Privacy Policy

Effective Date: February 17, 2026

Last Updated: February 24, 2026

App Name: WiBAS (Women buyers & sellers)

Developer: WiBAS

Platform: Android (Google Play Store)

Contact Email: support@wibas.com

1. INTRODUCTION

Welcome to WiBAS ("App," "Service," "Platform," "we," "us," or "our"). We are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use the WiBAS mobile application.

This Privacy Policy applies to all users of the WiBAS App, including buyers and sellers. By downloading, installing, or using WiBAS, you agree to the collection and use of information in accordance with this policy.

Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access or use the App.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

Account Registration Data

When you create an account, we collect:

• Full Name — Required to create your profile and identify you to other users
• Phone Number — 10-digit Indian mobile number, used as your primary login credential for authentication
• Password — Minimum 8 characters, stored in hashed (encrypted) form only; we never store plain text passwords
• Gender — Selection of "Female" or "Prefer not to say," used for community focus verification
• User Role — Buyer or Seller selection, used to determine subscription pricing and feature access

Profile Data

When completing your profile, we collect:

• Email Address — Optional; used for payment receipts and important account communications
• Full Address — Required for location-based marketplace features
• Pincode — 6-digit Indian postal code; used for location-based product search and filtering
• Profile Photo — Optional; uploaded to and stored in secure third-party cloud storage

Product Listing Data (Sellers)

When sellers post products, we collect:

• Product Title — Up to 100 characters
• Product Description — Up to 2,000 characters
• Product Price — Numerical value in INR
• Product Category — Selected from predefined categories
• Product Images — Up to 4 images per listing, selected from device gallery and uploaded to secure third-party cloud storage

Payment Data

When processing subscription service fee payments:

• Payment Transaction IDs — Razorpay payment IDs and order IDs
• Payment Amount and Currency — Service fee amount in INR
• Payment Status — Success, failure, or pending status
• Payment Timestamps — Date and time of payment events
• Invoice Email — Optional email for receiving payment receipts from Razorpay

Feedback and Reports

When you submit feedback or product reports, we collect:

• Feedback Category — Feature request, bug report, UI/UX improvement, performance, or other
• Subject and Description — Your written feedback content
• Report Reason — Spam, inappropriate content, fake product, scam, duplicate, or other
• Reporter Identity — Your user ID is associated with reports for accountability

2.2 Information Collected Automatically

Device Information

• Device Identifier — A unique identifier assigned to your device for security and authentication purposes
• Device Information — Basic device details used for session management and security verification

Usage Data

• Product Views — Count of products you have viewed
• Search Queries — Text queries entered in the search feature (for functionality, not stored externally)
• Contact Actions — Count of times you contacted sellers (call or WhatsApp button taps)
• Favorite Products — Products you mark as favorites
• App Interaction Patterns — Screen navigation and feature usage

Authentication and Session Data

• Login Timestamps — Date and time of each login
• Session Information — Secure session tokens stored on your device for maintaining your logged-in state
• Session Status — Information used to manage and validate your active sessions
• Subscription Status — Active, expired, grace period, or pending

Log Data

• API Request Logs — Endpoint accessed, request method, response codes, and error information
• Error Logs — Application errors for debugging and improvement purposes

2.3 Information We Do NOT Collect

WiBAS does NOT collect the following:

• Precise GPS Location — We do not access your device's GPS or location services. Location is inferred only from the pincode you manually enter
• Contacts — We do not access your phone's contact list
• Camera — We do not directly access your camera. Image selection is done through your device's gallery/photo library picker
• Microphone — We do not access your device's microphone
• Call Logs — We do not access your device's call history
• SMS Messages — We do not read your SMS messages
• Calendar — We do not access your calendar
• Browsing History — We do not track your web browsing activity outside the App
• Financial Account Details — We do not store credit card numbers, bank account numbers, or other financial credentials

3. HOW WE USE YOUR INFORMATION

3.1 Core Service Functionality

• Account Creation and Management — Creating, maintaining, and authenticating your user account
• Profile Display — Showing your name, profile photo, and location to other users for marketplace purposes
• Product Listings — Displaying seller product listings to buyers on the platform
• Search and Discovery — Enabling buyers to search and filter products by price, location, category, and keywords
• Contact Facilitation — Enabling buyers to contact sellers via phone call or WhatsApp through the App's contact buttons
• Payment Processing — Processing subscription payments through Razorpay
• Subscription Management — Tracking subscription status, expiry dates, and grace periods

