1. Information We Collect

We collect information to provide a better, safer experience for all creators and readers on Novira. We only collect what we need.

1.1 Information You Provide Directly

  • Account credentials: Your email address (used for passwordless OTP login)
  • Profile information: Display name, bio, avatar image (all optional)
  • Social links: Any social media URLs you choose to add to your profile
  • Publisher and payout data: Creator application details, and only if payouts are enabled later, any identity or bank details needed for payout verification
  • Expansion requests: Story, chapter, language, credit, payment, and review details submitted for translation or localization workflows
  • Contact messages: Any messages you send to us via contact forms or email

1.2 Content You Publish

  • Stories, chapters, and visual panels (Katha & Chitra)
  • Cover images and uploaded media files
  • Comments, collaboration messages, and discussion posts

1.3 Information Collected Automatically

  • Usage data: Pages visited, stories read, time spent, click interactions
  • Device data: Browser type, operating system, device type (via UA-Parser)
  • Location data: Approximate country/city derived from your IP address (via GeoIP lookup) — we do not store precise GPS location
  • Session data: Login timestamps, session duration, IP address
  • Fingerprint and local storage data: A first-party browser/session identifier used for analytics quality, abuse prevention, duplicate-view checks, and fraud prevention. For logged-in users, some events may be associated with your account.

2. How We Use Your Information

We use collected data only for specific, legitimate purposes:

Purpose Data Used Legal Basis
Providing the Service (login, reading, publishing) Email, session data Contract performance
Sending OTP codes & transactional emails Email address Contract performance
Safety & abuse prevention (NSFW detection, rate limiting) Content, IP, fingerprint Legitimate interest
Analytics & platform improvement Usage data, device info Legitimate interest / Consent
Personalizing your experience Reading history, bookmarks Legitimate interest / Consent
Publisher and payout verification Creator application details; payout details only if payout features are enabled Legal obligation / Consent
Translation and language expansion beta Submitted content, target language, expansion request details, provider output, reviewer edits Contract performance / Legitimate interest / Consent
Complying with legal requests All relevant data Legal obligation

We do not sell your personal information to third parties. Ever.

3. Data Sharing

3.1 Information That Is Publicly Visible

The following is publicly visible on Novira by default:

  • Your display name and avatar
  • Your public profile (bio, social links if added)
  • Published stories and chapters you have set to "Public"
  • Your public reading statistics (e.g., stories published, followers)

3.2 Service Providers (Third Parties)

We share data with a limited set of trusted service providers who help us operate the Platform. All providers are bound by confidentiality agreements and are not permitted to use your data for any other purpose:

  • Email providers, including Resend and Zoho where configured: Email delivery for OTPs, receipts, notices, and support messages. Shares: your email address and message content.
  • Redis / Upstash: Session and rate-limit storage. Shares: server-side session identifiers and operational metadata.
  • Hosting, storage, CDN, and infrastructure providers: Infrastructure, file storage, backups, and delivery. Shares: uploaded files, server logs, IP-derived location, and technical request data as needed to run the service.
  • Error monitoring providers, including Sentry where configured: Crash and error diagnostics. Shares: error traces, device/browser details, request context, and limited account identifiers when needed to debug issues.
  • Payment providers, such as Razorpay, Gumroad, or another provider shown at checkout: Payment processing, receipts, taxes, refunds, and disputes. Shares: payment metadata, registered email, product purchased, amount, currency, and billing information entered at checkout. Novira does not store full card numbers.
  • Translation and AI providers: When you request translation, editing, moderation, or language expansion features, selected story/chapter text, uploaded images, extracted text, prompts, target language, and generated output may be processed by local models or external providers. We use these providers only to provide, secure, review, or improve the requested feature.

3.3 Legal Requirements

We may disclose your information if required to do so by applicable law or in response to a valid legal request from public authorities (e.g., a court order, government agency, or law enforcement). We will notify you of such requests where legally permitted.

3.4 Business Transfers

If Novira is involved in a merger, acquisition, asset sale, or similar transaction, your data may be transferred. We will provide notice before your personal data is subject to a different privacy policy.

