tinydabba ("we", "us", "our") operates tinydabba.com and provides NFC-based digital business cards and related services. We are committed to protecting your privacy and handling your personal information responsibly in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act).
1. Information We Collect
1.1 Information You Provide
- Account Information: Name, email, phone number, business details
- Profile Content: Business name, tagline, description, contact details, social media links, photos, logo
- Payment Information: Processed securely via third-party payment gateways (Razorpay, PhonePe); we do not store card details
- Support Communications: Messages sent via WhatsApp or email to our support channels
1.2 Automatically Collected Information
- Device & Usage Data: IP address, browser type, device model, operating system, pages visited, time spent
- Card Scan Data: Timestamp, location (if shared), device type when your NFC card or QR code is scanned
- Cookies: Session management, analytics, preferences (you can disable cookies via browser settings)
2. How We Use Your Information
We use your data to:
- Provide and improve our services
- Process orders and manage your account
- Send service updates, security alerts, and support messages
- Analyze usage patterns to enhance user experience
- Detect and prevent fraud or abuse
- Comply with legal obligations
3. Legal Basis for Processing (DPDP Act Compliance)
We process your data based on:
- Consent: You provide explicit consent when creating an account or using our services
- Contractual Necessity: To fulfill our service agreement with you
- Legitimate Interests: Fraud prevention, service improvement, customer support
- Legal Compliance: Tax laws, payment regulations, government requests
4. Data Sharing & Third Parties
We may share your data with:
- Service Providers: Hosting (CyberPanel), payment gateways (Razorpay, PhonePe), SMS/email services, analytics tools
- Business Partners: If you opt into integrations with third-party tools
- Legal Requirements: When required by law, court order, or government authority
- Business Transfers: In case of merger, acquisition, or sale of assets
We do NOT sell your personal data.
5. Data Retention
- Active Accounts: Data retained as long as your account is active
- Deleted Accounts: Personal data deleted within 90 days unless retention is required by law (tax records: 7 years)
- Scan Logs: Anonymized after 2 years
6. Your Rights Under DPDP Act
You have the right to:
- Access: Request a copy of your personal data
- Correction: Update inaccurate information via your dashboard or by contacting us
- Deletion: Request deletion of your data (see Data Deletion Instructions)
- Withdraw Consent: Stop receiving marketing emails (unsubscribe link provided)
- Portability: Receive your data in a structured, machine-readable format
- Grievance Redressal: File a complaint with our Data Protection Officer (DPO)
7. Data Security
We implement industry-standard security measures:
- SSL/TLS encryption for data in transit
- Encrypted databases
- Access controls and authentication
- Regular security audits
No method of transmission or storage is 100% secure. We cannot guarantee absolute security.
8. Children's Privacy
Our services are not intended for individuals under 18 years of age. We do not knowingly collect data from children. If we discover such data, it will be deleted immediately.
9. International Data Transfers
Your data is primarily stored in India. If transferred internationally, we ensure adequate safeguards as per DPDP Act and applicable laws.
10. Cookies & Tracking Technologies
- Essential Cookies: Required for login and security
- Analytics Cookies: Google Analytics (anonymized)
- Marketing Cookies: Social media integrations (Facebook, WhatsApp)
You can disable cookies in your browser settings, but some features may not work.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of our services after changes constitutes acceptance.
12. Contact Us / Data Protection Officer
For privacy-related questions, data access, correction, or deletion requests:
Email: info@tinydabba.com
WhatsApp: +91 63065 63065
Address: tinydabba, India
13. Grievance Redressal (DPDP Act)
If you believe your rights have been violated, you may:
- Contact our Data Protection Officer at info@tinydabba.com
- File a complaint with the Data Protection Board of India (when established)
We will respond to grievances within 30 days.
By using tinydabba, you acknowledge that you have read and understood this Privacy Policy.