Privacy Policy
Last updated: 1 March 2026 · DPDP Act 2023 Compliant
1. Information We Collect
a) Personal Data (with consent)
- Mobile phone number (required for OTP login)
- Full name and email address (optional, for profile)
- City and area preference
- Device token for push notifications (if you opt in)
b) Merchant Data
- Business name, address, category, and description
- GST number (for business verification)
- Logo and offer images
- Business geolocation (latitude/longitude)
c) Usage Data (automatically collected)
- Offer impressions, clicks, saves, and shares (anonymised or linked to session)
- Device type (Android / iOS / Web)
- IP address hash (not the raw IP)
- Redemption location (GPS coordinates, only at verification time)
2. How We Use Your Data
- To authenticate you via OTP and maintain your session.
- To display city-scoped, personalised deal feeds.
- To generate analytics dashboards for merchants (aggregated, not individual).
- To prevent fraud (duplicate accounts, code abuse).
- To send push notifications only if you opt in.
- To improve our ranking algorithm and platform quality.
3. Data Sharing
We do not sell your personal data. We share data only in these cases:
- Merchants — receive anonymised/aggregated analytics for their offers (not your identity).
- Payment processors — Razorpay receives payment info for merchant subscriptions. We do not store card details.
- Legal requests — we comply with valid legal orders from Indian authorities.
4. Your Rights (under DPDP Act 2023)
Right to Access
Request a copy of all personal data we hold about you.
Right to Correction
Update or correct inaccurate personal information.
Right to Erasure
Request deletion of your account and associated data.
Right to Withdraw Consent
Revoke consent for push notifications or marketing at any time.
Right to Grievance Redressal
File a complaint with our Data Protection Officer.
Right to Nominate
Nominate someone to exercise your data rights in case of incapacity.
5. Data Retention
- Account data is retained as long as your account is active.
- Analytics events are aggregated daily and raw events purged after 90 days.
- Expired redemption codes are retained for 12 months for audit purposes.
- Upon account deletion, personal data is erased within 30 days.
6. Data Security
We implement industry-standard security measures including encrypted connections (TLS), hashed IP addresses, JWT token rotation with blacklisting, and rate limiting (100 req/hr anonymous, 1000 req/hr authenticated). Passwords are hashed using Django's PBKDF2 algorithm.
7. Cookies & Local Storage
We use browser localStorage (not cookies) to persist your authentication tokens and city selection. No third-party tracking cookies are used. Analytics events are tracked server-side, not via client-side tracking pixels.
8. Children's Privacy
The Platform is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If we become aware of such data, it will be deleted promptly.
9. Changes to This Policy
We will notify you of material changes via email or in-app notification at least 14 days before they take effect. Your continued use constitutes acceptance.
10. Data Protection Officer
Data Protection Officer
MyDealsInCity Pvt. Ltd.
Email: dpo@mydealsincity.com
Address: Bangalore, Karnataka, India
For any privacy-related queries, please contact us.