Privacy Policy

Introduction

This Privacy Policy ("Policy") describes how NearMePG.com ("Platform", "Website", "we", "us", or "our"), owned and operated by Jayaora Solutions and Management, a company incorporated under the laws of India, collects, uses, stores, processes, shares, and protects personal data of users who access or use the Platform.

This Policy applies to all individuals and entities who access, browse, register on, or otherwise use the Platform, including users, guest users, and property owners, and governs the processing of personal data in connection with services offered through the Platform.

This Privacy Policy is published in accordance with the provisions of the Information Technology Act, 2000 and the rules made thereunder, including the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and is further aligned with the principles of the Digital Personal Data Protection Act, 2023, to the extent applicable.

By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy and acknowledge to the collection and processing of your personal data in accordance with this Policy and applicable law. If you do not agree with the terms of this Privacy Policy, you must not access or use the Platform.

This Policy should be read in conjunction with the Terms & Conditions and any other policies published on the Platform. In the event of any inconsistency between this Policy and applicable law, the provisions of applicable law shall prevail.

Scope & Applicability

This Privacy Policy applies to the collection, processing, storage, use, disclosure, and protection of personal data of all individuals and entities who access or use the NearMePG.com Platform, whether as registered users, guest users, property owners, or any other persons interacting with the Platform.

This Policy governs personal data processed through:

• The NearMePG.com website and related web pages;
• Any mobile website, web-based interface, or digital service operated by the Company;
• Communications, transactions, and interactions conducted through the Platform;
• Services, features, tools, and functionalities made available by the Platform from time to time.

This Privacy Policy applies only to personal data collected directly by or on behalf of the Platform in the course of providing its services. It does not apply to information collected by third-party websites, applications, payment gateways, or service providers that may be linked to or integrated with the Platform, which are governed by their respective privacy policies and terms.

The Platform may facilitate interactions and transactions between users and independent property owners. Personal data shared by users directly with such third parties shall be governed by the privacy practices of those parties, and the Company shall not be responsible for the collection, use, or disclosure of such data beyond the scope of the Platform's services.

This Policy applies to personal data processed within the territory of India and to data processed outside India, where such processing relates to services offered through the Platform and is subject to applicable Indian laws.

Nothing contained in this Policy shall limit or override any statutory rights, obligations, or remedies available under applicable law. In the event of any inconsistency between this Policy and applicable law, the provisions of applicable law shall prevail.

This Policy does not apply to information that has been anonymized or aggregated such that it no longer identifies an individual.

Definitions

For the purposes of this Privacy Policy, unless the context otherwise requires, the following terms shall have the meanings assigned to them below:

• "Company" means Jayaora Solutions and Management, a company incorporated under the laws of India, and the owner and operator of the Platform.
• "Platform" means the website NearMePG.com, including any related mobile site, web application, digital interface, or service operated by the Company.
• "User", "You", or "Your" means any natural or legal person who accesses, browses, registers on, or uses the Platform, whether as a registered user, guest user, property owner, or otherwise.
• "Personal Data" means any data or information that relates to an identified or identifiable individual, as defined under applicable Indian data protection laws, including but not limited to the Digital Personal Data Protection Act, 2023.
• "Sensitive Personal Data or Information" means such personal data as may be classified as sensitive under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, as amended from time to time.
• "Processing" means any operation or set of operations performed on personal data, whether or not by automated means, including collection, recording, storage, organization, use, disclosure, sharing, transfer, or deletion.
• "Third Party" means any individual, entity, or organization other than the User and the Company, including service providers, payment gateways, analytics providers, and property owners, as applicable.
• "Services" means the services, features, tools, and functionalities offered through the Platform from time to time.
• "Applicable Law" means all laws, statutes, rules, regulations, guidelines, and governmental notifications in force in India, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, as amended from time to time.

Data Fiduciary Details

For the purposes of applicable Indian data protection laws, including the Digital Personal Data Protection Act, 2023, Jayaora Solutions and Management shall be the Data Fiduciary in respect of the personal data processed through the Platform.

The details of the Data Fiduciary are as follows:

The Data Fiduciary determines the purpose and means of processing personal data collected through the Platform and is responsible for ensuring that such processing is carried out in accordance with this Privacy Policy and applicable law.

Any communication, grievance, or request relating to the processing of personal data under this Privacy Policy may be addressed to the Data Fiduciary using the contact details provided in the "Grievance Redressal" or "Contact Us" section of this Policy.

