Privacy Policy

1. Who We Are

Nightwave ("Platform", "we", "us", "our") is an anonymous chat platform, an individual operating under Indian law. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use the Nightwave platform available at nightwave.me (or associated domains).

This Privacy Policy is compliant with the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

2. Information We Collect

2.1 Information You Provide Directly

• Phone Number: Collected during registration via Firebase Authentication (Google). Used exclusively for account verification and identity. Never used for marketing communications.
• Display Name: Optional. A nickname you choose to show in conversations. Does not need to be your real name.
• Gender: Optional. Used to personalise your match experience and enable gender-filter features for Wave+ subscribers.
• City and State: Optional. Used to add context to your profile. Not used for location tracking.

2.2 Information Collected Automatically

• IP Address: Collected on every request. Used for fraud prevention, abuse detection, and daily match limit enforcement. Stored for 90 days then permanently deleted.
• Session Metadata: Timestamps of when sessions start and end, match type (peer-to-peer or AI), and session outcome. No message content is included.
• Device Information: Basic browser/device type collected via User-Agent header for single-device session enforcement. Not used for tracking or profiling.

2.3 Payment Information

When you purchase a Wave+ subscription, payments are processed entirely by Razorpay. We do not collect, store, or have access to your card number, CVV, bank account details, or any other sensitive payment credentials. Nightwave only stores:

• Razorpay Order ID (transaction reference)
• Razorpay Payment ID (transaction reference)
• Subscription plan selected (weekly / monthly / yearly)
• Subscription start and expiry dates

2.4 What We Explicitly Do NOT Collect

3. How We Use Your Information

• Phone Number: Authentication only. To verify your identity and enable account recovery. We do not send promotional SMS or share your number with any third party except as required by law.
• IP Address: To enforce daily guest match limits, detect and prevent abuse, identify potential ban evasion, and comply with lawful orders from Indian authorities.
• Profile Information (Name, Gender, City): To personalise your matching experience and enable Wave+ gender-filter features. This information is visible to your chat partner during an active session only.
• Payment Metadata: To manage your subscription status, verify successful payments, and resolve billing disputes.
• Session Metadata: To operate the Platform, diagnose technical issues, prevent abuse, and improve the service.

4. Data Retention

We retain different types of data for different periods based on necessity and legal requirements:

• Chat Messages: Deleted immediately and permanently when a session ends. No backups are taken of message content.
• Guest Sessions: Automatically deleted after 3 days via a scheduled cleanup process.
• IP Address Logs: Retained for 90 days, then permanently deleted.
• Registered Account Data: Retained while your account is active. Deleted within 30 days of a verified account deletion request.
• Payment Records: Retained for 7 years as required under Indian accounting and tax laws (Companies Act 2013 / Income Tax Act 1961 record-keeping requirements).
• Subscription Records: Retained for the duration of your subscription plus 7 years for billing records.

5. Third-Party Services

Nightwave uses the following third-party services to operate. Each has its own privacy policy governing how they handle data:

• Firebase Authentication (Google LLC): Handles phone number OTP verification. Google receives your phone number to send the OTP and verify it. Subject to Google's Privacy Policy and Firebase Terms of Service.
• Razorpay Financial Solutions Pvt. Ltd.: Processes all subscription payments. Razorpay receives payment credentials directly from you — Nightwave never sees or stores them. Subject to Razorpay's Privacy Policy.
• OpenAI, L.L.C.: Powers AI chat personas. When you are matched with an AI persona, your chat messages are sent to OpenAI's API for response generation. No personally identifiable information (phone number, IP address, real name) is transmitted to OpenAI.Only the text content of your messages in the current session is sent. Subject to OpenAI's Privacy Policy.
• MongoDB Atlas (MongoDB, Inc.): Cloud database hosting for Platform data. Data is stored on servers within MongoDB Atlas infrastructure. Subject to MongoDB's Privacy Policy.

We do not sell, rent, or trade your personal information to any advertiser, data broker, or marketing company. Ever.

6. Data Sharing and Disclosure

We do not share your personal information with any third party except in the following circumstances:

• Legal Compliance: If required by a valid court order, government directive, or applicable law in India, we may be compelled to disclose certain information. We will notify you of such requests to the extent permitted by law.
• Safety: If we believe in good faith that disclosure is necessary to prevent imminent harm to a person or the public, we may disclose relevant information to appropriate authorities.
• Service Providers: The third parties listed in Section 5 receive only the data necessary to perform their specific function. They are not permitted to use your data for their own purposes.
• Business Transfer: In the unlikely event that Nightwave is acquired or transferred to another operator, user data may be transferred as part of that transaction. You will be notified via the Platform with reasonable advance notice.

7. Security

We implement the following security measures to protect your personal information:

• All data transmitted between your device and our servers is encrypted via HTTPS (TLS)
• Passwords are not stored — authentication is handled via OTP-based phone verification only
• JWT (JSON Web Tokens) are used for session management with strict single-device enforcement
• IP addresses are stored separately from user identity data
• Database access is restricted with role-based permissions
• No sensitive personal data is stored in plaintext

While we take reasonable measures to protect your data, no internet-based service can guarantee absolute security. We encourage you to use the Platform responsibly and avoid sharing sensitive personal information in chat conversations.

8. Your Rights

Under applicable Indian law and our own data practices, you have the following rights:

• Right to Access: You may request a summary of the personal data we hold about you.
• Right to Correction: You may request correction of inaccurate personal data via your account settings or by contacting us.
• Right to Deletion: You may request deletion of your account and all associated personal data. We will complete verified deletion requests within 30 days. Note: payment records are retained for 7 years as required by law and cannot be deleted.
• Right to Withdraw Consent: You may withdraw consent for optional data (display name, gender, city) at any time by updating your profile or contacting us.

To exercise any of these rights, email us at support.nightwave@gmail.com with the subject line "Data Request — [type of request]" and your registered phone number for verification.

9. Children's Privacy

Nightwave is strictly for users aged 18 and above. We do not knowingly collect personal information from anyone under 18. If we discover that a user is under 18, we will immediately terminate their account and delete all associated data. If you believe a minor is using our Platform, please contact us immediately at support.nightwave@gmail.com.

10. Cookies

Nightwave does not use advertising cookies, tracking cookies, or third-party analytics cookies. We use only technically necessary session tokens (stored in localStorage) to maintain your authenticated session. These are not shared with any third party.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make significant changes, we will update the effective date and make reasonable efforts to notify registered users. Your continued use of Nightwave after changes constitutes acceptance of the updated policy.

12. Grievance Officer

In accordance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the following Grievance Officer is designated for privacy-related complaints:

13. Contact Us

For any privacy-related questions, concerns, or data requests, contact us at support.nightwave@gmail.com.