Data Security Policy
1. Introduction
This Data Security Policy ("Policy") is issued by Asvi Kritajna Private Limited ("Company") and applies to the use of all services offered by the Abra Ka Dabra platform, including its Android mobile application and forthcoming web application ("Platforms"). By accessing or using our Platforms, you ("User") agree to this Policy, forming a legally binding agreement between you and the Company.
2. Definitions
2.1 "Personal Data" refers to any information relating to an identified or identifiable natural person, including but not limited to, name, email address, phone number, location data, and online identifiers.
2.2 "Data Processing" means any operation or set of operations performed on Personal Data, whether by automated means, including collection, recording, organization, structuring, storage, alteration, retrieval, consultation, use, disclosure, dissemination, or destruction.
2.3 "Third-Party Services" refers to external service providers such as Google AdSense, Google Analytics, and MS Clarity that may process data on behalf of the Company.
2.4 "Data Controller" refers to the Company, which determines the purposes and means of processing Personal Data.
3. Legal Relationship
By accepting this Policy, the User acknowledges and consents to the collection, processing, and storage of their Personal Data by the Company in accordance with the terms herein. Users who do not accept this Policy must cease all use of the Platforms immediately.
4. Data Collection
4.1 Scope of Collection
The Company collects the following categories of data from Users:
Contact Information: Name, email address, phone number, and physical location.
Profile Information: Age, gender, username, and social media accounts.
Technical Information: IP addresses, browser types, device identifiers, operating systems, usage statistics, and geolocation data.
Payment Information: Details necessary for processing payments, including UPI IDs and transaction information, with no collection of sensitive financial data such as credit card numbers or CVV codes.
4.2 Collection Methods
Data is collected directly from Users through account creation, usage of the Platforms, and interaction with the Platforms' features, including voluntary submissions of information. Additionally, data may be collected through automated means, such as cookies and similar tracking technologies.
4.3 Third-Party Data Collection
The Company utilizes third-party services, such as Google AdSense, Google Analytics, and MS Clarity, for analytics and advertising purposes. These third-party services may collect anonymized data, which is processed according to their respective privacy policies.
5. Purpose of Data Processing
5.1 Contractual Necessity
Personal Data is processed to fulfill contractual obligations between the User and the Company, including the provision of services, account management, and user support.
5.2 Legitimate Interests
The Company processes Personal Data to improve the functionality and security of the Platforms, personalize User experiences, and conduct business analytics. Users' Personal Data may also be processed for the purpose of sending important communications, including notifications of changes to this Policy or our services.
5.3 Legal Compliance
The Company processes Personal Data to comply with applicable laws, regulations, and legal processes. This includes responding to lawful requests from public authorities, including law enforcement agencies.
6. Data Sharing and Disclosure
6.1 Internal Use
The Company retains and processes Personal Data internally to ensure the secure and efficient operation of the Platforms. Only authorized personnel have access to Personal Data.
6.2 Third-Party Disclosures
Personal Data may be disclosed to the following third parties:
Payment Processors: Limited data is shared with PhonePe for processing voluntary payments under the "Pay as you wish" feature. The Company ensures that only essential data is shared and that payment details such as card numbers are not collected by the Company.
Service Providers: Data may be shared with third-party service providers, including Google AdSense, Google Analytics, and MS Clarity, for the purpose of analytics, advertising, and enhancing user experience. These providers are contractually obligated to maintain the confidentiality and security of Personal Data.
6.3 Legal Obligations
The Company may disclose Personal Data if required to do so by law or in response to valid legal requests, including subpoenas, court orders, or governmental regulations.
7. Data Storage and Security
7.1 Data Storage Locations
All Personal Data collected by the Company is stored on secure servers located exclusively in India, managed by Google Cloud. The data is not transferred outside of India, in compliance with applicable local data protection regulations.
7.2 Security Measures
The Company employs rigorous security measures to protect Personal Data, including but not limited to:
Encryption: Advanced encryption methods are used for data at rest and in transit.
Access Controls: Strict access controls are enforced to ensure that only authorized personnel can access Personal Data.
Audit and Monitoring: Regular audits and monitoring are conducted to detect and mitigate potential security risks.
7.3 Data Retention
Personal Data is retained only for as long as necessary to fulfill the purposes outlined in this Policy or as required by applicable laws. Specific retention periods include:
Account Data: Retained for the duration of the User's account. Upon deletion of an account, all related data is permanently erased.
Transaction Data: Retained as required to comply with financial and legal obligations.
Technical Data: Retained for the duration necessary for troubleshooting, security, and analytics.
