Privacy Policy
Effective Date: June 2026 · Compliant with the Digital Personal Data Protection Act, 2023 (India).
Data Fiduciary: INTINT (OPC) Pvt. Ltd., incorporated under the Companies Act, 2013, Hyderabad, Telangana, India, is the Data Fiduciary (as defined under the DPDPA 2023) for all personal data collected through the PawAddress platform ("we", "us", "Company").
For privacy-related requests and concerns: privacy@pawaddress.in
1. Personal Data We Collect
| Category | Data Points | Collected From |
| Identity | Name, date of birth | Registration form |
| Contact | Email, phone number, address, pincode | Registration & booking forms |
| KYC (Providers only) | Aadhaar (last 4 digits), PAN, selfie photograph, business registration number | Provider onboarding |
| Pet Data | Pet name, breed, age, type, medical notes, vaccination records, photo | Pet parent profile |
| Financial (Providers only) | Bank account name, account number, IFSC code | Provider settings (payouts) |
| Booking Data | Service selected, dates, special instructions, check-in/out timestamps | Booking flow |
| Location | Pincode, city (from search). GPS coordinates on booking status transitions (silent, not stored beyond session for walking/grooming) | Search & booking |
| Usage Data | Pages visited, search queries, device type, browser type, IP address | Automatic (server logs) |
| Communications | Support messages, review content, WhatsApp/SMS message logs | User-generated |
What we do NOT collect: We do not store full card numbers, CVVs, or UPI PINs — all payment credentials are handled exclusively by Razorpay. We do not use advertising or analytics cookies. We do not track your location continuously.
2. Legal Basis for Processing
| Legal Basis (DPDPA 2023) | When We Rely on It |
| Consent | Marketing communications (email/WhatsApp), optional photo uploads |
| Contract Performance | Account creation, booking processing, payouts, KYC verification |
| Legal Obligation | GST compliance, TDS deduction, law enforcement requests, DPDPA obligations |
| Legitimate Interest | Fraud prevention, platform security, dispute resolution, product improvement |
3. How We Use Your Personal Data
- To create and manage your account on PawAddress.
- To process bookings, payments, and Provider payouts.
- To verify Provider identity and credentials (KYC).
- To display your profile, photos, and reviews to relevant users of the Platform.
- To send transactional communications: booking confirmations, receipts, reminders, and status updates via email (Resend) and WhatsApp/SMS (MSG91).
- To send marketing communications — only where you have given explicit consent. Consent may be withdrawn at any time.
- To comply with legal obligations including GST, TDS deduction, and responses to valid law enforcement requests.
- To detect and prevent fraud, abuse, and violations of our Terms & Conditions.
- To improve the Platform through anonymised, aggregated usage analysis.
- To generate booking reminders sent from Provider's account to their clients (Pro feature, requires your consent as a Pet Parent by accepting booking terms).
4. Data Sharing with Third Parties
We share your personal data only as necessary and only with the following categories of third parties:
| Third Party | Data Shared | Purpose |
| Razorpay (Razorpay Software Pvt. Ltd.) | Transaction amount, email, phone, order ID | Payment processing |
| Supabase / AWS ap-south-1 (Mumbai) | All platform data (encrypted at rest) | Database & file storage — data stored in India |
| MSG91 | Phone number, message content | WhatsApp & SMS transactional messages, OTP delivery |
| Resend | Email address, message content | Transactional email delivery |
| Tawk.to | Name, email, support chat transcript | Customer support chat |
| Law Enforcement / Courts | As required by valid court order or applicable law | Legal compliance only |
We do not sell your personal data. We do not share data with advertisers. We do not use third-party advertising networks or tracking pixels.
5. Data Retention
| Data Type | Retention Period | Reason |
| Account data (active) | Duration of account | Service delivery |
| Account data (deleted/deactivated) | Soft-deleted immediately; permanently purged within 90 days | DPDPA 2023 erasure right |
| Transaction & booking records | 7 years from transaction date | GST Act & Income Tax Act requirements |
| KYC documents | 5 years from last transaction | KYC/AML compliance |
| Support communications | 2 years | Dispute resolution |
| Server/access logs | 90 days (rolling) | Security & fraud detection |
| Marketing consent records | Until withdrawal + 1 year | DPDPA 2023 compliance |
Financial and booking records are retained for 7 years even after account deletion to comply with the GST Act, 2017, and Income Tax Act, 1961. This overrides any erasure request for these specific records.
