Privacy Policy
Last Updated: March 3, 2026
Your Privacy Matters: spotin is committed to protecting your personal information. This policy explains what data we collect, how we use it, and your rights regarding your data.
1. Information We Collect
1.1 Information You Provide
Account Information: When you create an account, we collect:
- Full name
- Email address
- Phone number
- Password (encrypted)
Booking Information: When making bookings, we collect:
- Studio preferences
- Booking dates and times
- Special requirements or notes
- Studio type (photography, video, podcast, etc.)
Payment Information: We collect payment details through our secure payment gateway partners. We do not store complete credit/debit card numbers on our servers.
1.2 Information Collected Automatically
Usage Data:
- Pages visited on our website
- Time spent on pages
- Search queries and filters used
- Booking patterns and preferences
- Device type, browser, and operating system
- IP address and approximate location
Cookies: We use cookies to enhance your experience, remember preferences, and analyze website traffic. You can disable cookies in your browser settings, though some features may not work properly.
1.3 Information from Third Parties
- Social media profile data if you sign up via Google/Facebook
- Payment verification data from payment gateways
- Studio partner data provided about bookings and customer experiences
2. How We Use Your Information
2.1 Core Services
- Processing and managing your bookings
- Communicating booking confirmations and reminders
- Facilitating payments and refunds
- Providing customer support
- Matching you with suitable studios
2.2 Platform Improvement
- Analyzing usage patterns to improve our platform
- Personalizing your experience and recommendations
- Testing new features and functionality
- Monitoring platform performance and fixing bugs
2.3 Marketing & Communication
- Sending promotional offers and new studio announcements (you can opt-out)
- Sharing updates about weekly/monthly pass offers
- Requesting feedback and reviews
- Newsletters about creative industry trends (you can opt-out)
2.4 Legal & Safety
- Preventing fraud and unauthorized access
- Enforcing our Terms and Conditions
- Complying with legal obligations
- Resolving disputes between customers and studios
3. How We Share Your Information
3.1 With Studio Partners
When you make a booking, we share your name, phone number, and email with the booked studio to enable them to fulfill your booking. Studios are required to keep this information confidential and use it only for booking purposes.
3.2 With Service Providers
We share data with trusted third-party service providers who help us operate our platform:
- Payment Processors: Razorpay, Paytm, PhonePe (for payment processing)
- Email Service: SendGrid, AWS SES (for sending booking confirmations)
- SMS Service: Twilio, MSG91 (for booking reminders)
- Analytics: Google Analytics (for website usage analysis)
- Cloud Hosting: AWS, Google Cloud (for data storage)
3.3 Legal Requirements
We may disclose your information if required by law, court order, or government authority, or to protect our rights and safety.
3.4 What We DON'T Do
- We DO NOT sell your personal data to third parties
- We DO NOT share your data with advertisers without consent
- We DO NOT rent or lease customer lists
4. Data Security
4.1 Security Measures
We implement industry-standard security measures to protect your data:
- SSL/TLS encryption for all data transmission
- Encrypted storage of sensitive information
- Regular security audits and vulnerability testing
- Access controls limiting who can view customer data
- PCI-DSS compliant payment processing
4.2 Data Breach Protocol
In the unlikely event of a data breach affecting your personal information, we will:
- Notify you within 72 hours of discovering the breach
- Inform relevant authorities as required by law
- Take immediate steps to secure the affected systems
- Provide guidance on protecting your account
5. Your Data Rights
5.1 Access & Portability
You have the right to:
- Access all personal data we hold about you
- Request a copy of your data in portable format (CSV, JSON)
- Review your booking history and transaction records
5.2 Correction & Update
You can update your account information at any time through your profile settings. If you need assistance, contact us at spotinstudios@gmail.com.
5.3 Deletion (Right to be Forgotten)
You may request deletion of your account and personal data. Please note:
- We must retain financial records for 7 years per Indian tax laws
- Booking records with active or past bookings may be retained for dispute resolution
- Anonymized data may be retained for analytics purposes
5.4 Marketing Opt-Out
You can opt-out of promotional emails at any time by:
- Clicking "unsubscribe" in any marketing email
- Adjusting your email preferences in account settings
- Emailing us at spotinstudios@gmail.com
6. Data Retention
6.1 Retention Periods
- Active Accounts: Data retained while account is active
- Inactive Accounts: Deleted after 3 years of inactivity
- Booking Records: Retained for 7 years (tax compliance)
- Financial Data: 7 years per Income Tax Act, 1961
- Marketing Data: Deleted upon opt-out request
- Support Tickets: 2 years for quality assurance
7. Children's Privacy
spotin is not intended for users under 18 years of age. We do not knowingly collect personal information from minors. If you are under 18, please do not use our platform or provide any personal information. If we discover we have collected data from a minor, we will delete it immediately.
8. Video Surveillance Disclosure
Many partner studios have CCTV cameras for security purposes. When booking, you will be informed if the studio has video surveillance. Studios must:
- Display clear signage about CCTV presence
- Only use cameras for security, not to monitor creative work
- Comply with IT Act, 2000 regarding video recording
- Not share recordings with third parties without consent
9. International Data Transfers
Currently, all customer data is stored on servers located in India. Some third-party service providers (like Google Analytics, AWS) may transfer data internationally. These providers are required to maintain equivalent data protection standards.
10. Legal Compliance
This Privacy Policy complies with:
- Information Technology Act, 2000
- IT (Reasonable Security Practices) Rules, 2011
- Digital Personal Data Protection Act, 2023
- Consumer Protection Act, 2019
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will:
- Notify you via email for significant changes
- Update the "Last Updated" date at the top
- Post a notice on our website for 30 days
Continued use of spotin after changes constitutes acceptance of the updated policy.
12. Contact Us
For privacy-related questions, requests, or complaints, contact:
- Email: spotinstudios@gmail.com
- Subject Line: "Privacy Request - [Your Name]"
- Address: Gurugram, Haryana, India
Data Protection Officer: For DPDP Act 2023 compliance, direct inquiries to the email above with subject "DPO - Privacy Matter".
13. Grievance Redressal
Under IT Act 2000 and DPDP Act 2023, we have a grievance officer to address privacy concerns:
- Response Time: We will acknowledge complaints within 48 hours
- Resolution Time: We aim to resolve issues within 30 days
- Escalation: Unresolved complaints can be escalated to the Data Protection Board of India
Your Rights Summary: You have the right to access, correct, delete, and port your data. You can opt-out of marketing anytime. We never sell your personal information to third parties.