HomeHivona Wellness

Privacy policy

Last updated: 25 May 2026

This policy explains what Hivona Wellness collects, how we use it, and the choices you have. We follow the Digital Personal Data Protection Act, 2023 and the IT Rules, 2011.

1. What we collect

  • Account: name, email, phone number, password (hashed), sponsor code, member code.
  • KYC: PAN, Aadhaar number, document scans, selfie, bank account details, IFSC, address.
  • Transactions: orders, payments, wallet activity, withdrawal history, income credits, BV tree position.
  • Device & usage: IP address, browser/device type, referrer, basic interaction logs (we do not run third-party advertising trackers).

2. How we use it

  • To run your account, process orders, and pay your income.
  • To verify your identity per KYC and tax law.
  • To prevent fraud and abuse of the income plan.
  • To send you transactional updates (login, payment, KYC, withdrawal). We do not send marketing without your consent.

3. Who we share with

  • Payment partners: UPI banks (e.g. Yes Bank) for processing payouts and verifying UTRs.
  • Cloud infrastructure: Supabase (Postgres, storage, authentication) and Vercel (web hosting). Data is stored on servers located in regions that comply with Indian data protection norms.
  • Government & regulators: when required by law, tax authority, or court order.

We never sell your data to third parties.

4. Retention

We retain your account and transactional data for as long as your account is active, and for at least 8 years after closure for tax and regulatory compliance. KYC documents are deleted within 1 year of account closure unless retention is legally required.

5. Your rights

  • Access, correct, or download your personal data.
  • Withdraw consent and close your account.
  • File a grievance with our Grievance Officer (below) before escalating to the Data Protection Board of India.

6. Security

Passwords are hashed with bcrypt. KYC documents live in a private Supabase Storage bucket with row-level security; access is granted only to the owning member and verified admins. Transactional database writes go through Postgres triggers with audit logging.

7. Children

The Platform is not for users under 18. We do not knowingly collect data from minors.

8. Grievance officer

Concerns about this policy or your data should be sent to:

Hivona Wellness
Email: hivonawellness@gmail.com
We respond within 7 working days, escalating to resolution within 30 days.

9. Changes

We may update this policy. Material changes are notified at least 7 days in advance via email or in-app banner.