Privacy Policy
Lore Labs — Alchemist
Effective Date: June 4, 2026 | Last Updated: June 4, 2026
Summary: Alchemist operates on a local-first architecture. Your learning data stays on your device. We do not collect, transmit, or store your personal data on our servers.
1. Who We Are
Alchemist is a product of Lore Labs, operated by Dharam Daxini, based in Gandhidham, Gujarat, India. This Privacy Policy applies to the Alchemist application available on web, Android, and iOS platforms.
Contact: privacy@lorelabs.in
2. Data We Collect
Data stored locally on your device (never transmitted to us):
- Session history (questions attempted, answers selected, timestamps)
- Credit ledger (credits earned, spent, refunded)
- Block content (notes, bookmarks, annotations you create)
- Reading progress and configuration preferences
- EPUB files you import into the application
Data we may process server-side (only if you initiate a payment):
- Payment information — processed exclusively by Stripe, Inc. (our payment processor). We do not store your card number, CVV, or bank details. See Stripe's Privacy Policy.
- Transaction metadata (order ID, amount, timestamp) for purchase verification.
Data we do NOT collect:
- Name, email address, phone number, or any personal identifier (unless you voluntarily provide it for account creation via Aporaksha)
- Location data, contacts, camera, microphone, or any device sensor data
- Browsing history, search queries, or advertising identifiers
- Analytics, telemetry, or crash reporting data (no Firebase Analytics, no Google Analytics, no third-party SDKs)
3. Data Minimization & Local Storage (DPDP Act 2023 Compliance)
Lore Labs operates on a local-first architecture. User learning data — including mock exam scores, error logs, session history, and credit ledgers — are stored exclusively on the user's device via IndexedDB and localStorage. We do not transmit, sync, or store learning data on our servers. This design ensures compliance with the Digital Personal Data Protection Act, 2023 (India) principle of data minimization.
4. How We Use Your Data
- Local data: Used solely to power your learning experience — tracking progress, adjusting difficulty, computing credit balances, and generating exports. This data never leaves your device.
- Payment data: Used exclusively to process and verify your purchase. We do not use payment data for marketing, profiling, or any secondary purpose.
5. Data Sharing
We do not sell, rent, trade, or share your personal data with any third party, except:
- Stripe, Inc. — for payment processing only, governed by their own privacy policy.
- Legal compliance — if required by law, court order, or government authority under applicable Indian law.
6. Data Security
- All local data is stored in your browser's sandboxed storage (IndexedDB/localStorage), protected by your device's operating system security.
- All server communication (if any) uses HTTPS/TLS encryption.
- Payment data is handled by Stripe's PCI DSS Level 1 certified infrastructure.
- We do not maintain user databases, eliminating the risk of centralized data breaches.
7. Data Retention
- Local data: Retained on your device until you clear your browser data or uninstall the application. We have no access to this data and cannot delete it remotely.
- Payment records: Retained by Stripe per their data retention policy. Transaction metadata is retained by us for up to 7 years for tax and legal compliance.
8. Your Rights
Under the DPDP Act 2023, GDPR (if applicable), and CCPA (if applicable), you have the right to:
- Access your data — all your data is already on your device; open the app to view it.
- Delete your data — clear your browser storage or uninstall the app. Since we don't store your data server-side, there is nothing for us to delete.
- Portability — use the app's built-in export features (PDF, EPUB, .zay format) to export your data at any time.
- Withdraw consent — stop using the application. No account deletion request is needed because no account exists on our servers (unless you created one via Aporaksha).
- Lodge a complaint — contact the Data Protection Board of India if you believe your rights have been violated.
9. Children's Privacy
Alchemist is an educational application. We do not knowingly collect personal data from children under 18 without verifiable parental consent. Since the application does not collect personal data by default, no age verification mechanism is required for local-only usage. For payment transactions, users must be 18 years or older or have parental consent.
10. International Users
If you are accessing Alchemist from the European Economic Area (EEA), United Kingdom, or California (USA):
- GDPR: Our legal basis for any data processing is legitimate interest (providing the service you requested). Since we process minimal to no personal data server-side, most GDPR obligations are satisfied by design.
- CCPA: We do not sell personal information. We do not use personal information for targeted advertising.
11. Cookies & Tracking
Alchemist does not use cookies, tracking pixels, fingerprinting, or any third-party analytics scripts. The application uses localStorage and IndexedDB for functional purposes only (saving your learning progress).
12. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Continued use of the application after changes constitutes acceptance of the revised policy.
13. Contact Us
For any questions, concerns, or data-related requests:
- Email: privacy@lorelabs.in
- Entity: Lore Labs (Dharam Daxini)
- Address: Gandhidham, Kutch, Gujarat 370201, India