Legal

Privacy Policy

Last updated: 1 May 2026 · Effective: 1 May 2026

Rishta Pty Ltd ("Rishta", "we", "our", "us") is committed to protecting your privacy. This policy explains what information we collect, how we use it, and how we keep it safe. It complies with the Australian Privacy Act 1988 (including the Australian Privacy Principles) and the New Zealand Privacy Act 2020.

1. Who we are

Rishta Pty Ltd is registered in Australia (ACN pending). Our registered address is Sydney, NSW, Australia. Contact: privacy@rishta.com.au. All personal data is stored in Sydney, Australia (AWS ap-southeast-2 / Supabase Sydney region).

2. Information we collect

We collect information you provide directly: name, email, date of birth, phone number, gender, location, photos, profile prompts, and cultural preferences. We collect verification data: selfies and government-issued ID documents (passport, driver's licence), processed via Stripe Identity. We collect usage data: login times, profile interactions, messages, and search behaviour to improve matching. We do not collect financial card numbers directly — payments are handled by Stripe.

3. How we use your information

To provide and improve the platform, including AI-assisted matching and introductions. To verify your identity and prevent fake profiles. To send you service notifications (new matches, message alerts). To comply with legal obligations. We do not sell your personal information to third parties. We do not use your data for advertising on third-party platforms.

4. AI and automated processing

Our AI Vichola system analyses profile data to suggest matches and generate compatibility explanations. No fully automated decisions that significantly affect you are made without a human-in-the-loop or your ability to request review. AI-generated match explanations are summaries to assist your decision-making — they are not binding assessments. You can request a human review of any AI-generated output by contacting support.

5. Data storage and security

All data is stored in Sydney, Australia (AWS ap-southeast-2). Data is encrypted at rest (AES-256) and in transit (TLS 1.3). Government ID documents are processed by Stripe Identity and not stored on Rishta servers after verification is complete. We retain profile data while your account is active. You can request deletion at any time.

6. Sharing your information

We share limited information with: Stripe Identity (for ID verification), Supabase (database hosting, Sydney), Cloudflare (CDN and DDoS protection), and analytics tools (aggregate, anonymised data only). We do not share identifiable personal data with third parties for marketing purposes.

7. Your rights

Under Australian and NZ privacy law, you have the right to: access personal information we hold about you; correct inaccurate information; request deletion of your data; object to certain processing; request a human review of automated decisions. To exercise these rights, email privacy@rishta.com.au. We will respond within 30 days.

8. Cookies

We use essential cookies for authentication and security. We use analytics cookies (anonymised) to understand how the platform is used. You can manage cookie preferences via our Cookie Policy page. We do not use advertising cookies.

9. Children

Rishta is not intended for anyone under 18. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us immediately and we will delete it.

10. Changes to this policy

We will notify you by email and in-app notification before making material changes to this policy. Continued use after notification constitutes acceptance.

11. Contact

Questions about this policy: privacy@rishta.com.au. For general enquiries: hello@rishta.com.au. For complaints under the Australian Privacy Act, you may also contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

Questions about your privacy?

Email us at privacy@rishta.com.au — we respond within 2 business days.