Chitly|Privacy Policy

Privacy Policy

Compliant with India's Digital Personal Data Protection Act, 2023 (DPDP Act)

1. Data We Collect

Data Type	Who Provides It	Why
Business name, email, phone	Operator	Account creation
Member name, phone, email	Operator (about members)	Group management
Aadhaar number (last 4 digits only)	Operator	KYC compliance
PAN number (encrypted)	Operator	KYC compliance
Payment records	System generated	Financial audit trail
Login timestamps, IP address	System generated	Security

2. How We Protect Data

Full Aadhaar numbers are never stored — only last 4 digits
PAN numbers are AES-256 encrypted in the database
All data transmitted over HTTPS/TLS
Oracle Autonomous DB with automatic encryption at rest
Access limited to the operator who entered the data
We never sell member data to third parties

3. Data Sharing

We share data only with:

Razorpay — payment processing (their privacy policy applies)
Meta (WhatsApp) — message delivery only (no personal data stored)
Oracle Cloud — database hosting
Law enforcement — if legally required by court order

4. Your Rights (DPDP Act 2023)

Right to access your data
Right to correct inaccurate data
Right to erasure (account deletion)
Right to data portability (export your data)

To exercise these rights: privacy@chitly.in

5. Data Retention

Operator data retained for 7 years after account closure (financial record requirement under Indian law). Member data deleted 3 years after the last chit group closes, unless legally required to retain.