1. Data Controller
[Entity Name] ("Zoop") is the data controller for personal information collected through this platform. Our registered address is [Address], India.
2. What Data We Collect
2.1 Data You Provide
- Mobile number (used for OTP authentication and communication)
- Name, address, and government-issued ID (Aadhaar/PAN) for KYC and payment
- Bank account details for sale proceeds disbursement
- Vehicle registration number and details
- Selling intent, urgency, and preferences (user profiling questionnaire)
2.2 Data We Collect Automatically
- Device type, browser, and IP address
- Pages visited and time spent on the platform
- Journey step completion and drop-off points (for product improvement)
2.3 Data from Third Parties
- Vehicle RC data retrieved from KYCFi (via government Parivahan database)
- OTP delivery confirmations from MTalkz (our SMS gateway)
3. How We Use Your Data
- To verify your identity and vehicle ownership
- To match your vehicle with dealers in our network and facilitate an auction
- To communicate with you about your listing, inspection, and offer via SMS or WhatsApp
- To process payment to your bank account after a successful sale
- To fulfil KYC and GST obligations under Indian law
- To improve our platform based on aggregated, anonymised usage patterns
4. Data Sharing
We do not sell your personal data. We share data only with:
- Verified dealers — vehicle details and inspection reports (not your personal contact information) to facilitate auction bids.
- Payment partners — bank account details for disbursement processing.
- Technology providers — Firebase (Google), KYCFi, MTalkz, Vercel — each subject to data processing agreements.
- Law enforcement — where required by a lawful order under Indian law.
5. Data Retention
We retain your personal data for as long as necessary to fulfil the purposes above. For completed transactions, records are retained for 7 years as required under Indian tax and accounting law. Vehicle lookup cache data is retained for 90 days to reduce third-party API costs. You may request deletion of non-mandatory data by contacting us.
6. Your Rights (DPDP Act 2023)
Under India's Digital Personal Data Protection Act 2023, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Erase data where we no longer have a lawful basis to hold it
- Nominate a representative to exercise these rights on your behalf
- Withdraw consent for data processing (where consent was the lawful basis)
To exercise these rights, email privacy@sellwithzoop.com. We will respond within 30 days.
7. Security
We implement industry-standard security measures including HTTPS encryption, OTP-based authentication, server-side session management, and access controls on our Firestore database. No system is 100% secure; if you discover a vulnerability, please disclose it responsibly to our team.
8. Cookies
We use a single session cookie (zoop_session) strictly for authentication purposes. We do not use advertising or tracking cookies.
9. Changes to This Policy
We may update this policy to reflect changes in our practices or applicable law. We will notify you of material changes via SMS before they take effect.
10. Contact and Grievance Officer
Our Grievance Officer for data-related matters is [Name], reachable at privacy@sellwithzoop.com or by post at [Address]. Complaints may also be directed to the Data Protection Board of India once constituted.