6. Your Rights Under the DPDPA 2023
As a Data Principal under the Digital Personal Data Protection Act, 2023, you have the following rights:
Right to Access
Request a summary of the personal data we hold about you and how it is being processed.
Right to Correction
Request correction of inaccurate or incomplete personal data.
Right to Erasure
Request deletion of your personal data. We will honour this within 30 days, subject to legal retention requirements (e.g., financial records must be retained for 7 years).
Right to Data Portability
Export a copy of your account data and booking history in machine-readable format. Available directly from Account Settings → Export My Data.
Right to Withdraw Consent
Withdraw consent for processing based on consent (marketing, optional features). Withdrawal does not affect the lawfulness of prior processing.
Right to Nominate
Nominate another individual to exercise these rights on your behalf in the event of your death or incapacity.
Right to Grievance Redressal
File a complaint with our Grievance Officer (see Section 9). If unsatisfied with our response, you may approach the Data Protection Board of India once constituted.
To exercise any of these rights, email privacy@pawaddress.in or use the self-service tools in Account Settings. We will acknowledge within 48 hours and fulfil the request within 30 days.
7. Cookies & Tracking
Minimal Cookie Policy
PawAddress uses only one essential cookie: a secure, HttpOnly JWT authentication token (token) that keeps you logged in. This cookie is strictly necessary for platform functionality and cannot be disabled.
We do not use advertising cookies, analytics cookies, tracking pixels, or any third-party cookies. We do not fingerprint your device or cross-site track your activity.
Because we only use essential cookies, no cookie consent banner is required under the DPDPA 2023 or relevant regulations. If this changes, we will update this Policy and introduce appropriate consent mechanisms.
8. Data Security
- All data is encrypted in transit using TLS 1.2+ (HTTPS). Unencrypted HTTP is not accepted.
- Data at rest is encrypted using AES-256 on Supabase (AWS ap-south-1, Mumbai).
- Passwords are hashed using bcrypt with a unique salt — PawAddress cannot read your password.
- KYC documents are stored in encrypted object storage with strict access controls (provider-only access).
- Production database access is restricted to authorised personnel only, with audit logging.
- In the event of a data breach, we will notify affected users and the Data Protection Board of India (once constituted) as required under the DPDPA 2023.
9. International Data Transfers
PawAddress primarily stores all personal data in India on AWS ap-south-1 (Mumbai) via Supabase. Data does not leave India for storage purposes.
Some third-party processors (MSG91, Resend, Tawk.to) may process data outside India as part of their infrastructure. These processors are subject to their own data protection commitments and we have reviewed their compliance posture before onboarding.
Cross-border transfers are made only to countries or processors that maintain adequate data protection standards consistent with the DPDPA 2023. We will update this section as the Government of India notifies permitted countries under the DPDPA framework.
10. Children's Data
PawAddress is intended for adults aged 18 and above. We do not knowingly collect personal data from individuals under 18 years of age. If we become aware that we have collected data from a minor, we will delete it immediately. Contact privacy@pawaddress.in if you believe a minor has created an account.
11. Grievance Officer
In accordance with the Information Technology Act, 2000, the Digital Personal Data Protection Act, 2023, and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, the following Grievance Officer has been designated:
Name: [Grievance Officer Name — to be published]
Designation: Grievance Officer
Company: INTINT (OPC) Pvt. Ltd.
Address: Hyderabad, Telangana, India
Email: grievance@pawaddress.in
Response time: Within 48 hours of receipt; resolution within 30 days
Grievance Officer details will be formally published once designated. In the interim, all grievances may be directed to privacy@pawaddress.in.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email and in-app notification at least 15 days before taking effect. The current version will always be accessible at pawaddress.com/privacy. Continued use of the Platform after the effective date constitutes acceptance of the updated Policy.
Contact & Data Requests
INTINT (OPC) Pvt. Ltd.
Hyderabad, Telangana, India
General: support@pawaddress.in
Privacy requests: privacy@pawaddress.in
Grievances: grievance@pawaddress.in