Privacy Policy — Bollywood Today

Operated by Soundica. Effective 2026-06-12. Version 1.2.

This policy explains what information the Bollywood Today application (the "App") processes, why, and your rights under applicable laws including India's Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000 and the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules), the EU/UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec's Law 25, Singapore PDPA, and the Australian Privacy Act.

1. Data we collect

The App is designed to work without a user account and without tracking identifiers. Specifically:

• No account, no login, no email, no phone number. We do not require you to sign up, and we never ask for your Aadhaar, PAN or any government ID.
• No advertising identifiers. We do not read the Android Advertising ID.
• No analytics SDKs, no crash-reporting SDKs by default. If a future version adds optional analytics, you will be asked for explicit consent first, in the manner required by s. 6 of the DPDP Act, 2023.
• No contacts, no location, no microphone, no camera, no SMS, no call logs. The App does not request these permissions.

2. Data processed when you use the App

• News feed requests. When the App refreshes the feed it sends a request to our backend (hosted on Cloudflare Workers). That request contains only: the feed category, a generic app User-Agent, and — inevitably at the transport layer — your device's public IP address. We do not store IP addresses or request logs beyond what Cloudflare retains for security / abuse-prevention purposes (typically short-lived).
• Images and articles. When you view a story thumbnail your device fetches the image from the original publisher's CDN. The App does not embed or open the publisher's website — articles are presented as a headline plus a short attributed snippet only. Publisher CDNs may log the image fetch under their own privacy policies.
• Publisher logos (Android Automotive version). To show a news outlet's logo as tile artwork in the car's media browser, the App may fetch that outlet's publicly available logo/favicon, either from the publisher's own website or via Google's public favicon lookup service. The request contains only the publisher's website address — never your identity, location, or reading history — and downloaded logos are cached on-device.
• Text-to-Speech. TTS is performed entirely on-device via a bundled neural voice (Kokoro, Apache-2.0). No article text and no audio is transmitted to our servers or to any third party.
• Settings. Your in-app preferences (reading speed, autoplay toggle, selected category, chosen TTS language) are stored locally in app-private storage and never leave your device.

3. Lawful basis

• India (DPDP Act, 2023). The limited processing described above falls within "legitimate uses" under s. 7 of the Act (specifically, the user has voluntarily provided the request by using the App for the stated purpose). Because we do not collect personally-identifiable information, the App does not create a "Data Principal–Data Fiduciary" relationship in which consent is required.
• EU/UK (GDPR). Processing is necessary under Art. 6(1)(b) to deliver the service you have asked for. No consent banner is required because we do not set tracking cookies, we do not use the data for profiling, and we do not share it with advertising partners.

4. Data retention

Because the App stores nothing about you on our servers, we have nothing to retain. Cached RSS/JSON on the edge is keyed by source URL only and never by user. Local settings stay on your device until you uninstall the App.

5. Cross-border transfers

Our backend runs on Cloudflare's global edge network. Requests are served from the geographically nearest Cloudflare data centre, which may be outside India. The Central Government has, under s. 16 of the DPDP Act, 2023, the power to restrict transfer of personal data to certain countries by notification; no such notification currently restricts the servicing regions we use. Because no personal data is transferred, no consent under s. 16 is required.

6. Your rights

Depending on your jurisdiction, you have the right to access, correct, erase, withdraw consent, and seek grievance redressal for your personal data. Indian Data Principals specifically have the following rights under the DPDP Act, 2023:

• Right to access information (s. 11): a summary of personal data processed and the purposes.
• Right to correction and erasure (s. 12): to correct, complete, update or erase personal data.
• Right of grievance redressal (s. 13): readily available means to register complaints.
• Right to nominate (s. 14): nominate another individual to exercise these rights in the event of death or incapacity.

Since we do not hold any personal data about you, access/erase requests will usually be answered with "we have no data linked to you." You always have the unconditional right to delete the App, which removes all locally-stored settings.

7. Grievance Officer (India)

In accordance with Rule 3(11) of the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 and s. 10(5) of the DPDP Act, 2023:

• Grievance Officer: [To be appointed on legal-entity registration — placeholder until launch]
• Email: admin@soundica.app
• Response time: acknowledgement within 24 hours, resolution within 15 days (IT Rules 2021) or 30 days (general GDPR/DPDP default), whichever is stricter.

8. Children

The App is not directed to children. Under s. 9 of the DPDP Act, 2023 processing of a child's personal data (under 18) requires verifiable parental consent; since we do not process personal data at all, this does not practically arise. We do not knowingly profile children or serve them behaviourally-targeted content.

9. Third-party content

News headlines, thumbnails and short excerpts displayed in the App are retrieved from publicly-available RSS feeds and public APIs published by independent outlets (for example The Hindu, Hindustan Times, The Indian Express, NDTV, News18, Bollywood Hungama, Pinkvilla, Wikinews, public Reddit JSON). These publishers are registered "digital news publishers" under Part III of the IT Rules, 2021 and are directly responsible for the content they produce. The App does not link out to or open publisher websites; only the headline and a short attributed snippet are shown.

10. Security

All network traffic between the App and our backend is encrypted with TLS (HTTPS). Clear-text traffic is blocked at the OS level via an Android Network Security Configuration. The App requests only the minimum permissions needed (Internet access, foreground-service playback, optional notifications). Our internal safeguards satisfy the "reasonable security practices and procedures" standard in s. 43A of the IT Act, 2000 and the SPDI Rules, 2011.

11. Changes

If this policy changes materially, we will update the "Effective" date and, where required by law, prompt you in-app.

12. Contact

Soundica — admin@soundica.app
Grievance Officer (India) — admin@soundica.app