Privacy Policy

1. Introduction

Silsilay Technologies (“Silsilay,” “we,” “us,” or “our”) operates the Silsilay application and website at silsilay.pk (collectively, the “Service”). Silsilay is a family-and-community platform designed for families in Pakistan's societies, offering family management tools such as kids' schedules, meal planning, and community networking.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information — including information relating to children — when you use our Service. By accessing or using Silsilay, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

• Parent account information: full name, email address, password, profile photo, residential address details (city, area, building, apartment number).
• Child account information: child's display name, username, date of birth, profile photo, and interests. Child accounts are created and fully controlled by the parent. Children do not provide email addresses — a synthetic internal identifier is generated solely for authentication purposes and is never exposed to users.
• Payment information: payment processing is handled entirely by a certified third-party payment processor. We do not store your credit card number, CVV, or full card details on our servers. We receive and store a customer reference ID and subscription status.
• User-generated content: chat messages (text-only), building feed posts, poll votes, event details, event photos, event comments, and meal preferences.
• Multiple addresses: you may add more than one residential address to participate in multiple community networks.

2.2 Information Collected Automatically

• Device and usage data: browser type, operating system, device type, screen resolution, pages visited, features used, and timestamps of access.
• Authentication tokens: session tokens (JWT) for maintaining your logged-in state across sessions.
• Online presence: we track whether a user is currently active (within the last 5 minutes) to display online/offline status to connected families within the same building.

2.3 Information from Third-Party Services

• Google Sign-In: if you sign up or log in using Google, we receive your name, email address, and profile picture from your Google account. We use this information solely to create and authenticate your Silsilay account. We do not access your Google contacts, calendar, drive, or any other Google services. We request only the minimum scopes necessary for authentication (email and profile).
• Apple Sign-In: if you use Apple Sign-In, we receive your name and email address (or a private relay email) as provided by Apple.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To create and manage your account and your children's accounts.
• To authenticate your identity and maintain secure sessions.
• To provide core Service features: family scheduling, meal planning, task management, community networking, messaging, events, and polls.
• To scope community features to your building and neighbourhood using the address information you provide.
• To process subscription payments and manage your billing status.
• To send transactional emails such as email verification, password reset, and important account notifications.
• To display online presence status to families connected with you within the same building.
• To improve, maintain, and optimise the Service.
• To enforce our Terms of Service and protect the safety of our users, particularly children.

4. Google User Data Disclosure

If you choose to sign in with Google, Silsilay's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

• We only request access to your Google email address and basic profile information (name and profile photo).
• We use this data exclusively for account creation and authentication within Silsilay.
• We do not sell, lease, or share your Google user data with any third party for advertising, data brokerage, or any purpose unrelated to providing the Silsilay Service.
• We do not use Google user data for serving advertisements.
• We do not allow humans to read your Google user data unless (a) we have your explicit consent, (b) it is necessary for security purposes (investigating abuse), (c) it is required by law, or (d) the data has been aggregated and anonymised.
• You may revoke Silsilay's access to your Google account at any time via your Google Account permissions.

5. Children's Privacy

Silsilay is designed with children's safety as a foundational principle. Child accounts are created exclusively by parents and operate under strict parental controls.

• Children cannot create their own accounts. Only a parent with an active subscription can create a child account.
• Children log in with a username and password set by their parent. No email address is required from the child.
• Children cannot change their own username or password. Only the parent can modify credentials.
• Parents have full read access to all of their child's chat messages, connections, and activity at all times. A transparency notice (“A parent can see this chat”) is displayed in every child chat screen.
• Children can only connect with other children whose parents are also connected within the same building community.
• Child chat is text-only — no image, file, or media attachments are supported.
• Children have no access to billing, settings, or parent-level features.
• Parents can toggle anonymous mode for each child, hiding the child's real name and avatar from non-family community members.
• Parents can delete their child's account at any time from Settings, which permanently removes all associated data.
• We collect the minimum information necessary for child accounts: display name, username, date of birth (for age-appropriate content and event filtering), profile photo (optional), and interests (for friend matching).

6. Data Sharing and Disclosure

We do not sell your personal information. We share data only in the following limited circumstances:

• Within your building community: your name, profile photo, and family information are visible to verified families in the same building. Anonymous profiles display a generic silhouette and hidden name instead.
• Service providers: we work with trusted third-party service providers for infrastructure (database, authentication, hosting), payment processing, and security. These providers process data on our behalf and are bound by their respective privacy policies and data processing agreements.
• Legal requirements: we may disclose information if required by law, regulation, legal process, or governmental request.
• Safety: we may disclose information if we believe it is necessary to protect the safety of any person, prevent fraud, or address security issues.

7. Data Storage and Security

• All data is stored on secure cloud infrastructure with encryption at rest and in transit (TLS 1.2+).
• Database-level security policies ensure users can only access data they are authorised to view.
• Passwords are securely hashed. We never store passwords in plain text.
• Authentication sessions use secure tokens with automatic refresh.
• Payment data is handled by a PCI DSS Level 1 certified payment processor. Your card details never touch our servers.
• We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, or destruction.

8. Data Retention

• We retain your account data for as long as your account is active.
• If you cancel your subscription, your data is retained for 30 days in case you resubscribe. After 30 days, community features are disabled but family data remains accessible.
• If you delete your account, all personal data associated with your account (including all child accounts) is permanently deleted within 30 days of the deletion request.
• Anonymised and aggregated data that cannot identify you may be retained indefinitely for analytics and service improvement.
• Chat messages and posts from deleted accounts are removed from all conversations and feeds.

9. Your Rights

You have the following rights regarding your personal data:

• Access: you can access your personal data at any time through your account settings.
• Correction: you can update or correct your profile information and your children's profiles at any time.
• Deletion: you can request deletion of your account and all associated data by contacting us at privacy@silsilay.pk.
• Data portability: you can request a copy of your personal data in a machine-readable format.
• Anonymity: you can enable anonymous mode for yourself and each child at any time, preventing other families from seeing your real identity in community features.
• Withdraw consent: you can revoke third-party sign-in access (Google/Apple) at any time through those providers' settings.

10. Cookies and Local Storage

Silsilay is a Progressive Web App (PWA). We use browser local storage and session storage to maintain your authentication state and theme preferences. We do not use third-party tracking cookies or advertising cookies. We do not integrate any third-party advertising services.

11. Third-Party Services

Our Service relies on trusted third-party providers in the following categories:

• Infrastructure: cloud database, authentication, file storage, and realtime services. These providers process all account and application data on our behalf.
• Payment processing: a PCI-certified payment processor handles subscription billing. Data shared includes your email, name, and payment method details.
• Hosting and delivery: application hosting and content delivery providers process access logs and IP addresses.
• Security: DNS, CDN, and DDoS protection services process request metadata and IP addresses.
• Authentication (optional): if you choose to sign in with Google or Apple, those providers share your email, name, and profile photo (with your consent) for account creation.

12. International Data Transfers

Our Service is primarily intended for users in Pakistan. Your data may be processed and stored on servers located outside Pakistan through our third-party service providers. These providers maintain appropriate security standards and data protection measures.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the “Last updated” date at the top of this page and, where appropriate, providing additional notice via email or an in-app notification. Your continued use of the Service after any changes indicates your acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: