effective 27 April 2026
version 1.0
applies to Mukut Companion (Android), the Mukut helmet module, and the helmet-served web dashboard.
TL;DR (read this if nothing else)
We do not run a server. There is no Mukut cloud.
No account. No login. No ads. No subscription. No analytics SDKs.
Your video, audio, GPS and ride history live on your helmet's microSD and your phone. Nowhere else.
The phone-to-helmet link is a local Wi-Fi AP hosted by the helmet itself. Nothing on that link reaches the public internet through us.
You can wipe everything by formatting the microSD and clearing the app's storage.
If a future feature could change any of the above, we will ship a new policy version and the app will surface a plain-language diff before you can use that feature. We will not change this silently.
1. Who we are
Mukut is a clip-on safety module for ISI-certified motorcycle helmets, designed and built in India. The Mukut Companion app (the "App") is the Android-side interface to the module (the "Helmet").
This policy is written to comply with the Digital Personal Data Protection Act, 2023 (India), the Google Play Data Safety disclosures, and the spirit of the EU GDPR's data-minimisation principles. Where requirements differ, we apply the strictest one.
2. What the App collects, stores, and processes
We split this by where the data lives, because where matters more than what.
2.1 On your phone, in the App's private storage
GPS location while the App is open and a ride is active. Used for two things: drawing your ride track and relaying the current fix to the Helmet so it can stamp recordings and SOS payloads. The fix is read from Android's location API and is never transmitted off your phone except via the local Wi-Fi link to the Helmet.
Ride history — start time, duration, route polyline, distance, and a pointer to the Helmet-side video file index. Stored in a local SQLite database.
Pairing data — the Bluetooth Low Energy (BLE) MAC and friendly name of your Helmet, plus a per-pairing key.
App preferences — HUD toggle, volume, mic mute, recording quality.
2.2 On the Helmet's microSD card
Video recordings from the rear cameras, stamped with timestamp and (if available) the GPS fix relayed from your phone.
Audio is processed on the Helmet for mesh voice and is not recorded to the SD card by default.
System logs — boot times, radio link quality, battery curve.
The microSD is yours. You can pop it out with the included tool and read it on any computer. Wiping it is a format away.
2.3 On the local Wi-Fi link between phone and Helmet
Live rear-camera video stream (WebSocket binary frames carrying H.264 NAL units, decoded in-browser via WebCodecs on iOS Safari; native Media3 RTSP on Android).
Live status telemetry (battery, link quality, peer count).
Outbound from phone: the GPS fix, navigation cues, and SOS triggers.
This link is a Wi-Fi AP hosted by the Helmet, not by your home router or a phone hotspot. Nothing on this link is forwarded to the internet by us.
2.4 What about the cloud?
There is no Mukut cloud. We do not operate a backend. We do not have a database of users, helmets, rides, locations, or videos. We cannot "look up" your account because there is no account.
A future App version will let you paste your own server URL (your home NAS, a self-hosted Nextcloud, an S3 bucket you own) so the App can offload Helmet recordings to it. This is opt-in, off by default, and the URL never leaves your phone except as the destination of your own uploads. We do not see, proxy, or relay that traffic.
3. What the App does NOT collect
We are stating these as commitments, not aspirations.
No advertising identifier (AAID, IDFA).
No analytics, telemetry, crash reporting, attribution, or A/B SDK.
No Google Firebase, no Crashlytics, no Sentry, no Mixpanel, no Segment.
No Google Play Services dependency at runtime — the App ships Play-Services-free and runs on AOSP-only and de-Googled phones.
No phone number, email, name, gender, age, or government ID.
No contacts, SMS, call log, or installed-app list.
No microphone access from the phone (audio for the mesh comes from the Helmet's own mics).
No background location. Location is read only while a ride is active and the App is in the foreground or in a foreground service notified to you.
No third-party SDKs of any kind.
4. Permissions the App requests, and why
Android permission
Why
When
BLUETOOTH_SCAN, BLUETOOTH_CONNECT
First-time pairing with the Helmet, plus the BLE handlebar SOS button.
Active during pairing; idle thereafter.
ACCESS_FINE_LOCATION
Read your GPS fix to relay to the Helmet and draw ride tracks. Also gates Wi-Fi SSID reads on Android 12+ (we read your current network's name only to confirm you've joined the helmet AP).
Keep the rear-feed, ride-tracking, and BLE link running when your screen is off.
Only while the dashboard is open; a sticky notification is always visible.
WRITE_EXTERNAL_STORAGE (scoped, Android 11+)
Save exported ride GPX/MP4 files to your chosen folder.
Only when you export.
