Privacy Policy
Last updated: February 27, 2025
1. Information We Collect
Account Information
- Mobile number — required for OTP-based authentication.
- Name and email — provided during profile setup.
- Government ID — optionally uploaded for seller trust verification. Stored securely and never shared with other users.
Listing & Transaction Data
- Device details (brand, model, IMEI, storage, condition, photos).
- Order history, transaction amounts, and payment method metadata.
- Communication between buyers and sellers via in-app chat.
Automatically Collected Data
- Device type, browser, operating system, and screen resolution.
- IP address and approximate location (city-level).
- Pages visited, time spent, and interaction patterns.
- Cookies and similar tracking technologies (see our Cookie Policy).
2. How We Use Your Data
To verify your identity via OTP and maintain secure sessions.
To facilitate listings, payments, verification, and delivery.
To calculate trust scores, detect fraud, and prevent scams.
To send order updates, delivery notifications, and support responses.
To understand platform usage and improve user experience.
To meet regulatory requirements and resolve disputes.
3. Data Sharing
We do not sell your personal data to third parties. We share data only in these limited scenarios:
- Payment processing — Razorpay receives necessary payment details to process transactions securely.
- Delivery partners — Name and address are shared with courier services for order delivery.
- Verification agents — Agents receive seller address and device details for in-person verification only.
- Legal requirements — If required by law, court order, or government authority.
4. Data Security
- All data is transmitted over HTTPS with TLS 1.3 encryption.
- Passwords are never stored — we use OTP-based authentication with JWT sessions.
- Government IDs are encrypted at rest and accessible only to authorised admin staff.
- Payment data is handled by Razorpay's PCI-DSS compliant infrastructure — we never store card details.
- Database access is restricted with role-based policies.
5. Data Retention
- Account data — retained for the lifetime of your account plus 6 months after deletion.
- Transaction records — retained for 7 years for tax and legal compliance.
- Chat messages — retained for 1 year after the transaction is completed.
- Verification photos — retained for 1 year for dispute resolution purposes.
- Cookies — see our Cookie Policy for specific durations.
6. Your Rights
You have the right to:
- Access — Request a copy of all personal data we hold about you.
- Correction — Update or correct inaccurate information in your profile.
- Deletion — Request deletion of your account and associated data (subject to legal retention requirements).
- Withdrawal of Consent — Opt out of marketing communications at any time.
- Portability — Request your data in a machine-readable format.
To exercise any of these rights, contact us at support@handovr.in.
7. Third-Party Services
We use the following third-party services:
- Supabase — Database and authentication infrastructure.
- Razorpay — Payment processing.
- Vercel — Application hosting.
Each of these services has its own privacy policy. We encourage you to review them.
8. Children's Privacy
Handovr is not intended for users under 18 years of age. We do not knowingly collect data from minors. If we become aware that a minor has provided personal data, we will delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated via email or platform notification. The "Last updated" date at the top reflects the most recent revision.
10. Contact
For privacy-related inquiries:
- Email: support@handovr.in
- WhatsApp: +91 95600 90624