Privacy Policy

For the purposes of this Policy, the terms used shall have the meaning assigned under the DPDP Act, 2023:

• "Data Principal" means the individual to whom the personal data relates (i.e., you, the user).
• "Data Fiduciary" means QuickDials, which determines the purpose and means of processing personal data.
• "Personal Data" means any data about an individual who is identifiable by or in relation to such data.
• "Processing" means any operation performed on personal data, including collection, recording, storage, use, and disclosure.
• "Sensitive Personal Data" includes financial information, passwords, health data, biometric data, and other categories specified under Rule 3 of the SPDI Rules, 2011.

By accessing or using the Platform, you (the Data Principal) confirm that you have read, understood, and consented to this Policy. As required under Section 6 of the DPDP Act, 2023, your consent is treated as free, specific, informed, unconditional, unambiguous, and given through a clear affirmative action. You have the right to withdraw consent at any time, subject to the conditions specified under this Policy.

QuickDials may revise this Policy to reflect changes in applicable Indian law, regulatory guidance from the Data Protection Board of India, or business practices. Material changes will be communicated through prominent notice on the Platform or via your registered email. Continued use of the Platform after such updates constitutes acceptance.

• Identity data: Full name, date of birth, gender, profile photo
• Contact data: Email address, mobile number, residential address, city, pincode
• Account data: Login credentials, account preferences, communication preferences
• Business listing data: Business name, address, services, working hours, photos, descriptions (for business owners)
• Customer enquiry data: Service requirements, budget, urgency, preferred location
• User-generated content: Reviews, ratings, comments, photos uploaded by you
• Communication data: Messages, complaints, support tickets exchanged with us

As defined under Rule 3 of the SPDI Rules, 2011, sensitive personal data may include:

• Financial information such as bank account, credit/debit card, UPI ID — collected only at the time of payment via secure third-party gateways
• Passwords (stored only in hashed/encrypted form)
• Government-issued identification (Aadhaar, PAN, etc.) — collected only where required for KYC of business listings, as mandated by applicable law

SPDI is processed only with explicit consent and in compliance with Section 43A of the IT Act, 2000.

• Device information: Device type, operating system, browser type, screen resolution
• Network information: IP address, internet service provider, approximate geographic location
• Usage data: Pages visited, search queries, click patterns, time spent, referral URL
• Cookies & similar technologies: Session cookies, preference cookies, analytics cookies (Google Analytics, etc.)

You may manage cookie preferences through your browser settings or our cookie consent banner.

We may receive limited information from third-party sign-in providers (such as Google), payment processors, identity verification partners, and publicly available sources — strictly to verify identity, complete transactions, or enhance service delivery.

• Service delivery: Creating your account, displaying business listings, facilitating leads, processing payments
• Communication: Sending transactional updates, OTPs, service confirmations, customer support responses
• Marketing (with consent): Promotional offers, newsletters, product updates — with an opt-out option in every communication
• Platform improvement: Analyzing usage patterns, improving search results, fixing bugs, A/B testing
• Fraud prevention & security: Detecting suspicious activity, preventing unauthorized access, fulfilling anti-fraud obligations
• Verification: Validating business listings, certifying QuickDials Verified businesses
• Legal & regulatory compliance: Complying with court orders, statutory authorities, tax obligations, and applicable laws of India
• Dispute resolution: Enforcing our Terms, handling grievances, and resolving disputes

In accordance with Section 7 of the DPDP Act, 2023, we process personal data on one or more of the following legitimate uses:

• The specific purpose for which the Data Principal has voluntarily provided their data and has not indicated non-consent
• Compliance with any judgment, decree, or order issued under Indian law
• Responding to medical emergencies or threats to life or health
• Performance of state functions (where applicable)
• Employment-related purposes (for QuickDials staff)

QuickDials does not make solely automated decisions that produce legal or similarly significant effects on Data Principals. Any AI-assisted features (such as ranking or recommendations) are designed to inform — not replace — human judgment.

When a Data Principal submits an enquiry for a service, relevant contact and requirement information (name, mobile number, city, service required) is shared with the matched business(es) to enable direct communication. By submitting an enquiry, you consent to this disclosure.

We engage trusted Data Processors under Section 8(2) of the DPDP Act, 2023 bound by written contracts, including:

• Cloud hosting providers (AWS / Google Cloud / Azure — India region)
• Payment gateways (Razorpay, PayU, Cashfree, etc.) regulated by RBI
• SMS, OTP, and email communication services
• Analytics partners (Google Analytics — anonymized data only)
• Customer support and CRM tools
• KYC and identity verification partners

We may disclose personal data when required by law, including in response to:

• Court orders, summons, or subpoenas from any court of competent jurisdiction in India
• Lawful requests from government authorities, law enforcement agencies, or regulators under the IT Act, 2000, IT Rules 2021, or other applicable laws
• Tax authorities under the Income Tax Act, 1961 and CGST Act, 2017
• Investigations into violations of our Terms or applicable laws, including the Bharatiya Nyaya Sanhita, 2023
• Protection of the rights, property, or safety of QuickDials, our users, or the public

In the event of a merger, acquisition, restructuring, or sale of assets, personal data may be transferred to the successor entity, subject to written commitments to honour this Policy and applicable law.

