Legal

Privacy Policy

Last updated: 2026-05-19

In plain English

We made EcoWarriors to teach kids about e-waste in a fun way. To run the game, we have to remember a few things about you: your email, a password (kept in a scrambled form even we cannot read), the avatar you picked, and the points and badges you earn as you play. If you are a student we also remember your first name, your birth year, your city, your school, and your class. Adults (teachers, parents, others) give us a name, a phone number, a city, and how they heard about the app.

We do not sell your information. We do not show you ads. We do not share your data with other companies so they can market to you. Only the EcoWarriors team can see your account, and only when we need to fix something for you.

If you are under 18 in India, the law says your parent or guardian has to say yes before we collect your information. We ask for that during sign-up.

If you ever want us to delete everything, email admin.ecowarrior@gmail.comand we will delete your account and your data. We are also building a one-click delete button inside the app for the future.

1. Who we are

EcoWarriors is operated by Nishanth Ashok, a sole proprietor based in Chennai, Tamil Nadu, India, as an initiative of Ram Investments. Throughout this policy, “we”, “us”, and “EcoWarriors” refer to this operator.

Ram Investments provides support and branding only. It is not the operator of, and not the data fiduciary for, this app.

For any privacy question, write to admin.ecowarrior@gmail.com. For the formal grievance route required under Indian law, see Section 11 below.

2. Information we collect

We split the data we collect by who the user is, because the student flow and the adult flow on the app collect different fields.

2.1 If you are a student (ages 8 to 14)

  • Account identifiers: email address; a password we store only as a one-way salted hash (we cannot read it); if you sign in with Google, the basic profile Google shares with us (name, email, profile picture).
  • Profile: preferred name (often a first name only), birth year, city, school name, class/grade.
  • Optional: mobile number (only if you choose to provide it).
  • How you heard about us: a short pick-list answer.
  • Avatar choice: which of our characters and which of our 5 mascot squads you picked.
  • Gameplay progress: mission progress, XP, EcoKarma score, badges earned, your current rank, current streak, decisions inside the EcoSolver mini-game, star ratings inside the Circuit mini-game, and scores inside the Sort Game.

2.2 If you are an adult (teacher, parent, or other)

  • Account identifiers: email address; a password we store only as a one-way salted hash; if you sign in with Google, the basic profile Google shares with us.
  • Profile: full name, mobile number (required), city, your role (teacher / parent / other), and how you heard about us.
  • Gameplay progress: same as for students, if you choose to play yourself.

2.3 Things we do NOT collect

  • We do not collect your precise location. We ask only for your city, as free-text.
  • We do not collect any biometric data, financial data, or health data.
  • We do not build advertising profiles about you. We do not let third parties build advertising profiles about you on this app.

3. How we use this information

We use the information above only for the following purposes:

  • To create your account and let you sign back in.
  • To save your progress so the game does not reset every time you open it.
  • To show leaderboards inside the app (your preferred name and avatar are visible to other players; your email and mobile number are never shown).
  • To send transactional emails: account confirmation, password reset, and security-critical notices.
  • To understand, in aggregate, which lessons and games are working and which are confusing, so we can improve the content. We do this with privacy-friendly analytics (see Section 8 on cookies and tracking).
  • To respond when you contact our support address.

We do not use your data to build advertising profiles, to sell to data brokers, or to share with third parties for their own marketing.

4. Where your data is stored

Your account, profile, and gameplay data are stored in a managed Postgres database hosted on Supabase in the ap-south-1 (Mumbai) region. Data is encrypted at rest on the database server and in transit between your device and our servers (HTTPS / TLS 1.2+).

Static assets (images, audio, JavaScript) are currently served from our own servers; we do not use a third-party content delivery network (CDN) at this time. If we add one later to speed up loading, it would only deliver public files that are the same for everyone, never your profile data, and we would update this page.

5. How long we keep your data

We keep your account data for as long as your account exists. If you want us to delete it sooner, see Section 7 below.

Until our in-app account-deletion button ships, you can request deletion by emailing admin.ecowarrior@gmail.comwith the subject line “Delete my account” from the email address you signed up with. We will action the request within 45 days and confirm by email when it is done.

