Legal & Privacy

Last updated: June 2026 (v1.0.25) · Governed by laws of India

1. Who We Are

Dosth App ("the App", "we", "us") is developed and operated by Dosth App Team, an independent developer. As Data Fiduciary under India's Digital Personal Data Protection Act 2023, we are responsible for how your personal data is collected, used and protected.

2. Data We Collect

Account data: Name, email address and authentication credentials via Firebase Authentication. Google Sign-In users share name, email and Google profile ID only — no password stored by us.
Profile data: Display name, DosthTag (auto-generated @username), preferred language and theme.
Group & expense data: Group names, members, expense amounts, splits and settlement records you create.
DosthSell data: Item listings, listing photos (Firebase Storage), buyer-seller chat messages and deal history.
Games data: Chess game results (win/loss/draw), games played count, Dosth Tag for leaderboard display, and your leaderboard visibility preferences. Solo vs AI games are not stored.
Study data: Exam timetable plans, study preferences and custom schedule edits stored locally on your device only (AsyncStorage/localStorage). Not transmitted to servers.
Home Vault data: Home inventory items (appliances, electronics, warranties, serial numbers, service contacts, purchase prices) are stored only on your device using local device storage (AsyncStorage on mobile, localStorage on web). Dosth servers never receive or store this information. If you uninstall Dosth or clear app data, the inventory is permanently deleted.
QR Maker data: All QR codes (contact vCard, UPI payment, WiFi password, link, text) are generated entirely on your device. The encoded payload is rendered as an SVG image locally. Saved drafts (your name, UPI ID, WiFi credentials etc.) are stored only on your device. Nothing is sent to Dosth servers at any point.
Document data: Scanned documents and passport photos are processed locally in your browser. Passport photo background removal uses the remove.bg API — photos are sent to remove.bg for processing and are not retained by Dosth.
File Convert data: All file conversions (JPG/PNG/WebP/PDF conversion, Merge PDF, Split PDF, Shrink PDF, Unlock PDF, Protect PDF, Exact KB image compress, Unzip ZIP) are processed entirely in your browser using client-side JavaScript libraries (pdf.js, jsPDF, pdf-lib, JSZip). Your files are never transmitted to Dosth servers. Nothing is uploaded. Output files are created in your browser and downloaded directly to your device.
- Unlock PDF: Your PDF and password are processed entirely on your device. Neither the file nor the password is sent anywhere.
- Protect PDF: Encryption is applied client-side using pdf-lib. Your password is never stored or transmitted by Dosth.
Scanner data: All scanned images, draft documents and export history are stored only on your device using local device storage (AsyncStorage). Dosth servers never receive, store or process your scanned documents or images.
- Image → Text (OCR): The selected image is sent to Groq API solely to extract text. The image and extracted text are not stored by Dosth.
- AI Remove Handwriting: The selected image is sent to Groq API for handwriting analysis only. Not stored by Dosth.
- Images → ZIP: All processing happens entirely on your device. No data is sent to any server.
- Share / Save (v1.0.25): Share via WhatsApp / Save as JPG / Compress to KB — all processing happens on your device. The Web Share API is used to invoke your phone's native share sheet; the file is passed directly to your chosen app and is not transmitted to Dosth servers.
- Manual Erase: Canvas-based editing runs entirely in your browser. No data leaves your device.
- Export PDF: PDF generation uses jsPDF library loaded from CDN (cdnjs.cloudflare.com). The PDF is generated on your device and downloaded directly. No document content is sent to Dosth or CDN servers.
D Carry data: D Carry listings you post — route, travel date, item description, WhatsApp number, carry mode and budget. Visible to all logged-in users. Auto-expires after 30 days.
Health data: Vitals you manually log — weight, blood pressure, blood sugar, heart rate, SpO2, temperature, sleep, water, steps, and member records are stored on Google Firebase (Firestore) under your user account (health_records and health_members collections). Only you can access your data — protected by Firestore Security Rules. No automatic sensor reading or Health Connect integration.
Location data: Approximate GPS used ONLY for home screen weather. Sent to Open-Meteo API — never stored.
AI feature inputs: Text/photos you send to AI features (Kisan AI, D Travel, Smart Listing, AI Greetings, D Invites) are processed by Anthropic Claude API or Google AI. Not retained for model training per provider API terms. Item descriptions typed into DosthSell Smart Listing are sent to Anthropic for listing generation only.
Contribution data: If you contribute via Support the Team, the following data is stored in Firebase Firestore: your Firebase user ID (server-side only, never displayed), your DosthTag and name (or "Anonymous" if you select the anonymous checkbox), contribution amount in ₹, UPI transaction ID, optional message, anonymous flag, and timestamp. Your DosthTag (or "Anonymous"), amount and message are publicly visible to all logged-in users in the contributions feed within the app. Selecting "anonymous" hides your DosthTag and name from the feed but does not delete the server-side record. You may request deletion of your contribution record at any time by emailing support@dostu.app from the email address associated with your Dosth account.
Push notification token: Expo Push Token stored against your user ID for notification delivery only (up to 3 devices). Used to deliver security alerts when a new device signs into your account.
Login history: Each sign-in records the device platform, model and timestamp in a private loginHistory subcollection. Visible only to you in Me → Security Scan → Recent sign-ins. Deleted when you delete your account.
Security Scan: When you use Security Scan, your email is sent to Have I Been Pwned (HIBP) — a public breach database. Results are cached on-device only for 24 hours and never stored on Dosth servers.
Crash logs: Anonymous error logs — device model, OS version and stack trace only. No personal data.
Advertising data: Dosth App does not show advertisements. There is no Google AdMob, AdSense, or other ad-network integration in the app or the website. No device advertising identifier is collected from your device. If advertising is introduced in the future, this section will be updated in advance and existing users will be notified in-app.