Nothing contained in this section shall be construed as creating any additional obligations beyond those prescribed under applicable law.

Categories of Personal Data Collected

The Platform may collect and process the following categories of personal data from users in the course of providing its services. The categories listed below are indicative and may vary depending on the nature of the user's interaction with the Platform.

Identity and Contact Information

Information provided by users during registration or use of the Platform, including but not limited to name, mobile number, email address, gender, age, and profile details.

Account and Usage Information

Information relating to a user's account and activity on the Platform, such as login credentials (in encrypted form), preferences, search history, interactions, communications, and transaction-related records.

Property and Accommodation Information

Information provided by property owners or managers, including property details, location, availability, pricing, images, and related descriptions necessary for listing and offering accommodation services on the Platform.

Payment and Transaction Information

Limited information relating to payments made through the Platform, such as transaction identifiers, payment status, and timestamps. The Platform does not have access to such financial credentials at any stage of the payment process.

Device and Technical Information

Technical data such as IP address, browser type, device identifiers, operating system, and log information, collected automatically for security, analytics, and platform functionality purposes.

Communication Information

Information contained in communications between users and the Platform, including customer support queries, emails, messages, and feedback.

Information Required by Law

Any personal data collected or retained to comply with applicable legal obligations, lawful requests, court orders, or government directives.

The Platform shall collect only such personal data as is necessary for the purposes for which it is processed and in accordance with applicable law.

Sensitive & Government ID Data (Including Aadhaar)

The Platform does not require users to provide Aadhaar numbers, biometric information, or any other data classified as sensitive personal data under applicable Indian law for the purpose of accessing or using the Platform, unless such collection is expressly required by law or regulatory authority.

Where government-issued identification documents (such as Aadhaar) are voluntarily provided by users for verification, compliance, or lawful purposes, such information shall be collected and processed strictly in accordance with applicable law and only to the extent necessary for the stated purpose.

The Platform shall not use Aadhaar numbers as a condition for providing services, nor shall it store Aadhaar numbers or biometric information unless mandated by law. Where Aadhaar-based verification is carried out, it shall be done in compliance with the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, and applicable regulations issued thereunder.

Sensitive personal data, if collected, shall be protected using reasonable security practices and procedures as required under applicable law and shall not be disclosed to any third party except where such disclosure is required by law or with the explicit consent of the user.

Nothing contained in this section shall be construed as creating any obligation on the Platform to collect or retain sensitive personal data beyond what is required under applicable law.

Methods of Data Collection

The Platform may collect personal data through the following lawful and reasonable methods in the course of providing its services:

Data Provided Directly by Users

Personal data voluntarily provided by users while accessing, registering on, or using the Platform, including during account creation, property listing, communication, customer support interactions, and submission of forms or requests.

Data Collected Automatically

Certain personal data may be collected automatically when users access or use the Platform, including technical and usage information such as IP address, device identifiers, browser type, operating system, access logs, and interaction data, collected through cookies, log files, and similar technologies.

Data Collected Through Transactions

Personal data generated in the course of transactions or service usage on the Platform, including booking-related information, transaction records, and service history.

Data Received from Third Parties

Personal data may be received from authorized third-party service providers, such as payment gateway operators, analytics service providers, communication service providers, or verification service providers, to the extent necessary for providing services and in accordance with applicable law.

Data Collected for Legal or Compliance Purposes

Personal data collected or retained pursuant to legal obligations, lawful requests, court orders, or regulatory requirements imposed on the Platform under applicable law.

All personal data shall be collected by lawful means, for specified purposes, and in a fair and transparent manner, consistent with applicable data protection laws.

Purpose Limitation & Processing Objectives

The Platform shall collect and process personal data solely for lawful purposes that are clear, specific, and directly related to the functioning of the Platform and the provision of its services. Personal data shall not be processed in a manner that is incompatible with the purposes for which it is collected, except as permitted under applicable law.

Personal data may be collected and processed for the following purposes:

Provision of Services

To enable users to access, register on, and use the Platform, including facilitating property listings, searches, bookings, communications, and related services.

Account Management

To create, maintain, and manage user accounts, authenticate users, verify information, and provide customer support and assistance.

Transaction Processing

To facilitate payments, confirmations, refunds, and record-keeping related to transactions conducted through the Platform, in coordination with authorized third-party payment service providers.

Platform Functionality and Improvement

To operate, maintain, analyze, and improve the Platform's features, performance, security, and user experience.

