Privacy Policy

We collect the minimum we need to let you read, buy, and re-read your writings — nothing more. This policy explains exactly what that means.

What we collect

Account info you give us at signup: name, email address, phone number, and the bcrypt hash of your 4-digit MPIN (we never store the MPIN itself).
Order metadata when you buy a writing: the items purchased, the amount, and the Razorpay order/payment IDs we need for reconciliation. We never see or store your card details — those live with Razorpay.
Light usage data our server keeps in standard access logs (timestamps, IP addresses) for security + abuse prevention. Retained for 30–90 days.
Cookies. We use only essential cookies: your session token (so we know you're signed in), your locale preference, and a cookie-consent flag so the banner doesn't keep asking you. No tracking, no analytics, no ads.

How we use it

To let you sign in, buy, and access the writings you've paid for.
To send you the one-time code on signup or MPIN reset (via email).
To email you a receipt after a successful payment.
To respond when you contact us via the contact form.

Who we share it with

Razorpay — for payment processing (your name, email, phone, and the order amount). Razorpay's own privacy policy applies to data they collect during checkout.
SMTP provider (Gmail) — to deliver the OTP, receipt, and contact emails. Email headers transit through Google's servers.
That's it. We don't sell or rent your data, ever.

Your rights

Access: ask us for a copy of the data we hold on you. We'll reply within 30 days.
Correction: you can change your own name, email, and phone from your account.
Deletion: ask us to delete your account. Note that we may retain order metadata (without your name/email) for tax/accounting purposes as required by law.

Security

Passwords and MPINs are bcrypt-hashed. Payment data never touches our servers — it's tokenised through Razorpay. We use HTTPS, rate-limit sensitive endpoints, lock out accounts after repeated failed MPIN attempts, and ship security headers (HSTS, X-Frame-Options, Content-Security-Policy variants).

Children

The site is intended for readers 18 and over. We don't knowingly collect data from children under 18; if we learn we have, we'll delete it.

Changes to this policy

We may update this policy from time to time. Material changes will be announced on the site.

Grievance Officer

In line with the Information Technology Rules, 2011, the grievance officer for India-based concerns is:

Pallavi Trivedi
Email: pallavi@kuchehsaas.com
We aim to acknowledge within 48 hours and resolve within 30 days.

What we collect

Account info you give us at signup: name, email address, phone number, and the bcrypt hash of your 4-digit MPIN (we never store the MPIN itself).

Order metadata when you buy a writing: the items purchased, the amount, and the Razorpay order/payment IDs we need for reconciliation. We never see or store your card details — those live with Razorpay.

Light usage data our server keeps in standard access logs (timestamps, IP addresses) for security + abuse prevention. Retained for 30–90 days.

Cookies. We use only essential cookies: your session token (so we know you're signed in), your locale preference, and a cookie-consent flag so the banner doesn't keep asking you. No tracking, no analytics, no ads.

Who we share it with

Razorpay — for payment processing (your name, email, phone, and the order amount). Razorpay's own privacy policy applies to data they collect during checkout.

SMTP provider (Gmail) — to deliver the OTP, receipt, and contact emails. Email headers transit through Google's servers.

That's it. We don't sell or rent your data, ever.

Your rights

Access: ask us for a copy of the data we hold on you. We'll reply within 30 days.

Correction: you can change your own name, email, and phone from your account.

Deletion: ask us to delete your account. Note that we may retain order metadata (without your name/email) for tax/accounting purposes as required by law.

Security