bookmi← Back to site

Legal

Privacy Policy

Last updated: 18 June 2026

This Privacy Policy explains how we collect, use, share, retain and protect your personal data when you use the bookmi platform (the “Platform”). It is designed to align with the Digital Personal Data Protection Act, 2023 (the “DPDP Act”) and other applicable Indian law. Terms such as “personal data”, “processing”, “Data Fiduciary”, “Data Processor” and “Data Principal” have the meanings given to them in the DPDP Act.

1. Who we are (Data Fiduciary)

The Data Fiduciary responsible for your personal data is VABERACO BOOKMI TECH PRIVATE LIMITED, a Private Limited Company having its registered office at Flat No. 1804, Wing-A, Shiv Shivam Tower, New Link Road, Opp. Lotus Petrol Pump, Adarsh Nagar, Mumbai, Mumbai Suburban, Maharashtra – 400102, India. GSTIN: 27AALCV1605J1Z6. You can reach us about privacy matters via our Grievance Officer (see Section 12).

2. Personal data we collect

  • Identity & contact data: name, email address, phone number, and account credentials.
  • KYC & verification data: identity documents and related details you submit for verification (e.g. government ID), and bank account / UPI details used for withdrawals.
  • Profile data: profile photo, skills, ratings, reviews and other information you choose to add.
  • Task & proof data: task descriptions, messages, submitted proof materials, photographs, and GPS/location data captured as part of the proof flow to verify where and when a task was completed.
  • Transaction data: wallet balances, recharges, withdrawals, fees, GST and payout records (payment-instrument details are handled by our payment partner, not stored by us in full).
  • Technical & usage data: device and browser information, IP address, and logs needed to operate and secure the Platform.

3. Why we process your data (purposes)

  • to create and administer your account and provide the Platform;
  • to match Businesses with Earners, manage the task lifecycle, and verify proof of completion (including location verification);
  • to process wallet recharges, hold task funds, calculate and collect fees and GST, and effect payouts;
  • to perform KYC, prevent fraud, and ensure platform safety;
  • to provide support, resolve disputes, and send service communications;
  • to comply with legal, tax and regulatory obligations; and
  • to improve and secure the Platform and, with your consent where required, to send you updates.

4. Legal basis & consent

We process your personal data on the basis of your consent and/or for the legitimate uses permitted under the DPDP Act — including where processing is necessary to provide a service you have requested, to comply with law, or to prevent fraud. Where we rely on consent, we ask for it through clear means and you may withdraw it at any time (which may limit our ability to provide certain features). For features such as the proof/location flow, we collect location data only in connection with tasks you choose to undertake.

5. Sharing with processors & third parties

We do not sell your personal data. We share it only as needed to operate the Platform, with Data Processors who act on our instructions under appropriate contractual safeguards, including:

  • Razorpay — payment processing for recharges, payouts and related transactions;
  • Supabase — database, authentication and backend hosting;
  • Cloudflare (including Cloudflare R2 object storage) — application hosting, content delivery, security, and storage of uploaded files such as proof images and KYC documents.

We may also disclose data to government authorities, regulators or courts where required by law, and to professional advisers, or in connection with a merger, acquisition or reorganisation, subject to appropriate protections.

6. Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including to provide the Platform, resolve disputes, and to meet legal, tax, accounting and regulatory requirements. When data is no longer required and we are not legally obliged to retain it, we will erase it or anonymise it.

7. Your rights as a Data Principal

Subject to the DPDP Act, you have the right to:

  • access a summary of the personal data we process about you and the processing activities;
  • correction and updating of inaccurate or incomplete data, and completion of data;
  • erasure of your personal data where it is no longer necessary and not required to be retained by law;
  • grievance redressal — to raise a complaint with our Grievance Officer (Section 12); and
  • nominate another individual to exercise your rights in the event of your death or incapacity.

To exercise any right, contact our Grievance Officer. We may need to verify your identity before acting on a request.

8. Security measures

We implement reasonable technical and organisational security safeguards to protect personal data against unauthorised access, disclosure, alteration and loss — including encryption in transit, access controls, scoped storage credentials, and use of reputable infrastructure providers. No method of transmission or storage is completely secure; in the event of a personal data breach, we will notify the Data Protection Board and affected Data Principals as required by the DPDP Act.

9. Children’s data

The Platform is intended only for individuals aged 18 years or older. We do not knowingly collect personal data of minors. If we learn that we have collected data from a person under 18, we will delete it and close any associated account.

10. Cross-border transfer

Your personal data is primarily stored and processed in India. Some of our Data Processors may process data on infrastructure located outside India. Where personal data is transferred outside India, we do so in accordance with the DPDP Act and any restrictions notified by the Central Government, and under contractual safeguards with those processors.

11. Cookies

We use a limited number of strictly necessary cookies, principally a session / authentication cookie that keeps you signed in and secures your session. These are essential to operate the Platform. We do not use third-party advertising or cross-site tracking cookies. If we introduce any analytics or tracking technologies in future, we will update this Policy and obtain consent where required.

12. Grievance Officer

If you have any questions, concerns or complaints about how we handle your personal data, please contact our Grievance Officer:

Grievance Officer: {{TODO: grievance_officer_name}}
For: VABERACO BOOKMI TECH PRIVATE LIMITED
Address: Flat No. 1804, Wing-A, Shiv Shivam Tower, New Link Road, Opp. Lotus Petrol Pump, Adarsh Nagar, Mumbai, Mumbai Suburban, Maharashtra – 400102, India
Email: {{TODO: support_email}}
Phone: {{TODO: grievance_phone}}

We will acknowledge your grievance within 48 (forty-eight) hours and endeavour to resolve it within approximately 30 (thirty) days of receipt. See our Grievance Redressal page for the full process.

13. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be notified through the Platform or by email, and the “Last updated” date above will reflect the latest revision.