3.2 Safety and Security

• Identity Verification — Verifying your identity through phone number and password-based authentication
• Fraud Prevention — Detecting and preventing fraudulent accounts, fake listings, and suspicious activity
• Account Security — Device ID tracking to detect unauthorized access and session management to protect your account
• Content Moderation — Reviewing reported content and enforcing community guidelines
• Rate Limiting — Preventing abuse through login attempt limits, upload limits, and API rate limiting

3.3 Service Improvement

• Analytics — Understanding how users interact with the App to improve features and user experience
• Bug Fixing — Using error logs and crash reports to identify and resolve technical issues
• Feature Development — Using aggregated, anonymized usage patterns to inform new feature development

3.4 Communication

• Notifications — Sending in-app notifications about subscription expiry, system announcements, and important updates
• Support — Responding to your feedback submissions and support requests
• Account Alerts — Notifying you of security events such as login from a new device or account status changes

4. HOW WE SHARE YOUR INFORMATION

4.1 With Other Users

The following information is visible to other users on the platform:

• Buyers can see: Seller's name, profile photo, products, business name (if provided), location (pincode area), and contact information (phone number when contact button is used)
• Sellers can see: That a buyer has initiated contact (contact count), but cannot see buyer details beyond their name/profile when contact occurs

4.2 With Third-Party Service Providers

We share information with the following third-party service providers who process data on our behalf:

Razorpay (Payment Processor)

• Data Shared: Name, phone number, email (if provided), service fee amount, order ID
• Purpose: Processing subscription service fee payments securely
• Razorpay Privacy Policy: https://razorpay.com/privacy/
• Razorpay Terms: https://razorpay.com/terms/

Cloud Service Providers

• Data Shared: User profile data, product data, authentication data, images
• Purpose: Database services, secure file storage (images), and authentication services
• Security: All cloud service providers are compliant with international data protection and security standards

4.3 With Law Enforcement and Government Authorities

We may disclose your information to law enforcement or government authorities when:

• Required by law, legal process, or lawful government request
• Necessary to protect the rights, property, or safety of WiBAS, our users, or the public
• Required to investigate or prevent illegal activities, fraud, or security threats
• Ordered by a court or regulatory authority with proper jurisdiction
• Required under the Information Technology Act, 2000, or other applicable Indian laws

In cases involving child exploitation or child sexual abuse material, we will proactively report to relevant authorities including the Indian Cyber Crime Coordination Centre and law enforcement agencies.

4.4 In Business Transfers

If WiBAS is involved in a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify users of any such transfer and any changes to the applicable privacy policy.

4.5 We Do NOT Sell Your Data

WiBAS does not sell, rent, or trade your personal information to any third party for marketing, advertising, or any other commercial purpose.

4.6 We Do NOT Share for Advertising

We do not share your personal data with third-party advertisers. Advertisements shown in the App are managed internally and do not involve sharing user data with ad networks.

5. DATA STORAGE AND SECURITY

5.1 Where Your Data Is Stored

Your personal data is stored securely on protected cloud infrastructure compliant with international security standards. We use industry-leading cloud providers with multiple backup systems to ensure data availability and protection. Data is encrypted both during transmission and at rest. Your sensitive authentication information is stored securely on your device. Profile and product images are stored in secure cloud storage with access controls.

5.2 Security Measures

We implement comprehensive security measures to protect your data:

• Data Encryption: All data transmitted between the App and our servers is encrypted using industry-standard protocols
• Password Protection: User passwords are securely hashed and are never stored in plain text
• Secure Authentication: Authentication credentials are stored securely on your device and not exposed in plain text
• Session Security: Secure session management with periodic refresh mechanisms to maintain account safety
• Account Activity Monitoring: We monitor and log account access patterns to detect suspicious activity
• Login Protection: Multiple failed login attempts trigger protective measures including temporary account lockout
• API Security: All communications with our servers are protected against unauthorized access and abuse
• Payment Security: Payment transactions are processed through PCI-DSS compliant payment processors with signature verification
• Data Access Controls: Strict authorization rules ensure users can only access their own data
• Regular Security Updates: We continuously monitor and update our security infrastructure to protect against emerging threats

5.3 Data Breach Response

In the event of a data breach that compromises personal information:

• We will investigate the breach immediately upon discovery
• We will notify affected users within 72 hours of becoming aware of the breach
• We will report the breach to relevant authorities as required by law
• We will take immediate steps to contain the breach and prevent further unauthorized access
• We will provide affected users with guidance on steps they can take to protect themselves

6. DATA RETENTION

6.1 Active Accounts

We retain your personal data for as long as your account is active and as needed to provide you with the Service.

