ES
EazyService

Privacy Policy

Last updated: 6 May 2026

⚠ Draft template. Have these reviewed by an Indian contract lawyer (with DPDP / IT Act familiarity) before going live. Items in [BRACKETS] need your real business details filled in.

1. Who this policy applies to

This Privacy Policy describes how [COMPANY LEGAL NAME] ("EazyService", "we") handles personal data of customers, service providers, and visitors to eazyservice.in, pros.eazyservice.in, our mobile apps, and our backend APIs.

This policy is published in compliance with the Information Technology Act 2000, the Digital Personal Data Protection Act 2023 (DPDP), and applicable rules thereunder.

2. Data Fiduciary

For the purposes of the DPDP Act, [COMPANY LEGAL NAME] is the Data Fiduciary. Our Data Protection Officer can be reached at dpo@eazyservice.in.

3. What data we collect

We collect the following categories of personal data:

  • Identity data: Name, mobile number, email address, date of birth (where provided).
  • Verification data (providers only): Aadhaar number, PAN number, GST registration, photographs of identity documents, bank account / UPI details, business address.
  • Location data: Approximate or precise GPS coordinates (only with your permission), service address you enter for a booking, pincode.
  • Transaction data: Orders placed, services booked, payment status, amounts, timestamps. Card / UPI details are handled by Razorpay; we receive only a token and the last 4 digits.
  • Behavioural data: Pages viewed, searches made, categories browsed, anonymous session id (no IP storage).
  • Communication data: Support tickets, in-app messages, reviews you write, notes on bookings.
  • Device data: Browser type and version, User-Agent string (truncated to 200 chars), operating system, device type (mobile / desktop) — never IP address.

4. How we collect data

  • Directly from you when you sign up, place an order, list a service, or message support.
  • Automatically as you use the Platform — page views, clicks, location (with permission).
  • From third parties: Firebase Authentication (phone verification), Razorpay (payment status), OpenStreetMap (place lookups).

5. Why we use your data (Purposes)

  • Provide the service: match customers with nearby providers, route orders, process payments.
  • Trust and safety: KYC verification of providers, fraud prevention, responding to abuse reports.
  • Communications: OTPs, booking confirmations, payment receipts, support replies, important account notices.
  • Service improvement: aggregate analytics on which categories and cities customers want, used to expand to new areas.
  • Legal compliance: tax filings, responding to lawful government requests, defending legal claims.
  • Marketing (only with consent): Promotional emails / SMS about new services or offers. You can opt out anytime.

6. Lawful basis for processing

We process your data on these legal grounds, depending on context:

  • Contract performance: For data essential to fulfilling your booking.
  • Legal obligation: KYC under Indian financial regulations, GST records, audit trails.
  • Legitimate interest: Fraud prevention, security, basic analytics.
  • Consent: Marketing emails, location access, analytics tracking — you can withdraw at any time.

7. Who we share data with

We do not sell your personal data. We share it only with:

  • Service providers (matched to your booking): The provider sees your name, phone number and service address only after they accept the booking.
  • Customers (when you are a provider): Customers see your business name, area, ratings, reviews — not your phone or personal details until they book you.
  • Payment processors: Razorpay for processing payments, payouts and refunds.
  • SMS / OTP providers: Firebase / MSG91 / similar gateways to deliver verification SMS.
  • Cloud infrastructure: Render (backend hosting), Vercel (frontend hosting), Neon (database) — all bound by data protection agreements.
  • Government agencies: Where required by law, court order, or regulatory request.
  • Acquirers / successors: If we are acquired or merge with another company, your data may transfer; you will be notified.

8. International data transfer

Some service providers may store data outside India (e.g. Firebase servers in the US, Render servers in Singapore). Data transfers comply with the DPDP Act's requirements regarding cross-border transfers.

9. Data retention

  • Active accounts: Data retained while your account is active.
  • Closed accounts: Most data deleted within 90 days of account closure.
  • Tax / financial records: Retained for 8 years per Income Tax Act / GST law.
  • KYC records: Retained for 5 years post account closure as required by AML / KYC rules.
  • Anonymous analytics: Retained indefinitely in aggregated form.

10. Security measures

  • HTTPS / TLS encryption for all data in transit.
  • Database encryption at rest (Neon + Render-managed disks).
  • Bcrypt password hashing for stored credentials.
  • Role-based access control — only the minimum necessary employees can access user data.
  • Audit logs for sensitive admin actions.
  • Annual security review.

No system is 100% secure. We will notify affected users and the Data Protection Board within 72 hours of becoming aware of any personal data breach affecting their data, in line with DPDP Act.

11. Your rights under the DPDP Act

You have the following rights regarding your personal data:

  • Right to access: Get a copy of personal data we hold about you.
  • Right to correction: Update inaccurate or incomplete data.
  • Right to erasure: Request deletion of data, subject to legal-retention rules.
  • Right to grievance redressal: Complain to our Grievance Officer.
  • Right to nominate: Designate someone to exercise your rights in case of incapacity / death.
  • Right to withdraw consent: For data processed solely on consent (e.g. marketing).

To exercise any of these rights, email dpo@eazyservice.in from your registered email or contact via the registered mobile number. We will respond within 30 days.

12. Children

EazyService is not directed at users under 18. We do not knowingly collect personal data from minors. If you believe a child has used the Platform, contact us and we will take prompt action to delete their data.

13. Cookies and tracking

We use minimal first-party cookies / localStorage entries to keep you signed in (JWT) and remember your saved location. We do not use third-party advertising cookies. Anonymous usage events are stored on our own servers; no data is shared with Google Analytics, Facebook Pixel, or similar trackers.

14. Changes to this policy

We may update this Privacy Policy as our practices or applicable laws change. Changes are posted here with a new "Last updated" date. Material changes will be notified via email or in-app notice.

15. Contact and grievance

For privacy questions or to exercise your rights, contact:

  • Data Protection Officer: dpo@eazyservice.in
  • Grievance Officer: grievance@eazyservice.in
  • Postal: [REGISTERED ADDRESS, THANE, MAHARASHTRA]
  • Response timeline: Acknowledgement within 48 hours, resolution within 30 days.
Other policies: Terms · Refunds · Provider Terms