Privacy Policy

Effective 28 June 2026 · applies to readsggs.com and the installed Read: SGGS app

The short version. Read: SGGS is a seva-driven project — built and run by volunteers as an offering, not a business. There are no accounts, no advertising, no analytics trackers, and no cookies. We never sell, rent, trade, or share data with anyone for any commercial purpose — there is nothing to sell and no one to sell it to. Your reading life (positions, bookmarks, notes, preferences, AI conversations) stays on your own device. The only things that ever reach our server are the minimum needed to deliver notifications you asked for, a message you choose to send us, and an anonymous, non-identifying app check-in — each explained fully below.

1. Who we are & what this covers

Read: SGGS ("we", "us") is a free, open, ad-free home for reading the Sri Guru Granth Sahib, maintained by volunteers as seva. This policy covers the website readsggs.com and the same site installed as an app on your device. It explains, completely and honestly, what information is handled, why, for how long, and your choices. We aim to meet the spirit and requirements of privacy law wherever our sangat lives, including the Australian Privacy Principles and India's Digital Personal Data Protection Act (DPDPA).

2. What stays only on your device

Almost everything. The following is stored in your own browser's storage on your own device, and is never transmitted to us:

You can erase all of it at any time by clearing this site's data in your browser, or uninstalling the app. We have no copy.

3. What reaches our server, why, and for how long

Only three things, each for a single stated purpose:

DataPurposeKept for
Notification subscription (if you turn reminders on): a push endpoint URL issued by your browser vendor, your timezone offset, your reminder preferences (times, banis, toggles), and delivery bookkeeping. Contains no name, email, or account. To deliver the reminders you asked for, at your local times. Until you turn notifications off (deleted immediately), or the endpoint stops working (pruned automatically).
Contact-form messages: your message, and your name and email only if you choose to include them. This is the only place we can hold anything identifying, and only because you typed it and sent it to us. To read your feedback and reply if you asked us to. Deleted automatically after 90 days, or sooner on request.
Installed-app check-in: an anonymous random id (generated on your device, linked to nothing), device platform/model (e.g. "Android · Pixel 8"), whether notifications are on, and a coarse location (city/region/country) derived at the network edge. Your IP address is never stored. To let the volunteer maintainer see roughly how many devices use the app and whether notifications work. Expires 60 days after the device's last check-in.

One transient exception: to stop abuse of the contact form, a one-way hash of the sender's IP is held for up to 60 seconds for rate-limiting, then expires. The IP itself is never written down.

4. What we never do

5. Services we rely on (and what they see)

Being honest means naming the infrastructure. When you use the site, these processors are involved:

6. International transfers

Cloudflare and Google operate global infrastructure, so the minimal data described above may be processed in countries other than yours. The protections in this policy apply regardless of where processing happens.

7. Security

Everything is served over HTTPS. The little we hold lives in Cloudflare's storage, access to which is limited to the volunteer maintainer and protected by an admin password and two-factor authentication. The honest truth is also structural: because we hold almost nothing, there is almost nothing to lose.

8. Your rights & choices

You don't need to ask us for most of them — you hold the data:

9. Children

The site is a reading resource suitable for all ages. We collect no personal data from anyone — child or adult — beyond what is described above, and we do no tracking, profiling, or advertising whatsoever, so there is no behavioural processing of children. If a child has sent identifying details through the contact form and a parent or guardian would like them removed, contact us and we will delete them promptly.

10. If something goes wrong

In the unlikely event of a security breach affecting the small amount of data we hold, we will post a clear notice on the site promptly, describe what happened and what was affected, and notify the relevant authorities where the law requires it.

11. Changes to this policy

If the site ever handles anything new, this page will be updated before the change goes live, with the effective date above revised. Material changes will also be announced in the site's "What's new". We will never quietly weaken this policy — its promises (no ads, no trackers, no selling of data) are foundations of the seva, not settings.

12. Contact

For any privacy question, request, or complaint, use the contact page. It reaches the volunteer maintainer directly.

ਵਾਹਿਗੁਰੂ ਜੀ ਕਾ ਖਾਲਸਾ ॥ ਵਾਹਿਗੁਰੂ ਜੀ ਕੀ ਫਤਹਿ ॥