MyAppointee
← Back to home
Legal

Privacy policy

How MyAppointee collects, stores, and shares your data — DPDP Act-compliant.

Last updated 22 May 2026

Privacy Policy

Effective 2026-05-22 · version 3.0.0

About the operator: MyAppointee is a Micro / Small Enterprise (MSME) operating the MyAppointee booking platform with corporate office at Gurugram, Haryana, India. References to "we", "us", or "MyAppointee" in this document mean MyAppointee as the operator of the Service.

These privacy policy apply to your use of the MyAppointee booking platform, available at myappointee.in and through our mobile applications (the "Service"). By using the Service you agree to be bound by this document.

1. Identity of the Data Fiduciary

MyAppointee, with corporate office at Gurugram, Haryana, India, acts as the "Data Fiduciary" for personal data collected from users and providers on the Service. MyAppointee is responsible for compliance with the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), and other applicable Indian laws. The Grievance Officer's contact details are listed at the end of this Policy.

2. Categories of personal data we collect

We collect only what is necessary to deliver the Service:

  • Identifiers: phone number, name, optional email, optional alternate contact, language preference.
  • Location data: city you select, GPS coordinates (only when you grant location permission for at-home services), saved addresses.
  • Booking data: services you book, slot times, ratings and reviews you write, notes you attach to bookings, dispute history.
  • Financial data: payment-method last-four digits, gateway transaction IDs, wallet ledger entries, referral and commission credits, withdrawal bank or UPI details. We do not store full card numbers — payments are processed by PCI-DSS Level 1 certified gateways (Razorpay / Cashfree).
  • Provider KYC data (for service providers only): Aadhaar number (masked, last four digits stored), PAN number, GSTIN where applicable, photographs and documents you upload, business registration details, bank or UPI for payouts.
  • Usage data: pages viewed, features used, search queries, click events, device model, OS version, app version, IP address, approximate location derived from IP, network operator, crash logs.
  • Communications: messages you exchange with providers in our in-booking chat, with our Support team, and with our notifications service (delivery receipts, reads).

3. Sources from which data is collected

Data is collected directly from you when you use the Service (signup, booking, profile edits, KYC, reviews), and from technical integrations on your behalf — phone-OTP gateway (MSG91), payments processors (Razorpay, Cashfree), maps and geocoding (Google), push-notification services (FCM, APNs), error reporting (Sentry).

4. Purposes of processing and lawful basis

We process personal data for the following purposes, on the basis of your consent (which you give when you tick the consent box at signup) and our legitimate interest in operating the Service:

  • Authenticating you via phone-OTP, email-OTP, and (where enabled) Google sign-in.
  • Routing bookings between users and providers, including showing nearby providers and rendering provider profiles.
  • Processing payments for booking fees and provider payouts; calculating referral commissions and loyalty credits.
  • Communicating with you through transactional notifications (push, in-app, email; SMS and WhatsApp once enabled by the operator) — booking confirmations, OTPs, payment receipts, reminders.
  • Preventing fraud and abuse: rate-limiting, device fingerprinting, anomaly detection, KYC checks for providers.
  • Improving the Service through aggregated analytics, A/B tests, and crash diagnostics. We use anonymised or pseudonymised data wherever reasonably practicable.
  • Complying with law: responding to lawful government requests, preserving records for tax (GST), payments (RBI guidelines), and KYC obligations.

5. Sharing of personal data

We share personal data only as necessary to deliver the Service:

  • With the provider when you book — your name, contact, and the address (for at-home services). The provider sees only what they need to deliver the service.
  • With payment processors — Razorpay and Cashfree, for processing the booking fee and provider payouts.
  • With infrastructure providers — cloud hosting (AWS, Cloudflare R2), push notification carriers (FCM, APNs), email senders (SendGrid), and crash reporters (Sentry, PostHog). These act as "Data Processors" under our instructions, are contractually bound, and may not use your data for their own purposes.
  • With law-enforcement and regulators on receipt of a valid legal request (court order, subpoena, written request from a competent authority under Indian law).
  • In a corporate transaction (merger, acquisition, sale of assets) — personal data is transferred to the acquiring entity, who must honour this Policy.

We do not sell your personal data. We do not share it with advertisers or data brokers.

6. Cross-border transfers

Some of our infrastructure providers operate servers outside India (e.g. AWS regions outside India for redundancy). Where personal data is transferred outside India, we ensure the recipient provides protection equivalent to Indian law. The Central Government may by notification restrict transfers to certain countries; we will comply.

7. Retention

We retain personal data only for as long as needed for the purpose for which it was collected, or as required by law:

  • Booking records, invoices, tax-related data — 8 years (Income Tax Act and GST Act requirements).
  • KYC documents — for the life of the provider account plus 5 years thereafter (PMLA).
  • Account profile, addresses, chat history — until you delete your account, plus a 30-day grace period to allow account recovery.
  • Analytics events — 24 months in identifiable form; thereafter aggregated.
  • Backup snapshots — overwritten on a 30-day rolling basis.

8. Your rights under the DPDP Act

Subject to the DPDP Act and other applicable law, you have the right to:

  • Access the personal data we hold about you.
  • Correct any inaccurate, incomplete, or misleading data.
  • Erase data we no longer need to retain — subject to legal-retention obligations listed above.
  • Withdraw consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
  • Nominate another person to exercise these rights in the event of your death or incapacity.
  • Lodge a complaint with the Data Protection Board of India when constituted, or with the Grievance Officer at privacy@myappointee.in.

You can exercise these rights directly from the app (Profile → Account → Privacy → Export my data / Delete my account) or by writing to privacy@myappointee.in. We respond within the timelines required by the DPDP Act (currently 7 days for acknowledgement and 30 days for resolution).

9. Security

We follow reasonable security practices including: HTTPS everywhere, encryption-at-rest for sensitive data (R2 private bucket), parameterised database queries, rate limits at every API edge, JWT-based session management with stateless revocation, time-bounded sensitive-data access logs, regular security reviews. No method of electronic storage or transmission is 100% secure; we cannot guarantee absolute security, but we follow industry standards under the SPDI Rules.

10. Children's data

The Service is intended for users aged 18 or older. Parents and guardians may book on behalf of minors, but the booking account itself must be registered to an adult. If we become aware that we have inadvertently collected personal data of a person under 18 without verified parental consent, we will delete it.

11. Cookies and similar technologies

We use a small set of cookies and equivalent storage on the web build of the Service. See our separate Cookie Policy for the full list.

12. Changes to this Policy

We may amend this Policy from time to time. Material changes will be announced via the app at least 7 days before they take effect. Continued use of the Service after the effective date constitutes acceptance of the revised Policy.

Platform discretion and reservation of rights

The Service is provided at the sole and absolute discretion of MyAppointee. Without limiting any other rights MyAppointee has under law or these documents, MyAppointee reserves the right, at any time and without prior notice, to:

  • modify, suspend, restrict, hold, freeze, claw back, debit, set off, or forfeit any wallet balance, refund credit, loyalty points, referral commission, payout, subscription benefit, gift-card balance, or other monetary or non-monetary value attached to a user, provider, or account, when MyAppointee reasonably suspects fraud, abuse, chargeback risk, regulatory exposure, breach of these documents, or any other risk to the Service or its users;
  • modify, limit, suspend, or terminate any user's or provider's access to all or part of the Service, including the ability to log in, book, list, message, withdraw, or hold a balance, with or without retention of data;
  • modify, restrict, or revoke any subscription benefit, entitlement, capacity cap, feature flag, or commercial term, including those purchased for value, where MyAppointee determines that continuing the benefit would be inconsistent with the Service, applicable law, or these documents;
  • hold, retain, archive, redact, anonymise, export, or delete any data, content, message, listing, review, dispute submission, KYC document, or other artefact associated with a user or provider, including for the purposes of fraud prevention, audit, regulatory compliance, dispute resolution, or product improvement; and
  • change these documents or any other Service term, with notice via the app or website. Continued use of the Service after the change constitutes acceptance of the revised terms.

MyAppointee's exercise of any of these rights does not create a duty to provide a reason, to offer a refund, or to give advance notice, except where Indian law expressly requires it. Where a user disagrees with an action, the user may submit a grievance to the Grievance Officer at the address listed at the end of this document; MyAppointee will review the grievance and respond within the timelines required by the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.

Grievance and contact

Questions, complaints, or requests under this document may be sent to the Grievance Officer at grievance@myappointee.in. General queries: support@myappointee.in. Privacy-specific requests (data access, deletion, correction under the DPDP Act): privacy@myappointee.in.

MyAppointee, corporate office at Gurugram, Haryana, India. We respond to all grievances within the timelines required by Indian law (typically 24 hours for acknowledgement and 15 days for resolution).