Privacy Policy

We collect only what we need to operate the booking service:

• Account data: phone number (always), name and email (optional, for confirmations)
• Location data: approximate city (mobile only, with your permission, to show nearby turfs). We do not track precise GPS in the background.
• Booking data: turfs you've viewed and booked, sport, slot, amount paid
• Payment data: payment is processed by PayU Money — we receive only a transaction reference and status, not your card or UPI details
• Owner data: if you list a turf, we additionally collect PAN (for tax reporting), GSTIN if applicable, bank/UPI details (for payouts), and turf photos you upload
• Device data: push notification token (mobile only), browser type, IP address (used to suggest local language and prevent abuse)
• Cookies & similar: a session cookie to keep you signed in; anonymous analytics cookies for product improvement

Strictly to provide and improve the service. Specifically:

• Show you turfs in your selected city
• Send you OTP codes and booking confirmations (SMS, email, push)
• Process bookings and route payments to turf owners
• Generate calendar events with directions to your booked turf
• Allow turf owners to manage their listings and reply to reviews
• Detect and prevent fraud or platform abuse
• Improve the product based on aggregated, anonymous usage

We do not sell your data. We do not use your data for advertising. We do not profile you for any purpose other than running this service.

Only the third parties strictly required to operate the service:

• PayU Money — payment processing (Indian entity, RBI-licensed)
• MSG91 — SMS OTP delivery (Indian entity)
• Resend — transactional email
• Cloudflare — content delivery, image storage, DDoS protection
• Railway — hosting infrastructure
• Sentry / PostHog — error tracking and anonymous product analytics
• Telegram — only for owners who opt into the bot, only the owner's chat ID is stored
• Government authorities — only when legally compelled by valid Indian court order or law

Your data is stored on Railway's cloud infrastructure (Singapore region) and Cloudflare R2 (with content distributed via Cloudflare's Indian edge nodes). Backups are encrypted and retained for 30 days. We may relocate primary storage to AWS Mumbai or Fly.io Mumbai in future for India data residency — no impact on this policy.

• Active accounts: as long as you have an account with us
• Inactive accounts: deleted 36 months after last login (with 30 days' notice)
• Booking + financial records: 8 years (mandated by Indian tax law)
• OTP codes: 5 minutes (then deleted)
• Server logs: 90 days

• Access: request a copy of your data
• Correction: ask us to fix inaccurate data
• Erasure: ask us to delete your account (we'll honor this in 30 days, except for legally-retained financial records)
• Withdraw consent: for any processing based on consent
• Grievance: file a complaint with us via [email protected]; if unresolved, you can escalate to the Data Protection Board of India

To exercise any right, email [email protected]. We respond within 30 days.

You can delete your account in-app: Settings → Account → Delete account. We process the deletion within 30 days. Booking and tax records may be retained as required by Indian law, but in anonymized form where possible. After deletion, you cannot recover the account.

Our service is intended for users aged 13 and above. We do not knowingly collect data from children under 13. If you believe we have, contact [email protected] and we will delete it immediately.

We use TLS 1.2+ for all data in transit, AES-256 for data at rest, hashed and salted credentials, rate limiting, and least-privilege access controls. We will notify you within 72 hours of becoming aware of any breach affecting your personal data, as required by DPDP Act.

We will email you at least 30 days before any material change. The current version is always at this URL.

Grievance Officer: Ricky (placeholder — to be appointed before launch)
Email: [email protected]
Postal address: [to be added before launch]