Banjara Sathi ("App", "Platform", "we", "us", "our") is a community and matrimony platform for the Gor Banjara (Lambani) community, owned and operated by Krilax Innovations Private Limited, a company registered in Maharashtra, India. This Privacy Policy describes how we collect, use, store, protect, and share your personal data in connection with the Banjara Sathi mobile application and all related services. By creating an account, accessing, or using the Platform, you consent to the collection and processing of your personal data as described herein, in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.
Krilax Innovations Private Limited is the Data Fiduciary under the DPDP Act, 2023 for all personal data processed through the Banjara Sathi Platform. For any data protection inquiries, grievances, or requests, you may contact us at support@banjarasathi.app.
When you register for and use Banjara Sathi, we collect the following categories of personal data: (a) Account and Identity Data, including your mobile phone number used for OTP-based verification and subsequent password-based authentication, your password which is stored exclusively in bcrypt-hashed form with cryptographic salt and is never stored, transmitted, or logged in plain text, your full name, date of birth, and gender; (b) Profile and Matrimony Data, including your photographs uploaded to our secure cloud storage, community information such as clan (gotra), pada, and tanda, family details including family type, number of siblings, and father's occupation, educational qualifications and employment details including occupation and income range, physical attributes, lifestyle preferences, and partner preferences; (c) Location Data, including your self-declared state, district, and city of residence, which is not derived from GPS or device location services; (d) Communication Data, including chat messages exchanged between mutually matched users, forum posts, comments on posts and announcements, and poll votes; (e) Transaction and Payment Data, including subscription plan selections, payment amounts, Razorpay order identifiers, Razorpay payment identifiers, Razorpay payment signatures, payment method types such as UPI, card, or net banking, billing periods, platform fees, GST amounts, and transaction timestamps, provided that we do not at any time store, access, or process your credit card numbers, debit card numbers, UPI PINs, bank account numbers, or any payment instrument credentials, as all payment processing is handled directly by Razorpay, a PCI-DSS compliant payment gateway; (f) Device and Technical Data, including device type, operating system version, Expo push notification tokens for delivery of notifications, and application version; and (g) Usage and Analytics Data, including profile view records, interests sent and received, login timestamps, daily active usage patterns, and feature engagement metrics.
We process your personal data for the following purposes and on the following legal bases: providing matrimony matching services within the Banjara community based on your stated preferences, gotra compatibility, and partner criteria, which constitutes the primary purpose for which you have provided consent under Section 6 of the DPDP Act; enabling community features including the discussion forum, community events, polls, heritage content, and announcements; displaying your profile information to other registered users for the purpose of matrimony matching and community engagement; delivering push notifications regarding new interests received, mutual matches, chat messages, payment confirmations, subscription status updates, community announcements, and event updates, categorized into separate notification channels (General, Messages, Matches, Payments) that you can independently control through your device settings; processing subscription payments through Razorpay and maintaining transaction records for accounting, tax compliance, and dispute resolution; verifying community membership and enforcing platform guidelines through content moderation; preventing fraud, detecting fake profiles, and maintaining platform security through server-side validation of payment status, idempotency checks on transactions, rate limiting on sensitive operations, and automated content filtering; and generating aggregated, anonymized analytics to improve the Platform, which do not identify any individual user.
Your personal data is visible to and shared with the following parties and in the following manner: other registered users of the Platform can view your profile information including your name, photographs, community details, education, and location for matrimony matching purposes, with photograph visibility controlled by subscription tier wherein free-tier viewers see blurred photographs and paid subscribers see clear photographs; your contact details including phone number are shared only after a mutual match has been established and only to users holding Gold or Heerak subscription tiers, and contact information sharing through chat messages is technically blocked for Free and Silver tier users through server-side content filtering of phone numbers, email addresses, social media handles, and URLs; payment transaction data is shared with Razorpay for payment processing, order creation, payment verification, and refund processing, subject to Razorpay's own privacy policy and PCI-DSS compliance; your data is stored on and processed through Microsoft Azure Cloud infrastructure located in the Central India region (Pune), with Azure acting as a data processor under our documented instructions; push notification delivery is facilitated through the Expo Push Notification Service, where push tokens are transmitted to Expo servers for message delivery, with no personal data beyond the notification content included in push payloads; our authorized administrative team may access your data solely for the purposes of community verification, content moderation, dispute resolution, and customer support; and we hereby affirm that we do not sell, rent, lease, trade, license, or otherwise disclose your personal data to any third-party advertisers, data brokers, marketing companies, social media platforms, analytics companies, or any other commercial entities for their independent use, and we do not engage in cross-platform behavioral tracking, retargeting, or profiling for advertising purposes.
All your personal data is stored on Microsoft Azure Cloud servers located exclusively in the Central India region (Pune, Maharashtra), and no personal data is transferred outside the territory of India. We implement the following security measures: all data transmitted between your device and our servers is encrypted using HTTPS with TLS 1.2 or higher; all data at rest in Azure Storage is encrypted using AES-256 encryption through Azure Storage Service Encryption; user passwords are hashed using bcrypt with a cost factor of 10 and unique cryptographic salt per password, and are never stored, logged, or transmitted in plain text; user authentication is implemented through JSON Web Tokens (JWT) signed with HMAC-SHA256, with access tokens valid for one year and refresh tokens valid for five years; photographs are stored in Azure Blob Storage with access controlled through time-limited Shared Access Signature (SAS) tokens that are regenerated on each API request; payment verification is performed server-side through Razorpay's API, including HMAC-SHA256 signature verification, server-side payment status confirmation verifying captured status, order-payment amount matching, and payment-to-order association verification, with duplicate payment processing prevented through idempotency checks that include user identity verification; screenshot prevention is enabled on profile viewing and photo viewing screens through native platform capabilities; and rate limiting is implemented on authentication endpoints, payment processing endpoints, and interest-sending operations to prevent abuse.
