Privacy Policy
Your privacy and data protection rights under Indian law
upSosh Technologies ("Company", "we", "our", "us") operates the upSosh mobile application, website, platform, and services ("Platform"). This Privacy Policy explains how we collect, use, store, share, and protect your personal data.
By creating an account, submitting information, purchasing tickets, hosting events, or using any part of the Platform, you ("User", "Attendee", "Host", "Organizer") agree to this Privacy Policy.
1. Scope & Legal Compliance
This Privacy Policy is drafted to comply fully with:
Indian Laws
- • Digital Personal Data Protection Act (DPDP Act), 2023
- • Information Technology Act, 2000
- • IT (Reasonable Security Practices and SPDI Rules), 2011
- • Consumer Protection Act, 2019
- • CERT-In Cybersecurity Directions (2022)
2. Types of Personal Data We Collect
We collect personal and sensitive personal data as defined under Indian law:
2.1 Personal Data You Provide
- • Name
- • Phone number
- • Email address
- • Date of birth / Age
- • Gender (optional)
- • Profile photo (optional)
- • Event interests or preferences
- • Location (if you enable it)
- • Host identity verification documents (KYC-type)
2.2 Sensitive Personal Data (SPDI)
Collected only when necessary:
- • Payment information
- • UPI IDs
- • Transaction IDs
- • Financial metadata from payment gateways
Important: We do NOT store your card numbers or bank credentials — payment processors handle them.
2.3 Automatically Collected Data
- • Device information
- • IP address
- • Browsing behavior
- • Location (if enabled)
- • App interaction logs
- • Error/crash reports
- • Time spent on screens
- • Chat metadata (NOT message content unless flagged)
2.4 Data from Third Parties
- • Payment confirmation from gateways
- • OTP verification services
- • Host interactions
- • Fraud-prevention partners
3. Purpose of Data Collection
We use your information for:
3.1 Service Delivery (Contractual Necessity)
- • Creating accounts
- • Ticket booking & checkout
- • Sending event confirmations
- • Event hosting & listing
- • Customer support
- • Resolving disputes
3.2 Legal Compliance
- • DPDP Act obligations
- • Tax & financial records
- • KYC verification (for hosts)
- • Government/law enforcement requests
3.3 Platform Safety & Fraud Prevention
- • Detecting suspicious activity
- • Preventing duplicate tickets
- • Securing accounts
- • Verifying host legitimacy
3.4 Communication
- • Booking emails/SMS
- • Important service updates
- • Security alerts
- • Event reminders
3.5 Consent-based Processing
Used only if you give consent:
- • Marketing communications
- • Personalized recommendations
- • Optional surveys
You can withdraw consent anytime.
4. Legal Basis for Processing Personal Data
As required under the DPDP Act, upSosh processes data under:
Consent
Explicit opt-in for marketing
Contractual Necessity
Ticketing services
Legal Obligation
Compliance with authorities
Legitimate Interest
Fraud detection & safety
5. Data Sharing & Disclosure
We NEVER sell your personal data.
We share data only with:
5.1 Third-Party Service Providers
- • Payment gateways
- • SMS/OTP providers
- • Hosting/cloud infrastructure
- • Analytics tools
- • Customer support tools
- • Identity verification partners
All vendors follow strict confidentiality and Indian data-protection laws.
5.2 Event Hosts
We share MINIMUM necessary info:
- • Name
- • Booking ID
- • Number of attendees
Hosts cannot market to you unless you consent.
5.3 Government & Law Enforcement
We disclose data:
- • If required by law
- • To prevent fraud or harm
- • During cyber incidents
- • When responding to legal summons
6. Storage & Retention
We store data on secure servers that use:
Encryption
Firewall Protection
Access Controls
Backup Redundancy
Secure Coding Practices
6.1 Data Retention
We retain data:
- • As long as your account is active
- • As required under tax & legal obligations
- • For 180 days for logs (CERT-In mandatory rule)
- • As long as necessary for dispute resolution
After this, data is securely deleted or anonymized.
7. Data Security Measures
As required by the IT Act, SPDI Rules, and CERT-In:
Encryption
Data at rest & in transit
Secure Infrastructure
Protected server environment
Security Audits
Regular vulnerability assessments
Access Restrictions
Limited employee access
Breach Response
Incident response procedures
Mandatory Reporting
Security incidents within 6 hours
8. Children's Data (DPDP Act Compliance)
- • Users under 16 should not use the Platform.
- • Users under 18 cannot access age-restricted events.
- • We do not track, profile, or target children.
- • Parental consent may be required for minors.
If we discover a minor using the service without consent, we will delete their data.
9. User Rights (DPDP Act, 2023)
You have the legal right to:
Access your personal data
Correct inaccurate or outdated data
Delete your personal data
Withdraw consent at any time
File a grievance with our Grievance Officer
Receive communication in clear language
Get information on data sharing
Requests will be responded to within 15 days.
10. Cross-Border Data Transfers
Some services (hosting/backup/analytics) may store data outside India.
upSosh ensures:
- • Contractual safeguards
- • Secure transfer mechanisms
- • Compliance with the DPDP Act
11. Cookies (For Website Users)
We use:
- • Essential cookies
- • Analytics cookies
- • Crash tracking cookies
You may disable cookies, but some features may not work.
12. Third-Party Links
upSosh is not responsible for:
- • Privacy policies of external websites
- • Accuracy of third-party content
You must review those policies separately.
13. Updates to This Policy
We may modify this Privacy Policy at any time.
If changes are significant, we will notify you via:
- • App notification
- • Website notice
Continued use = acceptance.
14. Grievance Officer (Mandatory Under DPDP Act)
As required by law:
Grievance Officer: [Full Name]
Email: grievance@upsosh.app
Phone: +91 8076524225
Address: [Insert Business Address]
We aim to resolve all complaints within 15 days.