Privacy Policy
Effective Date: May 18, 2026 · Last Updated: May 18, 2026
NextSaviours Education Private Limited ("we", "us", or "our") operates the Next Saviours mobile application (the "App"), available on iOS and Android. This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use our App and related services.
By downloading, installing, or using the App, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the App.
1. Information We Collect
1.1 Information You Provide Directly
- Account Registration: When you create an account using Google Sign-In or Apple Sign-In, we receive your name, email address, and profile picture from those providers. If you register with an email address and password, we collect your email, first name, and last name.
- Profile Information: You may optionally provide a mobile phone number, a short bio, and a profile avatar image.
- Profile Photo: If you upload a profile photo, the image is transmitted to and stored on our servers (AWS S3).
1.2 Information Collected Automatically
- Learning Activity: We record the subjects and topics you study, quiz sessions you start or resume, answers you submit (including the option selected and time spent per question), your stage progression (Foundation, Core Knowledge, Clinical, INI-CET), accuracy percentages, and XP earned.
- Statistics and Progress: We maintain records of your overall accuracy, rank, percentile, weekly streaks, daily goals, and weak subject areas to personalise your learning experience.
- Chat Conversations: When you use the Astra AI Mentor chat, your messages and the AI-generated responses are stored on our servers to provide conversation history and continuity across sessions.
- Session Metadata: We log session start times, question generation events, and answer timestamps for service reliability and anti-fraud purposes.
- Device Information: We may collect your device token for the purpose of sending push notifications about study reminders or important account updates.
- Log Data: Our servers automatically record standard HTTP request logs, including IP address, request timestamps, and API endpoint accessed. These logs are used for security monitoring and debugging.
1.3 Information from Third-Party Authentication Providers
When you sign in with Google or Apple, those providers share a subset of your profile data with us under their own OAuth scopes (openid, email, profile). We receive your name, email address, and profile picture. We do not receive your Google or Apple password, payment information, contacts, or calendar data. Your use of those sign-in methods is also governed by Google's Privacy Policy and Apple's Privacy Policy respectively.
2. How We Use Your Information
| Purpose | Data Used |
|---|---|
| Create and manage your account | Name, email, auth provider tokens |
| Deliver personalised study recommendations and AI-generated questions | Subject progress, accuracy, weak areas, learning history |
| Power the Astra AI Mentor chat | Chat messages, conversation history |
| Display your dashboard, statistics, and leaderboard rank | XP, accuracy, streak, rank, percentile |
| Enforce subscription limits (daily question and chat quotas) | Plan tier, daily usage counters |
| Process subscription payments | Subscription status, payment provider identifiers |
| Send push notifications (study reminders, account alerts) | Device token |
| Maintain security and prevent fraud | Auth tokens, IP address, request logs |
| Improve the App and fix bugs | Aggregated, anonymised usage data |
| Comply with legal obligations | As required by applicable law |
We do not use your data for targeted advertising or sell your personal information to third parties.
3. How We Share Your Information
3.1 Service Providers
We share data with third-party providers that help us operate the App:
- Amazon Web Services (AWS): Cloud infrastructure, API hosting (AWS API Gateway, AWS Lambda), and file storage (Amazon S3). Data is processed in the us-east-1 (N. Virginia) region.
- Amazon Cognito: Authentication and identity management for social sign-in flows.
- OpenAI: AI-generated quiz questions and chat responses. Quiz content and chat messages may be processed by OpenAI's API. OpenAI processes this data under its own API data usage policy.
- Razorpay: Payment processing for subscription purchases on Android. Razorpay handles payment card data directly and we do not store full card details.
- Apple (In-App Purchases): Subscription billing for iOS users through Apple's StoreKit framework.
- Google Sign-In / Apple Sign-In: Identity verification during account creation and login.
3.2 Legal Requirements
We may disclose your information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
3.3 Business Transfers
If NextSaviours Education Private Limited is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or prominent in-App notice before your data is transferred and becomes subject to a different privacy policy.
3.4 No Sale of Personal Data
We do not sell, rent, or trade your personal information to any third party for their own marketing or advertising purposes.
4. Data Storage and Security
4.1 Where Data Is Stored
Your data is stored on servers in the United States (AWS us-east-1). If you are located outside the United States, your information will be transferred to and processed in the United States. By using the App, you consent to this transfer.
4.2 Security Measures
- Authentication tokens are stored in the iOS Keychain (with
kSecAttrAccessibleWhenUnlockedThisDeviceOnlyaccessibility) and in Android EncryptedSharedPreferences (AES256-GCM and AES256-SIV encryption). - All network communication uses HTTPS/TLS.
- API requests to protected endpoints use short-lived ID tokens with automatic refresh on expiry.
- Profile images are served via time-limited pre-signed URLs.
Despite these measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
4.3 Data Retention
- Active accounts: We retain your data for as long as your account is active.
- Deleted accounts: When you delete your account, we initiate deletion of your personal profile, quiz history, and chat conversations within 30 days, except where retention is required by law or for legitimate business purposes such as fraud prevention.
- Anonymised analytics: Aggregated, anonymised data that cannot identify you may be retained indefinitely for product improvement.
5. Your Rights and Choices
Depending on your location, you may have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Correction: Update or correct inaccurate profile information via the Edit Profile screen in the App.
- Deletion: Delete your account from within the App settings. This removes your profile, learning history, and chat data from our active systems.
- Portability: Request your data in a machine-readable format.
- Objection / Restriction: Object to or request restriction of certain processing activities.
- Push Notifications: You can disable push notifications at any time through your device's system settings.
- Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at support@nextsaviours.com. We will respond within 30 days.
6. Children's Privacy
The App is intended for medical students and healthcare professionals preparing for postgraduate entrance examinations. The App is not directed to children under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that a child under 18 has provided personal information without verifiable parental consent, we will delete that information promptly. If you believe a minor has created an account, please contact us at support@nextsaviours.com.
7. Third-Party Links and Services
The App may contain links or integrations to third-party services. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through or in connection with the App.
8. Cookies and Tracking Technologies
The App itself does not use browser cookies. However, the authentication flow (AWS Cognito Hosted UI via ASWebAuthenticationSession on iOS and CustomTabsIntent on Android) may use session cookies managed by the device's browser to support account selection. These cookies are governed by the device's browser settings and the respective identity provider policies.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you via the App or by email. Your continued use of the App after the effective date of any changes constitutes your acceptance of the revised policy.
10. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
NextSaviours Education Private Limited
Email: support@nextsaviours.com
Website: https://nextsaviours.com