6.2 Specific Retention Periods

• User Account Data: Retained as long as the account is active; deleted upon account deletion request (subject to legal requirements)
• Product Listings: Retained as long as the seller's account is active; removed when the product is deleted or the account is terminated
• Payment Records (Service Fee Transactions): Retained for a minimum of 8 years from the date of transaction, as required by Indian tax and financial regulations
• Authentication Logs: Retained for 90 days for security and audit purposes
• Pending User Data: Automatically deleted after 24 hours if the user does not complete registration and payment
• Product Images: Deleted from cloud storage when the associated product or account is deleted
• Profile Images: Deleted from cloud storage when the user removes their photo or account is deleted
• Error and API Logs: Retained for 90 days for debugging, then automatically purged
• Product Reports: Retained for 1 year after resolution for moderation audit purposes

6.3 Post-Termination Retention

After account termination or deletion:

• Personal data is deleted or anonymized within 30 days
• Service fee transaction records are retained as required by law (minimum 8 years)
• Anonymized, aggregated data may be retained indefinitely for analytical purposes
• Data involved in ongoing legal proceedings may be retained until the matter is resolved

7. YOUR RIGHTS

7.1 Right to Access

You have the right to request a copy of the personal information we hold about you. Your current profile information is accessible within the App at any time through the Manage Profile screen.

7.2 Right to Correction

You have the right to correct inaccurate or incomplete personal information. You can update your name, email, address, pincode, and profile photo directly within the App through the Manage Profile screen.

7.3 Right to Deletion

You have the right to request deletion of your account and personal data. To request deletion:

• Contact us at support@wibas.com with the subject line "Account Deletion Request"
• Include your registered phone number for verification purposes
• We will process the deletion within 30 days of receiving your verified request
• Certain data may be retained as required by law (see Section 6)

7.4 Right to Data Portability

You have the right to request your data in a structured, commonly used, machine-readable format. Contact us at support@wibas.com to make this request.

7.5 Right to Withdraw Consent

Where we rely on your consent for processing, you may withdraw consent at any time by:

• Adjusting your notification preferences within the App
• Contacting us at support@wibas.com
• Deleting your account

Withdrawal of consent does not affect the lawfulness of processing based on consent before withdrawal.

7.6 Right to Rectify

If you are unsatisfied with how we handle your data, you have the right to contact our Grievance Officer (see Section 12).

8. CHILDREN'S PRIVACY

8.1 Age Restriction

WiBAS is strictly for users aged 14 and above. We do not knowingly collect personal information from anyone under the age of 14.

8.2 Discovery of Minor's Data

If we discover that we have collected personal information from a user under 14 years of age, we will:

• Immediately delete all associated personal data
• Terminate the account
• Notify the parent or guardian if contact information is available

8.3 Parental Notification

If you are a parent or guardian and believe that your child under 14 has created an account on WiBAS, please contact us immediately at support@wibas.com. We will take prompt action to delete the account and all associated data.

8.4 Zero Tolerance for Child Exploitation

• Immediately removed
• Reported to law enforcement authorities
• Reported to the National Center for Missing and Exploited Children (NCMEC)
• Reported to the Indian Cyber Crime Coordination Centre
• The associated account will be permanently terminated with no possibility of reinstatement

9. COOKIES AND TRACKING TECHNOLOGIES

9.1 Local Storage

The App uses secure on-device storage (Android Keystore via expo-secure-store) to store:

• Authentication tokens (access token and refresh token)
• User session data
• Device ID (app-generated identifier)
• Subscription cache data
• User role preferences

9.2 No Web Cookies

As a native mobile application, WiBAS does not use web browser cookies. We do not track users across websites or other applications.

9.3 No Third-Party Tracking SDKs

WiBAS does not integrate third-party analytics SDKs (such as Google Analytics, Facebook SDK, Amplitude, Mixpanel, or similar tracking tools) to track user behavior. Usage analytics are collected internally through our own backend API logs only.

