Privacy Policy

FindHumsafar.com (the "Platform", "we", "us", "our", or "Company") is committed to protecting the privacy and personal data of every individual who uses the Platform. This Privacy Policy ("Policy") describes how we collect, use, disclose, store, transfer, and protect your Personal Data when you visit our website (https://findhumsafar.com), our Progressive Web Application, our Android application, or our iOS application (collectively, the "Services").

This Policy is published in compliance with the Digital Personal Data Protection Act 2023 ("DPDPA"), the Information Technology Act 2000 ("IT Act"), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021, and applicable global standards.

By accessing the Services, registering an Account, or otherwise providing your Personal Data to FindHumsafar, you acknowledge that you have read and understood this Policy and you provide your free, specific, informed, and unambiguous consent to the practices described below. If you do not agree with this Policy, please do not use the Services.

1. Definitions

• • "Personal Data" means any data about an individual who is identifiable by or in relation to such data, as defined under the DPDPA 2023.
• • "Sensitive Personal Data or Information" or "SPDI" has the meaning given under the IT Rules 2011 and includes passwords, financial information, health information, biometric information, and similar categories.
• • "Data Principal" means the individual to whom the Personal Data relates, namely you, the User.
• • "Data Fiduciary" means the entity that determines the purpose and means of processing Personal Data. FindHumsafar.com is the Data Fiduciary for the Personal Data we collect.
• • "Data Processor" means any third party who processes Personal Data on our behalf and on our instructions.
• • "Processing" means any operation or set of operations performed on Personal Data, including collection, recording, organisation, storage, retrieval, use, disclosure, alignment, restriction, erasure, or destruction.

2. Scope and Applicability

This Policy applies to all members, visitors, and other users of the Services. It applies regardless of whether you access the Services from India or abroad, and regardless of the device or channel used. Where local laws applicable to you provide stronger protections, those local laws will prevail.

This Policy does not apply to information you share directly with another User outside the Platform (for example, in private WhatsApp conversations after exchange of contact details), or to third-party websites linked from the Platform. Once you leave the Platform, you are governed by the privacy practices of the destination service.

3. Information We Collect

We collect only the information necessary to provide a safe, trustworthy, and effective matrimonial service. The categories of Personal Data we collect are:

3.1 Identity Information

Full name, date of birth, age, gender, marital status, religion, self-declared sect, nationality and country of residence.

3.2 Contact Information

Email address, mobile number, postal address (city, state, pincode, country), alternative contact number, where voluntarily provided.

3.3 Demographic and Cultural Information

Mother tongue, other languages spoken, caste or biraderi, cultural indicators, diet preferences, religious practice level.

3.4 Education and Profession

Highest educational qualification details, current occupation details.

3.5 Family

Father's, mother's and siblings' details.

3.6 Profile Content

• • Self-introduction or biodata.
• • Marriage expectations and partner preferences.
• • Photographs (close-up and full-body).
• • Voice notes or video introductions, if uploaded.

3.7 eKYC and Verification Data

When you opt for eKYC verification, we collect:

• • Government-issued identification number
• • Aadhaar numbers, where collected, are masked at point of capture and stored only as a one-way hash where retention is required.
• • Verification report from the eKYC service provider.

Aadhaar data is processed strictly in compliance with the Aadhaar Act 2016, the Aadhaar Authentication Regulations, and applicable UIDAI directions. We do not store the Aadhaar number in clear text on our servers.

3.8 Technical and Device Information

• • Internet Protocol (IP) address.
• • Device type, operating system, and version.
• • Browser type, version, and language settings.
• • Mobile network information and approximate geo-location (city level only, never precise GPS unless you grant explicit permission).
• • Device identifiers (advertising ID, device ID) only where required for fraud prevention.
• • Crash logs, performance telemetry, and diagnostic data.

3.9 Behavioural Information

• • Login dates, times, and source IP.
• • Pages and profiles viewed, search queries executed.
• • Salaam (Interest) sent and received.
• • Messages sent within the Platform (encrypted; we do not actively read message content except where flagged by abuse-detection systems or required by law).
• • Saved or shortlisted profiles and applied filters.

