CompatibilityTest · Version 2026.03 · Jammu & Kashmir, India← Back to App
Plain language commitment: This document says what we do. It is not designed to obscure.
If something is unclear, email us and we will explain it.
1. Who We Are
CompatibilityTest is a personal productivity platform providing encrypted task management, journaling, and focus timing. We are operated from Jammu & Kashmir, India.
Grievance Officer: As required under the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021 Rule 3(1)(b):
Resolution time: Within 15 days as required by law
2. What We Collect
Authentication data: Your email address and Firebase UID, used solely for account access
Encrypted content: Your tasks and journal entries, encrypted in your browser before reaching our servers. We cannot read this data.
Secondary encrypted copy: When you set a Secondary Password, a second copy encrypted under our admin key is stored for lawful oversight purposes
Session metadata: Timer type, duration, date — never content
Consent record: Date, time, IP address, and version of the Privacy Policy you accepted
Date of birth: To verify you are 18 or older, as required by DPDP Act 2023 Section 9
3. How We Use It
To authenticate you and provide access to your encrypted vault
To store your encrypted data on servers located in India
To maintain an audit log of administrative access to secondary-encrypted data
To comply with legal obligations
We do not analyse your behaviour. We do not build profiles. We do not serve advertisements. We do not share data with third parties for commercial purposes.
4. Lawful-Access System
We operate a lawful-access system for preventing illegal use of this platform. When you set a Secondary Password, a second encrypted copy of your data is created. This copy can only be decrypted using a two-part admin key — one part stored in our system, one part memorised by the designated administrator and never stored anywhere.
We will use this capability only under:
A valid court order or judicial warrant
Credible intelligence of imminent threat to human life
A lawful request from a national security or law-enforcement agency under Indian law
Every access event is logged with timestamp, IP address, and the UID accessed. This log is maintained in our database and cannot be retroactively altered. You will be notified of any access after the fact, unless prohibited by court order.
5. Data Storage and Localisation
All user data is stored on servers located in India. Authentication is handled by Google Firebase (Google LLC, USA) — by using this platform you consent to your authentication credentials being processed by Google in accordance with Google's Privacy Policy (policies.google.com/privacy).
6. Data Retention
Your data is retained as long as your account is active
You can delete your account and all data permanently at any time from the Account screen
Deletion is immediate and irreversible — we maintain no backups of individual user data
If an account is suspended for policy violation, data is retained for 90 days before deletion to allow for appeals
7. Your Rights Under DPDP Act 2023
Right of access: You can view all data associated with your account
Right to correction: You can update your email via account settings
Right to erasure: Delete your account anytime — all data removed immediately
Right to grievance redressal: Contact our Grievance Officer above
Right to nominate: Contact us to nominate a person to exercise your rights in case of death or incapacity
8. Children
This platform is strictly for users aged 18 and above. We verify age at registration. If we discover a minor has created an account, the account and all associated data are immediately deleted in compliance with DPDP Act 2023 Section 9. We do not knowingly collect data from minors.
9. Security
We implement the following security measures:
AES-256-GCM client-side encryption for all user content
PBKDF2 with 100,000 iterations for key derivation
HTTPS enforced with HSTS (max-age 1 year)
Content Security Policy headers
Rate limiting on all API endpoints
Prepared statements for all database queries
Admin access logging with tamper-evident audit trail
In the event of a data breach, we will notify CERT-In within 6 hours as required by the CERT-In Directions (April 2022), and notify affected users within 72 hours.
10. Cookies and Storage
We use:
Firebase Authentication cookies: Set by Google Firebase for session management. Necessary for authentication.
sessionStorage: Used to store temporary UI state (current screen, SP setup progress). Cleared when browser tab closes.
localStorage: Used to store your last selected theme. No personal data.
We do not use tracking cookies, advertising cookies, or analytics cookies.
11. Changes to This Policy
When we update this policy, the version number changes. Users will be shown the updated policy and must accept it before continuing to use the platform. The version and acceptance timestamp are recorded in our database.