Privacy Policy

PRUMAA Technologies ("Prumaa", "we", "us", "our") operates the digital legacy vault platform at prumaa.in. We are committed to protecting your personal data and being transparent about how we use it. For any privacy-related queries, contact us at: privacy@prumaa.in

We collect only what is necessary to provide the service: • Account information: Name, email address, phone number • Asset information: Institution names, account/policy numbers, document locations (no passwords, no login credentials — ever) • Nominee and Guardian details: Names, relationships, phone numbers, email addresses • Heartbeat settings: Preferred frequency and notification channel • Usage data: Pages visited, features used (anonymized, no personal identifiers) We do NOT collect: Passwords, banking credentials, OTPs, or any information that gives us access to your financial accounts.

Your data is used exclusively for: • Operating your legacy vault and delivering asset information to nominees/guardian when triggered • Sending heartbeat check-in messages via your chosen channel • Providing customer support • Improving the platform using anonymized, aggregate insights We do NOT sell your individual data to any third party. We do NOT use your data for advertising. We may use anonymized, aggregate patterns (e.g., "70% of users have insurance policies") for research and product improvement — this is disclosed upfront and contains no personal identifiers.

Your vault data is encrypted and inaccessible to nominees and guardian until the emergency trigger fires. The trigger activates only after: 1. You fail to respond to a heartbeat check-in 2. Multiple reminders are sent over several days 3. The system assumes an emergency When triggered, each nominee receives only the asset details assigned to them. The guardian receives the complete asset map only if nominees are also unreachable. You can cancel a false trigger at any time by responding to the check-in.

We implement industry-standard security measures: • AES-256 encryption at rest for all vault data • TLS encryption in transit for all data transfers • Zero-knowledge architecture — we cannot read your vault contents • Row-level security ensuring users can only access their own data • Regular security reviews and infrastructure monitoring While we take every precaution, no system is 100% secure. We will notify you within 72 hours of any confirmed data breach affecting your account.

We share your data only in these limited circumstances: • With nominees/guardian: Only when the emergency trigger fires, and only the relevant asset details • With service providers: Infrastructure partners (Supabase, Vercel, Cloudflare) who process data on our behalf under strict data processing agreements • Legal requirements: If required by law, court order, or government authority We never sell, rent, or trade your personal data.

Under India's Digital Personal Data Protection Act 2023, you have the right to: • Access: Request a copy of all data we hold about you • Correction: Update or correct inaccurate data • Erasure: Delete your vault and all associated data (permanent deletion within 30 days) • Portability: Export your vault data in a readable format • Grievance: Raise a complaint with our Grievance Officer To exercise any of these rights, email: privacy@prumaa.in

We retain your data for as long as your account is active. If you delete your account: • All vault data is permanently deleted within 30 days • No backups are retained after deletion • Nominee and guardian details are also deleted • We retain only anonymized, aggregate usage statistics If the emergency trigger has fired and nominees have received their information, that delivery record is retained for 7 years for legal compliance purposes.

We use minimal cookies: • Essential cookies: Required for login sessions and security • Analytics cookies: Anonymized usage data to improve the platform (no personal identifiers) We do not use advertising or tracking cookies. You can disable non-essential cookies in your browser settings.

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or an in-app notification at least 30 days before they take effect. Continued use of the platform after changes constitutes acceptance of the updated policy.

For any privacy concerns or to exercise your rights: Email: privacy@prumaa.in WhatsApp: +91 63667 56652 Address: Bengaluru, Karnataka, India Grievance Officer: Available at the above contact details. We will respond to all grievances within 30 days as required by the DPDP Act 2023.