Nispaksha (“we”, “the app”, “the service”) is operated by a small independent team in Kathmandu, Nepal. The app and the website at nispaksha.app use the same backend. This policy explains what data we collect, why we collect it, and how to delete it.
1. What we collect
1.1 Account data
Reading and listening do not require an account. If you choose to sign in (to follow categories or publishers across devices), we store:
- Email — used to identify your account and send transactional email (e.g. account-deletion confirmation).
- Display name and provider (Google, Apple) returned by your identity provider.
- Created and last-seen timestamps.
We do not store your password. Authentication is delegated to Firebase Auth.
1.2 Reading activity
If you’re signed in, the app records, against your account:
- The categories and publishers you follow.
- Whether you opted in to push notifications.
We use this to rebuild your follow list on a new device. We do not build an advertising profile from it.
1.3 Push notification tokens
If you accept push notifications, we store your FCM (Firebase Cloud Messaging) token on the device. We use it only to deliver the daily brief and the occasional breaking-news alert.
1.4 Server logs
Cloudflare and our origin server (Hetzner, Nuremberg) keep standard request logs (IP, user-agent, path, response code, timing) for up to 30 days for abuse mitigation and uptime monitoring. They are not joined to your account.
1.5 What we do NOT collect
- We do not sell, license, or share account data with advertisers.
- We do not embed third-party advertising SDKs anywhere in the app.
- We do not collect contact-book, photo, microphone, or location data.
- The audio brief is served as a plain MP3 from our CDN; it does not phone home.
2. How we use the data
| Purpose | Data used |
|---|---|
| Authenticate you across devices | email, provider, last-seen |
| Sync your follows | followed categories, followed publishers |
| Deliver the daily brief and alerts | FCM token |
| Reply to a support request | the email + message you submitted |
| Abuse mitigation | server logs |
3. Retention
| Data | Retention |
|---|---|
| Account record | until you delete the account |
| Follow list | until you delete the account |
| FCM token | until you uninstall or revoke push |
| Server logs | 30 days |
| Support email | 12 months from last reply |
4. Account deletion
You can delete your account from inside the app (Settings → Delete account) or from /delete. On confirmation:
- All account data (email, provider, follows) is permanently removed within 24 hours.
- Your FCM token is invalidated; push delivery stops immediately.
- Anonymised aggregate counts (e.g. “story X was opened N times”) may remain — those rows have no link to your identity once the account row is gone.
5. Children
Nispaksha is not directed at children under 13. We do not knowingly collect data from anyone under 13.
6. Changes
We will revise this policy as the product changes. Material changes will be announced in the app’s release notes.