Effective 24 April 2026 · Version 1.0
This Privacy Policy describes how Turtle Innovations Pvt. Ltd. ("Turtle Innovations", "we", "us", or "our") collects, uses, discloses, and protects information in connection with the Shamvi mobile application and related services (together, the "Service").
By installing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with its terms, please do not use the Service.
This policy applies to all users of Shamvi, including those who access the Service as guests without creating an account.
We collect only the information necessary to operate and improve the Service. The categories of personal data we process are listed below.
| Category | Purpose of processing | Source |
|---|---|---|
| Name | To personalise greetings and maintain your user profile. | Google Sign-In or direct entry |
| Email address | To identify your account, deliver one-time login codes, and send service related communications. | Google Sign-In or direct entry |
| Phone number | To deliver one-time SMS verification codes when you choose phone based sign-in. | Direct entry |
| Google account identifier and profile picture | To authenticate your sign-in and display your avatar. | Google Sign-In |
| Device identifier | A random identifier generated on your device so guest progress can be restored across sessions. | Generated locally |
| Push notification token | To deliver optional notifications you have opted in to receive. | Firebase Cloud Messaging |
| App usage events | Aggregate usage such as moods selected, scenes played, and session duration, used to improve the Service. | Collected in app |
| IP address | Processed transiently for rate limiting and abuse prevention. | Network connection |
| Crash and diagnostic logs | To detect and resolve technical defects. These logs do not contain the contents of your messages to the in app companion. | Firebase Crashlytics |
The Service does not access your contacts, photos, calendar, precise location, microphone, camera, or SMS inbox. The only runtime permission the app requests is notification permission.
We process personal data for the following purposes, each grounded in a legitimate basis under applicable law:
We do not sell personal data. We do not run third party advertising. We do not share personal data with advertising networks.
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.
Subject to applicable law, you have the following rights in relation to your personal data:
We will respond to all verified requests within 30 days. To exercise any of these rights, please contact us using the details in Section 11.
We implement technical and organisational measures designed to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption in transit (HTTPS with TLS 1.2 or higher), salted password hashing, access controls with multi factor authentication, and regular security review of our systems.
No method of electronic storage or transmission is completely secure. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users within 72 hours of becoming aware of it, in accordance with applicable law.
The Service is not directed to children under the age of 13, and we do not knowingly collect personal data from children under 13. If you believe that a child under 13 has provided personal data to us, please contact us and we will promptly delete the information.
We are based in Nepal. Some of our service providers, including Google LLC, may process personal data in jurisdictions outside Nepal, including the United States and the European Union. Where such transfers occur, we rely on the safeguards implemented by those providers, which may include standard contractual clauses or other approved transfer mechanisms.
We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or legal requirements. When we make material changes, we will update the effective date at the top of this policy and, where appropriate, notify you through the Service before the change takes effect.
The current version of this policy is always available at shamvi.com/privacy-policy.html.
If you have questions about this Privacy Policy or wish to exercise any of your rights, please contact us using the details below. We read every message and will respond as promptly as possible.