Privacy Policy
This Privacy Policy explains how SynaptechVerse LLP, a limited liability partnership registered in Pune, Maharashtra, India ("SynaptechVerse", "we", "us", "our"), collects, uses, stores, shares and protects personal data when you use SynapGameVerse, our website and web application at synapgameverse.com (the "Service"). SynaptechVerse LLP is the data fiduciary for personal data processed through the Service. It is published in accordance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 ("DPDP Act").
By using the Service you consent to the practices described in this Policy. For children, consent is provided by a parent, legal guardian, or a registered organisation authorised to act on their behalf (see Section 4).
1. The Camera: Processed on Your Device, Never Uploaded
Your camera feed never leaves your device. SynapGameVerse games are controlled by body movement. To make that work, the video from your camera is analysed locally in your browser by on-device pose-estimation models. From the video, the software derives only abstract body-joint positions (for example "left wrist at this point on the screen") that act as game controls.
- We do not record, store, upload or transmit your camera video or audio. No video frames or photographs are sent to our servers or to any third party.
- The derived joint positions are used in real time to run the game and are discarded continuously. They are not biometric templates and cannot identify a person.
- The camera activates only after you start a game (an explicit tap) and only with your browser's permission, which you can revoke at any time in browser settings.
- In games that let players choose their own images from their device, those images are likewise processed locally in the browser only and are never uploaded.
2. Personal Data We Collect
a) Account and profile data
- Self-registered users: name, email address, password (stored only as a salted cryptographic hash, never in plain text), and one-time verification codes sent to your email during sign-up.
- Google sign-in users: the name and email address provided by Google when you choose "Sign in with Google". We do not receive your Google password.
- Profile details: date of birth and your country, state and city, which we ask for progressively after sign-up. Date of birth is used for age-appropriate game timing, the birthday perk, and (for managed school accounts) as an initial password that the account holder is encouraged to change.
- Managed (organisation) accounts: the organisation provides the student's or resident's name, class or group, roll number and date of birth to provision the account.
b) Gameplay and usage data
- Game scores, coins, badges, ranks, play duration, plans started and completed, and daily activity used to build your performance dashboard and leaderboards.
- Basic technical information needed to run the Service well: browser type, device capability signals (for example screen size and approximate performance class) used to adapt graphics quality. These are used in your browser session and are not compiled into advertising profiles.
c) Payment data
- When you purchase a subscription, payment is handled by our payment gateway partner, Razorpay Software Private Limited. Razorpay collects your payment instrument details (UPI ID, card number, bank account) directly; we never see or store them. We receive and store only the transaction reference, amount, plan purchased, status and date, which we need for order fulfilment, support and accounting.
d) What we do not collect
- No camera video or audio recordings (Section 1).
- No precise location (GPS). Location is limited to the country, state and city you tell us.
- No third-party advertising identifiers or cross-site tracking cookies.
3. How We Use Personal Data
- To create and operate your account, authenticate you, and run the games and plans you play.
- To show your scores, coins, badges, performance dashboards and leaderboards, and (for organisations) class or group performance reports to authorised administrators and teachers.
- To process subscription purchases, apply play limits and tiers, and provide receipts and support.
- To send service emails such as sign-up verification codes and important account or policy notices. We do not send marketing email without your consent.
- To keep the Service safe: preventing fraud, abuse, score manipulation and unauthorised access, and complying with legal obligations.
- To improve the Service using aggregate, non-identifying statistics.
We process personal data on the basis of your consent, the performance of our contract with you (or with your organisation), and our legitimate uses as permitted by the DPDP Act.
4. Children's Privacy
- SynapGameVerse is designed to be safe for children. Under the DPDP Act a "child" is a person under 18 years of age.
- Accounts for children must be created by, or with the verifiable consent of, a parent or legal guardian, or provisioned by a registered educational or care organisation that has obtained such consent.
- We do not undertake behavioural monitoring of children or serve targeted advertising to children. The Service currently serves no third-party advertising at all.
- Children's camera feeds are treated exactly as described in Section 1: processed on the device, never uploaded.
- Parents, guardians and organisation administrators may review, correct or request deletion of a child's data by contacting us (Section 10) or through the organisation console.
5. Cookies and Local Storage
We use browser local storage (not third-party cookies) for the Service to function:
- a session token that keeps you logged in;
- your language choice and interface preferences;
- your best scores, cached locally so games load quickly.
These are strictly functional. We do not use advertising or cross-site tracking cookies. Our payment gateway and Google sign-in may set their own cookies when you use them, governed by their respective policies. Clearing your browser storage logs you out and removes these items.
6. Sharing and Disclosure
We do not sell, rent or trade personal data. We share personal data only with:
- Service providers (data processors) who help us run the Service under contractual confidentiality: our hosting provider (servers located in Mumbai, India), our transactional email provider (for verification codes and service notices), and our payment gateway (Razorpay) for purchases.
- Your organisation, if your account is managed by a school or institution: authorised administrators and teachers can see managed users' names, logins they issued, and gameplay performance, for legitimate educational or wellness purposes.
- Google, only if you choose Google sign-in, to verify your identity.
- Authorities, where disclosure is required by law, court order or lawful government request, or where necessary to protect the rights, safety or property of users or the public.
- A successor entity in the event of a merger, acquisition or asset transfer, subject to this Policy's protections and applicable law.
7. Storage, Security and Retention
- Data is stored on servers located in India (Mumbai datacenter).
- All traffic between your browser and our servers is encrypted in transit (HTTPS/TLS).
- Passwords and student PINs are stored only as salted cryptographic hashes. Session tokens are random and revocable.
- Access to production systems is restricted, and administrative functions are role-gated inside the application.
- We retain personal data for as long as your account is active and as needed for the purposes above. Transaction records are retained as required by Indian tax and accounting law. When you delete your account, we delete or irreversibly anonymise your personal data within a reasonable period, except records we must keep by law.
- No method of transmission or storage is completely secure; we cannot guarantee absolute security, but we follow reasonable security practices and procedures as required by Indian law and will notify affected users and authorities of data breaches as required by the DPDP Act.
8. Your Rights
Subject to the DPDP Act and other applicable law, you (or your parent, guardian or authorised organisation, for managed accounts) have the right to:
- Access a summary of the personal data we hold about you and how it is used;
- Correct or update inaccurate or incomplete data (much of this you can do in the in-app profile editor);
- Erase your personal data by requesting account deletion;
- Withdraw consent at any time, with effect for the future (some features, or the Service itself, may stop working without the data they need);
- Grievance redressal through our contact below, and thereafter to escalate to the Data Protection Board of India as provided under the DPDP Act;
- Nominate another individual to exercise these rights on your behalf in case of death or incapacity.
To exercise any right, write to [email protected] from your registered email address. We may need to verify your identity before acting on a request.
9. Third-Party Links and Services
The Service uses Google sign-in, Razorpay checkout, and pose-estimation runtime files delivered from third-party content delivery networks. When your browser fetches those resources or you interact with those services, their privacy policies apply to the data they process. We encourage you to review the privacy policies of Google and Razorpay.
10. Changes to This Policy
We may update this Policy from time to time. The "Effective date" above reflects the latest revision. Material changes will be notified through the Service or by email, and where required by law we will seek fresh consent.
11. Grievance Officer and Contact
Grievance Officer, SynaptechVerse LLP (SynapGameVerse)
Registered office: Pune, Maharashtra, India
Email: [email protected]
Website: https://synapgameverse.com
In accordance with the Information Technology Act, 2000, the rules made thereunder, and the DPDP Act, the Grievance Officer's contact is published above. We aim to acknowledge complaints within 48 hours and resolve them within the timelines prescribed by applicable law.