Some records may persist after deletion for the brief additional period our database backups retain them. Backups roll forward and old snapshots are overwritten on a 7-day schedule. We will never restore a deleted account from backup except where the law requires it.

6. Children’s privacy

Many EcoWarriors users are children. We treat anyone under 18 in India as a child, in line with the Digital Personal Data Protection Act, 2023 (whose children’s-data provisions come into force on 13 May 2027). For children:

  • Use with a guardian’s permission: the app is for ages 8 and up, and a child should use it with a parent’s or guardian’s permission. We ask for a guardian’s contact details where they are provided.
  • No behavioural tracking or profiling of children.
  • No advertising on the app at all, and never targeted advertising to children.
  • No harmful use: we will not use a child’s data in any way we have reasonable grounds to believe is likely to harm them.

We are working toward a verifiable parental-consent step and will have one in place before it is legally required (13 May 2027). In the meantime, a parent or guardian can write to admin.ecowarrior@gmail.com at any time to review, correct, or delete the data we hold on their child.

7. Your rights

Under the Digital Personal Data Protection Act, 2023, you (or your parent/guardian, if you are a child) have the following rights regarding your personal data:

  • Right to access: ask us for a summary of the personal data we hold about you.
  • Right to correction and erasure: ask us to correct inaccurate data or delete data we no longer need.
  • Right to withdraw consent: revoke previously given consent at any time. (Note: withdrawing consent for processing required to run your account means we will need to close that account.)
  • Right to grievance redressal: raise a complaint with our grievance officer (see Section 11) and, if unresolved, with the Data Protection Board of India.
  • Right to nominate: nominate another individual who may exercise these rights on your behalf in the event of your death or incapacity.

To exercise any of these rights, email admin.ecowarrior@gmail.comwith the subject line that matches your request (for example, “Access my data”, “Delete my account”). We will respond within 45 days.

8. Cookies and analytics

We use a small number of cookies and analytics signals, chosen because they do not personally identify individual users:

  • Strictly necessary cookies: the session cookie that keeps you signed in. Without this, the app cannot function. No consent dance applies to strictly necessary cookies.
  • Product analytics: we do not currently use any third-party analytics. We may later add a basic, privacy-friendly analytics tool to understand which pages and games people use. If we do, it would see only anonymized requests, never your name, email, or full IP address, and we would update this page first.
  • Server logs: our servers keep short-lived request logs for abuse-prevention and uptime monitoring, retained only briefly and then deleted.

We do not use cookies for advertising, retargeting, or cross-site tracking. We do not embed third-party social media trackers (no Facebook Pixel, no TikTok Pixel, etc).

9. Security

We follow Reasonable Security Practices as defined under the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. In practice, this includes:

  • All traffic between your device and our servers is encrypted with TLS (HTTPS).
  • Passwords are stored as salted one-way hashes (we cannot read them, even if we wanted to).
  • Database access is gated by Postgres Row-Level Security (RLS), so the API can only return rows that belong to the signed-in user.
  • Database access is gated by Postgres Row-Level Security so the API only ever returns the signed-in user’s own profile. Aggregate features like the leaderboard read only non-identifying fields (display name, avatar, points, school, city) and never your email or phone number.
  • Administrative access to the database is limited to the founder/operator. We rotate secrets if we have any reason to believe they may have been exposed, and review our security posture periodically.
  • In the event of a personal data breach, we will notify affected users and the Data Protection Board of India in accordance with Section 8(6) of the DPDP Act, 2023.

10. Changes to this policy

We will update this policy if the way we collect, use, or store personal data changes. When we do, we will:

  • Bump the “Last updated” date at the top.
  • Email registered users about material changes, with a short summary of what changed and why.
  • Keep an archive of past versions, available on request to admin.ecowarrior@gmail.com.

11. Contact and grievance officer

For general privacy questions, email admin.ecowarrior@gmail.com.

Under Indian law we are required to publish the name and contact details of a grievance officer who handles complaints related to personal data. Ours is:

Grievance Officer: Nishanth Ashok

Email: admin.ecowarrior@gmail.com

Based in: Chennai, Tamil Nadu, India

We aim to acknowledge a grievance within 72 hours and resolve it within 30 days. If you are not satisfied with the response, you may approach the Data Protection Board of India.