ManoYatra Privacy Policy

Global Privacy Policy

Initial Effective Date: June 1, 2026Version: 1.0
Privacy PolicyTerms & Conditions
1. About SOCHWARE & Contact2. What We Collect3. How We Use Your Info4. How We Protect Your Info5. Data Security Overview6. Responsible Use of AI7. Who We Share With8. Sharing Outside India9. Your Data Rights10. Children's Privacy11. How to Complain12. Supplementary Notices13. Data Retention14. Changes to This Policy

1. About SOCHWARE & Contact Details

Company: SOCHWARE Private Limited

Address: Innov8 UCP 9th Floor, Tower D, Unitech Cyber Park Sector 39, Gurgaon, Haryana, India, 122001

Contact: manoyatraai@gmail.com

SOCHWARE Private Limited (“SOCHWARE,” “we,” “us,” or “our”) is the maker of the ManoYatra application and all associated services. ManoYatra provides an AI-powered mental wellness companion experience, including:

  • Companion Space — an AI-powered conversational wellness companion that listens, supports, and guides you through difficult moments
  • Care Library — a curated collection of evidence-based therapeutic tools, exercises, and coping strategies
  • Mental Wellness Score (MWS) — a proprietary, multi-dimensional wellness tracking system that monitors your emotional health over time
  • Daily check-ins — quick mood and wellness check-ins to help you stay in touch with how you feel
  • Clinical self-assessments — structured screening tools informed by validated psychological frameworks
  • B2B workforce wellness dashboard — anonymized, aggregate team wellness insights for organizations that provide ManoYatra to their teams

Important: When you use ManoYatra, you are interacting with AI software, not a person. The software is designed to support your wellbeing, but it cannot and does not replace care from a qualified health professional.

This Privacy Policy explains how we collect, use, protect, and share your personal information when you use ManoYatra. If you have any questions about this policy or our data practices, please contact us at manoyatraai@gmail.com.

2. What Information We Collect

We collect the following categories of information to provide, improve, and personalize the ManoYatra experience. We only collect data that is necessary for the functioning of our services.

Account Data

Nickname, age range, gender, phone number, and email address. This information is collected when you create your account and is used to personalize your experience and provide account-related communications.

Conversation Data

Text messages and voice notes exchanged with your AI companion, mood check-in responses, assessment responses, preferences, feelings, and thoughts you share during conversations. This is the core of your ManoYatra experience and is treated with the highest level of privacy protection.

Wellness Data

Mental Wellness Score (MWS), emotion scores, dimension indices (mood, sleep, productivity, energy, social connection, and more), daily check-in ratings, score history, and wellness trends over time. This data powers your personalized wellness tracking dashboard.

Device Data

Device type, operating system, app version, timezone, and app installation ID. This helps us ensure compatibility, diagnose technical issues, and deliver a smooth user experience across devices.

Usage & Analytics Data

Screens visited, features used, session duration, interaction patterns, and notification engagement. This anonymized and aggregated data helps us understand how our features are being used and where we can improve.

Clinical Assessment Data

Self-assessment responses informed by clinically validated frameworks such as PHQ-9 (depression screening) and GAD-7 (anxiety screening), as well as derived risk indicators. This data is used to calibrate your wellness insights and, where necessary, to trigger safety interventions.

Payment Data

Subscription plan type and transaction IDs. All payment processing is handled by Google Play Store or Apple App Store. We do not store your credit card numbers, bank account details, or any payment method information on our servers.

Organization Data (B2B)

For users who access ManoYatra through their employer or organization: company name, administrator contact information, and employee/member identifiers provided by your organization. Individual user data — including conversations, scores, and personal details — is never shared with employers or organizational administrators.

Health Integrations Data (Future)

Data synced from Apple Health, Google Fit, or other connected health platforms. This feature is coming soon and will always require your explicit opt-in consent before any health data is accessed or synced.

3. How We Use Your Information

We process your personal information based on the following legal bases, as applicable:

  • Consent — where you have given explicit consent for specific processing activities
  • Contract Performance — where processing is necessary to deliver the services you have subscribed to
  • Legitimate Interests — where processing is necessary for our legitimate business interests (such as improving our services), provided these interests do not override your rights
  • Legal Obligation — where we are legally required to process your data

We use your information for the following purposes:

  • Service delivery: powering your AI companion conversations, delivering therapeutic tools, and providing personalized wellness content
  • MWS calculation and tracking: computing and updating your Mental Wellness Score across multiple dimensions so you can monitor your progress over time
  • AI companion personalization: adapting conversation style, tone, and content recommendations based on your preferences, history, and emotional state
  • Safety and risk detection: identifying indicators of severe distress, self-harm, or crisis situations to provide appropriate safety resources and escalation pathways
  • Analytics and service improvement: using anonymized and aggregated data to understand usage patterns, improve features, and develop new therapeutic tools
  • B2B anonymized team-level reporting: providing organizational customers with aggregate wellness trends across their teams — never at the individual level
  • Clinical assessment calibration: refining and validating our screening tools against established clinical frameworks to ensure accuracy and reliability

We do NOT use your data for advertising. We do NOT sell your personal data to any third party, ever.

