Narriva LogoNarriva
Get started
Legal Document

Privacy Policy

We built Narriva with privacy at its core — not as an afterthought.

Effective date:

The short version
  • We never sell your data to third parties — ever.
  • Your data is stored in India (AWS Mumbai, ap-south-1 region).
  • We use Meta's official OAuth — we never see or store your social media password.
  • Payments are handled by Razorpay — we never touch your card, UPI, or banking credentials.
  • Push tokens are used only to deliver notifications about your own content and account.
  • Camera and media access is used only when you actively choose to upload or save content.
  • You can request deletion of your account and all data at any time.
  • Questions? Email [email protected] — we respond within 24 hours.

1. Introduction

Narriva (“we,” “our,” or “us”) is an AI-powered social media management platform built for Indian small businesses. We operate both a mobile application (“App”) and a web platform (“Service”) under the narriva.in domain.

This Privacy Policy is governed by the Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable provisions of the Information Technology Act, 2000. By creating a Narriva account or using the App, you acknowledge that you have read and agree to the practices described in this policy.

2. Data We Collect

2.1 Account & Business Data

When you register and configure your profile, we collect:

  • Full name, business name, email address, and phone number
  • Business category, products, services, brand voice, and target audience settings (“Business DNA”)
  • Business location, operating hours, and regional context for content personalisation
  • Profile photo (optional)

2.2 Social Media Connections

When you connect Instagram or Facebook, we authenticate exclusively through Meta's official OAuth 2.0 APIs. We never receive, request, or store your social media password. We store only the access tokens necessary to publish content, read your inbox, and retrieve engagement data on your behalf. You can revoke this access at any time from within the App or directly from your Meta account settings.

2.3 Customer & Lead Data

To power the AI inbox and DM auto-responder features, we process messages and public profile information of people who interact with your connected social accounts. This data belongs to you as the business operator — Narriva acts only as a data processor on your behalf. See our Data Processing Agreement for the full framework.

2.4 Photos & Media (Mobile App)

With your explicit permission, the App reads images and videos from your device's media library so you can use them in your content. It can also save AI-generated images back to your device's photo library. We access media only when you actively choose to upload or save content — never in the background.

2.5 Camera (Mobile App)

If you grant camera permission, the App uses your camera to capture photos for your content. We do not record video or access the camera in the background.

2.6 Push Notification Token (Mobile App)

We collect your device's FCM push token via Firebase Cloud Messaging (Google) to send you notifications about scheduled posts, content approvals, DMs, and account updates. The token is stored on our servers and locally on your device. You can revoke push permission at any time in your device's system Settings.

2.7 Payment Information

All subscription payments are processed by Razorpay, a PCI DSS-compliant payment gateway regulated in India. We never store your card number, CVV, UPI PIN, or banking credentials. Narriva receives only a transaction reference ID and subscription status confirmation from Razorpay.

2.8 Technical & Usage Data

  • Device type, operating system, and app version
  • IP address and approximate location (city level only)
  • Feature usage patterns and session duration (anonymised)
  • Crash reports and performance diagnostics

3. How We Use Your Data

We use your data exclusively to:

  • Create and manage your account and authenticate you securely
  • Generate AI-powered content tailored to your business, audience, and local trends
  • Schedule and publish posts on your connected social media accounts
  • Power the AI inbox — reading, routing, and drafting replies to DMs and comments
  • Detect festivals, seasons, and trends relevant to your business category and region
  • Process and manage your subscription through Razorpay
  • Deliver push notifications about your posts, DMs, and account activity
  • Provide customer support and diagnose technical issues
  • Improve our AI models using anonymised and aggregated signals only
  • Send transactional emails (billing, account alerts) and optional product updates

We do not use your business data or your customers' data to train third-party AI models. Improvements to Narriva's AI use only anonymised, aggregated signals — never your specific content, customer identities, or personal messages.

