Effective date: 1 May 2026 · Version 1.0 · DPDP Act 2023 compliant

Privacy Policy

We take your privacy seriously. This policy explains what data we collect, why, and your rights under India's Digital Personal Data Protection Act, 2023.

1. Overview

MyBizDeals Pvt. Ltd. ("we", "us") is the data fiduciary for personal data you provide while using the Platform. This policy describes how we collect, process, and protect that data.

2. What we collect

• Account data: name, email, phone, password (hashed), profile photo.
• KYC data: PAN, optional Aadhaar, GSTIN, bank details, business documents.
• Transactional data: listings, NDAs, LOIs, messages, payments.
• Technical data: IP address, browser, device, pages visited.
• Communications: emails, WhatsApp messages, support tickets.

3. How we use it

• To verify your identity and prevent fraud.
• To match buyers with relevant listings.
• To process payments and issue invoices.
• To send transactional notifications and (with consent) marketing.
• To comply with legal obligations (FEMA, Income Tax, RBI).
• To improve the Platform via aggregated analytics.

4. Who we share with

We do not sell your data. We share it only with:

• Counterparties — limited info, only after NDA signed (e.g., your name to a buyer who signed NDA on your listing).
• Service providers — Karza (KYC), Razorpay (payments), Brevo/SES (email), Meta/WATI (WhatsApp), AWS/Hostinger (hosting).
• Authorities — when required by law.

Your KYC documents are never shown to counterparties.

5. Security

We protect your data with: HTTPS encryption everywhere, hashed passwords (BCRYPT), encrypted KYC document storage above webroot, signed download URLs (5-min TTL), audit logging, role-based access controls, optional 2FA, and quarterly security reviews.

6. Your rights under DPDP Act

• Access — request a copy of all your data (Settings → Export data).
• Correction — update incorrect data anytime.
• Erasure — request account deletion (Settings → Delete account · 14-day cooling-off).
• Withdraw consent — opt out of marketing notifications anytime.
• Grievance — escalate to our Data Protection Officer (DPO) at dpo@mybizdeals.com.

7. Cookies

We use essential cookies for authentication and a small number of analytics cookies (PostHog) for usage measurement. You can control non-essential cookies via the cookie banner.

8. Data retention

• Active account data — kept for the lifetime of your account.
• Audit logs — 7 years (legal/financial), 24 months (general).
• KYC documents — 8 years post-account-closure (FEMA requirement).
• Email/WhatsApp logs — 90 days.
• Closed-deal records — 10 years (Income Tax requirement).

9. Contact our DPO

Data Protection Officer
MyBizDeals Pvt. Ltd.
Mumbai, India
dpo@mybizdeals.com

If you have a complaint that's not resolved by our DPO, you can approach the Data Protection Board of India.