4. How We Protect Your Information

We take extensive measures to protect your personal information and maintain the confidentiality and integrity of all data entrusted to us:

  • End-to-end encryption: all conversations between you and your AI companion are encrypted end-to-end, ensuring that the content of your messages is protected during transit and at rest
  • Data minimization: we collect only the data that is necessary to provide our services. We do not collect data speculatively or for potential future use without clear justification
  • Anonymization: wellness data used for aggregate analytics, product improvement, and B2B reporting is anonymized, meaning it cannot be traced back to any individual user
  • Strict internal access controls: access to personal data within our organization is governed by role-based access control (RBAC). Only authorized team members with a legitimate business need can access specific categories of data, and all access is logged and audited
  • Regular security audits and penetration testing: we conduct periodic security audits, vulnerability assessments, and third-party penetration testing to identify and address potential security risks proactively

5. Data Security Overview

Our data security infrastructure is designed to meet the highest standards of protection for sensitive personal and wellness information:

  • Encryption at rest: all stored data is encrypted using AES-256 encryption, the industry standard used by financial institutions and government agencies worldwide
  • Encryption in transit: all data transmitted between your device and our servers is protected using TLS 1.3, the latest and most secure transport layer security protocol
  • Secure cloud infrastructure: our infrastructure is hosted on cloud platforms that maintain SOC 2 type controls, ensuring organizational controls related to security, availability, processing integrity, confidentiality, and privacy are in place
  • Regular vulnerability assessments: we perform continuous automated scanning and periodic manual assessments to identify and remediate vulnerabilities before they can be exploited
  • Incident response procedures: we maintain comprehensive incident response plans that outline detection, containment, eradication, recovery, and notification procedures in the event of a data security incident
  • Data backup and disaster recovery: regular encrypted backups are maintained in geographically distributed locations, with tested disaster recovery procedures to ensure service continuity and data integrity

6. Responsible Use of Artificial Intelligence

ManoYatra uses Artificial Intelligence, including Large Language Models (LLMs), to power the companion conversational experience. We are committed to using AI responsibly, transparently, and safely.

  • Transparency: when you use ManoYatra, you are interacting with AI software, not a human being. We believe you have the right to know this at all times
  • Not a medical device: our AI does not provide medical diagnoses, clinical treatment plans, or prescriptions. ManoYatra is a wellness support tool and is not intended to replace professional mental health care from qualified practitioners
  • Safety guardrails: all AI-generated outputs pass through multiple layers of clinical safety checks before being shown to you. These guardrails are designed to prevent harmful, inappropriate, or clinically irresponsible content from reaching users
  • Data anonymization: conversation data sent to AI model providers for processing is anonymized. No personal identifiers — such as your name, phone number, email, or account ID — are shared with LLM providers
  • Clinical oversight: AI prompts, conversation flows, and response patterns are designed and regularly reviewed by clinical psychology experts to ensure they align with evidence-based therapeutic principles
  • AI limitations: AI may occasionally misunderstand context, provide imperfect responses, or fail to fully grasp the nuances of your situation. We encourage users to reach out to qualified professionals for serious mental health concerns
  • Continuous improvement: we continuously monitor AI interactions for safety, quality, and clinical appropriateness. We invest in ongoing improvements to ensure our AI becomes more helpful, accurate, and safe over time

7. Who We Share Information With

We share your information only in the following limited circumstances:

Service Providers

We work with trusted third-party service providers for cloud infrastructure, analytics platforms, and communication services. These providers process data on our behalf, under strict contractual obligations regarding data protection. Where analytics data is shared, it is anonymized and aggregated — individual user data is never shared with analytics providers.

B2B Organizations

For users who access ManoYatra through their employer or organization, we provide organizational administrators with anonymized, team-level wellness trends and aggregate reports. We NEVER share individual scores, personal conversations, assessment results, or any personally identifiable information with employers or organizational administrators.

Law Enforcement

We will disclose personal data to law enforcement authorities only when legally required to do so by a valid court order, subpoena, or applicable law. We will notify affected users of such disclosures unless prohibited from doing so by law.

We NEVER sell your personal data to third parties. We NEVER share your individual conversations with your employer.

8. Sharing Information Outside India

Some of our service providers and infrastructure partners may process data outside of India. In such cases, we take the following steps to ensure your data remains protected:

  • Standard Contractual Clauses (SCCs): we enter into contractual agreements with overseas service providers that include robust data protection commitments equivalent to Indian data protection standards
  • Adequacy assessments: before transferring data to any jurisdiction, we conduct assessments to evaluate the adequacy of data protection laws and practices in the receiving country
  • DPDPA compliance: all international data transfers comply with the requirements of the Digital Personal Data Protection Act, 2023, including any restrictions or conditions imposed by the government of India

Where possible, we prioritize processing and storing data within India to minimize cross-border data transfers.