We retain your personal data for the following periods: your active account data is retained for as long as your account exists and you continue to use the Platform; upon account deletion initiated through the Settings screen, all your personal data including profile information, photographs, chat messages, interests, and community posts is permanently and irreversibly deleted from our systems within thirty (30) days; payment and transaction records are retained for a period of eight (8) years from the date of transaction as required under the Income Tax Act, 1961, the Goods and Services Tax Act, 2017, and applicable accounting standards; moderation records including user reports, enforcement actions, and ban records are retained for three (3) years for platform safety and legal compliance; anonymized and aggregated analytics data that cannot be used to identify any individual may be retained indefinitely for the purpose of improving the Platform; chat messages are deleted when either participant deletes their account; and push notification tokens are automatically deactivated when the device unregisters or the application is uninstalled.
Under the Digital Personal Data Protection Act, 2023, you have the following rights: the Right to Access your personal data (Section 11), which you may exercise by viewing your profile, settings, and order history within the app; the Right to Correction of inaccurate personal data (Section 11), which you may exercise by editing your profile information at any time through the app; the Right to Erasure of your personal data (Section 12), which you may exercise by deleting your account through Settings, resulting in permanent deletion of all your data within thirty days; the Right to Nominate a person to exercise your data rights in the event of your death or incapacity (Section 14), which you may exercise by contacting our Grievance Officer; and the Right to Grievance Redressal (Section 13), which you may exercise by contacting our Grievance Officer. We will acknowledge your grievance within twenty-four (24) hours and resolve it within fifteen (15) days. If you are unsatisfied with our resolution, you may approach the Data Protection Board of India constituted under the DPDP Act, 2023.
You provide consent to the processing of your personal data by creating an account on the Platform and accepting this Privacy Policy. You may withdraw your consent at any time by deleting your account through the Settings screen, provided that such withdrawal shall not affect the lawfulness of processing carried out prior to the withdrawal. Push notification consent is managed through your device's operating system settings and the in-app notification toggle in Settings. Contact synchronization is strictly opt-in, requires explicit user confirmation through an in-app prompt, and all contact data is hashed using SHA-256 before transmission to our servers, ensuring that raw contact numbers are never accessible to us.
Banjara Sathi is a mobile application and does not use cookies, web beacons, pixel trackers, or any browser-based tracking technologies. Authentication credentials are stored securely in encrypted device storage using Expo SecureStore. We do not engage in cross-app tracking, device fingerprinting, or any form of covert user surveillance.
Banjara Sathi is intended exclusively for users aged eighteen (18) years and above, in compliance with the legal marriageable age in India. We do not knowingly collect, solicit, or process personal data from any person under the age of eighteen. If we become aware that personal data has been collected from a minor, the account will be immediately terminated and all associated data will be permanently deleted within seventy-two (72) hours. If you believe a minor has created an account, please report it to our Grievance Officer immediately.
We employ rule-based automated systems for gotra compatibility verification, keyword-based content filtering to prevent unauthorized contact information sharing in chat, and server-side subscription feature enforcement. No fully automated decisions that produce legal effects or similarly significant effects concerning you are made by the Platform. Profile matching suggestions are generated based solely on your explicitly stated preferences and are not based on predictive behavioral algorithms or artificial intelligence profiling.
For legal compliance, dispute resolution, regulatory audit, and evidence preservation purposes, we maintain timestamped consent records documenting account creation and policy acceptance; complete payment transaction audit trails including Razorpay verification status, payment captured confirmation, amount verification results, and idempotency check outcomes; account activity logs recording login events with timestamps and device identifiers; content moderation logs recording reports filed, actions taken, and administrative decisions with timestamps and responsible administrator identifiers; data deletion confirmation records with timestamps; notification delivery records; and subscription lifecycle events including activation, renewal, expiration, and downgrade events with timestamps.
The designated Grievance Officer for the purposes of the Information Technology Act, 2000 (Section 79), the IT (Intermediary Guidelines) Rules, 2021, and the Digital Personal Data Protection Act, 2023 (Section 13) is: Krilax Innovations Pvt. Ltd., reachable at grievance@banjarasathi.app. Grievances will be acknowledged within twenty-four (24) hours of receipt and resolved within fifteen (15) days of receipt. If you are not satisfied with the resolution provided, you have the right to approach the Data Protection Board of India under the DPDP Act, 2023, or file a complaint with the appropriate authority under the IT Act, 2000.
We reserve the right to update, modify, or amend this Privacy Policy at any time to reflect changes in the Platform, applicable laws, or our business practices. Users will be notified of any material changes through an in-app push notification at least seven (7) days before the updated policy takes effect. Your continued use of the Platform after the effective date of the updated policy constitutes your acceptance of the changes. Previous versions of this policy are available upon written request to our support email.
This Privacy Policy shall be governed by and construed in accordance with the laws of India, including but not limited to the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, the Indian Contract Act, 1872, and all applicable rules and regulations thereunder. Any disputes arising out of or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the competent courts in Nashik, Maharashtra, India.
© 2026 Krilax Innovations Private Limited. All rights reserved.