Privacy Policy
Last updated: 05 June 2026 · Version 2.7.2
NCR Technologies (“we”, “us”, “our”) is a sole proprietorship operated by Dushyant Kumar Singh, registered at Lily-605, THD Garden, Thada, Bhiwadi, Khairthal-Tijara, Rajasthan – 301018. We are registered as a Micro Enterprise (Services) under the Government of India MSME Udyam scheme: UDYAM-RJ-37-0010048 (registered 25 March 2026; established 20 March 2026). We operate the GharSeva mobile application (“the App”) and the website at ncrtechnologies.in.
This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have. By creating an account or using the App, you agree to the practices described below. If you do not agree, please do not use the App.
This policy is published in compliance with applicable Indian laws, including the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (as and when its provisions are notified).
Information we collect
We collect information necessary to deliver home services through our marketplace, broken down by category:
Account information
- Name, mobile number, email address, and password (or Google sign-in token) when you register.
- Profile photo, if you choose to upload one.
Profile and address information
- Saved service addresses with house/flat number, building, locality, city, and pincode.
- Latitude and longitude coordinates of your saved addresses (for partner matching), captured only with your permission.
- Language preference, theme preference, and notification preferences.
Service-partner-specific information
- KYC verification status for Aadhaar and PAN (boolean only — see the KYC verification section below).
- Bank account number, IFSC, and account-holder name, used to pay you your share. The account is verified by an instant penny-drop — a ₹1 deposit via our verification partner Sandbox that confirms the account-holder name registered at the bank — before payouts are enabled.
- UPI handle, if you choose to add one for payouts or invoicing.
- Professional qualifications, skill set, service area, and pricing preferences.
- Live geographic location during the active-booking window (for the customer's tracking screen). Tracking begins up to 1 hour before the scheduled service time and stops automatically about 1 hour after, or sooner if the partner toggles offline. Location is not collected outside this window.
Booking information
- Services requested, scheduled date/time, service location, and special instructions.
- In-app chat messages between user and partner (retained for support and dispute review).
- Ratings, reviews, and complaint records.
Payment information
- Payments are processed by Razorpay Software Private Limited. We receive only a payment ID and status — not your full card number, CVV, UPI PIN, or net-banking credentials.
- For partners, an obfuscated reference to the registered bank account (last 4 digits + bank name) is shown in the dashboard.
Device, usage, and diagnostic information
- Device model, operating system version, app version, and IP address.
- Crash reports, error logs, and diagnostic data when the app encounters an error.
- Push-notification tokens (Expo / Firebase Cloud Messaging) so we can deliver booking updates.
Identity & bank verification (KYC)
GharSeva verifies the identity and payout bank account of service partners through Sandbox (sandbox.co.in), a verification provider that connects to the relevant authorities — UIDAI for Aadhaar, NSDL/Protean for PAN, and the banking network for bank-account checks. Every check is initiated only with the partner’s explicit, in-app consent.
How verification works
- Aadhaar (UIDAI OTP): the partner enters their Aadhaar number in the App and receives a one-time password (OTP) from UIDAI on their Aadhaar-registered mobile number; entering it confirms control of that Aadhaar. We receive only a success result and the name on record.
- PAN (NSDL/Protean): the partner enters their PAN, which is validated against the income-tax PAN database via NSDL/Protean. We receive only a validity result and the name on record.
- Bank account (penny-drop): before payouts are enabled, the partner enters their account number and IFSC. Sandbox deposits ₹1 into the account and returns the account-holder name registered at the bank, which we match against the name the partner entered.
Each check runs only after the partner gives explicit consent in the App — a clear consent notice citing UIDAI / NSDL is shown before Aadhaar or PAN submission — and the Aadhaar, PAN, or bank details are transmitted directly to Sandbox over an encrypted connection from our Cloud Function.
What we do NOT store or transmit
In line with UIDAI’s data-minimisation principle and our zero-storage policy:
- We do not store or log the Aadhaar number, the PAN number, or any document number after a check completes.
- We do not download, store, or display any Aadhaar/PAN card image, scanned copy, or PDF.
- We do not collect biometric data (fingerprint, iris, face).
- We do not collect demographic data (date of birth, gender) from the Aadhaar record.
- We do not share your Aadhaar or PAN verification status with any third party except as required by Indian law.
What we store
The only persistent fields we write to our database after verification are:
aadhaarStatus/panStatus: a boolean (verified / not verified).bankVerified: a boolean, plus the account-holder name returned by the penny-drop (for the name match) and a transaction reference for audit.- The bank account number and IFSC you provide — needed to send your payouts — along with the verification timestamp and source (
"sandbox").
This is the minimum needed to confirm a partner is genuine and to pay them: a verification bit per document, plus the bank details required to send a payout.
Consent and revocation
Identity and bank verification are required for partners to accept bookings and receive payouts. Each check is initiated only after the partner taps to consent in the App and confirms the on-screen UIDAI / NSDL notice.
You may revoke this consent at any time by writing to admin@ncrtechnologies.in (subject line: "KYC — revoke verification"). Upon revocation we delete the verification status flags from our database; the partner account will then need to re-verify or will lose access to features that require verification.
Compliance & security
Our Sandbox API credentials are stored exclusively as Firebase Cloud Function secrets and are never embedded in the mobile app bundle. Aadhaar, PAN, and bank details are sent directly from our Cloud Function to Sandbox over TLS for the sole purpose of that verification and are not retained by us afterwards. Sandbox processes this data as our verification provider under its own privacy and security commitments.
