Privacy Policy
Last Updated: 12 October 2025
1. Introduction & Acceptance
Plain English: Why should I read this?
This policy explains what personal information we collect about you, how we use it, how we keep it safe, and your rights over that data. We aim to comply with all relevant laws, including the Australian Privacy Principles (APPs) and the European Union’s GDPR for our international users.
Legalese
This Privacy Policy governs the collection, use, and disclosure of personal information by Kahani.io Pty Ltd (ACN 691098076), trading as kahani.io (“Kahani.io,” “we,” “us,” or “our”). By accessing or using our mobile application, website, or any of our services (collectively, the “Platform”), you agree to the terms of this Privacy Policy. We are committed to protecting the privacy of the personal information we process in accordance with the APPs and the GDPR where applicable to our users in the European Economic Area (EEA).
2. Definitions
Plain English: Here’s what we mean when we use certain words
Any information that can identify you is Personal Data. Coins are our in-app currency. Processing refers to everything we do with your data—from collecting it to deleting it
Legalese
| Personal Data (or Personal Information) | Any information relating to an identified or identifiable natural person (a "Data Subject"). |
| Coins | The internal digital tokens used within the Platform for Reader access to stories and content. |
| Processing | Any operation or set of operations performed on Personal Data, such as collection, recording, organisation, structuring, storage, retrieval, use, disclosure, or erasure. |
| Platform | Refers collectively to the Kahani.io mobile application, website, or any of our services. |
| Data Subject | The identified or identifiable natural person to whom the Personal Data relates. |
| Controller | The natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of Personal Data. For the purpose of this Policy, Kahani.io Pty Ltd is the Data Controller. |
| Processor | A natural or legal person which processes Personal Data on behalf of the Controller (e.g., our cloud hosting provider and analytics partners). |
| Supervisory Authority | An independent public authority established in an EU Member State responsible for monitoring the application of the GDPR. |
3. Information We Collect
Plain English: What information do you collect?
We collect information when you sign up (email, username), when you use the app (reading history, device type), and from Writers for payouts. Crucially, we do not collect your full credit card details or KYC information; that is handled by our payment gateway.
Legalese
- Account and Registration Data: Information provided by you when creating an account, including: (a) Email address (required); (b) Unique username (required); (c) Password (hashed and salted); and (d) Details provided via third-party social log-in (e.g., Google or Facebook ID).
- Writer Payout Information: If you are a Writer, we collect information necessary to facilitate payouts, including: (a) Legal name and address; (b) Bank account or other payment service details (e.g., PayPal ID); and (c) Tax-related identifiers as required by law.
- Payment and Transaction Data (Non-Sensitive): When you make a purchase, sensitive financial information (such as full credit card numbers or bank account details) is collected, stored, and processed exclusively by our third-party, PCI DSS compliant payment gateway (e.g., CCBill, or similar). We receive only limited, nonsensitive payment confirmation information, including: (a) A transaction identifier or token; (b) The date and time of the transaction; and (c) The masked portion of your payment card (e.g., the last four digits).
- KYC/AML Data: We explicitly do not collect or process any Know Your Customer (KYC) or Anti-Money Laundering (AML) data related to transactions. This is the sole responsibility of our third-party payment processor, who is legally obligated to perform customer due diligence.
- Platform Activity and Usage Data: Information generated through your use of the Platform, including: (a) Reading history, time spent on stories, reactions, ratings, and coin expenditures; (b) Device type, operating system, unique device identifiers, and IP addresses; and (c) System logs, bug reports, and diagnostic data.
- Third-Party Service Data: Data collected by or shared with third-party service providers, such as analytics tools and advertising partners, to measure performance and serve relevant ads.
4. How We Use Your Information
Plain English: Why do you need my data?
We use your data to run the app, ensure content is delivered, process purchases (Coins), pay our Writers, and fix bugs. We also use it to communicate with you and comply with legal requirements.
Legalese
We rely on the following legal bases to process your Personal Data:
- Provision of Services (Legal Basis: Performance of a Contract): To operate the Platform, provide content consumption services, manage your account, and deliver the features you request, including displaying content based on your preferences.
- Processing Transactions (Legal Basis: Performance of a Contract & Legal Obligation): To facilitate your purchases, manage the balance of your virtual currency (Coins), track corresponding payout obligations to Writers, and process any valid refund requests in accordance with our Refund Policy, using the non-sensitive transaction data provided by the Payment Gateway.
- Platform Improvement and Security (Legal Basis: Legitimate Interest): To understand usage trends, improve the quality and performance of the Platform, ensure system security, prevent fraud and abuse, and monitor for non-compliance with our Terms of Service. (Our Legitimate Interest is ensuring a secure, reliable, and high-performing service for all users).
- Communication (Legal Basis: Legitimate Interest & Consent): To send you servicerelated announcements, security alerts, and administrative messages (Legitimate Interest). With your explicit consent, we may also send you promotional and marketing communications (Consent).
- Legal Compliance (Legal Basis: Legal Obligation): To comply with our legal obligations, including tax, accounting, and anti-money laundering regulations, and to respond to lawful requests from government or regulatory authorities.
5. How We Share Your Information
Plain English: Do you sell my data?
No. We only share it with our partners who help us run the app (like our cloud hosting provider and payment processor). We also share your username and reviews publicly. We will disclose data if required by law.
