Privacy Policy

1. Introduction

Whatznot Technology OPC Private Limited ("we", "us", or "our") operates the Service Medium platform ("Platform"). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Services.

By using Service Medium, you consent to the data practices described in this policy. If you do not agree with our practices, please do not use our Services.

2. Company Information

Data Controller: Whatznot Technology OPC Private Limited

CIN: U72900WB2021OPC250021

Platform Name: Service Medium

Registered Office: Chakdaha, Nadia, West Bengal, INDIA 741222

Privacy Contact: legal@servicemedium.com

Jurisdiction: India

3. Information We Collect

3.1 Account Information

When you create an account, we collect:

• Basic Identity: First name, last name, username, email address
• Authentication: Password (encrypted), unique user ID (UUID)
• Contact Information: Phone number (validated and unique)
• Personal Details: Date of birth, gender (male/female/other/prefer not to say)
• Profile: Profile image, custom profile image indicator

3.2 Location Information

We collect location data to provide localized services:

• Address Details: Formatted address, city, state, postal code
• Geographic Coordinates: Latitude and longitude (via Google Maps)
• Country Information: Country name and country code
• Place Identifiers: Google Maps Place ID
• Verification Status: Location verification flag

3.3 KYC Verification Data

For security and compliance, we collect:

• Identity Documents: Passport, driver's license, or national ID
• KYC Status: Verification status (pending/verified/rejected)
• Document Type: Type of ID document provided
• Submission Information: Submission timestamp, verification timestamp
• Review Details: Reviewer information, rejection reasons (if applicable)

3.4 Financial Information

We process financial data for payments:

• Wallet Information: Balance in multiple currencies (INR, USD, EUR, GBP, AUD, CAD)
• Payment Account Details: Razorpay account information
• Transaction Records: Payment history, escrow transactions, withdrawals
• Ledger Entries: Comprehensive transaction logging
• Currency Conversions: Exchange rate records
• Platform Revenue: Fee calculations and deductions

3.5 Social Authentication

If you connect social accounts, we collect:

• Google: Google ID and associated profile information
• Facebook: Facebook ID and associated profile information
• Apple: Apple ID and associated profile information

3.6 Platform Activity

We automatically collect usage information:

• Account Activity: Login history, last seen timestamp
• Services & Projects: Service listings, project bids, bookings
• Communication: Messages between users, notifications
• Reviews & Ratings: Feedback given and received
• Disputes: Dispute filings and resolutions
• Portfolio: Work samples and portfolios
• Work Submissions: Files and attachments uploaded

3.7 Technical Information

We collect technical data for security and functionality:

• Device Information: Browser type, operating system, device type
• IP Address: For security and geographic location
• Cookies: Session cookies for authentication and preferences
• Usage Data: Pages viewed, features used, time spent
• Error Logs: Technical errors and diagnostics

3.8 Preferences & Settings

We store your preferences:

• Currency Preference: Preferred currency for transactions
• Profile Visibility: Public or private profile setting
• Email Verification: Email verification status
• Notification Settings: Communication preferences

4. How We Use Your Information

We use your data for the following purposes:

4.1 Service Provision

• Creating and managing your account
• Processing transactions and payments
• Facilitating communication between users
• Managing projects, milestones, and deliverables
• Providing customer support

4.2 Security & Verification

• Verifying user identity through KYC
• Preventing fraud and unauthorized access
• Detecting and investigating suspicious activity
• Enforcing our Terms of Service
• Protecting user safety and rights

4.3 Payment Processing

• Processing payments via Razorpay and PayPal
• Managing escrow accounts
• Calculating and deducting platform fees
• Processing withdrawal requests
• Currency conversion and multi-currency support

4.4 Platform Improvement

• Analyzing usage patterns and trends
• Improving platform features and functionality
• Personalizing user experience
• Developing new services
• Conducting research and analytics

4.5 Communication

• Sending transactional notifications (order updates, payment confirmations)
• Platform announcements and updates
• Customer support responses
• Marketing communications (with your consent)
• Legal notices and policy updates

