Privacy Policy

1. Who we are

ZUVVA is a trust-based people network operated by GrandGate Ventures Private Limited (“ZUVVA”, “we”, “us”), incorporated in India. This policy covers our mobile applications (Android & iOS) and our website at zuvva.in.

2. Data we collect

You give us

• Profile data: name, phone number, profession, city, area, profile photo, optional bio.
• Optional health data: blood group (only when you choose to share it, for use in the trust network's emergency features). Requires separate explicit consent.
• Contacts: only when you grant the contacts permission, to help you find people you already know on ZUVVA and invite others. We store contact names and phone numbers you choose to import. You can revoke this at any time.
• Content you create: messages, posts on Billboard, vouches, SOS messages, ratings, reviews.
• Communications: emails or messages you send us (e.g. via contact form, support, grievance).

Collected automatically

• Device data: device type, OS version, app version, language, time zone.
• Usage data: features used, screens viewed, action timestamps. Used to improve the product and detect abuse.
• Approximate location: city-level location derived from your profile and optional precise GPS attached to SOS events (only when you grant location permission and only at SOS compose time).
• Push tokens: an FCM/APNs token to deliver notifications.
• Network data: IP address and connection metadata, used for security and rate limiting.

3. Why we collect it

• Provide the ZUVVA trust-network service: profile, contacts, messaging, vouching, billboard, SOS.
• Find mutual connections and surface relevant people.
• Calculate trust scores and network insights.
• Deliver notifications, emails, and OTPs you've consented to.
• Detect and prevent abuse, fraud, and policy violations.
• Comply with legal obligations (record-keeping, lawful requests).

4. Legal basis

We process personal data under one of the following lawful bases:

• Consent — for sensitive data (e.g. blood group, contacts import, precise GPS) and optional features.
• Contract — to deliver the ZUVVA service you signed up for.
• Legitimate interest — for security, fraud prevention, and product improvement, where this does not override your rights.
• Legal obligation — to comply with applicable laws including the Digital Personal Data Protection Act, 2023 (India) and the GDPR where applicable.

5. How we share data

ZUVVA does not sell your personal data. We share it only when:

• You direct us to — e.g. when you vouch, post, send a message, or trigger an SOS, the relevant recipients see the content.
• Service providers — payment, SMS (MSG91), email (Google Workspace), push notifications (Firebase/Google), maps (Mapbox), AI (OpenAI, Google) act as processors under contract.
• Legal requirements — to comply with valid legal process or protect rights, safety, or property.
• Business transfers — in the event of a merger, acquisition, or sale of assets, subject to confidentiality and notice to affected users.

6. Data retention

• Active accounts: retained while your account exists.
• Deactivation: data is hidden from others but preserved until you delete or reactivate.
• Deletion: 30-day grace period during which you can restore the account, after which personal data is permanently erased (limited fields may be retained to satisfy legal obligations).
• Backups: encrypted backups are purged on a rolling 30-day cycle.
• Audit logs: certain compliance-related logs (e.g. consent acceptance, security events) are retained for up to 3 years even after deletion.

7. Your rights

Under India's DPDP Act 2023 §§5–8 and the GDPR Art. 15–22, you have the right to:

• Access: view all your data. In-app: Settings → Download My Data.
• Correction: edit your profile at any time.
• Erasure: delete your account permanently (Settings → Delete Account).
• Portability: export your data as JSON.
• Withdraw consent: revoke optional permissions (contacts, location, blood group) in Settings.
• Object / restrict processing: contact us to object to specific processing.
• Lodge a complaint: with the Data Protection Board of India (DPDP §29) or your local supervisory authority.

8. Security

We protect your data using industry-standard measures including encryption in transit (TLS 1.2+), encryption at rest for sensitive stores, access controls, audit logging, and regular review of our infrastructure. No system is perfectly secure — please use a strong phone-screen lock and report any suspected compromise to us immediately.

9. Children

ZUVVA is not directed at children under 13. We do not knowingly collect personal data from children under 13. Users between 13 and 18 should use ZUVVA only with parental or guardian consent. If you believe we have collected data from a child under 13, contact us and we will delete it.

10. International transfers

Our primary infrastructure is hosted in India. Some processors (e.g. Firebase, OpenAI, Mapbox) may process data in the United States or the European Union under appropriate contractual safeguards (Standard Contractual Clauses, where applicable).

11. Cookies & analytics

The ZUVVA website uses strictly necessary cookies to keep you signed in and remember your preferences. We do not use third-party advertising cookies. Server-side analytics (page views, action counts) are aggregated and not used to track individuals across sites.

12. Changes to this policy

We may update this policy as the product evolves or as the law requires. Material changes will be announced in the app and via email to your registered address at least 14 days before they take effect. The “Effective” date at the top reflects the most recent change.

13. Grievance officer

In accordance with DPDP Act 2023 §8(10) and Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, our Grievance Officer can be reached at:

Name: ZUVVA Data Protection Officer
Email: grievance@zuvva.in
Response time: Within 15 business days of receipt.

For all other privacy questions, email privacy@zuvva.in.