Privacy Policy

Staq is operated by SlayerBlade, an individual enterprise based in India. For all privacy-related matters, we are the data controller as defined under the Information Technology (Amendment) Act 2008, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 (“SPDI Rules”), and the Digital Personal Data Protection Act 2023 (“DPDP Act”).

Contact: support@slayerblade.site

2.1 Account Data (collected at sign-in)

• Google OAuth data: your name, email address, and profile picture, as provided by Google when you authenticate. We do not receive your Google password.

2.2 Onboarding & Profile Data (provided by you)

• Display name, chosen avatar, selected persona (e.g., College Student, Young Professional)
• Age range bracket (not exact date of birth)
• Financial learning goals and self-reported financial knowledge level

2.3 Learning & Activity Data (generated by your use)

• Module completion status, quiz scores, and assessment results
• XP points, Flux balance, streak counts, and achievement badges
• Leaderboard ranking (derived from XP)
• Behavioural event data: timestamped logs of interactions such as module starts, quiz answers, city scenario decisions, Flux Shop purchases, and navigation patterns. This data is used to power personalised insights, habit analysis, and smart notifications.
• Mastery decay scores — calculated ratings of knowledge retention per topic

2.4 Payment Data (collected only if you make a purchase)

• Payment processing is handled entirely by Razorpay. We do not receive or store your card number, CVV, UPI PIN, or bank account details.
• We store: the Razorpay payment ID, the product purchased, the amount, the transaction timestamp, and payment status. This is required for order fulfilment, support, and legal compliance.

2.5 Technical & Device Data (collected automatically)

• IP address (used for server-side session validation and abuse prevention)
• Browser type and version, operating system, device type
• Session identifiers (stored in secure HTTP-only cookies via NextAuth.js)
• Push notification tokens (only if you grant notification permission; used solely to send you Staq notifications)

We use your data only for the following purposes:

• Providing the service: creating and maintaining your account, tracking your learning progress, and delivering personalised content
• Personalisation: tailoring module recommendations, difficulty, and city scenarios to your persona and learning history
• Habit analysis: computing your behavioural profile (e.g., learning time patterns, topic strengths) to generate the Personality Report and smart notifications
• Leaderboards: displaying your display name and XP rank to other users (you can choose any display name — your real name is never shown without your choice)
• Order fulfilment: processing payments, issuing Staq Pro access, and generating Verified Certificates
• Push notifications: sending streak reminders, challenge alerts, and personalised nudges (max once per day; you can revoke permission at any time in your browser or device settings)
• Security and abuse prevention: detecting and preventing multi-accounting, cheating, or unauthorised access
• Platform improvement: aggregated, anonymised analysis of usage patterns to improve content and features

We do not sell, rent, or share your personal data with any third party for advertising or marketing purposes.

We share your data with the following processors only to the extent necessary to operate Staq. Each is contractually obligated to protect your data:

• Google LLC — OAuth authentication. See Google Privacy Policy.
• Supabase Inc. — database and backend infrastructure. Data is hosted on AWS (Amazon Web Services) servers, which may be located outside India. See “Cross-Border Transfers” below.
• Vercel Inc. — web hosting and edge network (servers may be located globally).
• Razorpay Software Pvt. Ltd. — payment processing for paid features. Razorpay is PCI-DSS compliant. See Razorpay Privacy Policy.

We also participate in the Zerodha affiliate programme (Partner Code: CAR026). If you click an affiliate link to Zerodha and create an account, Zerodha receives information about the referral. No personal data from your Staq account is shared with Zerodha.

Staq's backend infrastructure (Supabase on AWS) and hosting (Vercel) involve servers that may be located outside India. By using Staq, you consent to your data being transferred to and processed in countries other than India. We take reasonable steps to ensure that such transfers are subject to appropriate safeguards.

• Session cookie: set by NextAuth.js for authentication. It is HTTP-only, secure, and is deleted when you sign out. This cookie is essential for the service to function.
• Local storage: we store a small amount of non-personal preference data in your browser's local storage (e.g., whether you have dismissed the app install banner) to avoid showing repeated prompts.
• We do not use any third-party advertising, analytics, or tracking cookies.

If you purchase a Verified Certificate, a public verification page is created at staq.app/verify/[id]. This page displays your display name (as set in your Staq profile), certificate type, score, and issuance date. It does not display your email address or any other personal data.

By purchasing a certificate, you consent to this public display. If you want your display name changed before purchase, update it in your profile settings.

• Active accounts: we retain your data for as long as your account is active.
• After account deletion: personal data (name, email, profile, progress, events) is deleted within 30 days of your deletion request.
• Payment records: retained for 7 years as required under Indian financial regulations.
• Verified Certificates: the certificate record (including your display name) is retained indefinitely to allow public verification. Upon account deletion, you may request certificate invalidation, but the verification page may still show historical data to prevent fraud.

Under the Digital Personal Data Protection Act 2023 and other applicable Indian law, you have the following rights:

• Right to access: request a summary of the personal data we hold about you.
• Right to correction: request correction of inaccurate or incomplete personal data.
• Right to erasure: request deletion of your personal data (subject to retention obligations described above).
• Right to withdraw consent: withdraw consent for optional processing (e.g., push notifications) at any time via your device or browser settings. Withdrawal does not affect the lawfulness of processing before withdrawal.
• Right to grievance redressal: lodge a complaint with our Grievance Officer (see below) or with the Data Protection Board of India once established.

To exercise any of these rights, email us at support@slayerblade.site with the subject line Privacy Request. We will respond within 30 days.

Staq is intended for users aged 13 and above. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child under 13 has created an account, please contact us at support@slayerblade.site and we will delete the account and associated data promptly.

Users between 13 and 18 may use the free features of Staq independently. Paid features require either the user to be 18+ or a parent/guardian's consent and supervised payment.

We implement industry-standard technical and organisational measures to protect your personal data, including:

• HTTPS encryption for all data in transit
• Row-Level Security (RLS) policies on all database tables via Supabase
• HTTP-only, secure session cookies — inaccessible to client-side scripts
• Service-role keys restricted to server-side processes only

No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security. In the event of a data breach that is likely to result in a risk to your rights, we will notify you as required by applicable law.

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page. Your continued use of Staq after any changes constitutes acceptance of the revised policy. If you do not agree, please stop using Staq and request account deletion.

In accordance with the Information Technology Act 2000 and rules made thereunder, the Grievance Officer for Staq is:

Name: Arnav Sharma
Email: support@slayerblade.site
Response time: Within 30 days of receipt of grievance

For any privacy-related questions, data requests, or complaints: support@slayerblade.site
We respond within 48 hours on weekdays.