Direct answers.
Nothing held back.

No. Client records in Sattva, and financial records in KAI, are stored on your device using the browser's local IndexedDB. No API call, no background sync, and no pipeline carries this data to our servers. We are architecturally incapable of reading it — not by policy, by design.

Your data is backed up only if you have created a backup export (encrypted file saved to your storage or shared elsewhere). If you have not created a backup, data on a lost device cannot be recovered — not by you, not by us. We strongly recommend regular encrypted backups, which can be restored to any device.

Currently, Sattva operates as a single-device offline application. Data created on one device does not automatically appear on another. The backup and restore function allows you to transfer all data from one device to another — export an encrypted backup on Device A, restore it on Device B.

No. There is no analytics pipeline from the app to our servers. We do not track which features you use, how long you spend in the app, or any other behavioural data.

No. Sattva and KAI are offline applications that run entirely on your device. They do not require our servers to function. An Own-model enterprise client holds complete source code — their application is architecturally independent. It continues to run regardless of what happens to Muladhara.

Backup files are encrypted with AES-GCM — the same standard used by financial institutions and defence systems. The encryption key is derived from your PIN using PBKDF2-SHA256 (100,000 iterations) on your device. Neither the PIN nor the key is transmitted anywhere. The resulting backup file is computationally unreadable to anyone without your PIN.

No. We do not have your PIN. We do not have the encryption key. We do not store any information that would allow us to derive either. The decryption key exists only when your PIN is entered on your device. This is a mathematical constraint, not a promise.

After 5 incorrect PIN attempts, the app enters a lockout escalation: 30 seconds → 5 minutes → 30 minutes. Brute-forcing a 4-digit PIN under these conditions would require a prohibitive amount of time. The PIN hash is stored using PBKDF2-SHA256 — the raw PIN is never stored.

Yes. Android biometric unlock uses the device's native biometric API (fingerprint or face recognition). Muladhara does not receive, store, or process any biometric data. The biometric system is operated entirely by your device's OS — we only receive a success or failure signal.

The website runs a custom security framework with: CSRF protection on all forms, CSP headers with per-request nonces, HSTS (HTTPS enforcement), X-Frame-Options: DENY, rate limiting on form submissions, scanner probe detection, and no third-party tracking scripts that could be a supply chain attack vector.

No. AI features operate on pseudonymised data. Content is tagged to a randomly generated anonymous session ID — not to your client's name, credentials, or any identifiable information. The AI provider receives content and an anonymous ID. The mapping between the anonymous ID and the real person exists only on your device.

Sattva supports Google Gemini, OpenAI, and Anthropic Claude. You can configure your own API key for any of these, or use Sattva's managed AI option (metered tokens, same pseudonymisation applies). The choice and configuration is yours — Muladhara does not know which provider you use when you supply your own key.

The pseudonymisation layer significantly mitigates this risk — the AI provider does not receive identifying information. However, the content of session notes is sent to the AI provider. We recommend reviewing your chosen provider's data retention policy. Some providers offer zero-data-retention tiers for enterprise use. For maximum privacy, use on-device AI alternatives when they become viable.

On the Free plan, Sattva provides 25 AI queries per month through Sattva's managed proxy. Pro users can purchase additional credits (starting from ₹99 for 100 queries). Users who configure their own API key bypass this limit entirely — your usage is billed directly by your chosen provider.

When you tap a WhatsApp button in Sattva, the app opens a wa.me/ deep link — a standard URL that opens WhatsApp on your device with a pre-filled message. Your device's WhatsApp application opens. You review the message and choose to send it. That is the complete technical interaction.

No. We use wa.me/ deep links, not the WhatsApp Business API. There is no connection between your WhatsApp account and Muladhara's systems. No credentials are stored. No data passes through our servers.

Yes. Sattva has five customisable WhatsApp message templates in Settings: Appointment Reminder, Membership Renewal Reminder, Group Session Reminder, Group Membership Renewal, and Payment Receipt. You edit these templates and they are saved locally on your device.

Sattva is HIPAA-aligned by architecture — offline-first, device-local, AES-GCM encrypted, with zero Muladhara server access to PHI. The technical safeguards that HIPAA requires are present in the design. HIPAA-certified status additionally requires administrative paperwork: Business Associate Agreements, formal audit trails, and incident response documentation. Enterprise healthcare clients requiring a formal BAA should contact us.

GDPR's core principles — data minimisation, privacy by design, purpose limitation — are embedded in Sattva's architecture. Client data is processed only on the user's device, for the purpose of practice management, with no data flowing to Muladhara. This website collects only contact form submissions, with no tracking cookies. EU users have full rights to access, correct, or delete contact form submissions.