3.10 Payment Information

When you purchase a subscription, profile boost, or any other paid service:

• • Card and banking credentials are entered directly into the secure payment gateway operated by Zoho Payments and partner gateways. FindHumsafar does not see, capture, or store your card number, CVV, expiry date, or banking password.
• • We receive only a tokenised reference, transaction ID, payment status, payment method type (e.g., "UPI" or "Card"), and the last four digits of the card or UPI handle for invoice and reconciliation purposes.
• • Tax invoices and receipts are generated against your registered name and address.

3.11 Communications with Us

• • Support tickets, emails, chat transcripts, and call recordings (with notice) when you interact with our support team.
• • Feedback, surveys, reviews, and ratings you submit.
• • Reports of objectionable content or abusive Users you file under our Trust and Safety procedures.

4. How We Collect Information

We collect Personal Data through the following channels:

• • Directly from you, when you register an Account, complete your profile, or interact with the Services.
• • Automatically, through cookies, server logs, analytics, and our mobile applications.
• • From third-party authentication providers (Google, Meta, Apple) when you choose to sign in via those services. These providers share only the minimum profile information you authorise them to share.
• • From verified eKYC service providers when you opt for identity verification.
• • From our payment gateway partners, in the limited form described above.
• • From other Users, where they report your profile, recommend you, or send you a Salaam.

5. Legal Basis for Processing

We process your Personal Data on one or more of the following lawful bases under the DPDPA 2023:

• • Consent. The primary basis. By creating an Account and using the Services, you consent to the processing described in this Policy. Consent for specific high-impact features (eKYC, marketing communication, photograph sharing) is captured separately at the relevant moment.
• • Legitimate use. For example, employment or contractual purposes, processing payments owed to us, fraud prevention, or maintaining the security and integrity of the Platform.
• • Compliance with law. Where processing is required by an Indian or foreign law applicable to us, including taxation laws, anti-money-laundering regulations, court orders, and law-enforcement requests.
• • Performance of contract. To deliver the Services you have subscribed to under our Terms and Conditions.

6. How We Use Your Information

We use your Personal Data only for the purposes described in this Policy and for which you have provided consent or for which we have another lawful basis. The purposes are:

• • Account creation, profile setup, and authentication, including multi-factor authentication.
• • Matchmaking and recommendations, including AI-assisted compatibility scoring through the Matchmaker Aunty engine.
• • Communication with you about your Account, matches, Salaam received, profile views, payment receipts, and other transactional events.
• • Customer support, dispute resolution, and grievance redressal.
• • eKYC verification, fraud prevention, identity validation, and the prevention of duplicate or fake profiles.
• • Content moderation, photograph screening using Google Cloud Vision SafeSearch, and review of reported profiles by our Trust and Safety team.
• • Compliance with legal and regulatory obligations, including responses to lawful government and law-enforcement requests.
• • Security monitoring, including detection of unauthorised access, fraud, abuse, and cyber-attacks.
• • Service improvement, analytics, and research, performed on aggregated and de-identified datasets wherever feasible.
• • Marketing communications, only where you have separately opted in. You may withdraw such consent at any time without affecting the lawfulness of prior processing.

7. Sharing and Disclosure of Personal Data

FindHumsafar does not sell, rent, trade, or otherwise commercialise your Personal Data. We share Personal Data only in the following limited circumstances:

7.1 With Other Users

Your profile information is shared with other Users in the manner you configure through your privacy settings. Photographs are blurred by default and shared only when you explicitly approve a photo-access request. Contact details (mobile number, email) are shared only after both Users have expressed mutual interest and one has paid for contact-detail viewing as per the relevant subscription plan.

7.2 With Service Providers (Data Processors)

We share data with carefully selected service providers strictly to deliver the Services:

All service providers are bound by written data processing agreements requiring them to maintain confidentiality, implement reasonable security practices, process data only on our instructions, and notify us promptly of any data incident.

7.3 With Legal and Regulatory Authorities

We may disclose Personal Data to government authorities, regulators, courts, or law-enforcement agencies where we are legally required to do so, including in response to a summons, court order, lawful warrant, or legitimate cybercrime investigation. Where permitted by law, we will notify the affected User unless doing so would prejudice the investigation.

