- Part A: Plain English Summary
- Part B: Legal Terms and Conditions
- Part C: Jurisdiction-Specific Addendums
Doc Summary
Module: Messenger (Utsav Messenger™)
Document Type: Hybrid — Plain English + Legal Reinforcement
Trademark: Utsav Messenger™ is a trademark of MyMahotsav Futuretech Ltd
Effective Date: 24th February 2026
Version: 1.0
Part A: Plain English Summary #
How We Protect Your Messages and Data #
When you use Utsav Messenger™, you’re trusting us with your private conversations. This policy explains exactly what data we collect, what we don’t collect, and how we keep it safe.
The Simple Truth #
-
We can’t read your messages: End-to-end encryption means your messages are private between you and who you’re chatting with.
-
We do see some data: Message metadata (who you talk to, when) is visible to us to run the service.
-
We don’t sell your data: Your messages, contacts, and conversations are never sold.
-
Safety scanning happens on your device: For illegal content, scanning happens locally—we don’t see your photos unless they’re illegal.
-
You’re in control: Privacy settings let you control who can reach you.
Part B: Legal Terms and Conditions #
1. Data We Collect #
1.1 Messages (End-to-End Encrypted) #
| Data Type | Collected? | Details |
|---|---|---|
| Message Content | No | Encrypted end-to-end; we cannot access |
| Message Attachments | No | Encrypted end-to-end |
| Voice/Video Call Content | No | Encrypted end-to-end |
1.2 Message Metadata (Not Encrypted) #
| Data Type | Collected? | Purpose |
|---|---|---|
| Who you message | Yes | Deliver messages, show conversation list |
| When you message | Yes | Timestamps, order messages |
| Message length | Yes | Network optimization |
| Delivery status | Yes | Show sent/delivered/read |
| IP address | Yes | Network routing, security |
1.3 Account and Profile Data #
| Data Type | Collected? | Purpose |
|---|---|---|
| Phone number (if provided) | Yes | Contact discovery, account recovery |
| Contacts (optional) | Yes (with permission) | Find friends on Messenger |
| Profile photo | Yes | Display to contacts |
| Online status | Yes | Show when active |
| Device information | Yes | App functionality, security |
2. End-to-End Encryption #
2.1 How It Works:
-
Messages are encrypted on your device before sending
-
Only the recipient’s device has the key to decrypt
-
Utsav Messenger™ servers never have decryption keys
-
Even we cannot read your messages
2.2 What Is Encrypted:
-
One-to-one message content
-
Group chat message content
-
Attachments (photos, videos, files)
-
Voice and video calls
2.3 What Is Not Encrypted:
-
Message metadata (who, when)
-
Profile information
-
Contact lists
-
Backup files (if not encrypted separately)
2.4 Verification: You can verify encryption keys with contacts to ensure no man-in-the-middle.
3. Contact Discovery #
3.1 Optional Contact Upload:
-
You may choose to upload contacts to find friends
-
Contacts are hashed (one-way encrypted) for privacy
-
You can disable contact sync anytime
3.2 Phone Number Privacy:
-
Your phone number is visible only to people you’ve messaged or who have your number saved
-
You can control who can find you by phone number
4. Message Storage #
4.1 On Our Servers:
-
Undelivered messages: Stored up to 30 days
-
Delivered messages: Deleted immediately from servers
-
Message metadata: Stored up to 90 days
-
Reported messages: Retained as needed for investigation
4.2 On Your Device:
-
Message history stored locally
-
You control backups (iCloud, Google Drive, local)
-
Backups may not be encrypted (you should enable encryption)
5. Security Measures #
5.1 Technical Safeguards:
| Measure | Description |
|---|---|
| End-to-End Encryption | Industry-standard Signal Protocol |
| Transport Encryption | TLS 1.3 for all server communication |
| Two-Factor Authentication | Optional but strongly recommended |
| Device Authorization | Review and manage trusted devices |
| Automatic Logout | After extended inactivity |
5.2 Organizational Safeguards:
-
Limited employee access to servers
-
Strict access controls
-
Regular security audits
-
Bug bounty program
-
Data protection training
6. Third-Party Access #
6.1 Utsav Messenger™ does not:
-
Sell your data to third parties
-
Share message content with advertisers
-
Provide bulk access to researchers without anonymization
6.2 Limited sharing occurs:
-
With service providers (cloud hosting, push notifications) under strict contracts
-
When required by law (with proper legal process)
-
To protect rights and safety (emergencies)
7. Government Requests #
7.1 Types of Requests:
-
Search warrants (require judicial approval)
-
Court orders
-
Subpoenas
-
Emergency requests
7.2 Our Response:
-
We require valid legal process
-
We challenge overbroad requests
-
We notify users when permitted by law
-
We publish transparency reports
7.3 What We Can Provide:
-
Message metadata (who, when)
-
Account information
-
IP logs (retained 90 days)
-
We cannot provide message content (end-to-end encrypted)
8. Data Retention and Deletion #
8.1 Retention Periods:
| Data Type | Retention |
|---|---|
| Message content (servers) | Not stored |
| Message metadata | 90 days |
| Account data | Until deletion |
| Backup data | User-controlled |
| Reported content | As needed |
8.2 Deletion:
-
Delete individual messages (removes from your device only)
-
Delete conversations (removes from your device)
-
Delete account (removes all server data)
8.3 Backup Copies: Some data may remain in backups for up to 30 days.
9. Your Rights #
9.1 You have the right to:
-
Access your data (download)
-
Correct inaccurate data
-
Delete your data
-
Object to processing
-
Restrict processing
-
Data portability
9.2 To exercise rights:
-
Use in-app settings
-
Contact privacy@utsavmessenger.com
10. Children’s Privacy #
10.1 Utsav Messenger™:
-
Does not knowingly collect data from under-13 users without parental consent
-
Provides additional protections for minor accounts
-
Offers parental controls
10.2 Parents may:
-
Monitor connected accounts
-
Restrict messaging features
-
Request data deletion
11. Security Best Practices (For Users) #
We recommend:
-
Enable two-factor authentication
-
Use device passcode/biometric
-
Be cautious of links and files
-
Verify encryption keys with contacts
-
Report suspicious activity
-
Keep app updated
Part C: Jurisdiction-Specific Addendums #
India Addendum #
Digital Personal Data Protection Act, 2023:
-
Consent required for processing
-
Data localization requirements
-
Rights to access, correction, erasure
-
Significant penalties for breaches
IT Rules, 2021: Traceability requirements may apply for certain content upon legal order.
UK/EU Addendum #
GDPR/UK GDPR:
-
Lawful basis required for processing
-
Data Protection Impact Assessments required
-
Breach notification within 72 hours
-
Representative required if no EU establishment
ePrivacy Directive: Confidentiality of communications protected.
US Addendum #
CCPA/CPRA (California):
-
Right to know
-
Right to delete
-
Right to opt-out of sale
-
No discrimination for exercising rights
State Breach Notification Laws: Vary by state.
Responses