Legal

Privacy Policy

Effective Date: 1 April 2026  ·  Last Updated: 29 April 2026

Kapizox Solutions ("Kapizox", "we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use the Kapizox mobile application and website (collectively, the "Platform"). Your privacy matters to us.

1. Data Fiduciary & Applicability

Kapizox Solutions is the Data Fiduciary as defined under the Digital Personal Data Protection Act, 2023 ("DPDPA"). You, as the user, are the Data Principal. This Privacy Policy is governed by the DPDPA 2023, the Information Technology Act, 2000, the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), and all other applicable Indian data protection laws.

Language Accessibility: This notice is available in English and can be provided in Telugu or any other language specified in the Eighth Schedule to the Constitution of India upon request to [email protected].

2. Information We Collect

We collect information you provide directly to us when you register, create a profile, or use our services:

• Account Information — Full name, email address, and account role (Client or Creator). Mobile phone number, WhatsApp number, and city/location are optional — collected only if you choose to provide them. When requesting a booking, we may also collect the phone number entered on the booking screen to connect you with the lead and support the booking process.
• Guest Browsing — You may browse creator profiles without creating an account. In this mode, no personal account information is collected. We may still collect Usage Data and Device & Technical Information (described below) to maintain platform stability and prevent abuse
• Creator Profile Data — Professional bio, service categories, portfolio photos and videos, service packages and pricing, service areas, social media profile links (Instagram, YouTube), and personal website URL
• Booking & Transaction Data — Details of booking requests made or received, including event date, time, location, event type, selected package, payment status, total amounts, and internal notes. When you request a booking, we collect the contact information (such as phone number) provided on the booking screen to facilitate communication between you and the service provider and to process and manage your booking. This information is only shared with the relevant service provider for the purpose of fulfilling your booking.
• Sensitive Personal Data — UPI ID if provided voluntarily. Payment card details are processed exclusively by our RBI-authorised payment aggregator partner — Kapizox does not collect or store this information
• Usage Data — Screens visited, features used, search queries, session duration, and error logs — collected for diagnostics and service improvement
• Device & Technical Information — Device type, operating system version, unique device identifiers, app version, and IP address
• Communications — Messages, support requests, feedback, and grievance submissions sent to Kapizox

3. Purpose & Legal Basis for Processing

In accordance with Section 4 of the DPDPA 2023, we process your personal data only for the following specified, lawful purposes for which you have provided consent:

• Platform Operations — Matching Clients with Creators, processing bookings, facilitating payments, and sending booking-related communications
• Account Management — Creating and managing your profile, verifying your identity, and maintaining account security
• Communications — Sending booking confirmations, status updates, support responses, and critical service notifications
• Service Improvement — Analysing usage patterns (in anonymised, aggregated form) to fix bugs and improve features
• Safety & Fraud Prevention — Detecting suspicious or fraudulent activity and enforcing our Terms of Service
• Marketing & Promotions (with separate consent) — Sending promotional offers or creator spotlights — only where you have separately consented. You may withdraw this consent through Notification Settings in the App
• Legal Compliance — Retaining and disclosing data where required by applicable law, court order, or lawful government authority

4. Data Storage & Security

Your data is stored on Supabase-hosted PostgreSQL databases with Row-Level Security (RLS) enabled, ensuring each user can only access data they are explicitly permitted to access. Passwords are hashed using bcrypt with salt and are never stored in plain text.

Portfolio photos and media are stored on Cloudinary's content delivery network with access control restrictions. All data transmission between the App and our servers uses Transport Layer Security (TLS 1.2 or higher) encryption.

We implement reasonable security practices as required under Rule 8 of the SPDI Rules, 2011 and Section 8(4) of the DPDPA 2023. Access to production systems is restricted to authorised Kapizox personnel with role-based access controls and audit logging.

5. Cross-Border Data Transfer

Some of your personal data is processed and stored outside India through our third-party infrastructure providers:

• Supabase Inc. (United States) — database hosting and authentication services
• Cloudinary Ltd. (United States) — media storage and image delivery
• Expo (United States) — push notification infrastructure
• Payment aggregator partner (India) — payment processing and storage within India in compliance with RBI guidelines

By using the Kapizox platform, you explicitly consent to these transfers for the purposes described in this policy. Kapizox ensures that all third-party providers maintain adequate data protection standards consistent with applicable Indian law and the DPDPA 2023.