3. What We Never Do

Never sell your data to advertisers or data brokers
Never read your contacts, messages or camera without your action
Never background-track your location
Never store your UPI ID or bank details
Never use your data for behavioural profiling or non-essential third-party sharing
Never see your Dosth Drop file content — files transfer directly between devices, we have no access to them

4. Data Storage & Security

All data stored in Google Firebase (Firestore + Storage), encrypted in transit (TLS) and at rest (AES-256). Firestore Security Rules ensure you only access your own data.

5. Third-Party Services

Google Firebase — database, authentication, storage, crash reporting
Have I Been Pwned (HIBP) — security breach database check (Security Scan feature)
Google AdMob — not used. May be added in the future if advertising is reintroduced.
Anthropic Claude API — Kisan AI, Trip Planner, Smart Listing AI
Google AI APIs — AI Greetings and other generative features
Open-Meteo — weather data (anonymous GPS, no account)
EmailJS — transactional emails (OTP, settlement notifications)
Expo — push notifications
PeerJS Cloud (0.peerjs.com — free public infrastructure provided by the PeerJS project): used only when you use Dosth Drop, for the initial ~5KB connection handshake. Sees only the 6-digit connection code and the public IP addresses of both devices during the brief handshake. Never sees file content. After handshake, PeerJS is not involved in the transfer.
Google STUN servers (stun.l.google.com) — standard WebRTC infrastructure used to discover IP addresses for direct device-to-device connection during Dosth Drop. No file content, no account information.

We are not responsible for the privacy practices or availability of third-party services.

6. Data Retention

Active account data: retained while your account exists
D Carry listings: auto-expire after 30 days
Crash logs: 90 days rolling
After account deletion: expense records anonymised, DosthSell chat retained for buyer protection (90 days)

7. Your Rights — DPDP Act 2023

Right to access your personal data
Right to correct inaccurate data
Right to erase your data (via Delete Account)
Right to withdraw consent
Right to nominate a representative

Email: support@dostu.app — we respond within 30 days.

8. Grievance Officer — DPDP Act 2023

Dosth App Team
Email: support@dostu.app
Response within 30 days of written request.

🛡️ Copyright Registration

Dosth App is officially registered with the Copyright Office, Government of India under the Copyright Act, 1957.

Diary Number: SW-23910/2026-CO
Filing Date: 20 May 2026
Form: Form XIV — Literary Work (Computer Programme)
Receipt No: 244300
Owner: Suresh Rallapadu

All source code, UI design, written content, graphic assets, animations and web pages of Dosth App are protected under copyright law. Unauthorised copying, reproduction or distribution is prohibited and may result in legal action.

Terms of Use

By using Dosth App you agree to use it lawfully and not to misuse AI features, post fraudulent listings, or attempt to reverse-engineer the app.

Dosth Drop & file transfer: By using Dosth Drop you additionally agree:

You will not use Dosth Drop to transfer illegal content, including but not limited to copyrighted material without rights, child sexual abuse material, malware, stolen data, or non-consensual intimate images.
You are solely responsible for the content you transfer and the recipient you transfer it to.
Dosth does not have access to transfer content and cannot recover, inspect, or revoke transfers after they complete.
We may suspend service to specific connection codes or IP addresses if we receive credible abuse reports.

Governing Law

Governed by the laws of India. Disputes subject to Indian courts. Users in India retain rights under Consumer Protection Act 2019 and DPDP Act 2023. Users in Singapore retain rights under PDPA 2012 and Consumer Protection (Fair Trading) Act.