In accordance with Section 16 of the DPDP Act, 2023, personal data may be transferred outside India only to such countries or territories as notified by the Central Government and subject to specified safeguards. Currently, all primary user data is hosted within India.

• Transport-layer encryption (TLS/SSL) for all data in transit
• Encryption at rest for sensitive personal data including passwords (bcrypt/argon2 hashed)
• Role-based access controls (RBAC) — personal data is accessed only by authorized personnel on a need-to-know basis
• Firewalls, intrusion detection, and anti-malware on all production systems
• Regular security audits & vulnerability assessments
• PCI DSS-compliant payment processing — card data is never stored on our servers
• Adherence to ISO/IEC 27001 information-security best practices
• Employee training on data protection and confidentiality

In the event of any personal data breach, QuickDials shall, in compliance with Section 8(6) of the DPDP Act, 2023, notify both the Data Protection Board of India and each affected Data Principal in the manner and within the timeframe prescribed by the Central Government.

Personal data is retained only for as long as necessary to fulfil the purpose of collection, in accordance with the principle of storage limitation under Section 8(7) of the DPDP Act, 2023:

• Active account data: Retained for the duration of the account
• Transactional records: Retained for 8 years to comply with tax and audit requirements under the Income Tax Act, 1961 and CGST Act, 2017
• Communication logs: 180 days from date of communication, unless required for dispute resolution
• Marketing data: Until consent is withdrawn
• Inactive accounts: Personal data is anonymized or deleted after 3 years of inactivity, unless legally required to be retained

Upon expiry of the retention period or upon valid erasure request, personal data is securely deleted or anonymized.

While we deploy industry-standard safeguards, no method of transmission over the internet is 100% secure. Users are responsible for keeping login credentials confidential and notifying us immediately at security@quickdials.com in case of suspected unauthorized access.

• Right to Information (Section 11): Obtain a summary of personal data being processed by us and a description of activities undertaken
• Right to Correction & Erasure (Section 12): Request correction of inaccurate or misleading data, completion of incomplete data, updation of outdated data, and erasure of personal data no longer required
• Right of Grievance Redressal (Section 13): File a complaint with our Grievance Officer regarding any action or inaction of QuickDials
• Right to Nominate (Section 14): Nominate another individual to exercise your rights in the event of death or incapacity
• Right to Withdraw Consent (Section 6(4)): Withdraw consent at any time with effect prospectively; we shall cease processing within a reasonable period

To exercise any of the above rights, submit a written request to privacy@quickdials.com with the subject line "Data Principal Rights Request". Provide your registered email/mobile, the right you wish to exercise, and any supporting documentation. We will verify your identity and respond within a reasonable period, typically within thirty (30) days.

In compliance with Section 9 of the DPDP Act, 2023, QuickDials does not knowingly process personal data of individuals under the age of 18 years without verifiable parental consent. We do not undertake tracking, behavioural monitoring, or targeted advertising directed at children. If you become aware that a child has provided us with personal data, please contact us immediately for prompt deletion.

In compliance with Rule 5(9) of the SPDI Rules, 2011, Rule 3(2)(a) of the IT Rules 2021, and Section 8(10) of the DPDP Act, 2023, QuickDials has appointed a Grievance Officer to address concerns relating to personal data processing.

• Name: Grievance Officer, Quickdials Internet Pvt. Ltd.
• Email: info@quickdials.com
• Phone: +91-75-9543-9543
• Address: UNIT 101 OXFORD TOWERS, 139/88 HAL OLD AIRPORT RD, H.A.L II Stage, Bangalore North, Bangalore- 560008, Karnataka
• Working hours: Monday to Friday, 10:00 AM – 6:00 PM IST

The Grievance Officer shall acknowledge receipt within twenty-four (24) hours and resolve the grievance within fifteen (15) days from the date of receipt, as mandated under IT Rules 2021.

If you remain unsatisfied with our response, you may approach the Data Protection Board of India constituted under Chapter V of the DPDP Act, 2023 for adjudication. You may also lodge complaints regarding consumer rights with the National Consumer Helpline at 1915 or via consumerhelpline.gov.in.

This Policy is governed by and construed in accordance with the laws of the Republic of India. Any disputes shall be subject to the exclusive jurisdiction of the courts at [Insert City], India, without prejudice to the powers of the Data Protection Board of India.