Communication

To communicate with users regarding service-related matters, updates, notices, confirmations, support requests, and important information relating to the Platform.

Security and Fraud Prevention

To detect, prevent, investigate, and respond to fraud, unauthorized access, misuse of the Platform, or other unlawful activities, including enforcement of Terms & Conditions.

Legal and Regulatory Compliance

To comply with applicable laws, regulations, legal processes, governmental requests, court orders, or regulatory requirements, including enforcement of Terms & Conditions.

Personal data shall be retained and processed only for as long as is necessary to fulfill the purposes for which it is collected, unless a longer retention period is required or permitted under applicable law.

Legal Basis for Processing

The Platform shall collect and process personal data only where there is a lawful basis to do so in accordance with applicable Indian law, including the Digital Personal Data Protection Act, 2023.

Personal data may be processed on the basis of one or more of the following lawful grounds:

Consent of the Data Principal

Personal data may be processed where the user has provided free, specific, informed, unconditional, and unambiguous consent for such processing, either expressly or through clear affirmative action, in accordance with applicable law.

Performance of a Contract

Personal data may be processed where such processing is necessary for the performance of a contract to which the user is a party, or for taking steps at the request of the user prior to entering into a contract, including the provision of services through the Platform.

Compliance with Legal Obligations

Personal data may be processed where such processing is necessary to comply with applicable laws, regulations, legal processes, court orders, or lawful governmental requests.

Legitimate Uses Permitted by Law

Personal data may be processed for such legitimate uses as may be permitted under applicable law, including purposes related to security, fraud prevention, network and information security, or protection of the rights and safety of the Platform and its users.

Where consent is relied upon as the legal basis for processing, users shall have the right to withdraw such consent in accordance with applicable law, subject to the consequences of such withdrawal on the availability of services.

Nothing contained in this section shall be construed as permitting the processing of personal data in a manner inconsistent with applicable law.

Consent Management Framework

Where required under applicable law, the Platform shall obtain the consent of users prior to the collection and processing of their personal data. Such consent shall be free, specific, informed, unconditional, and unambiguous, and shall be obtained through clear affirmative action by the user.

Consent may be obtained through the Platform's registration process, service usage workflows, forms, checkboxes, or other appropriate digital mechanisms that clearly indicate the purpose of data processing.

Users shall have the right to withdraw their consent at any time, in accordance with applicable law. Withdrawal of consent shall not affect the lawfulness of processing carried out prior to such withdrawal. Upon withdrawal of consent, the Platform may restrict or discontinue access to certain services where such processing is necessary for the provision of those services.

The Platform shall make reasonable efforts to ensure that users are able to access, review, and manage their consent preferences through available mechanisms on the Platform or by contacting the Platform through the designated grievance or contact channels.

Where personal data is processed on grounds other than consent, such processing shall be carried out strictly in accordance with applicable law and shall not require user consent where such consent is not mandated.

Nothing contained in this section shall be construed as obligating the Platform to provide services where the processing of personal data is no longer legally permissible due to withdrawal of consent.

Consent shall be recorded and logged in accordance with applicable law, where required.

Account Registration & Identity Verification (KYC)

To access certain features or services on the Platform, users may be required to create an account by providing accurate, current, and complete information as requested during the registration process.

The Platform may undertake identity verification or know-your-customer (KYC) procedures where necessary to:

• ensure the authenticity of users and property owners;
• prevent fraud, misuse, or unauthorized access;
• comply with applicable laws, regulations, or lawful directives; or
• protect the rights, safety, and integrity of the Platform and its users.

Any identity verification or KYC process shall be conducted in accordance with applicable law and shall be limited to the minimum information reasonably required for such purpose. The Platform does not mandate Aadhaar-based verification for account registration unless required by law and shall not deny services solely on the basis of non-submission of Aadhaar information.

Where KYC or verification services are facilitated through authorized third-party service providers, such processing shall be governed by applicable law and the privacy practices of such service providers. The Platform shall not be responsible for the independent data handling practices of such third parties beyond the scope of its contractual obligations.

Users are responsible for ensuring that the information provided during registration and verification is accurate and up to date. The Platform shall not be liable for any consequences arising from inaccurate or misleading information provided by users.

Nothing contained in this section shall be construed as imposing any obligation on the Platform to conduct KYC in circumstances where such verification is not required under applicable law or business necessity.

Booking, Inventory & Transaction Data Processing

The Platform processes certain personal data in connection with bookings, inventory management, and transactions facilitated through the Platform in order to enable the provision of its services.