🇸🇬 Singapore — MAS Compliance

Dosth App does not hold, transfer or process S$ funds. All transactions are in ₹ INR between members directly. Dosth is not regulated by MAS and does not require a Payment Services Licence as it does not provide payment services.

🇸🇬 Singapore — PDPA (Personal Data Protection Act)

You may request access to, correction or deletion of your personal data
We do not sell your data to any third party
Data Protection Officer contact: support@dostu.app
Response within 30 days of written request

📦 D Carry — Customs & Legal Disclaimer

D Carry listings are community arrangements between members. Dosth App is an intermediary only and is not responsible for:

Customs duties, taxes or seizure of items
Lost, damaged or undeclared items
Compliance with Singapore Customs, ICA or AVA regulations
Verification of items, carriers or requesters

Singapore Customs personal duty-free allowance: up to S$400 (air/sea). Always declare items. All customs compliance is the sole responsibility of the carrier and requester.

Advertising

Dosth App does not show advertisements. There is no Google AdMob, AdSense, or other ad-network integration in the app or on the website. No device advertising identifier is collected. The app is sustained through voluntary community contributions (see "Voluntary Contributions" below). If advertising is introduced in the future, this section and the FAQ will be updated in advance and existing users will be notified in-app — and Dosth App will not control specific ad content if ads are introduced.

Future Premium Features

Dosth App's core features are committed to remain free for all users. As the app evolves, optional premium features may be introduced (such as an ad-free experience, advanced analytics, unlimited AI queries, or printable certificates). Any premium offering will be clearly marked as optional and will not restrict access to features available in the free tier at the time of your account creation. Pricing and terms for premium features, if and when introduced, will be communicated transparently in advance and will require explicit opt-in. We will never convert an existing free feature into a paid-only feature for existing users.

🎮 Games

Dosth Games (Chess and future games) store only your aggregate result statistics (wins, losses, draws, games played) and your Dosth Tag for the global leaderboard. Multiplayer game move history is stored in Firebase for real-time sync and deleted when you delete your account. Solo vs AI games are not stored on servers.

Games are for entertainment only. No financial transactions are involved. You control your leaderboard visibility — toggle it off at any time in Rankings.

📚 Study

All Study data (exam timetables, study plans, preferences) is stored exclusively on your device using browser localStorage or AsyncStorage. Nothing is uploaded to Dosth servers. Clearing your browser data or uninstalling the app removes this data.

🏠 Home Vault

Home Vault is a personal home inventory tracker. All data — including item names, brands, model numbers, serial numbers, purchase dates, purchase prices, warranty months, service contacts, and notes — is stored exclusively on your device using AsyncStorage (mobile) or localStorage (web). Dosth servers never receive or process this information. There is no cloud sync, no backup, and no cross-device sharing. If you uninstall Dosth or clear app data, the inventory is permanently lost.

📱 QR Maker

QR Maker generates QR codes locally on your device using an embedded pure-JavaScript QR encoder. Inputs (vCard contact details, UPI ID/amount/note, WiFi SSID/password, links, plain text) are converted to a QR matrix and rendered as SVG on your device. Nothing is sent to any Dosth server. Saved drafts (so you don't re-enter your name, UPI ID, or WiFi credentials each time) are stored only on your device via AsyncStorage/localStorage. Once you share a generated QR code as an image, anyone who scans it can decode the embedded data — share carefully, especially WiFi passwords.

💧 Dosth Drop (Phone-to-Phone File Sharing)

How it works. Dosth Drop is a peer-to-peer file transfer service. Files are sent directly between the sender's and receiver's devices — they never pass through, are stored on, or are accessible to Dosth servers.

Sender picks a file and generates a 6-digit code.
Receiver enters the 6-digit code.
Devices exchange a small (~5KB) handshake via PeerJS Cloud (see Third-Party Services).
Once connected, file content flows directly device-to-device over WebRTC (encrypted with DTLS) — over LAN if both on the same Wi-Fi network, otherwise over the internet.
The 6-digit code is session-only and is not stored by Dosth.

What we store: Nothing. Dosth has no server-side component for Dosth Drop. We cannot recover, inspect, revoke, or replay transfers.

What is briefly visible to third parties: PeerJS Cloud sees the 6-digit code and the public IP addresses of both devices during the ~5-second handshake — never file content. Google STUN servers see IP addresses only.

Honest limits of our encryption: Dosth Drop encrypts files in transit between the two devices (DTLS). However, encryption does not protect the devices themselves. If you are on a monitored device (work laptop, school laptop), endpoint monitoring software on that device may see file content before it is encrypted for transit. Additionally, both sender and receiver can see each other's public IP addresses during the transfer — this is how WebRTC works on the open internet.

