Privacy Policy

Last Updated: June 2025

1. Information We Collect

When you sign in via Google OAuth, we receive your name, email address, and profile picture from Google. We do not receive or store your Google password. If you set a separate password for email sign-in, it is stored as a bcrypt hash — never in plain text.

2. How We Use Your Data

• To authenticate you and maintain your session
• To display your name on the leaderboard (you can change this in Settings)
• To track your quiz progress, attempts, and streaks
• To manage your subscription and process payments via Razorpay

3. Data Storage

Your account data is stored in a PostgreSQL database hosted on Supabase. Quiz content is stored in MongoDB Atlas. Both services comply with industry-standard security practices. Your Google-authenticated session is managed via encrypted JWT tokens.

4. NextAuth Security

We use NextAuth.js v4 with JWT strategy. Authentication tokens are signed with a secret key stored in our environment variables. Google OAuth tokens are never stored — only the provider account ID is retained to link your account.

5. Data Sharing

We do not sell, rent, or share your personal data with third parties. Payment processing is handled by Razorpay; please refer to their privacy policy for payment-specific data handling.

6. Cookies

We use essential cookies for authentication (NextAuth session cookie) and language preference. We do not use tracking or advertising cookies.

7. Your Rights

You may request deletion of your account and all associated data by contacting us. Upon deletion, all quiz history, progress, and personal information will be permanently removed within 30 days.

8. Changes to This Policy

We may update this policy from time to time. Continued use of the Platform after changes constitutes acceptance.

9. Contact

For privacy-related inquiries: support@mhrigma.in