Privacy Policy

Privacy Policy

Effective Date: 6^th August 2025

This Privacy Policy explains how Lahar Networks Private Limited (“Company”, “Lahar”, “we”, “our”, or “us”) collects, uses, processes, shares, and protects personal information of users (“User”, “you”, or “your”) who access or use the Lahar platform (“Platform”).

By using the Platform, you consent to the practices described in this Privacy Policy.

1. Scope

1.1 This Policy applies to all categories of Users (Regular Users, Content Creators/Marketplace Operators, Institutional Users).

1.2 This Policy is framed in compliance with:

1. Digital Personal Data Protection Act, 2023 (DPDP Act, India)

2. Information Technology Act, 2000 (Sec. 43A, 72A) and IT Rules, 2011/2021

3. General Data Protection Regulation (GDPR – EU/EEA)

4. California Consumer Privacy Act (CCPA – USA)

5. Other applicable international data protection laws

1.3 It also meets data requirements of Merchant Acquiring Banks, Payment Networks, and Service Providers regarding AML/KYC, transaction monitoring, and dispute resolution.

2. Data We Collect

We may collect the following categories of information:

2.1 Personal Information: Name, contact details, date of birth, address, identity proofs (where required by KYC/AML).

2.2 Account Information: Username, password, preferences, profile data.

2.3 Financial Information: Payment card details, bank account details, UPI ID, wallet information, subject to PCI-DSS compliance.

2.4 Transactional Data: Purchase history, subscriptions, refunds, chargebacks.

2.5 Device and Technical Data: IP address, browser type, device identifiers, geolocation, log files, cookies.

2.6 Content Data: Posts, messages, uploads, Marketplace content.

2.7 Compliance Data: Logs, KYC information, risk reports, fraud alerts, as required under CERT-In Directions 2022 and Merchant Acquirer obligations.

3. How We Use Data

We process data for the following purposes:

3.1 Service Delivery: To create accounts, provide Platform services, manage Maker–Checker approvals.

3.2 Payments & Transactions: To process payments, settlements, refunds, and handle disputes/chargebacks.

3.3 Regulatory Compliance: To meet obligations under AML/KYC, fraud detection, CERT-In reporting, DPDP Act, GDPR, CCPA, and other applicable laws.

3.4 Security & Risk Monitoring: To detect, prevent, and investigate fraud, unauthorized use, or abuse.

3.5 Improvement: To enhance services, personalize user experience, and conduct analytics.

3.6 Communication: To send service updates, policy changes, or promotional communications (with opt-out rights).

4. Legal Basis for Processing

4.1 Under DPDP Act (India): Processing is based on consent or legitimate use.

4.2 Under GDPR (EU/UK): Processing is based on consent, contractual necessity, legal obligation, or legitimate interest.

4.3 Under CCPA (California): We do not sell personal data; users have the right to opt out of any data sharing for marketing.

5. Sharing of Data

We may share data with:

5.1 Payment Partners and Merchant Acquirers: Banks, card networks, and payment gateways for processing payments, refunds, and fraud monitoring.

5.2 Regulators & Law Enforcement: When required by law, regulator, or court order.

5.3 Service Providers: Vendors providing hosting, analytics, KYC verification, or customer support under strict contractual safeguards.

5.4 Corporate Transactions: In case of mergers, acquisitions, or restructuring.

We do not sell user data to third parties.

6. Data Storage & Security

6.1 Data Storage: Data may be stored in India and, where applicable, in other jurisdictions compliant with cross-border transfer laws.

6.2 Security Measures:

1. PCI-DSS compliance for financial data.

2. Encryption of data at rest and in transit.

3. Access controls, logging, and regular audits.

6.3 Data Retention: Personal data is retained only as long as necessary for service provision, regulatory compliance (e.g., 5 years under CERT-In, AML rules), or dispute resolution.

7. User Rights

Subject to Applicable Laws, Users have the following rights:

7.1 Access: Right to know what data we hold.
7.2 Correction: Right to correct inaccuracies.
7.3 Erasure: Right to request deletion (subject to legal retention).
7.4 Portability: Right to obtain a copy in machine-readable format (GDPR).
7.5 Opt-Out: Right to opt-out of marketing (GDPR/CCPA).
7.6 Withdrawal of Consent: Users may withdraw consent anytime, but this may affect continued access.
7.7 Children’s Data: Accounts of minors require parental consent (DPDP, COPPA, GDPR). Parents may request access, correction, or deletion of minor’s data.

8. Cookies and Tracking

We use cookies, beacons, and similar technologies for authentication, analytics, personalization, and security. Users may control cookie preferences via browser settings.

9. International Transfers

For Users outside India, data may be transferred to and stored in India or other countries. Transfers will comply with DPDP Act, GDPR adequacy rules, or contractual safeguards (SCCs).

10. Compliance with Merchant Acquiring Banks

10.1 Users consent to data being shared with banks, card networks, and acquiring partners for purposes of:

1. KYC, AML, fraud prevention.

2. Chargeback and dispute resolution.

3. Transaction monitoring and regulatory reporting.

10.2 Users authorize Lahar to disclose data to acquiring partners to ensure payment compliance.

11. Data Breach Notification

In case of a personal data breach:

1. Users and regulators will be notified as per Applicable Laws (72 hours under GDPR, “as soon as possible” under DPDP, CERT-In requirements within 6 hours).

12. Updates to Policy

We may update this Policy from time to time. Significant changes will be notified to Users via email or Platform alerts. Continued use after updates constitutes acceptance.

13. Contact Information

For data protection queries, rights requests, or complaints, contact:

Data Protection Officer
Lahar Networks Private Limited
D-365, West Vinod Nagar, East Delhi, Delhi 110092, India
Email: [email protected]