Privacy Policy

1. Information We Collect

We collect only what is necessary to deliver a meaningful local experience:

• Account information — your name, email address, and password when you register.
• Location information — city, pincode, state, and neighbourhood, used to show you relevant local content.
• Profile details — avatar, cover photo, bio, and any information you voluntarily add to your profile.
• Content you create — posts, news, event listings, marketplace items, group activity, and direct messages.
• Usage data — pages visited, features used, and session preferences to improve the platform.
• Device information — browser type and approximate device details for security and compatibility.
• Google sign-in data — if you register or log in with Google, we receive your name and email address from Google's OAuth service.
• Search activity — search queries are anonymously logged (city and search term only; never linked to your user account) to generate "Trending in your area" discovery suggestions.
• City interest requests — if you use the "Request your city" feature, we collect the country, state, and city you submit without linking it to your user account.
• Abuse reports you submit — if you report a post, listing, user, or group, we store the report content and stated reason to enable admin review and enforcement.

2. How We Use Your Information

• To create and manage your account and provide access to platform features.
• To deliver neighbourhood-specific content, groups, events, and marketplace listings.
• To enable connections with other users in your area.
• To send service-related notifications such as password resets and account alerts.
• To improve, personalise, and secure the platform experience.
• To review and moderate user-uploaded content — including profile avatars, post images, and marketplace photos — for compliance with community guidelines and applicable law.
• To comply with applicable laws, including the Information Technology Act, 2000, and the Digital Personal Data Protection Act, 2023 (India), and applicable laws in Nepal including the Individual Privacy Act, 2018.
• To detect, investigate, and prevent spam, fraudulent listings, and harmful activity, including through automated NSFW image moderation applied to all user-uploaded images before they are stored.
• To maintain internal moderation audit records of enforcement actions — such as community warnings issued and content removed — as required for intermediary compliance under applicable law.

3. Data Sharing

We do not sell your personal information. We may share data only in the following circumstances:

• Service providers — Vercel (hosting and CDN), Supabase (database, authentication, and file storage), Resend (transactional email), Cloudflare (bot protection via Turnstile), and Sightengine (image content moderation — user-uploaded images are checked for NSFW content before storage; Sightengine receives only the image data and does not retain it after analysis). Each processes only what is necessary for their function and operates under data processing agreements. Supabase stores data in the AWS Mumbai region (ap-south-1) to minimise cross-border data transfer.
• Legal requirements — when required by law, court order, or competent authority under Indian or Nepali law.
• Community visibility — your public profile, posts, and activity are visible to other users according to the settings you choose.
• Authorised administrators — PadosME's admin team may access user-generated content and account information through the admin portal solely for moderation, abuse investigation, and platform safety duties. Admin access is limited to authorised individuals and all administrative actions are logged.

4. Data Retention

We retain your data for as long as your account is active or as needed to provide our services. As part of our data minimisation practice, the following automatic retention schedules apply:

• Community posts and local news: deleted 90 days after creation.
• Local events: deleted 30 days after the event date.
• Sold marketplace listings: deleted 30 days after being marked sold.
• Unsold marketplace listings: expire 180 days (6 months) after creation; sellers may re-list.
• Direct messages: removed from active inboxes after 90 days.
• In-app notifications: cleared after 30 days.
• Account data and profile: retained until you delete your account, after which we remove personal information within 30 days, except where retention is required by law.
• Anonymous search logs: used only for aggregated trending calculations; individual log entries are not retained beyond what is necessary for this purpose.

5. Your Rights

You have the right to:

• Access, correct, or update your personal information at any time from your profile settings.
• Request deletion of your account and associated data.
• Opt out of non-essential communications.
• Nominate a person to exercise your data rights on your behalf (as provided under the Digital Personal Data Protection Act, 2023, India).
• Raise a data grievance with us — we aim to acknowledge within 48 hours and resolve within 7 working days, as required under applicable Indian data protection law.
• Lodge a complaint with the Data Protection Board of India (for Indian residents) or the relevant authority in Nepal if you believe your data rights under applicable law have been violated and we have not resolved your complaint satisfactorily.

6. Security

We use industry-standard security measures, including encrypted connections and access controls, to protect your information. That said, no method of transmission over the internet is completely secure. We encourage you to use a strong password and to sign out of shared devices.

7. Cookies and Session Preferences

PadosME uses cookies and local session storage to keep you signed in, remember your neighbourhood preferences, and personalise your experience. You can disable cookies in your browser settings, though this may affect certain features. We do not use third-party advertising cookies.

8. Children’s Privacy

PadosME is intended for users aged 18 and above. Under India’s Digital Personal Data Protection Act, 2023, users under 18 are classified as children and require verifiable parental consent for data processing. To protect younger users and avoid this requirement, we restrict use of the platform to those aged 18 and above. We do not knowingly collect personal data from minors. If you believe a minor has provided us with information, please contact us and we will promptly remove it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the date at the top of this page. Continued use of the platform after changes are posted constitutes your acceptance of the revised policy.

10. Grievance Officer

As required under Rule 3(2)(b) of the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and consistent with the Digital Personal Data Protection Act, 2023, PadosME has designated a grievance process for content-related and data protection complaints. You may submit a grievance through our Contact page. We will:

• Acknowledge your grievance within 24 hours of receipt.
• Resolve, or use best efforts to resolve, data protection grievances within 15 calendar days.
• Address urgent content grievances — including non-consensual intimate imagery, content depicting minors, or imminent threats to safety — within 72 hours.
• If your grievance concerns an immediate threat to life or safety, please also contact your local law enforcement authority without delay.

11. Contact Us

If you have questions or concerns about this Privacy Policy, please reach us through our Contact page. We aim to respond to all privacy-related inquiries within 7 working days.