Your conversations stay private.

Every message you send and every response ManaSmurti gives is encrypted using AES-256-GCM before it is written to our database. This is the same encryption standard used by banks and governments.

Your messages are not stored as readable text. They are converted into encrypted data that cannot be read without the decryption key. The key is stored separately from the database and is never exposed in logs, backups, or error reports.

This means that even if someone were to gain unauthorised access to our database, they would see encrypted data, not your words.

You can read your own conversations when you are logged in. Your session decrypts your messages in real time so you can review your conversation history.

ManaSmurti processes your messages during an active conversation to generate a response. That processing happens inside encrypted, audited systems. Your messages are never shared with, or used to train, any outside service. Ever, for any reason. The technical details of how ManaSmurti produces its responses are proprietary. What is not proprietary, and what is always committed in writing: your words stay yours, and they never become training data for anyone.

No one else. Our team does not have access to read individual conversations. There is no admin panel, dashboard, or internal tool that displays your message content in readable form.

Your conversations are decrypted only in these situations:

• When you access your own history. Your active session decrypts your messages so you can read them.
• During an active conversation. The system decrypts recent messages to maintain context for the current conversation. This happens in server memory and is not persisted.
• If required by law. If we receive a valid court order, warrant, or binding legal request from Indian law enforcement under applicable law (such as the Information Technology Act, 2000 or the Digital Personal Data Protection Act, 2023), we may be compelled to decrypt and provide specific data. We will comply only with lawful, verified requests and will notify you if legally permitted to do so.
• If we are investigating a reported violation of our rules. If someone is reported for breaking our Terms of Service or community guidelines, we may review the specific messages tied to that report to decide what to do. We do not browse other conversations, and we do not use this for anything besides the investigation.
• If there is an imminent safety concern. If a conversation suggests immediate danger to you or to another person, we may look at the relevant messages to decide how to help, which may include surfacing helplines or, in rare cases, contacting the appropriate authorities. This is a last resort, not a routine practice.

We do not decrypt conversations for internal review, quality assurance, marketing research, product improvement, or any other purpose outside the situations listed above.

Before your message is sent to ManaSmurti's companion engine, it passes through an automated safety check. This check looks for content that may indicate immediate danger (such as self-harm) or violations of our community guidelines.

If the system detects a potential crisis, it will show you helpline numbers and gently end the conversation on that topic. Crisis events are logged anonymously (category and timestamp only, no message content) for safety monitoring.

This screening is fully automated. No human reviews the flagged content.

• We do not sell your data to anyone, for any reason.
• We do not share your conversations with advertisers or third-party marketing platforms.
• We do not use your conversations to train external machine learning models.
• We do not display targeted advertisements based on what you discuss.
• We do not allow our team to browse or search through user conversations.

You can delete your account at any time from your dashboard settings. When you delete your account:

• All your conversations and messages are permanently deleted from our database.
• Your profile, preferences, and usage history are removed.
• Any active subscription is cancelled.
• This action is irreversible. We cannot recover deleted data.

You can also delete individual conversations from your conversation history without deleting your entire account.

What we retain after deletion: Certain records are kept as required by Indian law (Information Technology Act, 2000 and applicable intermediary guidelines). These include anonymised login timestamps, billing and payment records (for GST compliance), and safety event logs (category and timestamp only, no conversation content). These records do not contain anything you said in your conversations. They are stored in encrypted form that no one can access, and kept only for the minimum period required by law. We follow all statutory guidelines strictly. Retained records are never used for commercial purposes, marketing, analytics, or any purpose other than legal compliance.

ManaSmurti runs on Amazon Web Services (AWS) infrastructure in the Asia Pacific (Mumbai) region. Your encrypted data is stored in a managed PostgreSQL database with SSL/TLS encryption in transit.

All connections between your browser and our servers are encrypted using HTTPS (TLS 1.2+). Data is encrypted both in transit and at rest.

What we collect. When you tap thumbs up or thumbs down on a reply, fill in the feedback form, or rate a guide, we save that. We do not save anything you did not explicitly tap or type.

What we see. We read every questionnaire that comes in. Right now that means one pair of eyes. Thumbs taps and guide ratings are counted up in aggregate, not read one by one. The Share this anonymously toggle keeps your name out of the view when you turn it on.

If you are using ManaSmurti through your employer.Your company's HR team sees only averages across everyone on the platform, like average ratings, common themes, and participation rates. They never see your name, what you wrote, or how you personally rated anything. This protection is built in and you cannot turn it off.

What happens if you delete your account. Your feedback rows are kept in anonymised form so we can keep improving the product, but we can never link them back to you. Written comments are deleted along with your account.

If your ManaSmurti account is a ManaSmurti for Teams corporate account (you were invited to register from a corporate email address by your employer), the same conversation privacy rules above still apply. Your employer cannot see what you say. Your employer cannot see whether you logged in last night. Your employer cannot see whether you finished a training module. Your employer cannot see whether you opened a conversation about something hard.

What your employer can see. Your employer's HR team has access to a dashboard that shows aggregate wellbeing signals for groups of at least five employees, grouped by team or function, manager group, or how long people have been at the company. Groups of fewer than five people show "not enough data yet" and no number. HR also sees aggregate completion rates for any training modules they have assigned to a group. That is it.

What your employer cannot see, ever. Your individual conversations. Your individual activation status. Your individual completion of anything. Your individual usage frequency. Your individual feedback to us. Anything you said that might identify you. Anything at all that links a signal back to a single person.

Every query your HR team runs is logged. You can ask us how often your group has been looked at in the last month or three months or a year. We will tell you the counts and the most recent date, but not the admin identity or the exact numbers HR saw.

If the contract ends. If your employer cancels their ManaSmurti for Teams contract, we disable their HR dashboard the same day, let you keep your account for another ninety days so you can finish anything in progress and export your conversation history if you want to keep it, and then delete your corporate account. None of your data goes back to your employer. Not a summary, not a count, not a name.

If you want a private account your employer is not paying for. You can register a separate personal account with a personal email (Gmail, Yahoo, any non-corporate address) at any time. Your personal account is entirely separate from your corporate account, and we make no attempt to connect the two. Your employer has no way to find out that your personal account exists, and no one at ManaSmurti has a lookup that would link them. This is built into the product, not a policy we could change our mind on later.

For the legal version of this section, see our privacy policy, section 10a.

If you have questions about how we handle your data, reach out to us at our contact page. For formal privacy requests or grievances, see our Grievance Redressal page.