Thodunta ("we", "us", "our") operates the anonymous chat platform available at thodunta.chat. For privacy-related matters, contact us at thodunta@gmail.com.
| Data | What exactly | Why | How long |
|---|---|---|---|
| Phone number | Stored as a one-way SHA-256 hash only. The original number is never stored and cannot be recovered. | To verify your identity via OTP and prevent duplicate accounts | Until you delete your account |
| Gender | M or F — chosen by you | To match you with a chat partner | Until you delete your account |
| Chat messages | Never stored. Real-time only. | Relayed between users and immediately discarded | Not stored — zero retention |
| Images | Temporarily held in memory only | To display to chat partner | Auto-deleted after 10 seconds |
| Session token | A random 40-character token | To authenticate your session without storing your phone number | Until logout or account deletion |
| Premium status | Date until which premium is active | To unlock premium features | Until expiry or account deletion |
| Daily chat count | Number of chats today (no content) | To enforce daily limits for free users | Resets every midnight |
All chat messages on Thodunta are end-to-end encrypted using industry-standard cryptography:
This means even if our servers were compromised, your chat messages would be unreadable.
We use Firebase Authentication (by Google) to deliver OTP verification via SMS. During this process, your phone number is temporarily processed by Firebase to send the OTP. Once verified, we receive only a confirmation token — we store a hash of your phone, not the number itself.
Firebase's privacy policy: firebase.google.com/support/privacy
Payment processing is handled by Cashfree Payments. We never receive or store your card number, CVV, or bank account details. Cashfree processes payment data in compliance with RBI regulations and PCI-DSS standards.
What we do store after a successful payment: your premium expiry date only (no payment amount, no transaction ID on our database).
Your data is stored in a PostgreSQL database hosted on Supabase, with servers located in Singapore (closest available to India). Data is encrypted at rest and in transit. We use Railway for our application server with HTTPS enforced at all times.
Under India's Digital Personal Data Protection Act 2023, you have the right to:
To exercise any of these rights, contact our Grievance Officer or use the Delete Account option in the app.
| Service | Purpose | Their Privacy Policy |
|---|---|---|
| Firebase Auth (Google) | OTP verification | Link |
| Cashfree Payments | Payment processing | Link |
| Railway | App hosting | Link |
| Supabase | Database | Link |
| xAI (Grok) | AI chat assist | Link |
Thodunta is strictly for users 18 years and older. We do not knowingly collect data from anyone under 18. If you believe a minor has used our platform, contact us immediately at thodunta@gmail.com and we will delete the account.
We may update this policy from time to time. The latest version will always be at thodunta.chat/privacy. Continued use after changes = acceptance.
As required by the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021, we have designated a Grievance Officer for India:
Name: Thodunta Support Team
Email: thodunta@gmail.com
Platform: thodunta.chat
Response time: We will acknowledge complaints within 24 hours and resolve within 30 days, as mandated by the IT Rules 2021.
You may file a complaint regarding privacy violations, illegal content, or data misuse. Please include your user code and a description of the issue.