4. Data Sharing & Third-Party Services

We do not sell, rent, or trade your personal information. We share data only with the following partners, strictly for service delivery:

  • Amazon Web Services (ap-south-1, Mumbai): Cloud hosting, database storage, and file delivery — all data stays within India.
  • Meta Platforms (Instagram / Facebook): To publish content, manage your inbox, and retrieve engagement data via official Graph API.
  • OpenAI: To generate content drafts. We pass only the necessary business context — no personal customer data, DM contents, or lead information is ever sent to OpenAI.
  • Firebase / Google (FCM): To deliver push notifications to your Android device.
  • Razorpay: For payment processing and subscription lifecycle management.
  • Legal authorities: Only in response to a valid court order, government directive, or statutory obligation under Indian law — and only to the extent required.

5. Data Security

  • Encryption in transit: TLS 1.3 for all communication between your device and our servers.
  • Encryption at rest: AES-256 for all data stored on AWS infrastructure.
  • Access controls: Role-based access with least privilege — all access is logged and audited.
  • Token security: Social media OAuth tokens are stored encrypted and are immediately revocable from your account settings.
  • No password storage: Narriva operates exclusively through OAuth — we have no mechanism to store social media passwords.
  • Breach notification: In the event of a data breach, we will notify you within 72 hours.

6. Data Retention

We retain your data only for as long as your account is active or as required by law. After account deletion:

  • Account and business profile data is deleted within 30 days.
  • Social media OAuth tokens are deleted immediately on disconnection or account deletion.
  • AI-generated content and post history is deleted within 30 days.
  • Push notification tokens are deleted immediately on sign-out or permission revocation.
  • Inbox, DM, and lead data is deleted within 90 days.
  • Payment records are retained for 7 years as required by the GST Act and IT Act, 1961.
  • Anonymised aggregated analytics may be retained indefinitely — these contain no personally identifiable information.

7. Your Rights Under the DPDP Act, 2023

Under India's Digital Personal Data Protection Act, 2023, you have the following rights with respect to your personal data:

  • Right to Access: Request a summary of the personal data we process about you and the purposes for which it is processed.
  • Right to Correction & Erasure: Ask us to correct inaccurate data or erase data that is no longer needed for its original purpose.
  • Right to Portability: Receive your data in a structured, machine-readable format.
  • Right to Withdraw Consent: Revoke consent for specific processing (e.g., push notifications, camera, media) at any time via device Settings or in-app controls, without affecting the lawfulness of prior processing.
  • Right to Grievance Redressal: Lodge a complaint with us or escalate to the Data Protection Board of India.
  • Right to Nominate: Nominate an individual to exercise your rights on your behalf in the event of your death or incapacity.

To exercise any right, email [email protected]. We acknowledge your request within 48 hours and respond fully within 30 days in accordance with the DPDP Act.

8. Cookies & Tracking (Web Only)

Our web platform uses essential cookies to keep you authenticated and remember your preferences. We use anonymised analytics cookies to understand feature usage and improve the product. We do not use advertising, cross-site tracking, or third-party retargeting cookies. The mobile App does not use cookies.

9. Children's Privacy

Narriva is a business tool intended for adults aged 18 and above. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected data from a person under 18, please contact us immediately and we will delete it without delay.

10. Changes to This Policy

When we make material changes to this Privacy Policy, we will notify you by email at least 15 days before the change takes effect, and post an in-app notification. Your continued use of Narriva after the effective date constitutes acceptance of the revised policy.

11. Contact & Grievances

For privacy questions, data access requests, or to file a grievance:

  • Email: [email protected]
  • Phone: +91 8569958265 (Mon–Sat, 10 AM–6 PM IST)
  • Address: Narriva Technologies, NE-15, New Palam Vihar Extension, Sec-110, Gurugram 122017, Haryana, India

Every complaint is reviewed by a human, not an automated system.

Narriva — India's AI Social Media Team. Privacy is not a policy checkbox here — it's the foundation we build on.