6. Sharing Your Information

We do not sell, rent, or trade your personal data to any third party for commercial purposes. We do not share your personal data with advertisers or advertising networks. We may share your information in the following circumstances:

• With other users — Your public Creator profile is visible to all users including guests browsing without an account. If you have provided a phone number or WhatsApp number, these are shared with the counterparty only after a booking is confirmed and solely for the purpose of facilitating that booking
• With service providers — Minimum necessary data with Supabase, Cloudinary, our payment aggregator partner, and Expo — solely to enable their services
• For legal reasons — Where required by law, court order, or to protect the rights and safety of Kapizox, users, or the public
• Business transfers — If Kapizox is acquired or merges with another company, your information may be transferred subject to the same privacy obligations

7. Cookies & Session Tokens

The Kapizox mobile App does not use browser cookies. We use secure, encrypted session tokens stored locally on your device using AsyncStorage to keep you authenticated. We may use anonymised, aggregated analytics data to understand overall usage patterns — no personally identifiable information is shared with third parties in analytics data.

8. Your Rights as Data Principal (DPDPA 2023)

Under the Digital Personal Data Protection Act, 2023, you have the following rights as a Data Principal:

• Right to Access — Request a summary of your personal data processed by Kapizox and the purposes for which it has been processed
• Right to Correction & Erasure — Request correction of inaccurate data, or erasure of data no longer necessary for the purpose it was collected. Email [email protected]
• Right to Withdraw Consent — Withdraw consent for any specific processing purpose at any time. Note: withdrawal of consent for core platform operations will require account deletion
• Right to Grievance Redressal — Contact our Grievance Officer at [email protected]. Acknowledgement within 24 hours, resolution within 15 days
• Right to Nominate — Nominate another individual to exercise your data rights in the event of your death or incapacity. Contact [email protected]
• Data Portability — Request a copy of your personal data in a structured, machine-readable format

Ease of Consent Withdrawal: In accordance with the DPDP Rules 2025, withdrawing your consent is as seamless as providing it. You may withdraw consent through the Privacy Settings section in the Kapizox App, without having to contact us.

To exercise any rights, email [email protected] with subject line "Data Principal Rights Request — [Your Name]". We may verify your identity before processing the request.

9. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law.

• Account data is retained while your account is active. Upon deletion, personal data is removed from active systems within 30 days
• Financial and transaction records are retained for a minimum of 7 years as required under the Companies Act, 2013 and applicable GST and income tax laws
• Backup data may be retained in secure offline storage for up to 90 days following deletion before permanent destruction
• Anonymised, aggregated data that cannot identify any individual may be retained indefinitely for analytics

10. Data Breach Notification

11. Children's Privacy

Kapizox is not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. Under the DPDPA 2023, processing of personal data of children requires verifiable parental consent — Kapizox does not permit minor registration.

If we discover that an account has been created by a minor, we will immediately delete the account and all associated personal data. If you believe a minor has registered, notify us at [email protected].

Regional Compliance: In compliance with regional safety guidelines applicable in Telangana and Andhra Pradesh, Kapizox may implement additional age-verification steps for users in these states.

12. Prohibition on Off-Platform Contact Sharing

To protect the integrity of the Kapizox marketplace, Creators are strictly prohibited from sharing personal contact information in any user-generated content on the Platform, including profile bio, taglines, portfolio descriptions, and service package names.

This prohibition covers all forms of contact information: phone numbers (in any format), email addresses, WhatsApp links, Instagram handles, Telegram usernames, and any mechanism enabling direct communication outside the Kapizox platform. Disguised or indirect sharing (spelling out numbers in words, using special characters, etc.) is equally prohibited.

Enforcement: First violation — formal warning and content removal. Second violation — warning and potential account suspension. Third violation or severe cases — permanent account termination without refund. To report a violation, contact [email protected].

13. User-Uploaded Content & Copyright Responsibility

Any content you upload to Kapizox — including portfolio photographs, videos, reels, and profile images — is uploaded voluntarily by you using your own credentials. By uploading content, you represent and warrant that: (a) you are the original creator or lawful owner; (b) the content does not infringe any third-party intellectual property rights; (c) the content does not violate any applicable law.

Kapizox is an intermediary under Section 2(1)(w) of the IT Act, 2000, and does not verify, curate, or take ownership of User Content. You, as the Creator, are solely and exclusively responsible for all content uploaded to your profile.

If a third party notifies Kapizox of a copyright infringement relating to your content, Kapizox reserves the right to remove the content immediately without prior notice and, if required by law, disclose your account information to the rightful claimant. To report infringing content, email [email protected] with subject line "Copyright Infringement Notice".

14. Third-Party Links

Creator profiles may contain links to external platforms including Instagram, YouTube, and personal websites. Kapizox is not responsible for the privacy practices, content, or security of any third-party platforms. Accessing these links is at your own risk.

15. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our data practices, applicable law, or platform functionality. We will notify you of material changes via in-app notification or email at least 7 days before they take effect. For significant changes that alter the scope of data collected or the purposes of processing, we will seek fresh consent where required under the DPDPA 2023.

16. Grievance Officer & Contact

In accordance with Rule 3(1)(c) of the IT Rules 2021 and the DPDPA 2023, Kapizox has designated a Grievance Officer for privacy and data protection matters: