Privacy Policy
Effective date: 12 May 2026 · Last updated: 12 May 2026
This Privacy Policy describes how Nearhood (“we”, “our”, or “us”) collects, uses, stores, and shares your personal data when you use our platform available at nearhood.app and its associated mobile applications (collectively, the “Platform”). We are committed to protecting your privacy in accordance with the Digital Personal Data Protection Act, 2023 (DPDPA), the Information Technology Act, 2000, and applicable rules thereunder.
1. Data Fiduciary
The data fiduciary for your personal data is the operator of the Nearhood Platform. For any privacy-related queries or grievance redressal, contact our Grievance Officer at [email protected]. We aim to acknowledge all grievances within 48 hours and resolve them within 30 days.
2. Personal Data We Collect
2.1 Data you provide
- Mobile number — used for OTP-based authentication. This is the primary identifier on the Platform.
- Name and flat/unit number — used to identify you within your gated community.
- Profile photo — optional; used as your avatar.
- Seller information — if you register as a seller: business name, tagline, story, category of service, and a door photograph used solely for identity verification by your Community Host. The door photograph is never made publicly available.
- Listing content — photos, descriptions, and pricing of goods or services you offer.
- UPI ID — if you opt into UPI payments as a seller.
- Waitlist details — email address and city/community name if you join the pre-launch waitlist.
2.2 Data collected automatically
- Device and browser information — IP address, browser type, operating system, device identifiers — collected for security, fraud prevention, and analytics.
- Usage data — pages visited, search queries, listing views, order activity, and feature interactions.
- Location data — coarse location (city/area) if you grant permission, used to suggest your gated community.
- Error and performance logs — captured via Sentry for debugging and service reliability.
2.3 Data we do NOT collect
- We never store card numbers, CVVs, or bank account details. All payment instrument data is handled exclusively by Razorpay.
- We do not collect Aadhaar numbers or PAN numbers.
- We do not collect caste, religion, or political opinion data.
3. Purposes of Processing
We process your personal data only for the purposes listed below. We do not process personal data beyond these stated purposes without obtaining fresh consent or having a lawful basis under the DPDPA.
| Purpose | Data used |
|---|---|
| Account creation and authentication | Mobile number, OTP hash (temporary) |
| Displaying your profile within your community | Name, flat number, avatar, community ID |
| Enabling buyers to discover and purchase from sellers | Seller business info, listing content, pricing |
| Processing and tracking orders | Name, flat number, order details, payment reference |
| Seller identity verification by Community Host | Door photo (restricted access; Host-only) |
| Processing payments via Razorpay | Order amount, Razorpay order ID (no card data stored) |
| Processing UPI payments | UPI ID (masked in public responses) |
| Sending transactional notifications | Mobile number, order/seller/review events |
| Preventing fraud and abuse | IP address, usage patterns, device info |
| Improving the Platform | Aggregated, anonymised usage analytics |
| Legal compliance | Minimal data as required by applicable law |
4. Consent
By creating an account on Nearhood you give your free, specific, informed, and unambiguous consent for us to process your personal data as described in this Policy. You may withdraw consent at any time by deleting your account (Settings → Delete Account). Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
5. Sharing of Personal Data
We share your data only in the following circumstances:
- Within your community — your name, flat number, and public seller profile are visible to other verified members of your gated community. Buyer flat numbers are disclosed to sellers only after an order is confirmed.
- Community Hosts — Hosts can see seller applicant details (including the door photo) for the sole purpose of identity verification within their community.
- Payment processors — Razorpay processes card/UPI/netbanking transactions. Razorpay's privacy policy governs the data they hold. We share only the order amount, currency, and Razorpay order reference.
- OTP delivery — MSG91 processes your mobile number to deliver one-time passwords.
- Infrastructure providers — Supabase (database and storage), Upstash Redis (session management, job queues), Sentry (error monitoring). All processors are bound by data processing agreements.
- Legal obligations — We will disclose data to law enforcement, courts, or government authorities when required by law or a valid legal order under Indian law.
We do not sell, rent, or trade your personal data to third parties for marketing purposes.
6. Data Retention
- Active accounts — data retained for as long as your account is active.
- Deleted accounts — after you request deletion, your account is soft-deleted and permanently purged within 30 days. Completed order and payment records are retained for up to 24 months to meet tax, accounting, and fraud-prevention obligations, after which they are deleted or anonymised so they can no longer be linked to you. See our account deletion page for the full process.
- OTP hashes — deleted immediately upon use or expiry (5-minute TTL).
- Door photos — retained only for as long as the seller application is under review or the seller account is active.
- Server logs — retained for up to 90 days for security purposes.
7. Your Rights as a Data Principal
Under the DPDPA, 2023, you have the following rights:
- Right to access — you may request a summary of the personal data we hold about you.
- Right to correction — you may correct inaccurate or incomplete data via Settings → Edit Profile.
- Right to erasure (right to be forgotten) — you may delete your account via Settings → Delete Account. This triggers permanent purging within 30 days.
- Right to grievance redressal — if you believe your data is being misused, email [email protected]. We will respond within 48 hours.
- Right to nominate — you may nominate another individual to exercise these rights on your behalf in the event of your death or incapacity. Contact us to register a nominee.
To exercise any right, email us at [email protected] from the mobile number registered on your account. We may request verification before processing your request.
8. Security
We implement reasonable security measures as required under the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, including:
- RS256-signed JWTs for session management; refresh tokens stored as SHA-256 hashes
- All data transmitted over TLS/HTTPS
- Sensitive fields (door photos, UPI IDs) accessible only via time-limited pre-signed URLs and never returned in public API responses
- Rate limiting on authentication endpoints to prevent brute-force attacks
Despite these measures, no system is 100% secure. If you discover a security vulnerability, please disclose it responsibly to [email protected].
9. Cookies and Local Storage
We use a single httpOnly, Secure, SameSite=Strict cookie to store your refresh token. No advertising or tracking cookies are placed on your device. Session storage is used to preserve your login redirect destination within a single browsing session and is cleared after use.
10. Children's Privacy
Nearhood is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has created an account, please contact us at [email protected] and we will delete the account promptly.
11. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or applicable law. We will notify you of material changes via an in-app notification and update the effective date at the top of this page. Continued use of the Platform after notification constitutes acceptance of the revised Policy.
12. Contact & Grievance Officer
Nearhood
Bengaluru, Karnataka, India
Email: [email protected]
Grievances are acknowledged within 48 hours and resolved within 30 days as required under the IT Rules, 2021.