Privacy Policy

1. Introduction

Welcome to Phyo. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered influencer search platform and payment processing services through Razorpay.

Your Personal Data shall be processed in accordance with this Privacy Policy, the Digital Personal Data Protection Act, 2023, Information Technology Act, 2000, and any applicable rules and regulations thereunder.

By using our platform, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our platform.

2. Information We Collect

2.1 Personal Information

We collect the following personal information:

• Personal Identifiers: Name, email address, contact information, date of birth, demographic information such as age and gender
• Account Information: Profile information for brands and influencers, communication preferences
• Payment Information: Payment details processed securely through Razorpay including transaction data, billing information
• Transaction Data: Items purchased, payment amounts, transaction history
• User-Generated Content: Campaign descriptions, search queries, feedback and reviews
• KYC Documents: As required by RBI regulations and applicable laws

2.2 Device & Technical Data

We automatically collect certain technical information:

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages visited, time spent, search queries, page view time
• Location Data: Device location (if you grant permission)
• Cookies and Tracking: Session cookies and persistent cookies for functionality and analytics

2.3 Influencer Data

Our platform aggregates publicly available information about influencers:

• Social media profiles and follower counts
• Content categories and engagement metrics
• Demographic information and audience insights
• Collaboration rates and availability status

3. How We Use Your Information

We use the collected information for the following purposes:

• Service Provision: Provide and maintain our AI-powered influencer search services
• Account Management: Process and manage user accounts, subscriptions, and payment transactions
• Matching Services: Match brands with relevant influencers based on search criteria
• Payment Processing: Facilitate secure payments through Razorpay in compliance with RBI guidelines
• KYC Compliance: Conduct Know Your Customer checks as required by applicable laws
• Platform Improvement: Analyze usage patterns to enhance our services
• Communications: Send service updates, transaction confirmations, and promotional communications
• Security & Fraud Prevention: Detect and prevent fraud, ensure platform security
• Legal Compliance: Comply with applicable laws and enforce our terms of service

4. Payment Processing & Security

We partner with Razorpay Software Limited for secure payment processing:

• PCI DSS Compliance: All payment data is processed in compliance with Payment Card Industry Data Security Standards
• Encryption: We use industry-standard AES-128-bit encryption for sensitive data
• Secure Transmission: All services are served over HTTPS using TLS
• Tokenization: Payment details are replaced with secure tokens to prevent data exposure
• RBI Compliance: We adhere to Reserve Bank of India regulations for payment processing
• Data Minimization: We only collect payment information necessary for transaction processing

When you make payments through our platform, your payment information is directly processed by Razorpay and subject to their privacy policy available at razorpay.com/privacy.

5. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

• Payment Partners: With Razorpay for secure payment processing and transaction facilitation
• Financial Institutions: With banks, RBI, or other regulatory agencies as required by law
• Service Providers: With trusted third-party service providers who assist in platform operations under strict confidentiality agreements
• Legal Requirements: When required by law, court orders, or to protect our rights and safety
• Business Transfers: In connection with a merger, acquisition, or sale of assets, subject to confidentiality obligations
• Explicit Consent: With your explicit consent for specific purposes
• KYC & AML: For Know Your Customer and Anti-Money Laundering compliance as mandated by law
• Public Information: Publicly available influencer data may be displayed to platform users

6. Data Security

We implement comprehensive security measures that exceed industry standards:

• Encryption: End-to-end AES-128-bit encryption for data in transit and at rest
• Access Controls: Role-based access controls and multi-factor authentication
• Regular Audits: Periodic security assessments and vulnerability testing
• Secure Infrastructure: ISO 27001 certified security management systems
• Employee Training: Regular training on data protection practices and security protocols
• Incident Response: Comprehensive incident response procedures for data breaches
• Compliance Monitoring: Continuous monitoring for regulatory compliance

Security incidents or breaches involving customer data will be promptly reported to relevant authorities and affected users as required by applicable laws.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your platform experience:

• Essential Cookies: Required for basic platform functionality and security
• Analytics Cookies: Help us understand user interactions and improve services
• Preference Cookies: Remember your settings and personalization choices
• Marketing Cookies: Deliver relevant content and measure campaign effectiveness

You can control cookie settings through your browser preferences. Disabling certain cookies may affect platform functionality.

8. Third-Party Services

Our platform integrates with the following third-party services:

• Razorpay: Payment processing, transaction management, and financial compliance
• Social Media Platforms: Instagram, YouTube, etc. for publicly available influencer data
• Cloud Services: AWS/Google Cloud for secure hosting and data storage
• Analytics Providers: For platform usage analysis and performance monitoring
• Communication Services: Email and SMS service providers for notifications

These third-party services have their own privacy policies. We encourage you to review their privacy practices, particularly Razorpay's privacy policy at razorpay.com/privacy.

9. Your Rights Under DPDP Act 2023

Under the Digital Personal Data Protection Act, 2023, you have the following rights:

• Right to Information: Know what personal data we process and how we use it
• Right to Access: Request access to your personal information
• Right to Correction: Request correction of inaccurate or incomplete information
• Right to Erasure: Request deletion of your personal information (subject to legal obligations)
• Right to Data Portability: Request a copy of your data in a portable format
• Right to Grievance Redressal: Lodge complaints regarding processing of personal data
• Right to Nominate: Nominate an individual to exercise your rights in case of death or incapacity
• Right to Opt-out: Unsubscribe from marketing communications

To exercise these rights, please contact us using the information provided in Section 14. We will respond to your request within the timeframes specified by applicable law.

10. Data Retention

We retain your personal information only as long as necessary:

• Account Data: While your account is active and for 3 years after account deletion (unless required by law)
• Transaction Data: For 10 years as required by financial regulations and RBI guidelines
• KYC Documents: As mandated by applicable AML/KYC regulations
• Usage Analytics: Up to 24 months, thereafter stored in aggregated form
• Marketing Data: Until you opt out or request deletion
• Legal Compliance: As required by applicable laws and court orders

11. Cross-Border Data Transfers

Your personal data is primarily processed within India. If international transfers are necessary for service provision, we ensure appropriate safeguards including adequacy decisions, standard contractual clauses, and binding corporate rules as required by the DPDP Act 2023 and applicable regulations.

12. Children's Privacy

Our platform is not intended for children under 18 years of age. We do not knowingly collect personal information from individuals under 18. If you are a parent or guardian and believe we have collected information from your child, please contact us immediately, and we will delete such information promptly.

13. Grievance Redressal Mechanism

We have established a grievance redressal mechanism in compliance with applicable laws:

• We will acknowledge your complaint within 2 working days
• Resolution will be provided within 10 business days of complaint receipt
• If unresolved, you may escalate to our Data Protection Officer
• Final recourse is available through the Data Protection Board of India

14. Contact Us

For questions, concerns, or to exercise your rights regarding this Privacy Policy:

15. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of India, including the Digital Personal Data Protection Act, 2023, Information Technology Act, 2000, and applicable rules thereunder. Any disputes arising from this Privacy Policy shall be subject to the exclusive jurisdiction of courts in [Your City], India.

16. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, services, or applicable laws. Material changes will be notified through email, platform notifications, or prominent website notices. Your continued use of our platform after such changes constitutes acceptance of the updated policy. We recommend reviewing this policy regularly for updates.