Back to Home

Privacy Policy

Last updated: May 2026

DropService Digital Services ("we", "us", or "our") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and your rights — in compliance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023 (India).

1. Information We Collect

We collect the following categories of personal data:

a) Identity & Contact Information

  • Full legal name (as per Aadhaar card)
  • Email address and mobile number
  • Instagram handle (optional, for marketing purposes)
  • Profile photograph (if uploaded)

b) Financial & Transaction Data

  • Payment transaction IDs and amounts
  • Wallet balance and transaction history
  • Commission and referral earnings records
  • Order history and service purchase records

Note: We do not store full card numbers, CVV codes, or bank account credentials. All sensitive payment data is processed and stored by Cashfree Payments.

c) KYC & Verification Data

  • Government-issued ID details (Aadhaar, PAN) — collected only when required for compliance or high-value transactions
  • KYC verification status

d) Technical & Usage Data

  • IP address, browser type, and device information
  • Pages visited, features used, and time spent on the Platform
  • Login timestamps and session data
  • Referral codes used and affiliate link clicks

2. How We Use Your Information

We use your personal data for the following purposes:

  • Account Management: Creating and maintaining your agent account, verifying your identity, and providing access to the Platform.
  • Payment Processing: Facilitating wallet top-ups, order payments, and commission credits via Cashfree Payments.
  • Order Fulfilment: Processing your service orders and communicating order status updates.
  • Affiliate Programme: Tracking referrals, calculating commissions, and crediting earnings to your wallet.
  • Communications: Sending transactional emails (order confirmations, payment receipts, password resets), platform announcements, and support responses.
  • Fraud Prevention & Compliance: Detecting and preventing fraudulent activity, money laundering, and other prohibited conduct; complying with applicable Indian laws and RBI guidelines.
  • Platform Improvement: Analysing usage patterns to improve features, fix bugs, and enhance user experience.
  • Legal Obligations: Retaining records as required by Indian tax law (GST), the DPDP Act, and other applicable regulations.

3. Legal Basis for Processing

We process your personal data on the following legal bases under the DPDP Act, 2023:

  • Consent: You provide explicit consent during registration by accepting these Terms and our Privacy Policy.
  • Contractual Necessity: Processing required to fulfil our service agreement with you (account management, order processing, payments).
  • Legal Obligation: Processing required to comply with Indian laws (GST filings, KYC requirements, RBI guidelines).
  • Legitimate Interests: Fraud prevention, platform security, and improving our services.

4. Payment Data & Third-Party Processors

All payment transactions are processed by Cashfree Payments (Cashfree Payments India Pvt. Ltd.), a PCI-DSS compliant payment aggregator authorised by the Reserve Bank of India. When you make a payment:

  • You are redirected to or interact with Cashfree's secure payment interface.
  • Cashfree collects and processes your card/UPI/net banking details directly.
  • We receive only a transaction reference ID and payment status — never your full card or bank credentials.
  • Cashfree's privacy policy governs their handling of your payment data: cashfree.com/privacy-policy

5. Data Sharing & Disclosure

We do not sell your personal data. We may share your data with:

  • Payment Processors: Cashfree Payments, for transaction processing.
  • Email Service Providers: Resend (for transactional emails). They process your email address only to deliver messages on our behalf.
  • Cloud Infrastructure: Supabase (database and authentication), hosted on AWS infrastructure in India/Singapore.
  • Analytics Providers: Anonymised usage data may be shared with analytics tools to improve the Platform.
  • Law Enforcement & Regulators: We may disclose your data if required by law, court order, or government authority, including the Income Tax Department, GST authorities, or RBI.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity.

All third-party service providers are contractually bound to process your data only as instructed by us and to maintain appropriate security standards.

6. Data Retention

  • Active Accounts: We retain your data for as long as your account is active.
  • Financial Records: Transaction records, invoices, and wallet history are retained for a minimum of 7 years as required by Indian tax law (GST Act, Income Tax Act).
  • Closed Accounts: Upon account closure, non-financial personal data is deleted or anonymised within 90 days, subject to legal retention requirements.
  • KYC Data: Retained for the period required by applicable KYC/AML regulations.

7. Data Security

We implement industry-standard technical and organisational measures to protect your personal data:

  • All data is transmitted over HTTPS/TLS encryption.
  • Passwords are hashed using bcrypt and never stored in plain text.
  • Database access is restricted using Row-Level Security (RLS) policies.
  • Regular security audits and vulnerability assessments are conducted.
  • Access to personal data is limited to authorised personnel on a need-to-know basis.

Despite these measures, no method of transmission over the internet is 100% secure. In the event of a data breach affecting your rights, we will notify you within 72 hours as required by applicable law.

8. Cookies & Tracking

We use cookies and similar technologies to:

  • Maintain your login session (essential cookies — cannot be disabled).
  • Remember your preferences and settings.
  • Analyse Platform usage through anonymised analytics.

For full details on the types of cookies we use and how to manage them, see our Cookie Policy.

9. Your Rights (DPDP Act, 2023)

Under the Digital Personal Data Protection Act, 2023, you have the following rights:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Correction: Request correction of inaccurate or incomplete personal data.
  • Right to Erasure: Request deletion of your personal data, subject to legal retention requirements.
  • Right to Grievance Redressal: Lodge a complaint with our Data Protection Officer.
  • Right to Nominate: Nominate another individual to exercise your rights in the event of your death or incapacity.

To exercise any of these rights, email us at privacy@dropservice.in. We will respond within 30 days. Note that exercising certain rights (e.g., erasure) may result in account closure, as some data is necessary to provide our services.

10. Children's Privacy

The Platform is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that a minor has registered, we will immediately delete their account and associated data.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the Platform after the effective date constitutes acceptance of the revised Policy.

12. Contact & Grievance Officer

For privacy-related queries, data requests, or complaints, contact our Data Protection Officer:

If you are not satisfied with our response, you may lodge a complaint with the Data Protection Board of India once it is constituted under the DPDP Act, 2023.

Terms of ServiceRefund PolicyCookie PolicyContact Us