Privacy Policy

SaveKarr is a brand owned and operated by Shree Origin Ventures ("we", "us", "our"). SaveKarr is a marketplace and coordination platform for shared access, unused value exchange, and cost-sharing between users. This Privacy Policy describes the personal data we process when you use savekarr.com and any related app or service, the purposes for which we process it, and the rights you have over that data.

This policy applies to all individuals (data principals) who create an account, host a listing, join a membership, or otherwise interact with SaveKarr. It is published as required under Section 5 of the Digital Personal Data Protection Act, 2023 (DPDP Act) and Rule 4 of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.

• Account data — email address (required), name and profile picture (optional, including data shared by Google when you choose Google sign-in).
• Verification data — phone number (optional), PAN number and legal name (optional, for higher-trust hosts), selfie or document image URLs you submit voluntarily.
• Marketplace activity — listings you create, join requests you send, payments you make, dispute communications, ratings, reviews, audit logs.
• Payment metadata — Razorpay order/payment IDs, payment status, last-4 of the payment instrument. We do not store full card numbers, CVVs, UPI PINs, or third-party account passwords.
• Device + log data — IP address, browser type, device identifiers, basic request logs used for security and rate-limiting.
• Communications — emails you send to support / grievance / privacy mailboxes; in-app dispute messages.
• Host Verification Data — when completing the Host Pledge, we collect your full name, city, and WhatsApp contact number. This information is stored securely and is accessible only to SaveKarr admin. This information is never shared with other users of the platform under any circumstances.

SaveKarr will never ask for or store third-party account passwords, OTPs, UPI PINs, single-use codes, or your full card numbers. Any message claiming otherwise is phishing — report it to support@savekarr.com.

We process your personal data under the following lawful bases under the DPDP Act:

• Consent — optional verification steps (phone, PAN), Google sign-in, marketing emails (if any).
• Legitimate use / performance of contract — running your account, processing payments, building trust scoring, mediating disputes, sending transactional notifications.
• Legal obligation — record-keeping under applicable tax, payment, and consumer-protection regulations; fraud-prevention obligations.

We do not use your personal data for automated profiling that produces legal or similarly significant effects, and we do not target advertising based on your personal data.

We share the minimum data needed with the following processors. Each is bound by data-processing terms requiring confidentiality, security, and purpose limitation.

• Razorpay — to process payments, refunds, and payouts. Razorpay's own privacy policy applies to payment-instrument data.
• Resend — to deliver transactional email (verification, dispute updates, receipts).
• Google OAuth — only if you choose "Continue with Google". We receive your email, name, and profile picture. SaveKarr operates its own Google OAuth client (no third-party login broker).
• Hosting & infrastructure — cloud providers we use for compute, storage, and managed databases.
• SaveKarr Compliance Team — internal admins reviewing verifications and disputes, under strict access controls and audit logging.

We do not sell, rent, or trade your personal data.

Where any of our processors store data outside India, transfers are made only to jurisdictions the Government of India has not restricted under Section 16 of the DPDP Act, and only under contractual safeguards equivalent to those required under Indian law.

We keep personal data only for as long as needed for the purpose for which it was collected:

• Active accounts — for as long as your account is open.
• Verification artefacts (PAN, identity) — for the verified period plus 18 months for fraud-prevention and compliance, then deleted on request.
• Marketplace transaction records — retained per applicable financial and tax laws (typically up to 7 years).
• Closed accounts — derived non-identifying audit data may be retained beyond closure; identifying data is purged within 90 days of a verified deletion request, subject to legal-hold obligations.

Under the DPDP Act, 2023 you have the right to:

• Access — request a copy of your personal data we process.
• Correction & erasure — request correction of inaccurate data or deletion of data we no longer need.
• Withdraw consent — disable optional verifications and Google linkage from your Trust Center or Settings.
• Nominate — name another individual to exercise these rights on your behalf in case of death or incapacity.
• Grievance redressal — raise a complaint with our Grievance Officer (Section 11). You may also approach the Data Protection Board of India if your concern is unresolved.

Submit any of the above requests by email to admin@savekarr.com. We respond within 30 days.

We follow reasonable security practices and procedures (as defined under Rule 8 of the IT (Reasonable Security Practices) Rules, 2011), including:

• TLS 1.2+ encryption in transit and AES-256 at rest for sensitive fields.
• Industry-standard password hashing (bcrypt with per-user salts).
• Role-based admin access with full audit logging on sensitive actions (verifications, payouts, suspensions).
• Rate-limiting, anomaly detection, and protection against common attack patterns (SQL injection, XSS, brute force).

In the event of a personal-data breach that is likely to result in significant harm, we will notify the affected data principals and the Data Protection Board of India as required under Section 8(6) of the DPDP Act.

Host Identity Protection. Host phone numbers, full names (in Private Host mode), and personal contact details collected during verification are never included in any API response accessible to members or non-admin users. SaveKarr employs automatic detection systems to prevent personal contact information from being shared through platform communication channels.

In accordance with Rule 5(9) of the IT Rules, 2021 and Section 8(10) of the DPDP Act, 2023:

SaveKarr uses a small number of strictly necessary cookies and local-storage entries:

• sk_token — authentication token (HttpOnly when cookie-based; otherwise localStorage).
• theme — your light / dark mode preference.
• Razorpay sets its own cookies during checkout (subject to Razorpay's privacy policy).

We do not use advertising or cross-site tracking cookies. If we introduce optional analytics in the future, we'll surface a consent banner and update this section.

SaveKarr is not intended for individuals under 18. We do not knowingly collect personal data from children. If you believe a child has created an account, please contact our Grievance Officer and we will close the account and delete the associated data.

Material changes to this Privacy Policy will be announced in-app and via email at least 14 days before they take effect. Continued use of SaveKarr after the effective date constitutes acceptance.

For privacy questions or to exercise your rights, write to admin@savekarr.com. For general support, use support@savekarr.com or Contact.