BDQ.
Legal

Privacy Policy

Last updated: 5 June 2026

This Privacy Policy explains how [LEGAL ENTITY NAME] (“BDQ Social”, “we”, “us”) collects, uses, and protects your personal data when you use our website and services. We process personal data in accordance with India’s Digital Personal Data Protection Act, 2023 and the Information Technology Act, 2000 and its rules.

Information we collect

  • Account & identity: mobile number (verified via one-time password) and, where provided, name and email.
  • Vendor KYC: business details and verification identifiers (e.g. PAN, FSSAI) submitted by vendors. KYC is verify-only; sensitive identifiers are encrypted at rest.
  • Orders & tickets: purchase details, ticket and check-in records. We do not store card or bank details — payments are processed by our gateway.
  • Technical: IP address, device/browser information, and cookies/local storage needed for security, sign-in, and core functionality.

How we use it

  • To provide ticketing, vendor onboarding, event entry, and customer support.
  • To process payments and prevent fraud and abuse (including rate limiting and security monitoring).
  • To send transactional messages (tickets, reminders, service notices) by email and WhatsApp.
  • To comply with legal obligations and enforce our Terms.

Service providers

We share the minimum data necessary with processors who help us operate:

  • Razorpay — payment processing.
  • Google Firebase — phone-number OTP authentication.
  • Cloudinary — image/asset hosting.
  • Resend — transactional email.
  • Interakt / Meta (WhatsApp) — transactional WhatsApp messages.
  • Neon / Vercel — database and application hosting.

We do not sell your personal data.

Retention

We keep personal data only as long as needed for the purposes above or as required by law, after which it is deleted or anonymised. You may request deletion of your data (see your rights below).

Your rights

Subject to applicable law, you may request access to, correction of, or erasure of your personal data, and may withdraw consent for non-essential processing. To exercise these rights, contact us using the details below.

Security

We apply technical and organisational safeguards including encryption in transit (HTTPS), encryption of sensitive KYC fields at rest, access controls, audit logging, and rate limiting. No method of transmission or storage is completely secure, but we work to protect your data.

Cookies

We use strictly necessary cookies/local storage for sign-in sessions and security. We do not use third-party advertising cookies.

Grievance Officer

In accordance with the IT Act and DPDP Act, you may contact our Grievance Officer: [GRIEVANCE OFFICER NAME], [GRIEVANCE EMAIL]. We aim to acknowledge grievances within 24 hours and resolve them within 15 days.

Contact

[LEGAL ENTITY NAME], [REGISTERED ADDRESS], Vadodara, Gujarat, India. Email [SUPPORT EMAIL], phone [SUPPORT PHONE].