Booking and Accommodation Data

Personal data may be processed to facilitate accommodation searches, booking requests, confirmations, modifications, cancellations, and related communications between users and property owners.

Inventory and Availability Management

Information relating to property listings, room availability, pricing, occupancy status, and related operational details may be processed to ensure accurate display and management of inventory on the Platform.

Transaction Records

The Platform may process and retain records of transactions conducted through the Platform, including booking identifiers, transaction status, timestamps, and related references, for operational, accounting, audit, dispute resolution, and legal compliance purposes.

Payment Processing

Payments initiated through the Platform are processed through authorized third-party payment gateway service providers. The Platform does not store or process users' card details, UPI credentials, bank account information, or other sensitive financial data. Such information is handled directly by the respective payment service providers in accordance with their terms and privacy policies.

Data Sharing with Property Owners

Relevant booking and user information may be shared with property owners or managers solely to the extent necessary to fulfil bookings, provide accommodation services, and manage related communications.

All booking, inventory, and transaction data shall be processed only for the purposes stated in this section and in accordance with applicable law. The Platform shall not use such data for purposes unrelated to service delivery, except where required or permitted by law.

Property owners act as independent data recipients and are responsible for their own data handling practices.

Payments & Financial Data Handling

The Platform facilitates payment transactions for services offered through the Platform by integrating with authorized third-party payment gateway service providers.

All payment transactions initiated through the Platform are processed directly by such third-party payment gateway providers in accordance with their respective terms, conditions, and privacy policies. The Platform does not collect, store, process, or retain users' debit card details, credit card details, UPI credentials, bank account numbers, CVV, PINs, or other sensitive financial information.

The Platform may receive limited transaction-related information from payment gateway service providers, such as transaction reference numbers, payment status, timestamps, and confirmation details, solely for the purposes of record-keeping, reconciliation, customer support, dispute resolution, and legal compliance.

The Platform shall not be responsible or liable for any payment failures, delays, reversals, technical errors, chargebacks, or unauthorized transactions arising from banking networks, payment gateway systems, or circumstances beyond the Platform's reasonable control.

Users are advised to review the terms and privacy policies of the respective payment gateway service providers before initiating any payment transactions through the Platform.

Nothing contained in this section shall be construed as creating any obligation on the Platform to store or process financial data beyond what is required for lawful and operational purposes.

Automated Decision-Making & Profiling

The Platform does not engage in automated decision-making or profiling that produces legal effects or similarly significant consequences for users.

Certain automated processes may be used to support the functioning of the Platform, such as sorting, filtering, ranking, or displaying listings, search results, recommendations, or availability based on user preferences, activity, or location. Such processes are intended solely to improve user experience and operational efficiency and do not involve decisions that affect users' legal rights.

Any automated processing used by the Platform shall be subject to reasonable safeguards and shall not be used to make decisions relating to eligibility, denial of services, or other outcomes that have legal or material impact on users without appropriate human involvement, where required by applicable law.

Nothing contained in this section shall be construed as creating any obligation on the Platform to implement or disclose automated decision-making systems beyond what is required under applicable law.

Marketing Communications & Behavioral Advertising

The Platform may communicate with users for service-related and informational purposes, including notifications, confirmations, updates, and support communications necessary for the operation of the Platform.

Marketing or promotional communications, if any, shall be sent only in accordance with applicable law and based on user consent where such consent is required. Users shall have the option to opt out of receiving non-essential marketing communications through available mechanisms or by contacting the Platform through the designated channels.

The Platform does not engage in intrusive behavioral advertising or profiling that tracks users across third-party websites for targeted advertising purposes. Any analytics or usage data collected is used primarily to understand platform performance and improve services and user experience.

Where third-party advertising or analytics tools are used, such tools shall operate in accordance with their respective privacy policies, and the Platform shall not control the independent data collection practices of such third parties.

Nothing contained in this section shall be construed as obligating the Platform to provide marketing communications or as limiting the Platform's ability to send mandatory service-related communications.

Transactional and service communications are mandatory and cannot be opted out of.

Cookies, Tracking Technologies & Analytics

The Platform uses cookies and similar tracking technologies to ensure proper functioning of the website, enhance user experience, maintain security, and analyze platform performance.

Cookies are small data files stored on a user's device that help the Platform recognize returning users, retain preferences, and enable core functionalities such as session management, authentication, and fraud prevention. Certain cookies are strictly necessary for the operation of the Platform and cannot be disabled without affecting functionality.

