Privacy Policy

Last updated: February 5, 2026

Governed by the laws of India

Legal Framework: This Privacy Policy is drafted in accordance with the Information Technology Act, 2000, Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023.

1. Introduction

Flow Novel ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our platform.

By using Flow Novel, you consent to the collection and use of your information in accordance with this policy.

2. Data Controller

Flow Novel is the data fiduciary (data controller) for the personal data collected through this platform.

Contact Details:

Entity Name: Flow Novel

Email: [email protected]

Address: [Registered Address], India

3. Information We Collect

3.1 Personal Data Provided by You

  • Account Information: Name (username), email address, and password.
  • Profile Information: Avatar image, bio, and display preferences.
  • Content: Novels, chapters, comments, and reviews you create.
  • Communications: Messages you send to us for support or inquiries.

3.2 Sensitive Personal Data

As defined under the IT (SPDI) Rules, 2011, we do not collect sensitive personal data including:

  • Passwords (stored in encrypted form only)
  • Financial information (credit/debit card details)
  • Physical, physiological, or mental health condition
  • Sexual orientation
  • Biometric information

3.3 Automatically Collected Information

  • Usage Data: Pages visited, reading history, and platform interactions.
  • Device Information: Browser type, operating system, device identifiers.
  • IP Address: Collected for security, analytics, and legal compliance.
  • Cookies: Session and preference cookies (detailed in Section 8).

4. Purpose and Lawful Basis for Processing

We process your personal data for the following purposes:

Purpose Lawful Basis
Account creation and management Consent & Contract
Providing platform services Contract
Personalization of content Consent
Security and fraud prevention Legitimate Interest
Legal compliance Legal Obligation
Platform improvement and analytics Legitimate Interest

5. Disclosure of Information

We may share your information with:

  • Service Providers: Third parties who assist in platform operations (hosting, analytics) under appropriate confidentiality agreements.
  • Legal Authorities: When required by law, court orders, or government agencies under Section 69 or 79 of the IT Act, 2000.
  • Business Transfers: In the event of merger, acquisition, or sale of assets.

We do not sell your personal data to third parties.

6. Data Transfer

Your personal data may be transferred and processed on servers located outside India. When we transfer data outside India, we ensure:

  • Appropriate safeguards are in place as per applicable laws.
  • The receiving entity maintains adequate data protection standards.

7. Data Retention

  • We retain your data as long as your account is active or as needed to provide services.
  • Upon account deletion, your personal data will be deleted within 30 days, except where retention is required by law.
  • Aggregated and anonymized data may be retained indefinitely for analytics.
  • Certain data may be retained for 90 days after deletion for assistance with government agencies as per IT Rules.

8. Cookies and Tracking Technologies

We use the following types of cookies:

  • Essential Cookies: Required for login, security, and basic functionality.
  • Preference Cookies: Store your reading settings (theme, font size).
  • Analytics Cookies: Help us understand platform usage patterns.
  • Advertising Cookies: Used by Google AdSense for relevant ads.

You can control cookies through your browser settings. Disabling certain cookies may affect platform functionality.

9. Your Rights (Under DPDP Act, 2023)

As a data principal, you have the following rights:

  • Right to Access: Obtain a summary of your personal data and processing activities.
  • Right to Correction: Request correction of inaccurate or incomplete personal data.
  • Right to Erasure: Request deletion of your personal data (subject to legal requirements).
  • Right to Grievance Redressal: Lodge complaints with our Grievance Officer or the Data Protection Board of India.
  • Right to Nominate: Nominate another person to exercise your rights in case of death or incapacity.

To exercise these rights, contact us at [email protected].

10. Your Duties (Under DPDP Act, 2023)

As a data principal, you have certain duties:

  • Provide accurate information and not impersonate others.
  • Not register false or frivolous grievances.
  • Furnish only authentic information when exercising your rights.

11. Security Measures

In compliance with the IT (SPDI) Rules, 2011, we implement reasonable security practices including:

  • Encrypted password storage using industry-standard algorithms (bcrypt).
  • Secure session management with HTTP-only cookies.
  • CSRF (Cross-Site Request Forgery) protection on all forms.
  • Regular security audits and updates.
  • SSL/TLS encryption for data in transit.

12. Children's Privacy

  • Our platform is not intended for children under 13 years of age.
  • We do not knowingly collect personal data from children under 13.
  • Processing personal data of children (under 18) requires verifiable parental consent as per the DPDP Act, 2023.
  • If you believe a child has provided us personal data without consent, contact us immediately.

13. Grievance Officer

In compliance with the IT (Intermediary Guidelines) Rules, 2021 and DPDP Act, 2023:

Grievance Officer:

Name: [Grievance Officer Name]

Email: [email protected]

Address: [Registered Address], India

Response Time: Acknowledgement within 24 hours, resolution within 15 days.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or prominent notice on the Platform. The "Last updated" date at the top indicates when the policy was last revised.

15. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of India, including:

  • Information Technology Act, 2000
  • Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
  • Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021
  • Digital Personal Data Protection Act, 2023

16. Contact Us

For privacy-related inquiries or to exercise your rights, contact us at:

You may also approach the Data Protection Board of India if your grievance is not resolved satisfactorily.