How we use your information
- To create and manage your account and provide the App's features.
- To match users with appropriate, nearby service partners based on service requested, address, and partner skill.
- To process customer payments and refunds via Razorpay, and to pay partner payouts to their verified bank account.
- To verify the identity and payout bank account of service partners via our verification partner Sandbox (KYC compliance, fraud prevention).
- To provide live tracking of partners during active bookings and to enable in-app chat & calling.
- To provide customer support, resolve disputes, review complaints, and improve safety.
- To send transactional notifications, receipts, OTPs, and service updates.
- To detect, investigate, and prevent fraud, abuse, or violations of our Terms.
- To comply with applicable laws, tax obligations, and regulatory orders.
- To improve our services through aggregated, de-identified analytics.
How we share information
We share information only as needed to operate the service. We do not sell your personal information to advertisers or third parties.
- With service partners you book: limited to what is necessary to deliver the service — your name, address, and service request details. Communication happens through the App's in-app text chat; if you tap the in-app call button, your device's native dialler opens with the partner's phone number (and vice-versa for partners contacting you).
- Razorpay Software Private Limited: for processing customer payments and refunds (UPI, card, net banking). Razorpay is a PCI-DSS certified payment processor governed by its own privacy policy.
- Google Firebase (Google LLC and Google India Private Limited): for authentication, hosted database (Firestore), Cloud Functions, push notifications, and analytics. Data is hosted on Google Cloud infrastructure under Google's enterprise data protection terms; Cloud Functions currently run in Google Cloud's us-central1 region.
- Google Maps: for address lookup, geocoding, and routing during live partner tracking.
- 2Factor.in: for SMS OTP delivery during phone-number verification.
- Anthropic, PBC: the Seva AI in-app assistant uses Anthropic's Claude API to answer policy and how-to questions. Anthropic does not retain or train on conversation content per their commercial agreements.
- Sandbox (sandbox.co.in): for partner identity (Aadhaar, PAN) and bank-account verification, as described above; data is sent only to perform the check and is not retained by us afterwards.
- Law enforcement and regulators: when legally compelled, or where we believe in good faith that disclosure is necessary to comply with law, prevent fraud, or protect the safety of users.
Data retention
We retain your personal information for as long as your account is active or as needed to provide services. Booking and transaction records are retained for the period mandated by the Income Tax Act, GST law, and accounting regulations of India (typically 6–8 years). Diagnostic data and runtime error logs collected through Firebase services are retained per Firebase's platform retention policies. In-app chat logs are retained for the lifetime of your account and are deleted along with all your other data when you delete your account.
You can request account deletion at any time by going to Profile → Delete Account in the App and typing “DELETE” to confirm. The deletion is immediate and irreversible — we permanently delete your account, profile, saved addresses, in-app chat messages, and all booking records associated with your account. The in-app confirmation reads: “Your account and all data have been permanently deleted.” Where Indian tax law requires retention of transaction-level financial records, those records may be kept separately in our finance ledger after account deletion and are not accessible through the App.
Your rights
You have the right to:
- Access the personal information we hold about you (write to admin@ncrtechnologies.in).
- Correct inaccurate or outdated information through your in-app profile screen, or by emailing us.
- Request deletion of your account and associated personal data.
- Withdraw consent for optional data collection (e.g., marketing notifications) without affecting services.
- Withdraw KYC verification consent and have the verification status flags removed.
- Lodge a complaint with the appropriate data protection authority or with our Grievance Officer.
Security
We use industry-standard safeguards to protect your information:
- All data in transit is encrypted via TLS 1.2+ (HTTPS).
- Authentication uses Firebase Auth or SMS OTP; passwords are hashed and never visible to us in plaintext.
- Sensitive write paths (refunds, payouts, KYC status) are gated by Firestore Security Rules and dedicated Cloud Functions — clients cannot fabricate financial state.
- Payment processing is handled exclusively by PCI-DSS certified providers; we do not handle raw card or banking credentials.
- Cloud Function secrets (Razorpay, Sandbox, and others) are stored in Google Cloud Secret Manager, not in the source code or app bundle.
No system is fully immune to risk. We encourage strong passwords, prompt reporting of any suspicious activity, and never sharing your OTP with anyone — not even support staff.
Children's privacy
GharSeva is not intended for users under the age of 18. We do not knowingly collect information from children. If we learn that a minor has provided personal information, we will delete it promptly.
Changes to this policy
We may update this Privacy Policy from time to time as our product or applicable laws change. Material changes will be communicated through the App or by email at least 7 days before they take effect. Continued use of GharSeva after changes constitutes acceptance of the updated policy.
Grievance officer & contact
For privacy-related questions, requests, complaints, or grievance redressal under the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021:
NCR Technologies
Operated by Dushyant Kumar Singh (Sole Proprietor)
Lily-605, THD Garden, Thada, Bhiwadi,
Khairthal-Tijara, Rajasthan – 301018
MSME Udyam Reg. UDYAM-RJ-37-0010048
Phone: +91 82905 66572
Grievance Officer / Privacy: admin@ncrtechnologies.in
Customer support: support@ncrtechnologies.in
Website: ncrtechnologies.in
We aim to acknowledge grievances within 24 hours and resolve them within 15 days, in line with the IT Rules, 2021.
Officially issued by
NCR Technologies · Bhiwadi, Rajasthan, India