8. User Rights
8.1 Right to Access
Users have the right to access the Personal Data held by the Company. Requests for access must be submitted in writing to help@abra-ka-dabra.com. The Company will respond within 30 days, subject to any applicable legal exceptions.
8.2 Right to Rectification
Users may request correction of inaccurate or incomplete Personal Data. Users can update their own profile information directly through the Platforms or contact the Company for assistance.
8.3 Right to Erasure
Users have the right to request the deletion of their Personal Data. Account deletion requests can be processed directly through the Platforms, resulting in the permanent erasure of all associated data, which is non-recoverable.
8.4 Right to Data Portability
Upon request, the Company will provide Users with a copy of their Personal Data in a structured, machine-readable format, facilitating the transfer of data to another service provider.
8.5 Right to Object and Restrict Processing
Users may object to or request restrictions on the processing of their Personal Data in certain circumstances. The Company will honor such requests in accordance with applicable laws.
9. Cookies and Tracking
9.1 Use of Cookies
The Company uses cookies and similar tracking technologies to enhance the functionality and user experience of the Platforms. Cookies are small text files stored on the User's device that enable the Platforms to recognize the User on subsequent visits.
9.2 Types of Cookies
Essential Cookies: Necessary for the basic operation of the Platforms.
Performance Cookies: Collect information on how Users interact with the Platforms to improve functionality.
Functional Cookies: Remember User preferences to enhance the user experience.
9.3 User Control Over Cookies
Users may control the use of cookies through their browser settings. Disabling cookies may affect the availability and functionality of certain features on the Platforms.
10. Advertisements
10.1 Use of Google AdSense
The Company uses Google AdSense to display advertisements on the Platforms. The Company does not collect or process any Personal Data for ad targeting; all such data collection is managed autonomously by Google AdSense. Users are encouraged to review the Google AdSense privacy policy to understand how their data is handled.
10.2 Ad Personalization
Advertisements displayed on the Platforms may be personalized based on the User's interaction with the Platforms. Users can manage their ad preferences through their Google account settings.
11. Liability
11.1 Company Responsibility
The Company is committed to safeguarding User data; however, Users acknowledge that no system is completely secure. The Company disclaims liability for any unauthorized access, data breach, or loss of data due to external factors beyond its control.
11.2 User Responsibility
Users are responsible for maintaining the confidentiality of their account credentials, including User ID and password. The Company shall not be liable for any unauthorized access resulting from the User's failure to secure their account information.
12. Amendments to This Policy
12.1 Right to Amend
The Company reserves the right to amend this Data Security Policy at any time. Any significant changes will be communicated to Users through the Platforms. Continued use of the servicesHere's the continuation and completion of the detailed Data Security Policy draft:
​
13. Amendments to This Policy
13.1 Right to Amend
The Company reserves the right to amend this Data Security Policy at any time. Any significant changes will be communicated to Users through the Platforms. Continued use of the services following such amendments will constitute acceptance of the updated Policy.
13.2 User Notification
In the event of amendments that materially affect the processing of Personal Data, Users will be notified in advance and will have the opportunity to review and consent to the changes. Users who do not agree with the updated Policy must cease using the Platforms and may request the deletion of their data.
14. Compliance with Indian Law
14.1 Jurisdiction
This Data Security Policy is governed by and construed in accordance with the laws of India. Any disputes arising out of or related to this Policy shall be subject to the exclusive jurisdiction of the courts in Bengaluru, Karnataka.
14.2 Legal Compliance
The Company complies with all applicable laws and regulations governing data protection and privacy in India, including the Information Technology Act, 2000, and any amendments or rules made thereunder.
15. Grievance Redressal Mechanism
15.1 Grievance Officer
In compliance with the Information Technology Act, 2000, the Company has appointed a Grievance Officer to address any concerns or disputes regarding the processing of Personal Data. The Grievance Officer's contact details are as follows:
Designation: Grievance Redressal Officer
Email: customergrievance@abra-ka-dabra.com
15.2 Dispute Resolution
Users are encouraged to contact the Grievance Officer with any concerns regarding this Policy or the processing of their Personal Data. The Grievance Officer will acknowledge receipt of the complaint within 48 hours and will endeavor to resolve the issue within 30 days.
16. Severability
16.1 Severability Clause
If any provision of this Data Security Policy is found to be invalid or unenforceable by a court of competent jurisdiction, the remaining provisions shall continue in full force and effect. The invalid or unenforceable provision shall be modified to the minimum extent necessary to make it valid and enforceable.
17. Entire Agreement
17.1 Comprehensive Agreement
This Data Security Policy, along with the Terms and Conditions and Privacy Policy, constitutes the entire agreement between the User and the Company concerning the use of the Platforms. It supersedes all prior agreements, understandings, and representations regarding data security and processing.