The Platform may also use analytics tools to collect aggregated and anonymized information relating to user interactions, device type, browser information, operating system, access time, and usage patterns. Such data is used solely for internal analysis, performance monitoring, service improvement, and security purposes and is not used to identify individual users.

The Platform does not use cookies or tracking technologies for cross-site behavioral advertising or for tracking users across third-party websites for targeted advertising purposes.

Users may manage or disable cookies through their browser settings. However, disabling cookies may limit access to certain features or functionalities of the Platform. The Platform shall not be responsible for any loss of functionality resulting from user-controlled cookie restrictions.

Where third-party analytics or technology service providers are used, such providers may place their own cookies in accordance with their respective privacy policies. The Platform does not control and shall not be responsible for the independent data collection practices of such third parties.

By continuing to use the Platform, users consent to the use of cookies as described herein, where required by law.

Data Sharing & Disclosure Framework

The Platform may share or disclose personal data of Users and PG Owners strictly on a need-to-know basis and only to the extent necessary for the operation, facilitation, security, and compliance of the Platform, in accordance with applicable Indian laws.

Personal data may be shared with the following categories of recipients:

PG Owners / Users

Limited personal information may be shared between Users and PG Owners solely for the purpose of facilitating bookings, confirmations, check-in, communication, and resolution of stay-related matters.

Service Providers

Third-party service providers engaged by the Platform, including payment gateways, banking partners, cloud service providers, analytics vendors, communication service providers, customer support tools, and technology infrastructure partners, strictly for performing services on behalf of the Platform and subject to contractual confidentiality and data protection obligations.

Legal, Regulatory & Government Authorities

Where disclosure is required under applicable laws, court orders, governmental requests, law enforcement requirements, statutory obligations, or regulatory proceedings.

Business Transfers

In the event of a merger, acquisition, restructuring, sale of assets, or transfer of business operations, personal data may be transferred to the acquiring or successor entity, subject to applicable legal safeguards and continuity of data protection obligations.

The Platform does not sell, rent, trade, or commercially exploit personal data of Users or PG Owners to third parties for marketing or advertising purposes.

All data sharing is carried out in compliance with reasonable security practices and is limited to the minimum data necessary to achieve the specified purpose. The Platform requires its service providers and partners to implement appropriate technical and organizational safeguards to protect shared data.

Third-Party Processors & Vendor Management

The Platform may engage third-party processors, vendors, contractors, or service providers ("Third-Party Processors") to perform specific functions necessary for the operation, maintenance, security, and improvement of the Platform.

Such Third-Party Processors may include, without limitation, payment gateway providers, banking partners, cloud hosting providers, data storage vendors, analytics service providers, customer support tools, communication service providers, identity verification services, and technical infrastructure partners.

The Platform ensures that Third-Party Processors are engaged only for clearly defined and lawful purposes and are provided access to personal data strictly on a need-to-know basis and to the minimum extent required for performance of their contracted services.

All Third-Party Processors are contractually bound through written agreements to:

• process personal data only in accordance with documented instructions of the Platform;
• maintain confidentiality of personal data;
• implement reasonable security safeguards and industry-standard data protection measures;
• refrain from unauthorized disclosure, secondary use, or commercial exploitation of personal data; and
• comply with applicable data protection laws and regulatory requirements.

The Platform does not permit Third-Party Processors to retain, use, or disclose personal data for their own purposes, including marketing, profiling, or analytics unrelated to the Platform's services, unless expressly required by law.

While the Platform undertakes reasonable due diligence and contractual safeguards when appointing Third-Party Processors, it shall not be liable for acts, omissions, or data handling practices of such Third-Party Processors beyond the extent mandated under applicable law.

Where required under applicable law, the Platform may audit, review, or seek compliance assurances from Third-Party Processors to ensure adherence to contractual and legal obligations.

Cross-Border Data Transfers & Safeguards

The Platform primarily stores and processes personal data within the territory of India. However, in limited circumstances, certain personal data may be transferred to, stored in, or processed in jurisdictions outside India where such transfer is necessary for the provision of services, technical operations, regulatory compliance, or engagement of Third-Party Processors.

Cross-border transfers of personal data, where undertaken, shall be conducted strictly in accordance with applicable Indian laws, rules, and regulatory requirements, including the Information Technology Act, 2000, the applicable rules thereunder, and any data protection legislation or governmental notifications in force from time to time.

