Privacy Policy

Last updated: 13 May 2026

This Privacy Policy describes how GaadiMate ("we," "us," or "our") collects, uses, and protects your personal data when you use the GaadiMate mobile application and website (collectively, the "Service"). It is issued in compliance with the Digital Personal Data Protection Act, 2023 ("DPDP Act") and the Information Technology Act, 2000.

1. Who we are

GaadiMate is operated by Shweta Chaudhary as a sole proprietorship based in India. For the purposes of the DPDP Act, we are the "Data Fiduciary" responsible for processing your personal data. You, the user, are the "Data Principal."

2. Data we collect

We collect only the minimum data needed to provide the Service.

2.1 Vehicle information

• Vehicle Registration Number (e.g. DL3CAB1234)
• RC details: make, model, variant, fuel type, registration date, owner name as it appears on the RC, chassis and engine numbers (only the last 4 digits are stored; the rest is masked)
• Insurance details: insurer name, policy number, expiry date
• Pollution Under Control (PUC) certificate validity
• Service history you enter or upload (dates, kilometres, work performed)
• Photographs of service center bills you choose to scan

2.2 Account and contact information

• Email address (for account creation and communication)
• Phone number (optional, for OTP-based login)

2.3 Optional data

• Approximate location (only if you enable vendor recommendations) — used to show puncture, battery, and tyre shops near you
• Vendor reviews you submit

2.4 Technical data

• App version, device model, operating system version (for crash reporting and compatibility)

3. How we use your data

• To track renewal dates (PUC, insurance, road tax) and remind you before they expire
• To suggest service intervals based on your vehicle's manufacturer recommendations
• To analyse service center bills you upload, comparing line items against typical service schedules and flagging items that may not be necessary
• To recommend nearby verified vendors
• To improve the Service through aggregated, anonymised usage analytics

4. Where your data is stored

The vast majority of your vehicle data lives on your device, not on our servers. A local SQLite database on your phone holds your vehicle records, service history, reminders, and uploaded bill images.

Data is transmitted off your device only in the following situations:

• Vehicle verification: When you add a vehicle, your registration number is sent to a third-party verification provider (Cashfree Payments India Pvt. Ltd.) to fetch your RC details.
• DigiLocker fetch: If you choose the DigiLocker onboarding flow, we use Setu (a Pine Labs company) as our authorised DigiLocker partner. Documents are fetched directly from the issuing authority through DigiLocker after your explicit consent.
• Bill analysis: If you choose to scan a service bill, the OCR-extracted text is sent to a Large Language Model provider for analysis. The image itself is not transmitted off your device. The LLM provider does not retain this data for model training.
• Crash reporting: Anonymised crash logs are sent to a third-party error-tracking service to help us fix bugs.

5. Sharing of personal data

We do not sell your personal data. We do not share it with insurers, dealers, advertisers, or marketers. Personal data is shared only with the third-party processors listed in Section 4, and only to the extent necessary to provide the Service.

6. Your rights as a Data Principal

Under the DPDP Act, you have the following rights:

• Right to access: Request a summary of the personal data we hold about you and the processors with whom it has been shared.
• Right to correction and completion: Request correction of inaccurate or incomplete data.
• Right to erasure: Request deletion of your data. Since most data is on your device, you can also delete it directly by uninstalling the app or clearing app data from your device settings.
• Right of grievance redressal: Raise concerns with our Grievance Officer (see Section 11).
• Right to nominate: Nominate another individual to exercise these rights on your behalf in the event of your death or incapacity.

To exercise any of these rights, email privacy@gaadimate.in. We will respond within 30 days.

7. Withdrawal of consent

Where processing is based on your consent, you may withdraw it at any time. Withdrawing consent for vehicle verification will not affect data already fetched, but it will prevent further verification calls.

8. Children's data

The Service is not intended for users under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at privacy@gaadimate.in and we will delete it.

9. Data retention

On-device data is retained until you delete it or uninstall the app. Data sent to verification providers (Cashfree, Setu) is governed by their respective retention policies, available on their websites. Anonymised crash logs are retained for 90 days.

10. Security

API tokens for verification providers are stored in your device's secure keystore (iOS Keychain / Android Keystore). All network communication uses HTTPS. Despite our efforts, no system is completely secure; we will notify affected users and the Data Protection Board of India in the event of a personal data breach as required by law.

11. Grievance Officer

12. Cross-border data transfer

Some processors (e.g. the LLM provider used for bill analysis) may process data outside India. We rely on contractual safeguards with these processors. As of the date of this policy, no country has been notified by the Government of India under Section 16 of the DPDP Act as restricted for transfer.

13. Changes to this policy

We may update this policy from time to time. Material changes will be notified within the app and by email at least 14 days before they take effect.

14. Contact

For any questions about this Privacy Policy, contact us at privacy@gaadimate.in.