Privacy Policy

Last updated: 1 March 2026 · DPDP Act 2023 Compliant

DPDP Notice: This policy is drafted in compliance with the Digital Personal Data Protection Act, 2023 (India). You have the right to access, correct, and erase your personal data at any time.

1. Information We Collect

a) Personal Data (with consent)

  • Mobile phone number (required for OTP login)
  • Full name and email address (optional, for profile)
  • City and area preference
  • Device token for push notifications (if you opt in)

b) Merchant Data

  • Business name, address, category, and description
  • GST number (for business verification)
  • Logo and offer images
  • Business geolocation (latitude/longitude)

c) Usage Data (automatically collected)

  • Offer impressions, clicks, saves, and shares (anonymised or linked to session)
  • Device type (Android / iOS / Web)
  • IP address hash (not the raw IP)
  • Redemption location (GPS coordinates, only at verification time)

2. How We Use Your Data

  • To authenticate you via OTP and maintain your session.
  • To display city-scoped, personalised deal feeds.
  • To generate analytics dashboards for merchants (aggregated, not individual).
  • To prevent fraud (duplicate accounts, code abuse).
  • To send push notifications only if you opt in.
  • To improve our ranking algorithm and platform quality.

3. Data Sharing

We do not sell your personal data. We share data only in these cases:

  • Merchants — receive anonymised/aggregated analytics for their offers (not your identity).
  • Payment processors — Razorpay receives payment info for merchant subscriptions. We do not store card details.
  • Legal requests — we comply with valid legal orders from Indian authorities.

4. Your Rights (under DPDP Act 2023)

Right to Access

Request a copy of all personal data we hold about you.

Right to Correction

Update or correct inaccurate personal information.

Right to Erasure

Request deletion of your account and associated data.

Right to Withdraw Consent

Revoke consent for push notifications or marketing at any time.

Right to Grievance Redressal

File a complaint with our Data Protection Officer.

Right to Nominate

Nominate someone to exercise your data rights in case of incapacity.

5. Data Retention

  • Account data is retained as long as your account is active.
  • Analytics events are aggregated daily and raw events purged after 90 days.
  • Expired redemption codes are retained for 12 months for audit purposes.
  • Upon account deletion, personal data is erased within 30 days.

6. Data Security

We implement industry-standard security measures including encrypted connections (TLS), hashed IP addresses, JWT token rotation with blacklisting, and rate limiting (100 req/hr anonymous, 1000 req/hr authenticated). Passwords are hashed using Django's PBKDF2 algorithm.

7. Cookies & Local Storage

We use browser localStorage (not cookies) to persist your authentication tokens and city selection. No third-party tracking cookies are used. Analytics events are tracked server-side, not via client-side tracking pixels.

8. Children's Privacy

The Platform is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If we become aware of such data, it will be deleted promptly.

9. Changes to This Policy

We will notify you of material changes via email or in-app notification at least 14 days before they take effect. Your continued use constitutes acceptance.

10. Data Protection Officer

Data Protection Officer

MyDealsInCity Pvt. Ltd.

Email: dpo@mydealsincity.com

Address: Bangalore, Karnataka, India

For any privacy-related queries, please contact us.