The Platform shall ensure that any cross-border data transfer is subject to appropriate safeguards, which may include one or more of the following:

• transfer to jurisdictions recognized or permitted by the Government of India;
• execution of contractual arrangements imposing data protection, confidentiality, and security obligations on the recipient;
• implementation of technical and organizational measures to protect personal data against unauthorized access, misuse, or disclosure; and
• limitation of transferred data to the minimum extent necessary for the specified purpose.

Sensitive personal data and government-issued identification information shall not be transferred outside India unless such transfer is expressly permitted under applicable law or required for lawful purposes, and subject to enhanced safeguards.

The Platform shall not sell or commercially exploit personal data through cross-border transfers. Any overseas processing shall be incidental to service delivery and shall not alter the purpose for which the data was originally collected.

Users acknowledge that, where legally permitted, cross-border data transfers may occur as part of Platform operations. Continued use of the Platform constitutes acceptance of such transfers subject to the safeguards described herein.

The Platform shall take reasonable steps to ensure that foreign recipients of personal data do not further transfer such data in a manner inconsistent with this Privacy Policy or applicable Indian law.

Data Retention & Data Minimization Policy

The Platform follows the principles of data minimization and limited retention and collects, processes, and retains personal data only to the extent necessary to fulfill lawful purposes connected with the operation of the Platform.

Personal data shall be retained only for as long as it is required to:

• provide services requested by Users or PG Owners;
• fulfill contractual obligations arising from bookings, payments, or account usage;
• comply with applicable legal, regulatory, tax, accounting, or reporting requirements;
• resolve disputes, enforce agreements, or protect legal rights; and
• prevent fraud, misuse, or security incidents.

The duration of retention may vary depending on the nature of the data, the purpose for which it was collected, and applicable statutory requirements. Where retention periods are prescribed under applicable law, such data shall be retained for the minimum period mandated and securely deleted thereafter.

Upon fulfillment of the applicable retention purpose, personal data shall be securely deleted, anonymized, or irreversibly de-identified using reasonable technical and organizational measures, unless continued retention is required by law or necessary for establishment, exercise, or defense of legal claims.

The Platform does not retain personal data indefinitely and does not store personal data merely for speculative or future use. Access to retained data is restricted to authorized personnel strictly on a need-to-know basis.

Users may request deletion or deactivation of their account in accordance with applicable law. Such requests shall be processed subject to legal retention obligations, pending disputes, outstanding payments, fraud prevention requirements, or regulatory compliance.

The Platform periodically reviews data retention practices to ensure continued compliance with evolving legal requirements, operational necessity, and data protection best practices.

Data Security & Technical Safeguards

The Platform implements reasonable and appropriate technical and organizational security measures to protect personal data against unauthorized access, disclosure, alteration, loss, destruction, or misuse, in accordance with applicable laws and industry-recognized security practices.

Such security measures include, where appropriate:

• secure server infrastructure and controlled access environments;
• encryption of data in transit using industry-standard protocols;
• access controls, authentication mechanisms, and role-based authorization to limit data access to authorized personnel only;
• regular monitoring of systems for potential vulnerabilities, security incidents, or unauthorized activity;
• implementation of internal data handling policies and confidentiality obligations for employees, contractors, and service providers; and
• reasonable safeguards to protect systems against malware, unauthorized intrusion, and cyber threats.

The Platform restricts access to personal data strictly on a need-to-know basis and ensures that individuals with authorized access are subject to confidentiality obligations and appropriate training.

While the Platform undertakes reasonable efforts to safeguard personal data, no method of electronic transmission or digital storage is completely secure. Accordingly, the Company does not guarantee absolute security and shall not be held liable for security breaches resulting from factors beyond its reasonable control, including advanced cyberattacks, third-party system vulnerabilities, or force majeure events.

In the event of a suspected or actual data security incident, the Platform shall take reasonable steps to investigate, mitigate, and contain the incident in accordance with applicable law and internal incident response procedures.

Users acknowledge that they are responsible for maintaining the confidentiality of their account credentials and for taking reasonable precautions to protect their own devices and access details. The Platform shall not be liable for data compromise arising from user negligence, credential sharing, or insecure personal devices.

Security measures are reviewed periodically and may be updated to reflect changes in technology, legal requirements, risk environment, or operational practices.

Organizational & Access Controls

The Platform maintains appropriate organizational measures and internal governance controls to ensure that personal data is accessed, processed, and handled only by authorized persons and strictly for legitimate business purposes consistent with this Privacy Policy and applicable law.