4. Data Storage & Security

Your data is stored on secured servers. We take security seriously and implement industry-standard protections:

  • Passwords: We use passwordless authentication. No password is stored. OTPs are hashed with HMAC-SHA256 and expire within 10 minutes.
  • Sessions: Session data is stored server-side with expiry windows. Session cookies are HTTP-only and signed, and are marked Secure in production.
  • Transit: All data in transit is encrypted via HTTPS/TLS.
  • Access control: Role-based access controls (RBAC) limit which staff can access what data.
  • Safety screening: Some image screening may run on our own servers where configured. Text moderation, reports, translation, or assistant features may use external AI providers when needed to operate the requested feature or protect the platform.

While we take all reasonable precautions, no internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

We retain your personal information only as long as necessary for the purposes described in this Policy:

  • Account Data: Retained for the lifetime of your account.
  • Published Content: Retained until you choose to delete it or your account is terminated.
  • OTP / Verification Data: Deleted immediately after use or after expiry (max 10 minutes).
  • Analytics Logs: Aggregated, anonymized analytics are retained indefinitely. Raw session logs are purged after 90 days.
  • Deleted Account Data: Personally identifiable data is removed from active databases within 30 days of account deletion. Encrypted backups may retain data for up to 90 additional days before being permanently overwritten.

6. Cookies & Tracking

6.1 Cookies We Use

Novira uses a minimal set of cookies:

  • novira.sid (Essential): Your encrypted login session cookie. HttpOnly, Secure in production. Without this cookie, you cannot stay logged in. This cookie is set only when you log in.
  • novira_cookie_consent (Functional): Stores your cookie consent preference in your browser's localStorage so we don't ask you again. Not a cookie, locally stored only.

6.2 What We Don't Use

We do not use:

  • Third-party advertising or tracking cookies
  • Google Analytics or similar tracking tools (currently)
  • Social media pixel trackers (Facebook Pixel, etc.)
  • Third-party advertising pixels. We do use first-party cookies/localStorage and lightweight browser identifiers for login, preferences, analytics quality, fraud prevention, and abuse prevention.

6.3 Managing Cookies

You can control and/or delete cookies through your browser settings. Deleting the novira.sid session cookie will log you out. For instructions on managing cookies, visit aboutcookies.org.

7. Your Rights

Depending on your location, you have specific rights regarding your personal data. These apply under the General Data Protection Regulation (GDPR) (EU/EEA), the California Consumer Privacy Act (CCPA) (California, USA), and India's Digital Personal Data Protection Act, 2023 (DPDP Act):

Right to Access

Request a copy of the personal data we hold about you.

Right to Rectification

Correct inaccurate data via your Settings page at any time.

Right to Erasure

Request account deletion from Settings or by contacting us. We remove or anonymize personal account data unless we must retain limited records for legal, safety, payment, audit, backup, or dispute-resolution reasons. Public content may need to be deleted separately where the product provides that control.

Right to Portability

Request your content and personal data in a machine-readable format.

Right to Object

Object to processing of your data for analytics or personalization purposes.

Right to Restriction

Request restriction of processing while a complaint is being resolved.

To exercise any of these rights, email us at [email protected]. We aim to respond within 30 days.

For Indian users: Under the DPDP Act 2023, you have specific rights including the right to access, correct, and erase personal data. To nominate a person to exercise your rights on your behalf in case of death or incapacity, please contact us.

8. Children's Privacy

Novira is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at [email protected] and we will delete such information promptly.

Users between 13 and 17 may use the Platform only with permission from a parent or guardian where required by law, and are restricted from accessing adult-rated content.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by posting the updated policy on this page and, where required by law, by sending you an email notification.

The "Effective Date" at the top of this page indicates when this policy was last revised. We encourage you to review this policy periodically.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact us:

Privacy & Legal: [email protected]
Safety & Abuse: [email protected]

We aim to respond to all privacy data requests within 5–30 business days depending on complexity.