9. Your Data Protection Rights

Under the Digital Personal Data Protection Act (DPDPA), 2023, you have the following rights regarding your personal data:

  • Right to Access: you have the right to request a summary of the personal data we hold about you, the processing activities we are carrying out, and the identities of all entities with whom your data has been shared
  • Right to Correction: you have the right to request the correction of any inaccurate, incomplete, or misleading personal data we hold about you
  • Right to Erasure: you have the right to request the deletion of your personal data, subject to any legal retention requirements or legitimate business needs
  • Right to Withdraw Consent: where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal
  • Right to Nominate: you have the right to nominate another individual to exercise your data protection rights on your behalf, in the event of your death or incapacity
  • Right to Grievance Redressal: you have the right to file complaints about our data handling practices and receive timely resolution of your grievances

To exercise any of these rights, please email us at manoyatraai@gmail.com. We will verify your identity and respond to your request within 30 days.

10. Children's Privacy

We take the privacy of children very seriously and are committed to complying with applicable laws regarding the processing of children's data:

  • ManoYatra is intended for users aged 13 and above
  • Users under the age of 18 require verifiable parental or guardian consent before their data can be collected and processed
  • We do not knowingly collect personal data from children under the age of 13
  • If we discover that we have inadvertently collected data from a child under 13, we will delete it promptly and take steps to prevent such collection in the future
  • Parents and guardians can contact us at any time to review, request deletion of, or stop the collection of their child's personal data

If you believe that a child under 13 has provided us with personal data, please contact us immediately at manoyatraai@gmail.com.

11. How to Complain

If you have any concerns or complaints about how we handle your personal data, we encourage you to reach out to us directly:

  1. Contact us: send your complaint or concern to manoyatraai@gmail.com with a clear description of the issue
  2. Acknowledgment: we will acknowledge receipt of your complaint within 48 hours
  3. Resolution: we will investigate and provide a substantive response within 30 days of receipt

If you are not satisfied with our response or the resolution of your complaint, you have the right to escalate the matter to the Data Protection Board of India established under the Digital Personal Data Protection Act (DPDPA), 2023.

12. Supplementary Privacy Notices

In addition to this global privacy policy, the following supplementary notices apply to users in specific jurisdictions:

For EU/EEA Users (GDPR)

If you are located in the European Union or European Economic Area, the following additional provisions apply to the processing of your personal data under the General Data Protection Regulation (GDPR):

  • Data Controller: SOCHWARE Private Limited acts as the data controller for your personal data
  • Lawful bases for processing: we rely on consent (for conversations and wellness tracking), contractual necessity (for service delivery), and legitimate interests (for analytics and safety) as our lawful bases for processing
  • Additional rights: in addition to the rights listed in Section 9, you have the right to data portability (receiving your data in a structured, machine-readable format), restriction of processing, and the right to object to processing based on legitimate interests
  • Supervisory authority: you have the right to lodge a complaint with the data protection supervisory authority in your EU member state
  • International transfers: any transfers of your data outside the EU/EEA are protected by Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring that your data receives an equivalent level of protection

For US Users (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Categories of personal information collected: as detailed in Section 2, we collect account data, conversation data, wellness data, device data, usage data, clinical assessment data, and payment data
  • No sale of personal information: we do NOT sell your personal information to any third party
  • No cross-context behavioral advertising: we do NOT share your personal information for cross-context behavioral advertising purposes
  • Your rights: you have the right to know what personal information we collect and how it is used, the right to delete your personal information, the right to correct inaccurate information, and the right to opt out of any sale or sharing of your data
  • Non-discrimination: we will not discriminate against you for exercising any of your privacy rights. You will not receive different pricing, service quality, or access to features because of your privacy choices
  • How to submit a request: to exercise any of your rights under CCPA/CPRA, please email us at manoyatraai@gmail.com. We will verify your identity and respond within the time frames required by law

13. Data Retention

We retain your data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law. The following retention periods apply:

  • Account data: retained for the duration your account is active, plus 30 days after account deletion to allow for account recovery and address any outstanding issues
  • Conversation data: retained for the duration your account is active. All conversation data is permanently deleted upon receipt of an account deletion request
  • Wellness data (MWS scores): retained for the duration your account is active. Upon account deletion, wellness scores are anonymized and may be retained in aggregate form for analytics and research purposes only
  • Clinical assessment data: retained for the duration of your active subscription period
  • Device & usage data: subject to a 12-month rolling retention period. Data older than 12 months is automatically purged
  • B2B organization data: retention is governed by the specific terms of the enterprise agreement between SOCHWARE and the subscribing organization

You may request deletion of your data at any time by contacting us at manoyatraai@gmail.com or by using the account deletion feature within the ManoYatra app.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes:

  • Material changes will be communicated to you via in-app notification and/or email to the address associated with your account, prior to the changes taking effect
  • The “Effective Date” at the top of this policy will be updated to reflect the date of the most recent revision
  • Continued use of ManoYatra after changes have been communicated and take effect constitutes your acceptance of the updated policy
  • Previous versions of this Privacy Policy are available upon request by contacting us at manoyatraai@gmail.com

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

Questions?

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us at manoyatraai@gmail.com. We are committed to transparency and will respond to your inquiry within 48 hours.