Access to personal data is granted on a role-based and need-to-know basis, taking into account job responsibilities, operational necessity, and risk assessment. Employees, contractors, and service providers are permitted access only to the extent required to perform their assigned duties.

The Platform implements internal controls which may include:

• defined access authorization procedures and approval mechanisms;
• segregation of duties to reduce risk of unauthorized or excessive access;
• confidentiality obligations incorporated into employment contracts, service agreements, or non-disclosure arrangements;
• periodic review and revocation of access rights upon role change, termination, or cessation of engagement;
• internal policies governing acceptable use, data handling, and information security practices.

Personnel with access to personal data are provided reasonable awareness and training regarding data protection obligations, confidentiality requirements, and secure handling practices appropriate to their role.

The Platform may conduct internal audits, monitoring, or access reviews to assess compliance with its data protection framework and to identify potential risks or policy deviations. Such reviews are conducted in a proportionate manner and for legitimate operational, security, or compliance purposes.

Any breach of organizational policies, unauthorized access, or misuse of personal data by personnel may result in disciplinary action, contractual remedies, termination of engagement, and/or legal action in accordance with applicable law.

Organizational and access control measures are periodically reviewed and updated to reflect changes in legal requirements, operational structure, risk exposure, and industry best practices.

User Rights & Data Principal Rights

In accordance with applicable data protection laws in India, including the Digital Personal Data Protection Act, 2023, individuals whose personal data is processed by the Platform ("Data Principals") are entitled to exercise certain rights, subject to applicable legal limitations and verification requirements.

Subject to law, Data Principals may have the right to:

• obtain confirmation as to whether their personal data is being processed by the Platform;
• access a summary of personal data processed by the Platform and information relating to processing purposes;
• request correction, completion, or updating of inaccurate or incomplete personal data;
• request erasure of personal data that is no longer required for the stated purpose or where consent has been withdrawn, subject to lawful retention obligations;
• withdraw consent for processing of personal data, where processing is based on consent, without affecting the lawfulness of processing carried out prior to such withdrawal;
• seek redressal of grievances relating to processing of personal data;

Withdrawal of Consent & Account Deactivation

Where the processing of personal data by the Platform is based on the consent of the User or PG Owner, such individual may withdraw consent at any time in accordance with applicable law. Withdrawal of consent shall not affect the lawfulness of processing carried out prior to such withdrawal.

Requests for withdrawal of consent or deactivation of an account may be submitted through the contact mechanisms or account settings made available on the Platform. The Platform may require reasonable verification of identity before processing such requests to prevent unauthorized actions.

Upon receipt of a valid withdrawal or deactivation request, the Platform shall:

• discontinue processing of personal data for purposes that rely solely on consent, to the extent permitted under applicable law;
• deactivate the relevant account, subject to fulfillment of legal, contractual, or regulatory obligations.

Notwithstanding withdrawal of consent or account deactivation, the Platform may retain and continue to process personal data where such retention or processing is:

• required to comply with applicable law, regulation, or court order;
• necessary for accounting, tax, audit, or statutory reporting purposes;
• required for establishment, exercise, or defense of legal claims;
• necessary for fraud prevention, misuse detection, security, or risk management; or
• connected to unresolved disputes, chargebacks, or outstanding financial obligations.

Account deactivation does not automatically result in deletion of all personal data, and certain information may remain retained in accordance with the Platform's Data Retention & Data Minimization Policy.

Users acknowledge that withdrawal of consent or deactivation of an account may result in limited or complete inability to access certain features or services of the Platform and may affect ongoing or future transactions.

The Platform shall process withdrawal and deactivation requests within a reasonable timeframe, subject to operational feasibility and applicable legal requirements.

Nothing in this Section shall limit statutory exemptions or override obligations imposed on the Company under applicable law.

Children's Data & Age Restriction Policy (18+ Only)

The Platform is intended solely for use by individuals who are eighteen (18) years of age or older. The Company does not knowingly collect, process, or store personal data of children, as defined under applicable Indian law.

By accessing or using the Platform, Users represent and warrant that they are at least eighteen (18) years of age and are legally competent to enter into binding contracts under applicable law.

In the event that personal data of a child is inadvertently collected or processed due to misrepresentation of age or otherwise, the Company shall take reasonable steps to delete or anonymize such data upon becoming aware of the same, subject to applicable legal requirements.

