harmful content. A crisis-detection signal also runs to surface resources to you when our system thinks you might be in distress.
• For payments and tax: Razorpay handles the payment transaction itself; we retain payment metadata for the period required by Indian tax law (typically 8 years).
• For service emails: account confirmations, booking confirmations, subscription renewal notices, password resets. We do not send marketing emails.
• For legal compliance: responding to lawful requests from authorities, preventing fraud or abuse, and meeting our regulatory obligations.

Legal bases: We process your data on the basis of (a) your consent at signup, (b) performance of the contract between us (these Terms), (c) legitimate interests in operating and securing the service, and (d) compliance with legal obligations.

5. Your private journal — zero-knowledge by design

Your journal is end-to-end encrypted. When you first use the journal, you set a passphrase. We derive an encryption key from it on your device using Argon2id (a strong key-derivation function). That key is used to encrypt every journal entry in your browser before it ever reaches our servers. We store only the encrypted ciphertext.

This means:

• We cannot read your journal — not as engineers, not as moderators, not even if compelled by a subpoena.
• Counsellors cannot read your journal — there is no permission that grants this.
• If you forget your passphrase and have not used the recovery phrase, your journal contents are unrecoverable. We have no backdoor.
• Crisis detection on journal content runs entirely on your device. If it triggers, only a flag (a number, not the content) is sent to our servers so a counsellor with whom you have a relationship can offer a check-in. The triggering content is never transmitted.

6. Who we share data with

We share data only with the third-party processors required to run the service. We never sell data, and we never share for marketing.

• Razorpay Software Pvt Ltd — payment processing, subscription billing, refunds. Razorpay receives your payment instrument details directly; we do not.
• LiveKit / video infrastructure provider — real-time audio/video infrastructure for live counsellor sessions. Sessions are not recorded.
• Transactional email provider — to send account-related emails to the recovery email you provided.
• Cloud infrastructure providers — to host servers, databases, and storage. Data is stored in regions compliant with applicable law.
• Moderation AI providers — automated moderation may send short text snippets (e.g., a single share or comment) to specialised content-classification APIs. These providers are contractually prohibited from retaining or re-using the data.
• Counsellors — counsellors you book with see your pseudonym, your booking history with them, any shares you have marked "request expert response", and a passive crisis-flag counter (a number, not content) if you have an active relationship with them. They do not see your journal, your real name, your payment details, or other counsellors' notes about you.
• Authorities — when required by valid legal process, or when necessary to prevent serious harm.

7. Crisis-detection data handling

Crisis detection is a safety feature. The detector runs on content you post publicly (shares, comments, peer-chat) and on inputs from non-subscribers using public text features. When the detector triggers:

• You see a card with crisis resources immediately.
• For subscribers: an on-call counsellor is alerted (so they can reach out if appropriate).
• For non-subscribers: the resources card is shown; no alert is sent.
• For journal entries: detection runs on your device only; a flag-count is sent to our servers but never the content.

8. Cookies and local storage

We use cookies and local storage only for essential purposes: keeping you signed in, remembering your locked country/currency, and protecting against cross-site request forgery. We do not use third-party advertising or analytics cookies that track you across the web.

9. International data transfers

We are based in India and primarily process data there. Some of our processors operate outside India (notably for video infrastructure and email delivery). Where transfers occur, we rely on appropriate safeguards such as the processor's own data-protection commitments and standard contractual clauses.

10. Data retention

• Active accounts: retained for as long as your account exists.
• Lapsed subscriptions: account data is retained because resubscribing restores everything, including your journal (which we still cannot read) and your booking history.
• Deleted accounts: personal data is removed within 30 days of your deletion request, with limited exceptions for payment records (retained for the period required by Indian tax law, typically 8 years), legal-hold data, and aggregated anonymised analytics that cannot identify you.
• Backups: data in backups is removed in the normal backup-rotation cycle (typically within 90 days).

11. Your rights

Under the DPDP Act, 2023 and (where applicable) the GDPR or UK GDPR, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Erase your data (subject to retention exceptions above)
• Withdraw consent at any time
• Receive a summary of how your data is processed
• Lodge a grievance with our Grievance Officer (see below)
• Approach the Data Protection Board of India or the supervisory authority in your jurisdiction

To exercise any of these rights, write to atyourservice@vivanet.in from the recovery email on your account, or contact our Grievance Officer (section 13).

12. Children

lystners is not intended for users under 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a person under 18, we will delete the account.

13. Grievance Officer

In line with the DPDP Act and the Information Technology Rules, 2011, the Grievance Officer for Vivanet Consultancy Services Pvt Ltd is reachable at:

We acknowledge grievances within 48 business hours and aim to resolve them within the statutory timelines.

14. Changes to this policy

We may update this policy. Material changes will be notified to you by email (if you have a recovery email on file) and announced on the service at least 14 days before they take effect.

15. Contact

For any privacy-related question, write to atyourservice@vivanet.in or visit our Contact page.