Your responsibilities: You are responsible for what you transfer. Dosth Drop must not be used to send illegal content, copyrighted material without rights, malware, or non-consensual intimate images. We cannot enforce this technically (we do not see file content), but such use violates our Terms of Use.

📄 Documents

Scanned documents and converted files are processed locally in your browser and are not uploaded to Dosth servers. Passport photo background removal uses the remove.bg API — images are sent to remove.bg for processing under their privacy policy (remove.bg/privacy). Dosth does not retain passport photos.

DosthSell Marketplace

Dosth App is an intermediary platform only. We do not own, verify or guarantee listed items, delivery, or item condition. All transactions are solely between buyer and seller.

Financial Calculators

Gold Calculator shows price comparisons between Singapore and India for reference only — it does not recommend where to buy gold. Loan Calculator provides EMI estimates using standard formulas. Neither tool constitutes financial, investment or banking advice. Always confirm with your bank or jeweller before transacting. Check customs allowances before travel.

Voluntary Contributions

Important — Legal nature: Voluntary contributions to Dosth App are not charitable donations within the meaning of Section 80G of the Income Tax Act, 1961. Dosth App is not a registered charitable trust, Section 8 company, or 80G-approved institution. Contributions are voluntary support payments to the developer and are not tax-deductible. The developer declares contributions received as business income for income tax purposes. Do not treat your contribution as a donation for tax-deduction purposes — no 80G receipt will be issued, and no deduction can be claimed.

Contributions via "Support the Team" are voluntary, non-refundable, and do not grant additional privileges, features, or status. They are direct UPI payments from contributor to the developer's bank account; the contribution record submitted within the app is a self-declared record of payment used to populate the public contributions feed within the app.

Verification: Each contribution is initially marked "pending" and reviewed by the team against the UPI transaction record provided. Verified contributions are marked "verified". Unverified or fraudulent submissions may be removed at the team's discretion.

Retention: Contribution records (including dostuTag, amount, message, transaction ID, and timestamp) are retained in Firestore for as long as the public contributions feed remains active, or until you request deletion. Account-linked uid is retained for fraud prevention and is removed when you delete your Dosth account.

Right to deletion: You may request removal of your contribution from the public feed at any time by emailing support@dostu.app from your account's registered email. Deletion is typically completed within 30 days. Note: deletion removes the public feed entry; bank-level UPI transaction records held by your bank are governed by your bank's policies, not Dosth.

Minor protection (DPDP Act 2023 § 10): Users must be 18 or older to contribute. The Support the Team flow requires a logged-in Dosth account; account creation already requires confirmation of being 18+. Contributions from accounts later identified as belonging to a minor will be refunded where the UPI transaction can be reversed and the record will be removed from the feed.

Community ideas board: Submitted feature ideas (text up to 280 characters) and upvotes are stored in Firestore and publicly visible to all logged-in users along with your dostuTag. Same retention and deletion rules apply as for contribution records.

📦 D Carry — Intermediary Notice

Dosth App facilitates connections between community members for carrying items between India and Singapore. We do not verify items, carriers, requesters or WhatsApp numbers. All arrangements, payments and customs compliance are solely the responsibility of the parties involved. Dosth App is not liable for any loss, damage, seizure or dispute arising from D Carry arrangements.

💛 Gold Calculator — Comparison Only

This tool shows price differences between Singapore and India for personal reference. It does not recommend where to buy gold. Gold prices fluctuate continuously. Estimates are based on inputs you provide and international spot rates. Not investment advice. Always confirm final price with your jeweller. Check customs allowances before travel. Dosth App is not liable for any loss arising from gold price estimates.

🏦 Loan Calculator — Reference Only

EMI calculations are estimates using standard reducing-balance formula. Actual EMI may differ based on your bank's specific terms, processing fees and insurance. Not financial or mortgage advice. Consult your bank or a licensed financial advisor before taking any loan.

🌾 Kisan AI — General Information Only

AI-generated crop, weather and farming advice is general information only. Not professional agricultural advice. Always consult qualified agricultural experts for farming decisions.

❤️ Health — Not a Medical Device

Health is a manual vitals tracker for personal awareness only. Not a medical device. Do not make medical decisions based on data in Health. Always consult a qualified healthcare professional.

🏛️ Political Banner Generator — Your Responsibility

You are solely responsible for political content you generate and share. Dosth App does not endorse any political party, candidate or ideology. Content must comply with Election Commission of India guidelines and applicable laws.

🤖 AI-Generated Content

All AI features generate content AS-IS with no guarantee of accuracy. Always review AI output before using for any important decision.