The Platform does not permit the creation of accounts by children, nor does it knowingly engage in targeted advertising, behavioral profiling, or marketing communications directed at children.

Where a minor accesses the Platform under the supervision of a parent or legal guardian, such access shall be deemed to be at the sole responsibility of the parent or guardian. The Company shall not be liable for any misuse of the Platform by minors in violation of this Policy.

The Company reserves the right to suspend or terminate any account found to be associated with a minor or created using false age information, without prior notice, and without incurring liability.

Nothing in this Section shall limit or override obligations imposed on the Company under applicable child protection or data protection laws.

Data Breach Response & Incident Notification

The Platform maintains reasonable procedures to identify, assess, investigate, and respond to suspected or actual personal data breaches, security incidents, or unauthorized access events affecting personal data processed by the Company.

In the event of a personal data breach, the Company shall take reasonable and proportionate steps to:

• contain, mitigate, and remediate the incident;
• assess the nature, scope, and potential impact of the breach; and
• prevent recurrence through appropriate corrective measures.

Where a personal data breach is likely to cause significant harm to Data Principals, or where notification is required under applicable law, the Company shall notify:

• the relevant regulatory or governmental authority, and/or
• affected Data Principals,

within such time and manner as prescribed under applicable law.

Breach notifications, where issued, may include information reasonably available to the Company at the time, such as the nature of the breach, categories of data affected, potential consequences, and measures taken or proposed to address the breach. The Company reserves the right to supplement or update notifications as further information becomes available.

The Company shall not be required to notify Data Principals where the breach is unlikely to result in significant harm, or where notification is otherwise exempted under applicable law, regulatory guidance, or directions of competent authorities.

The Company shall maintain internal records of material security incidents and data breaches in accordance with legal and compliance requirements.

Nothing in this Section shall be construed as an admission of fault or liability by the Company, and the Company shall not be responsible for breaches arising from events beyond its reasonable control, including sophisticated cyberattacks, third-party system failures, or force majeure events.

Users acknowledge that electronic systems carry inherent security risks and that absolute security cannot be guaranteed.

Policy Updates & Version Control

The Company reserves the right to modify, amend, update, or revise this Privacy Policy from time to time to reflect changes in legal requirements, business practices, technological developments, or operational needs.

Any material changes to this Privacy Policy shall be communicated to users through reasonable means, which may include publication of the updated policy on the Platform, notifications within the Platform, or other appropriate communication channels, as required under applicable law.

The revised Privacy Policy shall become effective from the date of publication or such other date as expressly stated therein. Continued access to or use of the Platform or Services after the effective date of the updated Privacy Policy shall constitute acceptance of such changes, to the extent permitted under applicable law.

The Company shall maintain the most current version of this Privacy Policy on the Platform and may, at its discretion, maintain an internal or public record of prior versions for reference and compliance purposes.

Nothing contained in this Section shall limit any rights of Data Principals under applicable data protection laws, nor shall updates to this Privacy Policy operate retrospectively to reduce lawful protections applicable at the time personal data was collected, except where permitted by law.

Grievance Officer & Regulatory Contact Mechanism

In accordance with applicable provisions of the Information Technology Act, 2000, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the Digital Personal Data Protection Act, 2023, the Company has designated a Grievance Officer to address user complaints, concerns, or grievances relating to the processing of personal data, Platform usage, or alleged violations of this Privacy Policy.

The Grievance Officer shall be responsible for:

• acknowledging receipt of grievances submitted by users or Data Principals;
• reviewing and investigating such grievances in a fair and reasonable manner;
• resolving grievances within the timelines prescribed under applicable law; and
• maintaining records of grievances and actions taken, as required by law.

Users may submit grievances or communications relating to privacy, data protection, or Platform-related concerns using the contact details provided on the Platform. The Company shall make reasonable efforts to acknowledge and address grievances in a timely manner, subject to the nature of the complaint and applicable legal requirements.

Where a user is not satisfied with the resolution provided by the Company, or where required under applicable law, the user may escalate the grievance to the appropriate regulatory or statutory authority in accordance with the procedures prescribed under applicable law.

Nothing in this Section shall be construed as limiting the Company's right to seek additional information for grievance resolution, nor shall it prevent the Company from rejecting frivolous, malicious, or legally untenable complaints in accordance with applicable law.

The designation of a Grievance Officer does not constitute an admission of liability, and the Company's obligations under this Section shall be subject to force majeure events, lawful governmental directions, and circumstances beyond the Company's reasonable control.