Privacy Policy

Last updated: April 2026 · Effective: April 2026

Bhasma ("the app", "we", "us") is built on a single principle: what you write should belong only to you, and disappear forever when you let it go. This privacy policy explains exactly how we honor that commitment, and complies with the requirements of the Apple App Store, Google Play Store, the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and India's Digital Personal Data Protection Act (DPDPA).

1. The short version

The Bhasma mobile application does not collect, store, transmit, or share any personal data. It does not require an account. It does not need an internet connection to function. What you write exists only in your device's transient memory while you are looking at it, and is permanently destroyed the moment you burn it. There are no servers, no databases, no cloud storage, and no analytics involved in the core app.

2. Data the app collects

None. Specifically, the Bhasma mobile app does not collect any of the following:

• Name, email address, phone number, or any contact information
• Analytics, usage statistics, telemetry, crash reports, or performance data
• Advertising identifiers (IDFA, GAID, or any other)
• Location data (coarse or precise)
• Device identifiers, fingerprinting data, or hardware information
• Cookies or similar tracking technologies inside the app
• The text you type, in any form, on any server
• Photos, files, or other media from your device
• Contact lists, calendar data, or social graph
• Browser history, other app usage, or cross-app tracking

For the Apple App Store "App Privacy" label

Data Not Collected. Bhasma does not collect any data from this app.

For the Google Play "Data Safety" section

• Data collected: No data collected.
• Data shared with third parties: No data shared.
• Data security practices: No data collected means no data in transit to encrypt. The app does not communicate with any servers.
• Data deletion: Not applicable — no data exists to delete.

3. What you write

Anything you type in Bhasma exists only as transient memory inside the app while the screen is open. It is never written to persistent disk storage, never sent to any server, and never accessible to any other app, person, or company — including the creators of Bhasma. When you tap "burn it down", the text is permanently and irreversibly destroyed. No copy remains on your device, no copy exists on any cloud, and no recovery is possible by any means.

If you close the app, switch apps, or your device runs out of battery while writing, your text is also gone. There are no drafts, no auto-save, and no recovery mechanism. This is intentional and is central to the app's purpose.

4. Permissions the app requests

The app requests the minimum permissions required to function:

• Audio playback — to play the background singing bowl sound. This is local audio only; no microphone access.
• Haptic feedback (vibration) — to provide the hold-to-burn tactile response.

The app does not request access to:

• Microphone
• Camera
• Photos or media library
• Contacts, Calendar, or Reminders
• Location services
• Bluetooth, Network, or Internet (beyond opening the system browser for optional feedback)
• Push notifications
• Background refresh

5. Third-party services

The Bhasma mobile app does not integrate with any third-party SDKs, advertising networks, analytics providers, or tracking services. There are no third parties who receive any information from the app because the app does not send any information anywhere.

6. The website (bhasma.io)

This website, where you are reading this policy, is a separate property from the app and has its own minimal data handling:

6.1 Contact form

If you visit our contact page and voluntarily submit feedback, the information you choose to provide (your name, email address, and message — all fields except the message are optional) is transmitted through a third-party form submission service (Web3Forms) directly to our private inbox. We use this information solely to read and respond to your feedback. We do not add it to any database, mailing list, or CRM, and we do not share it with any third party for any purpose.

Submitting feedback is entirely voluntary. If you do not contact us, we have no way of knowing you exist or that you use the app.

6.2 Server logs

The hosting provider (Vercel, Cloudflare Pages, or similar) may maintain standard server access logs (IP address, request timestamp, user-agent) for operational and security purposes. These logs are handled by the hosting provider under their own privacy policy and are not used by us for any analytics, profiling, or marketing.

6.3 No cookies or trackers

This website does not set any cookies, use any analytics (Google Analytics, Meta Pixel, etc.), embed any tracking scripts, or use any fingerprinting techniques. The only external resource loaded is the Playfair Display font from Google Fonts, which follows Google's Fonts Privacy FAQ.

7. Your rights

Because we do not collect or store any personal data from the app, there is no data to access, correct, export, or delete. However, you always have the right to:

• Access — contact us to ask what, if any, information exists about you.
• Rectification — correct any inaccurate feedback you may have previously sent us.
• Erasure ("right to be forgotten") — request deletion of any email correspondence you have had with us.
• Data portability — request a copy of any email correspondence in a machine-readable format.
• Object — opt out of any future communication from us.
• Lodge a complaint — with a data protection authority in your jurisdiction.

To exercise any of these rights, please use our contact form. We respond within 30 days.

8. Children's privacy

Bhasma is suitable for users of all ages and does not contain advertising, in-app purchases, or social features. We do not knowingly collect personal information from children under 13 (or the equivalent minimum age in the user's jurisdiction), because we do not collect personal information from anyone. The app complies with the Children's Online Privacy Protection Act (COPPA) by virtue of not collecting any data at all.

9. International data transfers

Because the app does not transmit data, there are no international data transfers associated with its use. Any feedback submitted through the website is routed via the form service's infrastructure (which may be hosted in the United States or the European Union) directly to our inbox. No additional processing or storage takes place.

10. Data retention

App data: Retained only in transient memory, never written to storage. Retention period: from the moment you type until the moment the app closes or you burn the text.

Feedback emails: Retained in our inbox for as long as operationally necessary to respond to your query, and typically deleted within 24 months. You may request earlier deletion at any time.

11. Security

The strongest security guarantee is not having data in the first place. Because the app does not transmit or store data, there is no attack surface for data breach, no database to compromise, and no credentials to steal. Feedback submissions on the website are transmitted over HTTPS.

12. Changes to this policy

If we ever change anything material in how the app or website handles data, we will update this page with a new "Last updated" date and, for significant changes, announce it through the app stores' update notes. The current commitment of zero data collection is core to the app's purpose and is not expected to change.

13. Contact

Questions, concerns, or data requests related to this privacy policy can be submitted through the feedback form. We read and respond to every message personally.