1. Information We Collect
We collect information to provide a better, safer experience for all creators and readers on Novira. We only collect what we need.
1.1 Information You Provide Directly
- Account credentials: Your email address (used for passwordless OTP login)
- Profile information: Display name, bio, avatar image (all optional)
- Social links: Any social media URLs you choose to add to your profile
- Publisher and payout data: Creator application details, and only if payouts are enabled later, any identity or bank details needed for payout verification
- Expansion requests: Story, chapter, language, credit, payment, and review details submitted for translation or localization workflows
- Contact messages: Any messages you send to us via contact forms or email
1.2 Content You Publish
- Stories, chapters, and visual panels (Katha & Chitra)
- Cover images and uploaded media files
- Comments, collaboration messages, and discussion posts
1.3 Information Collected Automatically
- Usage data: Pages visited, stories read, time spent, click interactions
- Device data: Browser type, operating system, device type (via UA-Parser)
- Location data: Approximate country/city derived from your IP address (via GeoIP lookup) — we do not store precise GPS location
- Session data: Login timestamps, session duration, IP address
- Fingerprint and local storage data: A first-party browser/session identifier used for analytics quality, abuse prevention, duplicate-view checks, and fraud prevention. For logged-in users, some events may be associated with your account.
2. How We Use Your Information
We use collected data only for specific, legitimate purposes:
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Providing the Service (login, reading, publishing) | Email, session data | Contract performance |
| Sending OTP codes & transactional emails | Email address | Contract performance |
| Safety & abuse prevention (NSFW detection, rate limiting) | Content, IP, fingerprint | Legitimate interest |
| Analytics & platform improvement | Usage data, device info | Legitimate interest / Consent |
| Personalizing your experience | Reading history, bookmarks | Legitimate interest / Consent |
| Publisher and payout verification | Creator application details; payout details only if payout features are enabled | Legal obligation / Consent |
| Translation and language expansion beta | Submitted content, target language, expansion request details, provider output, reviewer edits | Contract performance / Legitimate interest / Consent |
| Complying with legal requests | All relevant data | Legal obligation |
We do not sell your personal information to third parties. Ever.
4. Data Storage & Security
Your data is stored on secured servers. We take security seriously and implement industry-standard protections:
- Passwords: We use passwordless authentication. No password is stored. OTPs are hashed with HMAC-SHA256 and expire within 10 minutes.
- Sessions: Session data is stored server-side with expiry windows. Session cookies are HTTP-only and signed, and are marked Secure in production.
- Transit: All data in transit is encrypted via HTTPS/TLS.
- Access control: Role-based access controls (RBAC) limit which staff can access what data.
- Safety screening: Some image screening may run on our own servers where configured. Text moderation, reports, translation, or assistant features may use external AI providers when needed to operate the requested feature or protect the platform.
While we take all reasonable precautions, no internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security.
5. Data Retention
We retain your personal information only as long as necessary for the purposes described in this Policy:
- Account Data: Retained for the lifetime of your account.
- Published Content: Retained until you choose to delete it or your account is terminated.
- OTP / Verification Data: Deleted immediately after use or after expiry (max 10 minutes).
- Analytics Logs: Aggregated, anonymized analytics are retained indefinitely. Raw session logs are purged after 90 days.
- Deleted Account Data: Personally identifiable data is removed from active databases within 30 days of account deletion. Encrypted backups may retain data for up to 90 additional days before being permanently overwritten.
7. Your Rights
Depending on your location, you have specific rights regarding your personal data. These apply under the General Data Protection Regulation (GDPR) (EU/EEA), the California Consumer Privacy Act (CCPA) (California, USA), and India's Digital Personal Data Protection Act, 2023 (DPDP Act):
Right to Access
Request a copy of the personal data we hold about you.
Right to Rectification
Correct inaccurate data via your Settings page at any time.
Right to Erasure
Request account deletion from Settings or by contacting us. We remove or anonymize personal account data unless we must retain limited records for legal, safety, payment, audit, backup, or dispute-resolution reasons. Public content may need to be deleted separately where the product provides that control.
Right to Portability
Request your content and personal data in a machine-readable format.
Right to Object
Object to processing of your data for analytics or personalization purposes.
Right to Restriction
Request restriction of processing while a complaint is being resolved.
To exercise any of these rights, email us at [email protected]. We aim to respond within 30 days.
For Indian users: Under the DPDP Act 2023, you have specific rights including the right to access, correct, and erase personal data. To nominate a person to exercise your rights on your behalf in case of death or incapacity, please contact us.
8. Children's Privacy
Novira is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at [email protected] and we will delete such information promptly.
Users between 13 and 17 may use the Platform only with permission from a parent or guardian where required by law, and are restricted from accessing adult-rated content.
9. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by posting the updated policy on this page and, where required by law, by sending you an email notification.
The "Effective Date" at the top of this page indicates when this policy was last revised. We encourage you to review this policy periodically.
10. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact us:
Privacy & Legal: [email protected]
Safety & Abuse: [email protected]
We aim to respond to all privacy data requests within 5–30 business days depending on complexity.