Privacy Policy

Effective 14 May 2026 · Operated by Plenitude Systems Pvt. Ltd., Gandhi Road, Kallakurichi, Tamil Nadu, India.

This Privacy Policy describes how Plenitude Systems Pvt. Ltd. ("ServEaseNow", "we", "us", "our") collects, uses, shares and protects the personal data of users of the ServEaseNow mobile application and the website at serveasenow.com (together, the "Service").

We comply with India's Digital Personal Data Protection Act, 2023 (the "DPDP Act") and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. By using the Service, you agree to the practices described in this Policy.

1. Who we are

ServEaseNow is operated by Plenitude Systems Pvt. Ltd., a company incorporated in India with its registered office at Gandhi Road, Kallakurichi, Tamil Nadu, India. We are the "Data Fiduciary" under the DPDP Act for the personal data we collect through the Service.

2. Data we collect

2.1 Account data (all users)

  • Mobile number (used as the primary identifier)
  • Email address
  • Name (optional for consumers; required for providers)
  • Preferred language (Tamil or English)
  • Pincode + district

2.2 Provider data

  • Business name and (optional) contact person name
  • Business bio, photos of work / shop
  • Service categories and subcategories offered
  • Service catchment radius and (optional) precise shop location (latitude / longitude)
  • Aadhaar verification status, performed by our KYC partner Digio. We do not store your Aadhaar number — only a one-way hash and the verified-at timestamp.
  • (Optional) GSTIN
  • Bank account details for escrow payouts: account holder name, account number, IFSC code, bank name. The last four digits are denormalised for display; the full number is encrypted at rest and only accessed by authorised payouts.

2.3 Consumer request data (RFQs)

  • The structured form you submit for each enquiry (urgency, preferred date, budget, etc.)
  • Optional photos and voice notes attached to the enquiry
  • Pincode of service location, plus (optional) precise latitude / longitude if you drop a map pin
  • Quote prices, chat messages, ratings and reviews you post

2.4 Payment data

  • Razorpay Payment IDs and order IDs. Full card / UPI details are processed directly by Razorpay and are never visible to us.
  • Escrow state per booking (created / held / released / refunded / disputed)

2.5 Device and usage data

  • Firebase Cloud Messaging (FCM) registration token, used to send push notifications
  • App version, OS version, device model (collected via Supabase auth logs)
  • IP address and access timestamps (in standard server logs, retained for 30 days)

3. How we use your data

  • To run the marketplace. Match consumer enquiries with verified providers in the catchment radius; deliver quotes; enable chat; process payments.
  • To send transactional notifications. Push, SMS, and WhatsApp messages about new enquiries, quotes received, KYC verdicts, escrow state changes, dispute updates.
  • To verify identity. Aadhaar KYC for providers via Digio. Bank account verification for payouts.
  • To prevent fraud and abuse. Price-band guardrails on quotes, rate-limiting on RFQ creation, duplicate-listing checks.
  • To improve the service. Aggregated, anonymised usage metrics. We do not run third-party analytics SDKs that track individual users across apps.
  • To comply with law. Disclosure to authorities when required by valid legal process, including the DPDP Act, the IT Act, and RBI / FIU directives.

4. How we share your data

4.1 With other users of the Service

  • When a consumer posts an enquiry, the structured form payload (excluding phone and full address) is dispatched to up to 8 matched providers.
  • Once the consumer awards a quote, the consumer's name and phone number are unlocked for the awarded provider only.
  • Provider profiles (business name, photos, ratings, services, optional price ranges) are visible to all signed-in consumers in the catchment.
  • Reviews you post are visible to the reviewed provider and to other consumers browsing that provider.

4.2 With our processors

We share data with the following third parties only to the extent necessary to operate the Service. Each is bound by a data-processing agreement and India-localised data residency where available.

  • Supabase (Singapore region, AWS) — Postgres database, authentication, file storage, Realtime, Edge Functions.
  • Razorpay (India) — payment processing, escrow, subscription billing.
  • Digio (India) — Aadhaar OKYC, eSign.
  • MSG91 (India) — transactional SMS.
  • Gupshup (India) — WhatsApp Business messages.
  • Google Firebase (FCM only) — push notifications.
  • OpenStreetMap — anonymous map tiles when you open the map picker. Your location is never shared with OpenStreetMap.

4.3 With law enforcement

When required by a lawful order, court direction, or government request backed by statutory authority (including DPDP Act § 36, IT Act § 69, FIU-IND directives), we disclose the minimum necessary data and log the disclosure to our internal audit trail.

5. Data retention

  • Account data: while your account is active. On account deletion request, deleted within 30 days, subject to the legal-retention exceptions below.
  • RFQ data and chat messages: 2 years from creation, then purged. Disputed RFQs retained until the dispute is resolved + 1 year.
  • Payment records: 7 years, as required by the Income Tax Act, 1961 and RBI directives.
  • KYC artifacts: Aadhaar hash retained for the life of the provider account; cleared on account deletion. We never store the raw Aadhaar number.
  • Server access logs: 30 days for IP / timestamp; aggregated metrics retained indefinitely.

6. Your rights under the DPDP Act

You have the right to:

  • Access the personal data we hold about you.
  • Correct or complete inaccurate or incomplete data.
  • Erase your data, subject to the retention obligations listed in Section 5.
  • Withdraw consent at any time. Continued use of the Service after withdrawal may not be possible.
  • Nominate another person to exercise these rights on your behalf in the event of your death or incapacity.
  • Grievance redressal — see Section 11.

7. Security

  • All data is transmitted over TLS 1.2 or higher. We do not accept unencrypted connections.
  • Database storage is encrypted at rest with AES-256 (Supabase managed).
  • Row-Level Security policies in our database mean each user can only read and write their own records. Administrative access is logged.
  • Aadhaar numbers are never persisted — only a SHA-256 hash for duplicate-detection purposes.
  • We require multi-factor authentication on all administrative consoles.

8. Children

The Service is not directed to children under 18. We do not knowingly collect data from minors. If you believe we have collected data from a child, contact us at support@serveasenow.com and we will delete it.

9. Cookies and trackers (website)

serveasenow.com uses only first-party cookies strictly necessary for session management. We do not run third-party advertising or analytics cookies. The mobile app does not use web cookies.

10. Changes to this Policy

We may update this Policy. Material changes will be notified in-app and by email at least 7 days before they take effect. Continued use of the Service after the effective date constitutes acceptance of the change.

11. Grievance Officer and contact

For any privacy concerns, requests under Section 6, or complaints, contact:

Grievance Officer
Plenitude Systems Pvt. Ltd.
Gandhi Road, Kallakurichi, Tamil Nadu, India
Email: support@serveasenow.com

We acknowledge grievances within 48 hours and resolve them within 30 days as required by the DPDP Act.