Privacy Policy
Last updated: 22 June 2026
This Privacy Policy describes how Sudo News (“Sudo News,” “we,” “us,” or “our”) collects, uses, stores, shares, and protects personal information when you use our mobile applications (Android and iOS), our website at sudonews.co, and related online services (collectively, the “Service”).
The Service is operated by Jayesh Dadhich, sole proprietor trading as Growth X (“Operator”). By using the Service, you acknowledge this Privacy Policy. If you do not agree, please do not use the Service.
1. Who this policy applies to
This policy applies to visitors of our website, users of the Sudo News mobile app, and anyone who contacts us for support, privacy, or account-related requests. It covers users in India and users who access the Service from other countries, including the European Economic Area, the United Kingdom, and the United States (including California).
2. Information we collect
We collect information you provide directly, information generated through your use of the Service, and information from third-party sign-in and payment providers as described below. We do not sell your personal information as a data broker.
2.1 Account and identity information
- Email address and password (when you register or sign in with email).
- Phone number (when you sign in with SMS/phone authentication or link a phone number to your profile).
- Display name and normalized username (stored in Firestore and, for unique usernames, in a separate username index).
- Profile photo you upload (processed and stored as described in Section 2.8).
- Country or region (optional profile field you may save).
- Authentication identifiers and provider metadata from Firebase Authentication, including when you use Google Sign-In, Sign in with Apple, or phone (SMS) authentication.
- For limited website preview flows only, we may create a Firebase Anonymous Authentication session so embedded previews can load protected content. Anonymous sessions are not used as the primary sign-in method in the production mobile app.
2.2 Wallet, coins, purchases, and withdrawals
Cash withdrawals are a core, intentional feature of Sudo News on our native mobile apps for iOS and Android. Eligible users who meet the age and verification requirements in our Terms & Conditions may request conversion of eligible virtual coins into cash payouts (primarily via UPI in India), subject to minimum balances, flat sell rates on winnings only, daily limits, cooldowns, fraud review, and applicable law. We do not treat withdrawals as an optional or hidden feature — payout destination details, withdrawal request status, and related ledger entries are processed to operate this feature lawfully and securely.
-
Virtual coin balance — total coins plus separate
Winnings (
earnedCoins, withdrawable) and Purchased (purchasedCoins, in-app use only) ledgers; streak, trust score, quiz statistics, referral counts, and related engagement fields stored in your Firestore user profile. - Coin ledger / transaction history in our `transactions` collection (credits, debits, quiz rewards, engagement milestones, referrals, purchases, withdrawals, and related metadata).
-
Purchase history, including:
- Apple In-App Purchase records (`apple_iap_transactions`), such as product ID, transaction ID, coin amounts, verification status, and timestamps.
- Google Play Billing and legacy order records (`coin_orders`), such as order ID, payment ID, SKU, INR amount, coin amounts, and verification status (Android).
- Withdrawal history (`withdrawal_requests`), including coin amount, flat sell-rate payout calculation (winnings only), UPI/payout destination you submit, request status (pending, approved, paid, rejected), and related ledger references.
- Withdrawal eligibility markers such as last withdrawal time, daily limits, and optional ad-unlock day markers stored on your user profile.
2.3 Quiz, referral, and gameplay data
Sudo News quizzes are designed as skill-based, educational assessments tied to news articles you read in the app. We process gameplay data to operate fair scoring, leaderboards, and coin rewards based on demonstrated knowledge — not random chance. See Section 15 for our skill-based / not-gambling disclosure.
- Quiz history in `users/{uid}/quizArenaHistory` (mode, scores, article references, timestamps, and related session metadata).
- Referral code, referral application status, referral earnings, and related ledger entries when you participate in the referral program.
- Power-up inventory and active power-up state stored under your user profile and subcollections.
2.4 News preferences, saved content, and reading activity
- News language preference and app UI language (stored locally in SharedPreferences and used to translate or display content).
- Saved articles in `users/{uid}/savedArticles` (article metadata, expiry timestamp — currently subject to a short TTL on the order of days).
- A local count of qualified article reads (articles you kept open in the foreground for at least 30 seconds), stored in SharedPreferences on your device.
- Theme, text size, and notification toggle preferences stored locally.
2.5 AI assistant (Sudo AI) data
- In-app consent: The first time you reach the home screen after signing in, the app shows a one-time consent screen that lists what data may be sent to third-party AI/search providers and requires your agreement before any AI feature runs. You can decline and continue using non-AI features.
- AI chat conversations stored in Firestore at `users/{uid}/conversations/{conversationId}`, including conversation title, message text (user prompts and assistant replies), and timestamps.
- Conversations include an expiry field (currently set to approximately 7 days from last activity) for automated deletion when Firestore TTL is enabled.
- When you ask questions that require fresh web context, our servers may send all or part of your query to Serper (primary web search) and, if configured, Tavily (fallback search) to retrieve public web results.
- Your prompts and relevant article context may be sent to our configured large-language model provider(s) to generate responses and quiz content. The default production provider is DeepSeek. Our backend may alternatively be configured to use OpenAI or Google Gemini depending on server configuration.
- Article-level AI analysis requests may send article headline, excerpt, or related context to the same AI providers.
- Local counters related to AI usage (for example approximate word usage and question counts) may be stored in SharedPreferences on your device.
2.6 Push notifications
- Firebase Cloud Messaging (FCM) device tokens stored in your Firestore user document (`fcmTokens`, up to five recent tokens per account), plus topic subscription metadata (for example `sudo_news_all`).
- Notification permission status on your device (granted or denied).
- In-app notification inbox entries derived from push payloads (title, body, type, and related metadata).
2.7 Device, technical, and usage data
- Firebase Analytics on our website (collection explicitly enabled in the web build) and in the mobile app (the SDK is integrated and logs events such as article views, home interactions, and quiz category usage). Analytics may include pseudonymous identifiers, device/OS information, and interaction events as defined by Google’s Firebase Analytics service.
- Standard server and Firebase logs (IP address, timestamps, request metadata, error logs) generated when you use authenticated features.
- We do not integrate Firebase Crashlytics or a dedicated crash-reporting SDK in the current app build. We do not collect automated crash dumps through Crashlytics.
2.8 Profile photos (Firebase Storage)
- When you upload a profile photo, the image is compressed on your device, uploaded to Firebase Storage at `profileImages/{uid}.jpg`, and published to your user profile and Firebase Auth photo URL after server processing.
- We enforce a 3-day cooldown between profile photo changes. Upload errors may be stored in `profileImageLastError` on your user document.
2.9 Local storage on your device
- SharedPreferences (Flutter): authentication session cache, app settings, AI usage counters, read-history count, onboarding/guide flags, last login method, and similar non-sensitive or semi-persistent app state.
- Hive (`translation_cache_v1`): on-device cache of translated article text (language, article ID, field key) to avoid re-translating the same content. The cache is pruned to approximately 500 entries.
- Other ephemeral in-memory caches (for example prefetched news feeds or AI conversation prefetch) that are not persisted long-term.
2.10 Support and communications
- Information you send when you email us, including your email address, message content, and any attachments.
3. How we use information
We use personal information to:
- Create, authenticate, and manage your account.
- Provide news aggregation, translations, quizzes, wallet, referrals, and AI features.
- Process coin purchases through Apple In-App Purchase and Google Play Billing.
- Process withdrawal requests, fraud checks, and ledger accounting.
- Deliver push notifications you enable.
- Operate, secure, debug, and improve the Service.
- Measure product usage through Firebase Analytics.
- Comply with law, respond to lawful requests, and enforce our Terms.
- Communicate with you about support, security, or material policy changes.
4. Legal bases for processing (EEA/UK users)
Where the GDPR or UK GDPR applies, we rely on:
- Contract: to provide the Service you request (account, wallet, quizzes, AI).
- Legitimate interests: security, fraud prevention, analytics, product improvement, and enforcing our Terms, balanced against your rights.
- Consent: where required for push notifications, optional cookies on the website, or other optional processing. You may withdraw consent through device or in-app settings.
- Legal obligation: tax, accounting, regulatory, and law-enforcement requests.
5. Cookies and similar technologies (website)
Our marketing website and web app shell may use cookies, local storage, and similar technologies for essential functionality, session management, and analytics (including Firebase Analytics). We do not use third-party advertising cookies or ad-measurement networks for behavioral advertising in the current Service.
You can control cookies through your browser settings. Blocking essential cookies may limit some website features.
6. Third-party processors and service providers
We use trusted providers that process data on our behalf, including:
- Google Firebase — Authentication, Cloud Firestore, Cloud Storage, Cloud Messaging, Cloud Functions, Hosting, and Analytics (project: sudonews-c684c).
- Google — Google Sign-In and Google Play services (Android).
- Apple — Sign in with Apple, Apple In-App Purchase, and Apple Push Notification service (APNs) on iOS.
- Google Play Billing — in-app coin pack purchases on Android (where enabled).
- DeepSeek — AI inference for chat, quizzes, and article analysis (default LLM).
- OpenAI and/or Google Gemini — optional alternate LLM backends when configured on our servers.
- Serper — web search results for AI answers; Tavily — optional search fallback.
- Google ML Kit — on-device translation of article text (processing occurs on your device where supported).
These providers process data under their own terms and privacy policies, as well as our instructions where applicable. Payment processors receive the data needed to complete transactions (for example payment tokens, order IDs, and payout destination details).
7. How we share information
We may share personal information:
- With the service providers listed above.
- On leaderboards — display name, profile photo URL, and ranking statistics you earn through the Service.
- When required by law, court order, or governmental request.
- With professional advisers (legal, accounting) under confidentiality obligations.
- In connection with a merger, acquisition, or asset sale, subject to continued protection consistent with this policy.
We do not sell personal information for cross-context behavioral advertising.
8. International data transfers
Our primary backend is hosted on Google Cloud / Firebase infrastructure, which may process and store data in the United States and other countries where Google operates data centers. If you access the Service from outside India, your information may be transferred internationally.
Where required by applicable law, we implement appropriate safeguards for cross-border transfers (for example Standard Contractual Clauses or equivalent mechanisms offered by our processors).
9. Data retention
We retain personal information only as long as necessary for the purposes described above:
- Active account profile and wallet ledger: retained while your account is active and as needed for fraud prevention, dispute resolution, and legal compliance.
- AI chat conversations: approximately 7 days after last update via Firestore TTL (`expireAt`), when TTL is enabled in Firebase.
- Saved articles: short TTL on the order of 3 days (`expireAt`), when TTL is enabled.
- FCM tokens: retained while notifications are enabled; stale tokens may be pruned by scheduled cleanup (for example tokens not updated within about one week, keeping up to five tokens per user).
- Local Hive translation cache and SharedPreferences: remain on your device until you clear app data, uninstall the app, or the app removes them through normal operation.
- Financial, purchase, and withdrawal records: retained for the period required by applicable tax, accounting, anti-fraud, and payment-network rules (often several years), even after account deletion where the law requires.
- Account deletion: when you delete your account, we mark it for removal and begin a 30-day grace period during which you may restore it. After the grace period, we delete your Firebase Authentication account, Firestore user subtree (including conversations, quiz history, saved articles, and related subcollections), username claim, and profile photos in Storage, except where retention is required by law or for legitimate financial record-keeping.
10. Security
We use reasonable technical and organizational measures designed to protect personal information, including HTTPS/TLS for data in transit, Firebase security rules, access controls on administrative tools, server-side purchase verification, and monitoring of Cloud Functions. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
11. Your privacy rights
Depending on your location, you may have the right to:
- Access personal information we hold about you.
- Request correction of inaccurate or incomplete information.
- Request deletion, subject to legal exceptions.
- Object to or restrict certain processing.
- Request data portability in a structured, commonly used format where feasible.
- Withdraw consent where processing is based on consent.
- Opt out of certain analytics where your platform provides controls.
11.1 California (CCPA/CPRA)
California residents have the right to know, delete, and correct personal information, and to opt out of “sale” or “sharing” for cross-context behavioral advertising. We do not sell or share personal information for cross-context behavioral advertising as defined by California law. You may designate an authorized agent to submit requests on your behalf.
11.2 India (Digital Personal Data Protection Act, 2023)
Where the DPDP Act applies, you may have rights to access, correction, erasure, and grievance redressal. You may contact our Grievance Officer using the details in Section 14. We process personal data for lawful purposes described in this policy and honour valid consent requirements for children where applicable.
11.3 How to exercise your rights
Email support@sudonews.co with the subject line “Privacy request”. We may verify your identity before processing requests. You may also delete your account in-app — see our Account & data deletion page.
12. Account and data deletion
You can request deletion from the app (Profile → Edit profile → Delete account) or by emailing support@sudonews.co. Deletion follows a 30-day grace period during which you may restore your account. Full details are on our Account & data deletion page.
13. Children’s privacy
The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information, contact us and we will take appropriate steps to delete it.
Financial features (buying coins, wallet withdrawals, and cash payouts via UPI on iOS and Android) are intended only for users who meet the minimum legal age to enter binding contracts and receive payments in their jurisdiction (typically 18 years in India). See our Terms & Conditions for eligibility rules.
14. Withdrawals and payout processing (iOS and Android)
This section describes how we handle personal information when you use the Withdraw feature in the Sudo News mobile app on iPhone, iPad, and Android.
14.1 Feature availability
Withdrawals are offered on both iOS and Android native app builds where the feature is enabled in the app. They are not offered on the marketing website alone. By using withdrawals, you instruct us to process payout-related personal data as described here and in our Terms.
14.2 Data we process for withdrawals
- Payout destination — for example your UPI ID or other payout method details you save in the app (Settings / payout method).
- Withdrawal requests — winnings amount requested, flat sell-rate rupee calculation, request timestamps, status (pending, approved, rejected, paid/completed), and internal reference IDs.
- Account and fraud signals — coin balance, ledger history, cooldown and daily-limit markers, optional fraud flags, and device/account identifiers needed to prevent abuse and duplicate payouts.
- Support communications — if you contact us about a payout delay, rejection, or verification.
14.3 How withdrawals relate to Apple In-App Purchase
Coin packs on iOS are purchased through Apple In-App Purchase. Apple processes payment for those purchases under Apple’s terms. Those coins are credited to your Purchased balance only and cannot be withdrawn. Withdrawals convert Winnings only, using our published flat sell rate (default 10 coins = ₹1). Refunds or chargebacks on App Store purchases are handled by Apple and may affect your Purchased balance but do not create a cash withdrawal entitlement for IAP coins.
14.4 Review, retention, and sharing
Withdrawal requests may be reviewed manually or automatically before payout. We retain withdrawal and ledger records for periods required by tax, accounting, anti-fraud, and payment compliance (often several years), even after account deletion where the law requires. We share payout data only with service providers and payment rails necessary to complete or audit a transfer (for example Firebase/Google Cloud infrastructure), and as required by law. We do not sell withdrawal or UPI data to data brokers.
15. Skill-based educational gameplay — not gambling
Sudo News is a news literacy and engagement product. Its primary rewarded gameplay — Quiz Arena solo quizzes — rewards users based on knowledge, reading comprehension, and quiz performance, not on luck alone.
- Skill-based quizzes: Questions are derived from news articles and factual content. Coin rewards for quizzes depend on your correct answers, session rules, and published daily limits — not on spinning a wheel or drawing lots for the core quiz outcome.
- Not a casino, lottery, or betting product: Sudo News does not offer real-money wagering on uncertain future events, casino-style games of chance, or pooled gambling pots. Solo quiz rewards are fixed platform grants based on correct answers and published scoring rules described in our Terms.
- Engagement milestones: The app may award fixed virtual-coin bonuses when you complete defined daily actions (for example daily quiz goals). These rewards are deterministic, not chance-based, and are governed by the same wallet and Terms rules.
- Gameplay data: We collect quiz scores, modes, timestamps, and related metadata to operate fair play, leaderboards, anti-cheat review, and reward accounting.
If you believe our Service is misclassified in your jurisdiction, contact support@sudonews.co before using financial features.
16. Changes to this policy
We may update this Privacy Policy from time to time. We will post the revised version with a new “Last updated” date. Material changes may also be communicated in-app or by email where appropriate.
17. Contact and Grievance Officer
For privacy questions, data subject requests, grievances, or account support:
- Legal name: Jayesh Dadhich (sole proprietorship)
- Trade name: Growth X
- Product: Sudo News
- Email (privacy, support, grievances, legal notices): support@sudonews.co
- Phone: +91 79767 98092
-
Address (principal place of business):
DHIRENDRA PRATAP, Floor 0, Flat No. 0
Unnamed Road, Post Kasaila Marwatia
Village Hatwa Shukla, Rudhouli Khurd
Saunghat, Munderwa Road
District Basti, Uttar Pradesh 272151, India - Grievance Officer (India): Jayesh Dadhich — support@sudonews.co
See also our Contact page and Terms & Conditions.