The Digital Personal Data Protection Act applies to processing of personal data in India. Sattva's offline-first model means personal data in the app never reaches Muladhara's processing systems. The website collects contact submissions with awareness at point of submission. We process this data only for the stated purpose.

Yes, with clear understanding of the architecture. The offline-first, encrypted model is well-suited to healthcare privacy requirements. The AI pseudonymisation layer ensures client identities are not exposed to AI providers. For formal healthcare deployments requiring BAAs, compliance documentation, or audit trails — contact us to discuss enterprise options.

It means you receive the complete, unobfuscated codebase — every file, every function, every database migration. Along with: the database schema, deployment documentation, infrastructure configuration, and self-care guides explaining how to maintain and extend the system. You can host it yourself, modify it, or have any developer work on it. No licence key. No activation server. No dependency on Muladhara's continued operation.

Lease: you use the product without receiving the source code. Muladhara handles infrastructure updates and technical evolution on your behalf. Lower initial cost, Muladhara remains a closer operational partner. Own: you receive complete source code, documentation, and full independence. Muladhara continues as an evolution partner by your choice — not because you need us to keep the lights on.

For Own-model clients: the system runs on your infrastructure with your credentials. Muladhara holds no access. Your team is trained and self-sufficient. Muladhara is available for evolution — new features, new markets, better performance — when you want it. The relationship is chosen, not forced. For Lease-model clients: Muladhara remains an active infrastructure partner, handling updates and technical evolution.

Yes. This is the third scenario in our model. Muladhara designs, builds, and configures the complete server infrastructure — then delivers it to you. Your domain, your hosting, your infrastructure. After handover, Muladhara holds no access credentials or backdoors. We continue as your evolution partner for growth and new requirements.

All Muladhara products are built with localization as an architectural layer, not an afterthought. Tax systems (GST, VAT, Sales Tax), currencies, legal compliance, language, and document formats are all configurable without touching the core application code. Adapting for a new country or jurisdiction is a configuration and template update — not a rebuild.

Sattva does not have an automated import from other tools. Your client list, bookings, and financial records would need to be entered into Sattva. The setup wizard guides you through the initial configuration. If you are migrating a large practice, contact us — we may be able to assist with a bulk data import depending on your current tool's export format.

Your data is not touched. It remains on your device, intact. You continue with Free plan limits (50 bookings per month, 3 groups). Nothing is deleted. Nothing is locked. You can export a full backup at any time, on any plan.

No. KAI does not connect to any bank account. Financial entries are either entered manually or captured via the AI receipt OCR scanner. This is a deliberate design choice — direct bank connections introduce security surface area and privacy dependencies that we chose not to build.

KAI uses ML Kit — Google's on-device machine learning library — for OCR. It runs entirely offline. After text extraction, an AI model maps the text to the correct account fields. Accuracy depends on receipt quality (clear text, good lighting). Digital PDFs are parsed directly without OCR — near 100% accuracy. Scanned or photographed receipts depend on image quality.

For individual app users: support through the in-app bug report function and email. We respond personally — not through a ticket queue. For enterprise and Own-model clients: direct support relationship with the Muladhara team, including technical consultation for evolution requirements. Response time: 2–5 working days for standard queries.

As technology grows and your needs evolve, you engage Muladhara for specific evolution work — new features, performance improvements, new market adaptation, or integration with new tools. There is no retainer required. The engagement is initiated when you need it. Muladhara carries forward the same deep understanding of your product's root purpose from the original build — which is what makes evolution efficient.

For individual Sattva and KAI users: updates are released through the Play Store and App Store. You update when you choose — we do not push mandatory updates. For enterprise Own-model clients: you receive new versions as a source code delivery, which your team deploys on your timeline.

App subscriptions (Sattva Monthly, Annual) cancelled within 7 days of payment are eligible for a full refund if the Pro features were not substantially used. Lifetime plan purchases are non-refundable given the nature of one-time ownership. Enterprise project payments are governed by the specific project agreement. Contact us at contact@muladharaholistictechnology.com for any payment concern.

Subscription pricing on enterprise software creates dependency — you need us to keep running to keep your business running. That conflicts with our core principle of client ownership and independence. Enterprise clients receive ownership. The relationship that follows is chosen because it delivers value, not because the alternative is losing access.

Enterprise and custom development projects are quoted based on the specific requirements, scope, and context of each project — not from a standard price sheet. The quote reflects the actual work needed. Not inflated to establish negotiating room. Not deflated to win the project and then expand scope. Rightfulness in pricing means the number is what the work actually justifies.

Yes. We only accept projects that align as good causes — that serve a genuine human need, that operate with rightful intent. Projects that we assess as harmful, exploitative, or contrary to the wellbeing of those the software will serve are declined. This is not a policy — it is how we decide what to build. We communicate the reason for any decline.