4.6 Legal Compliance

• Complying with legal obligations
• Responding to legal requests
• Protecting legal rights
• Resolving disputes
• Enforcing agreements

5. Cookies and Tracking

We use cookies and similar technologies to provide and improve our Services:

5.1 Essential Cookies

• Session Cookies: Maintain your login session (SESSION_COOKIE_SECURE enabled)
• Authentication: Verify your identity and prevent unauthorized access
• Security: Protect against CSRF attacks and security threats

5.2 Functional Cookies

• Remember your preferences (language, currency)
• Store your consent choices
• Enable platform features

5.3 Cookie Management

You can control cookies through your browser settings. Note that blocking essential cookies may prevent platform functionality.

6. Third-Party Services

We share data with trusted third-party services:

6.1 Payment Processors

• Razorpay: Processes Indian payments (INR). Subject to Razorpay's privacy policy.
• PayPal: Processes international payments. Subject to PayPal's privacy policy.

6.2 Location Services

• Google Maps API: Provides address autocomplete and geolocation. Subject to Google's privacy policy.

6.3 Social Authentication

• Google OAuth: For Google sign-in
• Facebook Login: For Facebook sign-in
• Apple Sign-In: For Apple ID authentication

6.4 Cloud Services

• File storage for uploaded documents and images
• Database hosting and backup services

7. Data Sharing and Disclosure

7.1 Between Users

We share necessary information between Buyers and Sellers to facilitate transactions:

• Profile information (name, profile picture)
• Contact information (when a project is accepted)
• Project details and communication
• Reviews and ratings

7.2 Legal Requirements

We may disclose information when required by law:

• Court orders or legal processes
• Law enforcement requests
• Protection of rights and safety
• Prevention of fraud or illegal activity

7.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new entity.

7.4 Aggregated Data

We may share anonymized, aggregated data for research, analytics, or marketing purposes.

8. Data Security

We implement security measures to protect your data:

• Encryption: Passwords are hashed, connections use HTTPS
• Secure Storage: Data stored in secure cloud infrastructure
• Access Controls: Limited employee access to personal data
• Secure Cookies: SESSION_COOKIE_SECURE flag enabled
• Regular Audits: Security reviews and vulnerability assessments
• KYC Protection: Identity documents stored with enhanced security

While we take reasonable precautions, no security system is completely secure. You are responsible for maintaining the confidentiality of your account credentials.

9. Data Retention

We retain your data for different periods based on type:

9.1 Active Accounts

• Account information retained while account is active
• Transaction history retained for 7 years (legal requirement)
• Communication records retained for dispute resolution

9.2 Closed Accounts

• Personal data deleted within 90 days of account closure
• Financial records retained for 7 years for tax compliance
• KYC documents retained as required by law
• Aggregated data may be retained indefinitely

9.3 Legal Holds

Data subject to legal proceedings or investigations will be retained until the matter is resolved.

10. Your Rights

You have the following rights regarding your personal data:

10.1 Access

Request a copy of your personal data we hold.

10.2 Correction

Update or correct inaccurate information through your account settings.

10.3 Deletion

Request deletion of your account and associated data (subject to legal retention requirements).

10.4 Data Portability

Request your data in a structured, machine-readable format.

10.5 Object to Processing

Object to certain uses of your data, such as marketing communications.

10.6 Withdraw Consent

Withdraw consent for optional data processing at any time.

10.7 Exercising Your Rights

To exercise these rights, contact us at legal@servicemedium.com. We will respond within 30 days.

11. Children's Privacy

Service Medium is not intended for users under 18 years of age. We do not knowingly collect information from children. If we discover that we have collected data from a child, we will delete it immediately.

12. International Data Transfers

Service Medium operates in India. If you access our Services from outside India, your data may be transferred to and processed in India. By using our Services, you consent to such transfers.

For users in the European Union, we implement appropriate safeguards for data transfers in accordance with GDPR requirements.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or platform notification. The "Last Updated" date at the top indicates when changes were made. Continued use after changes constitutes acceptance.

14. Contact Us

For privacy-related questions or to exercise your rights, contact us: