// rainbow_coach :: privacy
Privacy Policy
Effective date: 13 July 2026
Rainbow Coach (“Rainbow”, “the app”) is a parenting assistant built and operated by Ravindranath Gangampalli (sole developer, Singapore). Contact: dev@proxperity.ai.
The short version
- Your family's data lives on your phone, in an encrypted database. We do not run servers that store your content.
- The app works fully offline with on-device AI. Cloud AI is optional and processes only what you send in that moment, we do not retain your prompts, photos, or audio.
- We never sell data. There are no ads and no third-party analytics or tracking in the app.
What data exists, and where it lives
On your device only. Child profiles (name, age, school details you enter), homework and schedules, scanned images and their extracted text, vocabulary and progress records, coach chat history, and app settings are stored in an encrypted local database (SQLCipher, AES-256) on your phone. Deleting the app, or using the in-app delete controls, removes this data.
Google sign-in (optional). If you sign in with Google, we receive your name and email address via Firebase Authentication. The email is used to authorise access to optional cloud features. If you enable the optional cloud backup, a limited set of learning records (vocabulary, homework status, progress summaries) is backed up to our Firebase project, keyed to your account; you can disable this at any time and it is off by default.
AI processing, three modes, your choice
- Local AI (default): the AI model runs entirely on your device. Nothing leaves your phone.
- Your own AI key: requests go directly from your phone to the AI provider you configured, under that provider's privacy terms. We are not in that path.
- Rainbow Cloud (invite-only during beta): requests pass through our AI gateway to established AI providers (currently Microsoft Azure AI services, and Sarvam AI for Indian-language speech). The gateway is stateless for content: prompts, images, and audio are processed to generate the response and are not stored by us. We keep operational metadata only, your email, timestamps, model used, and token counts, to enforce fair-use quotas and diagnose failures. A built-in PII shield (on by default) masks phone numbers, email addresses, and similar identifiers in your text before it is sent to cloud AI, and restores them only on your device.
AI answers can be wrong. Rainbow is a parenting aid, not a substitute for professional educational, medical, or psychological advice.
Children
Rainbow is designed for parents. Accounts and sign-in belong to the parent; children do not create accounts. A child profile exists only inside the parent's app, and the supervised child mode operates under the parent's control on the parent's (or a family) device. We do not knowingly collect personal data from children directly. Photos you scan (e.g. homework) are processed for text extraction and stored only on your device.
Third parties we rely on
- Apple (app distribution, TestFlight), under Apple's terms.
- Google Firebase (optional sign-in; optional backup), data processed under Google's terms when you use those features.
- AI providers (Microsoft Azure AI services; Sarvam AI for Indian-language speech; or the provider you bring yourself), receive the content of the specific request you make, to generate the response.
We do not use advertising SDKs, analytics SDKs, or data brokers.
Retention & deletion
- On-device data: yours, on your phone, until you delete it (in-app controls let you delete a child profile or wipe everything).
- Cloud backup (if you enabled it): deleted when you disable backup or ask us to remove your account data.
- Gateway metadata (email, timestamps, token counts): kept for up to 12 months for quota and abuse control, then deleted.
- To delete your account and any server-side records: email dev@proxperity.ai, we action requests within 30 days.
Your rights
Singapore users: rights under the Personal Data Protection Act (PDPA), including access and correction. India users: rights under the Digital Personal Data Protection Act (DPDP). Wherever you are, you can request a copy or deletion of any data we hold by emailing dev@proxperity.ai.
Security
Local data is encrypted at rest (AES-256 via SQLCipher) with keys held in your device's secure keychain. Transport to our gateway and to providers is TLS-encrypted. No system is perfectly secure; we minimise risk primarily by not holding your content in the first place.
Changes
We'll update this page when the policy changes and revise the effective date above. Material changes will be announced in the app.
Questions or data requests: dev@proxperity.ai