We do not request READ_PHONE_STATE, READ_CONTACTS, RECORD_AUDIO, CAMERA, or any "all files" access.
5. BLE pairing and link security
Pairing uses BLE Secure Connections with a numeric-comparison or passkey flow shown on the App. Once paired, the App and Helmet exchange a per-pairing key used to authenticate the Wi-Fi join. You can unpair from the App's settings; this rotates the key on both sides.
The Helmet's Wi-Fi AP uses WPA2-PSK with a per-helmet password printed on the underside of the module and rotatable from the App.
6. Audio and video residency
Mesh voice between riders is encoded on the Helmet (Opus 16 kbps) and transmitted over the active radio (ESP-NOW LR / SX1280 FLRC). It is not recorded, stored, or routed through our servers — we have none.
Rear-camera video is recorded to the Helmet's microSD and previewed live on your phone over the local Wi-Fi link. We never see it.
SOS broadcasts on the SX1262 868 MHz radio carry a short payload: helmet ID, last-known GPS, timestamp. They are received only by other Mukut helmets within range (15–20 km rural). We do not receive them.
7. Retention
Phone-side ride history: kept until you delete it. Long-press a ride → Delete, or Settings → Wipe all rides.
Helmet microSD recordings: the Helmet auto-recycles oldest first when the card is full. You can pull, archive, or wipe at any time.
App preferences and pairing keys: kept until you uninstall the App or hit Settings → Reset.
8. Your rights
Under the DPDP Act 2023 and applicable EU/UK rules, you have the right to:
Access — everything the App stores about your rides is visible inside the App; tap Settings → Export to get a ZIP with your ride database, GPX tracks, and preferences.
Correct — edit ride names and notes inline.
Erase — Settings → Wipe all data clears the App's storage. Pop and reformat the microSD to clear the Helmet side.
Port — the export ZIP contains GPX (rides), JSON (preferences), and MP4 (videos). Open standards, no lock-in.
Withdraw consent — uninstall the App and unpair the Helmet. Nothing of yours sits on a server we control, because we do not run one.
Grievance — write to privacy@mukutsenses.com. We acknowledge within 7 days and resolve within 30, per DPDP Section 13. The Data Protection Officer (DPO) is the contact above.
9. Children
The App is not directed at users under 18. Motorcycles in India require a valid licence, which is not issued before 16 (gearless) / 18 (geared). We do not knowingly collect data from minors. If you believe a minor has used the App, contact us and we will delete what we can confirm exists on your device — there is nothing on our end to delete.
10. Security posture, honestly
All phone-to-Helmet traffic is on a local Wi-Fi link with WPA2-PSK and an app-layer per-pairing key.
The App is open-source-friendly: a SHA-256 of every released APK is published on our GitHub release page so you can verify what you installed.
No part of your data leaves the phone-Helmet pair through our infrastructure, because there is no infrastructure.
We are not perfect. If you find a vulnerability, mail security@mukutsenses.com. We will respond within 7 days.
11. International transfers
We do not transfer your data internationally because we do not collect it on a server. If you choose to use the v1.5+ user-supplied upload URL, you are the controller of that destination and any cross-border movement is governed by your own arrangement with that provider.
12. Changes to this policy
If we ever change a meaningful clause — what we collect, where it lives, who can see it — the App will show a plain-language diff and require you to tap I have read this before the affected feature unlocks. The previous version remains accessible from Settings → Privacy → Version history.
Cosmetic edits (typos, link fixes) are silent and recorded in the version history.
13. Data deletion request
Mukut stores almost nothing on a server we control. Most "deletion" is a two-tap action you do yourself, on your own device. The full menu of deletion paths:
In-app — phone storage (instant): Open the App → Settings → Wipe all data. Clears the ride database, pairing keys, app preferences, and cached map tiles. Effective immediately, no email needed.
Per-ride deletion: Long-press any ride in Ride history → Delete. Clears that single ride's video reference + GPX track from the phone.
Helmet microSD recordings: Pop the microSD via the tool-required door → reformat in any computer. The Helmet has no other persistent storage of recorded media.
Full uninstall: Remove the App from Android Settings → Apps. Android wipes all of the App's data alongside the binary. There is nothing of yours on a Misc42 server to clean up after — we do not run one.
Email request (formal): If you want a written confirmation of deletion (for your own compliance records, employer audit, etc.), email privacy@mukutsenses.com with the subject line "Data deletion request". We acknowledge within 7 days and reply with a written confirmation within 30 days, per DPDP Act 2023 Section 13. The reply will explicitly list which deletion path applies to each data type — most will be the user-side actions above, because we genuinely have nothing on our end to erase.
This section satisfies the Google Play data-deletion-request disclosure requirement.