10. THIRD-PARTY LINKS AND SERVICES

10.1 External Links

The App may contain links to external websites or services (such as WhatsApp for contacting sellers). These external services have their own privacy policies and we are not responsible for their privacy practices.

10.2 WhatsApp Communication

When you use the "WhatsApp" contact button to reach a seller, the App opens WhatsApp with the seller's phone number. This interaction occurs entirely within WhatsApp and is governed by WhatsApp's privacy policy. WiBAS does not access, read, or store WhatsApp messages.

10.3 Phone Call Communication

When you use the "Call" contact button, the App opens your device's phone dialer with the seller's number. The call occurs through your device's native phone application. WiBAS does not record, listen to, or access any phone calls.

11. CHANGES TO THIS PRIVACY POLICY

11.1 Notification of Changes

We may update this Privacy Policy from time to time. When we make changes:

• We will update the "Last Updated" date at the top of this document
• For significant changes, we will provide in-app notification before the changes take effect
• Continued use of the App after changes become effective constitutes acceptance

11.2 Material Changes

Material changes include but are not limited to:

• New categories of personal data being collected
• New purposes for existing data collection
• New third-party data sharing arrangements
• Changes to data retention periods
• Changes to your rights regarding your data

12. CONTACT INFORMATION AND GRIEVANCE OFFICER

12.1 General Inquiries

For general questions about this Privacy Policy:

• Email: support@wibas.com
• In-App: Use the "Suggest Improvement" feature
• Response Time: We aim to respond within 48 hours

12.2 Data Protection Requests

For data access, correction, deletion, or portability requests:

• Email: support@wibas.com
• Subject Line: Include "Data Request" followed by the type of request
• Verification: We will verify your identity before processing any data request
• Processing Time: Within 30 days of verified request

12.3 Grievance Officer

In accordance with the Information Technology Act, 2000 and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021:

Grievance Officer:

• Email: support@wibas.com
• Response Time: Acknowledgment within 24-48 hours; resolution within 15 days

The Grievance Officer shall address complaints regarding any content that is in violation of these Terms, including content related to privacy, intellectual property, or prohibited content.

13. SPECIFIC DATA PROCESSING DETAILS (GOOGLE PLAY DATA SAFETY)

This section provides specific details as required by Google Play Store's Data Safety requirements.

13.1 Data Collected

13.2 Data Encryption

• All data is encrypted in transit using HTTPS/TLS
• Passwords are cryptographically hashed before storage
• Authentication tokens are stored in device secure storage (hardware-backed)
• Service fee payment data is processed through PCI-DSS compliant Razorpay infrastructure

13.3 Data Deletion

Users can request account and data deletion by contacting support@wibas.com. Deletion is processed within 30 days, with exceptions for data required by law.

13.4 Data Not Sold

No user data is sold to third parties.

14. COMPLIANCE

14.1 Indian Laws

This Privacy Policy complies with:

• Information Technology Act, 2000 — India's primary cyber law governing electronic commerce and data protection
• Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 — Rules governing collection and handling of sensitive personal data
• Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 — Intermediary compliance requirements including grievance redressal
• Consumer Protection Act, 2019 — Consumer rights protection in digital transactions
• Payment and Settlement Systems Act, 2007 — Governing electronic payment systems
• Digital Personal Data Protection Act, 2023 — India's comprehensive data protection legislation

14.2 Google Play Requirements

This Privacy Policy is designed to comply with Google Play Store's requirements including:

• Data Safety section disclosures
• Families Policy requirements (age restriction enforcement)
• User Data policy (transparent data practices)
• Permissions policy (minimal and justified permissions)
• Financial services policy (payment handling disclosure)

15. PERMISSIONS USED BY THE APP

Permissions NOT used:

• Location / GPS
• Camera (direct access)
• Contacts
• Microphone
• Phone State
• SMS
• Calendar
• Bluetooth
• Background Location

16. GOVERNING LAW

This Privacy Policy is governed by and construed in accordance with the laws of India. Any disputes arising from this Privacy Policy shall be subject to the exclusive jurisdiction of the courts in Nashik, Maharashtra, India.

WiBAS™ — Women Building A Sustainable Future
© 2026 WiBAS. All rights reserved.