7.4 With Successors and Acquirers

In the event of a merger, acquisition, financing, asset sale, or insolvency, your Personal Data may be transferred to the successor entity. The successor will be bound by privacy commitments at least as protective as those described in this Policy, and you will be notified by email and through the Platform.

7.5 We Will Never

• • Sell your Personal Data to advertisers or data brokers.
• • Share your photographs with anyone you have not explicitly approved.
• • Use your matrimonial information for purposes unrelated to matchmaking and account management.
• • Share your sensitive Personal Data without your specific consent or a clear legal mandate.

8. International and Cross-Border Data Transfers

Your Personal Data is primarily stored and processed within India, in the Google Cloud Platform asia-south1 region (Mumbai). This ensures compliance with the data residency expectations of the DPDPA 2023 and the Reserve Bank of India payment-data localisation directive applicable to certain transactions.

Some of our service providers (such as Apple, Meta, and global email-delivery services) may have infrastructure outside India. Where any cross-border transfer is necessary, we ensure that the destination jurisdiction either (a) is notified by the Central Government of India as permissible under DPDPA, or (b) the transfer is protected by appropriate contractual safeguards equivalent to Indian standards.

9. Data Retention

We retain your Personal Data only for as long as necessary to fulfil the purposes for which it was collected and to comply with applicable legal, accounting, or reporting requirements. Specific retention periods are:

After expiry of the applicable retention period, Personal Data is irreversibly deleted or anonymised such that the data subject can no longer be identified.

10. Security of Personal Data

We implement reasonable security practices and procedures consistent with the IT Rules 2011, the DPDPA 2023, and ISO/IEC 27001 alignment, including:

• • Encryption at rest using AES-256 and in transit using TLS 1.3.
• • Multi-factor authentication available to all members and mandatory for administrative access.
• • Role-based access control with the principle of least privilege for employees and contractors.
• • Comprehensive activity logging, intrusion detection, and 24x7 security monitoring.
• • Cloud Armor and Web Application Firewall protection against DDoS, SQL injection, and other attacks.
• • Periodic vulnerability scanning and penetration testing by qualified third parties.
• • Photograph blur-by-default and invisible watermarking to deter misuse.
• • Automatic image moderation through Google Cloud Vision SafeSearch.
• • Regular employee training on data privacy, secure development, and incident response.
• • Documented incident response and breach notification procedures.

Despite these measures, no system can be guaranteed to be 100 percent secure. You also have a role to play: choose strong, unique passwords, enable MFA, never share your credentials, and log out from shared devices.

11. Your Rights as a Data Principal

Under the DPDPA 2023, you have the following rights with respect to your Personal Data:

11.1 Right to Access

You have the right to obtain a summary of the Personal Data we process about you, the identities of any Data Fiduciaries with whom we have shared your data, and the purposes of processing.

11.2 Right to Correction and Erasure

You may correct, complete, update, or erase your Personal Data through your account dashboard or by writing to grievance@findhumsafar.com. We will action verified requests within 30 days, except where retention is required by law.

11.3 Right to Withdraw Consent

You may withdraw your consent for any consent-based processing at any time. Withdrawal will not affect the lawfulness of processing carried out before withdrawal. Withdrawing consent essential to the Services may require us to close your Account.

11.4 Right of Grievance Redressal

You have the right to raise a grievance with our Grievance Officer regarding any matter related to the processing of your Personal Data, and to escalate unresolved complaints to the Data Protection Board of India in accordance with the DPDPA 2023.

11.5 Right to Nominate

You may nominate any other individual who shall, in the event of your death or incapacity, exercise your rights under the DPDPA 2023 in your stead. Nominations may be made from your Account settings.

11.6 How to Exercise Your Rights

To exercise any of the above rights, write to grievance@findhumsafar.com from your registered email address. We may ask for additional information to verify your identity. Verified requests are actioned within 30 days. There is no charge for exercising your rights.

12. Cookies and Similar Technologies

We use cookies, web beacons, local storage, and similar technologies to improve the Services. Categories of cookies we use:

• • Strictly necessary cookies, required for authentication, session management, and security. These cannot be disabled without breaking the Services.
• • Performance and analytics cookies, used to understand how members use the Platform and to improve features. These are anonymised wherever feasible.
• • Functional cookies, used to remember preferences such as language and theme.

