Privacy Policy

Last updated: January 31, 2026

Welcome to Emmathinking. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our application and services.

By using Emmathinking, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Personal Information

When you create an account or use our services, we may collect:

Name: Your display name for personalization
Email Address: For account identification and communication
Phone Number: For WhatsApp OTP authentication and account verification
Profile Image: Optional profile picture for your account

Authentication Data

We support multiple authentication methods:

Google Sign-In: OAuth-based authentication using your Google account
Phone Verification: OTP-based authentication via WhatsApp or SMS
Email & Password: Traditional credential-based login

Automatically Collected Information

When you access our services, we automatically collect:

IP Address: For security, fraud prevention, and session management
User Agent: Browser and device information for compatibility
Session Data: Login timestamps and session tokens

Phone Number Collection & WhatsApp OTP

We collect your phone number to provide secure authentication through One-Time Password (OTP) verification. This process works as follows:

You provide your phone number in E.164 format (e.g., +94771234567)
We send a verification code via WhatsApp (preferred) or SMS
You enter the code to verify your identity
Your verified phone number is securely stored for future logins

Your phone number is used solely for authentication purposes and will never be shared with third parties for marketing or promotional purposes.

Use of Meta Cloud API

We use the Meta WhatsApp Cloud API to send OTP verification messages. When using this service:

Your phone number is transmitted to Meta's servers to deliver the OTP message
Messages are sent using approved WhatsApp Business message templates
Meta processes this data in accordance with their Privacy Policy
We do not store message content; only delivery status is logged for troubleshooting

For users in Sri Lanka, we may alternatively use SMS via local providers when WhatsApp delivery is unavailable.

Google Sign-In & Data Usage

When you sign in with Google, we receive and store the following information from your Google account:

Email Address: Used for account identification
Display Name: Used as your profile name
Profile Picture: Used as your avatar (optional)

We use Google's OAuth 2.0 authentication service. This means:

We never see or store your Google password
Google sends us only the data you authorize during sign-in
You can revoke access anytime from your Google Account settings

Our use of Google user data complies with the Google API Services User Data Policy.

Data Security & Encryption

We implement robust security measures to protect your data:

Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS/SSL
Encryption at Rest: Sensitive data is encrypted in our database using industry-standard encryption algorithms
Secure Authentication: Passwords are hashed using secure hashing algorithms and never stored in plain text
Session Security: Authentication tokens are securely generated and expire automatically
Rate Limiting: We implement rate limiting to prevent brute-force attacks on authentication endpoints

Data Sharing & Third Parties

We do not sell your personal information. We may share data with:

Authentication Providers: Google when you use Google Sign-In
Messaging Services: Meta (WhatsApp) and SMS providers for OTP delivery
Legal Requirements: When required by law or to protect our legal rights

Your Rights

You have the following rights regarding your personal data:

Access: Request a copy of your personal data
Correction: Update or correct inaccurate information
Deletion: Request deletion of your account and data (see our Data Deletion page)
Portability: Request your data in a portable format

Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Upon account deletion, we will delete or anonymize your data within 30 days, except where retention is required by law.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us at:

Email: info@emmathinking.com

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.