Legalese
- Public Display: Your username, profile image, ratings, reviews, and publicly available comments will be visible to other users of the Platform.
- Service Providers: We engage third-party companies and individuals to facilitate our services, including cloud hosting, payment processing, data analytics, fraud prevention, and customer support. These providers are granted access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
- Legal Compliance and Protection: We may disclose your information to government bodies, regulatory authorities, or courts when necessary to comply with a legal obligation, enforce our Terms of Service, or protect the rights, property, or safety of Kahani.io, our users, or the public.
- Business Transfers: In the event of a merger, acquisition, corporate restructuring, or sale of assets, your Personal Data may be transferred to the acquiring entity.
6. Security and Encryption
Plain English: How do you protect my data?
We use industry-standard security measures, including strong encryption (SSL/TLS) for data traveling across the internet and encryption for data stored on our servers. We limit access to your data only to personnel who absolutely need it.
Legalese
- Technical and Organizational Measures: We employ robust technical, administrative, and physical security measures designed to protect your Personal Data from loss, misuse, unauthorized access, disclosure, alteration, and destruction.
- Encryption and Access Control: Data is encrypted both in transit (using SSL/TLS) and at rest on our secure cloud infrastructure. All passwords are hashed and salted. Access to Personal Data by our personnel is strictly controlled and based on the principle of least privilege.
- User Responsibility: You are responsible for maintaining the confidentiality of your account password and using Multi-Factor Authentication (MFA) if provided. You must notify us immediately of any unauthorized use of your account.
7. Your Data Rights
Plain English: What rights do I have over my data?
You have strong rights over your personal data. You can ask us to show you what data we hold (Access), correct it (Rectification), delete it (Erasure), or limit how we use it (Restriction). If you are in the EU, you also have the right to request your data in a machine-readable format (Portability).
Legalese
Data Subjects have the following rights concerning their Personal Data, which we will uphold:
- Right of Access (Art. 15 GDPR): The right to obtain confirmation and access to the Personal Data being processed.
- Right to Rectification (Art. 16 GDPR): The right to have inaccurate or incomplete Personal Data corrected.
- Right to Erasure (Art. 17 GDPR): The right to request the deletion of Personal Data without undue delay ("Right to be Forgotten").
- Right to Restriction of Processing (Art. 18 GDPR): The right to request the limitation of processing under certain conditions.
- Right to Data Portability (Art. 20 GDPR): The right to receive the Personal Data in a structured, commonly used, and machine-readable format.
- Right to Object (Art. 21 GDPR): The right to object to the processing of Personal Data in certain situations.
- Right to Lodge a Complaint: The right to lodge a complaint with a competent data protection supervisory authority.
8. Data Retention and Deletion
Plain English: How long do you keep my data, and how do I delete my account?
We keep your data as long as your account is active or as long as required by law (like transaction records for tax purposes). If you delete your account, we securely erase all personal data except for what we are legally obligated to retain.
Legalese
- Data Retention Period: We retain your Personal Data for as long as your account is active or as needed to provide you with services. We will also retain and use your information as necessary to comply with our legal obligations (e.g., tax and regulatory reporting, which may require retention of transaction data), resolve disputes, and enforce our agreements.
- Exercise of Right to Erasure: Upon receiving a valid request for account deletion or erasure, we will securely delete or de-identify all Personal Data that is not required to be retained for legal, financial, or auditing purposes. This process will include the deletion of user profile data, usage logs, and communication history.
- Backup Retention: Data retained in secure backup systems will be removed according to our backup rotation schedule, but will remain segregated and unrecoverable from our live production systems
9. Children's Privacy
Plain English: Is this app for kids?
No. Our Platform is strictly for adults (18+). We do not knowingly collect information from anyone under 18. If we find out we have, we will delete the account immediately.
Legalese
The Kahani.io Platform and its content are intended for users who are at least 18 years of age. We do not knowingly collect or solicit any Personal Data from anyone under the age of 18. If we become aware that we have collected Personal Data from a child under 18, we will take immediate steps to terminate the account and remove that information from our records.
10. International Data Transfers
Plain English: Where is my data stored?
Your data is stored in secure cloud infrastructure, likely outside your home country (e.g., in Australia or the US). If you are in the EU, we use special legal agreements to ensure your data is still protected under EU standards during the transfer.
Legalese
Your information may be stored and processed in any country where we have facilities or where we engage service providers. For users in the EEA, the Personal Data we collect may be transferred to, and stored at, a destination outside the EEA. We take appropriate measures to ensure your data is treated securely and in accordance with this Privacy Policy, typically through the use of Standard Contractual Clauses (SCCs) approved by the European Commission.
11. Changes to This Policy
Plain English: Will this policy ever change?
Yes, we may update it. If the changes are important, we’ll let you know by email or a notice on the Platform.
Legalese
We may update this Privacy Policy from time to time. The revised version will be indicated by an updated “Effective Date” and the changes will be effective as soon as they are posted. For material changes, we will provide you with reasonable notice, such as through an email notification or a prominent notice on the Platform.
12. Contact Us
Plain English: Who do I talk to about my privacy?
Please contact our Privacy Officer via the email address listed below.
Legalese
If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your Personal Data, please contact our designated Privacy Officer:
Kahani.io Privacy Officer
Email: privacy@kahani.io
Mailing Address: Suite 302, 13/15 Wentworth Ave, Sydney, NSW, 2000
Australia