We do not use cookies for cross-site advertising. We do not run third-party advertising trackers on our Platform.

You can control or delete cookies through your browser settings. Disabling strictly necessary cookies will prevent the Services from functioning correctly.

13. Children's Privacy

FindHumsafar is not intended for and does not knowingly collect Personal Data from children under 18 years of age (or the legal age of marriage applicable to the User's gender under Indian personal law). We require all Users to be of marriageable age. If we learn that we have inadvertently collected Personal Data from a child, we will delete the data and close the account immediately. If you believe a minor has registered, please write to grievance@findhumsafar.com.

14. Photograph and Image Privacy

Photographs uploaded to the Platform are subject to the following protections:

• • Blur-by-default. Photographs are blurred and not visible to other Users until you explicitly grant access on a case-by-case basis.
• • Invisible watermarking. Every photograph is digitally watermarked with a hidden identifier so misuse can be traced back to the source.
• • Download prevention. The Platform actively discourages right-click, screenshot, and download of photographs. We acknowledge that no technical measure is perfect; please report any misuse to moderation@findhumsafar.com.
• • Automated moderation. Every photograph is screened by Google Cloud Vision SafeSearch and held for manual review where flagged.
• • On-demand removal. You may delete any photograph from your profile at any time, and the photograph will be removed from the Platform within 24 hours and from backups within 90 days.

15. Marketing Communications

We may send you marketing communications about new features, success stories, community events, special offers, or partner products only where you have separately opted in. You may opt out at any time by clicking "unsubscribe" in any marketing email or by updating your notification preferences in your Account settings. Even after opting out, you will continue to receive transactional emails (payment receipts, OTPs, account alerts) that are essential to the Services.

16. Account Deletion

You may request deletion of your Account at any time from the Account Settings page or by writing to support@findhumsafar.com. Upon receipt of a verified deletion request:

• • Your profile is hidden from all other Users immediately.
• • Personal Data is permanently deleted within 30 days, including photographs.
• • Backup copies are overwritten within 90 days.
• • Records required to be retained for legal, tax, accounting, or fraud-prevention purposes (such as transaction invoices, dispute records, and audit logs) are retained for the periods set out in Section 9, with personal identifiers minimised wherever possible.

Account deletion is permanent and cannot be reversed. If you wish to return to FindHumsafar in the future, you will need to register a new Account.

17. Data Breach Notification

In the event of a Personal Data breach that is likely to result in harm to affected Users, we will:

• • Notify the Data Protection Board of India in the manner and within the timeline prescribed by the DPDPA 2023.
• • Notify affected Users through email and an in-app notification, providing a clear, plain-language description of the incident, the categories of data affected, the likely consequences, the measures we have taken, and the steps you can take to protect yourself.
• • Cooperate fully with the Computer Emergency Response Team India (CERT-In) where applicable.

18. Grievance Officer and Data Protection Officer

In compliance with the IT Rules 2021 and the DPDPA 2023, we have appointed a Grievance Officer / Data Protection Officer to address all queries, complaints, and rights requests:

We will acknowledge any complaint within 24 hours and resolve it within 15 days.

If you remain dissatisfied with our response, you may escalate to the Data Protection Board of India in accordance with the DPDPA 2023, or to the relevant authority under the IT Act 2000.

19. Third-Party Links and Services

The Platform may contain links to third-party websites, mobile applications, or services that are not owned or controlled by FindHumsafar. This Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party service before providing them with your Personal Data.

20. Changes to this Privacy Policy

We may update this Policy from time to time to reflect changes in law, technology, business practice, or User feedback. Material changes will be notified to registered Users by email and through an in-app banner at least 15 days before they take effect. The "Effective Date" at the top of this Policy will always reflect the latest version. Continued use of the Services after the Effective Date of changes constitutes your acceptance of the revised Policy.

21. Contact Us

For any questions, requests, or complaints relating to this Privacy Policy, please contact:

This Privacy Policy is published in English. In case of any conflict between the English version and any translated version, the English version shall prevail.