Phones, Laptops, Smartwatch: Buy, Repair & Sell

1. Introduction

Gadget Guruz Technologies Pvt Ltd ("Company", "we", "our", "us") respects your privacy and is committed to protecting the personal data of every individual who interacts with our platforms and products. This Privacy Policy describes how we collect, use, store, disclose, and safeguard your data in full compliance with the Digital Personal Data Protection (DPDP) Act, 2023 and the Information Technology Act, 2000 and its amendments.

This Policy applies to our platforms:

gadgetguruz.com — our consumer platform for device repair, e-commerce (buy/sell), e-waste recycling, and doorstep technician services.
pramaan.gadgetguruz.com — PRAMAAN, our hardware diagnostics and device health certification software for laptops, desktops, and electronic devices.

This Policy applies to:

Individual consumers purchasing products or booking repair/recycle services.
Technicians and service partners registered on our platform.
Enterprise clients and IT administrators using PRAMAAN.
Visitors browsing our websites or using our dashboards and APIs.

By accessing or using our services, you (the "Data Principal") acknowledge that you have read, understood, and agreed to this Policy. If you disagree, please discontinue use of our platforms immediately.

2. Data Fiduciary Details

As per Section 2(i) of the DPDP Act, 2023, Gadget Guruz Technologies Pvt Ltd is the Data Fiduciary responsible for determining the purpose and means of processing personal data across both platforms.

Company Name	Gadget Guruz Technologies Pvt Ltd
Registered Address	F – 90/31, Okhla Phase 1, New Delhi
Platforms Covered	gadgetguruz.com \| pramaan.gadgetguruz.com
Grievance Executive	Atul Kishan
Primary Contact Email	privacy@gadgetguruz.net
Support Contact Email	support@gadgetguruz.com
Acknowledgment SLA	Within 48 hours of receiving your request
Resolution SLA	Within 30 days of acknowledgment

3. Personal Data We Collect

3.1 GadgetGuruz.com — Consumer Platform

We collect the following categories of personal data when you use gadgetguruz.com or our mobile application:

Category	Data Points	Purpose
Contact Information	Name, email address, phone number, postal/delivery address	Service delivery, technician dispatch, order communication
Account Information	Username, password (hashed), registration date, login history	Account management and authentication
Payment Information	Billing address, transaction reference numbers. Card/bank details are processed solely by our PCI-DSS compliant payment processor (Razorpay) and are never stored on our servers.	Facilitating secure payment transactions
Service Information	Device make/model, issue description, repair history, appointment details, technician notes	Service execution, warranty tracking, quality assurance
KYC Documents	Aadhaar Card, PAN Card, UPI QR code or bank account details (service/payout partners only)	Identity verification and payout processing for service partners only
Device & Usage Data	IP address, browser type and version, OS, device identifiers, pages visited, time on site, links clicked, session duration	Analytics, security, fraud prevention, and UX improvement
Authentication Data	Phone number (OTP login); Google/Facebook profile data (name and email only)	Secure account authentication
Communication Data	Support chat transcripts, emails, feedback, and dispute records	Customer support, dispute resolution, quality monitoring
Crash / Diagnostic Logs	App crash reports, error codes, feature usage statistics	Software stability improvement and bug resolution

3.2 PRAMAAN — Device Health Diagnostics Software

PRAMAAN is designed to collect hardware diagnostic data, not personal information:

Category	Data Points	Purpose
Registration Data	Name, company name, phone number, email address, password (hashed)	Account creation, license issuance, and order management
Device Identification	Device model, manufacturer, serial number or system identifier, OS version	Tying diagnostic results to the correct device
Hardware Diagnostic Data	CPU performance and stress test results; RAM capacity and health; Storage SMART data; Battery health, cycle count, charge capacity; Display and sensor diagnostics; Network interface status; Thermal readings	Device health scoring, QC certification, lifecycle tracking
System Performance Data	Benchmark scores, stress test logs, performance over time, crash reports, error logs, feature usage statistics	Diagnostic model improvement, software reliability, support
Enterprise Asset Data	Device inventory lists, diagnostic history per device, component change logs, repair records	IT asset lifecycle management for enterprise deployments
Certification Data	Test result summaries, overall health scores, QC certificate IDs, QR verification tokens, test timestamps	Generating verifiable device health certificates

PRAMAAN does not access, read, scan, or transmit: personal files, documents, photos, videos, messages, emails, contact lists, browser history, or financial information. All data collection is limited strictly to hardware-level system metrics. PRAMAAN does not spy on or monitor user activity in any form.

4. What We Do Not Collect

For complete transparency, the following data is never intentionally collected by either platform:

GadgetGuruz.com — Not Collected	PRAMAAN — Not Collected
Payment card numbers, CVV codes, or bank PINs (handled exclusively by Razorpay)	Personal files, documents, or emails
Sensitive personal data beyond KYC requirements (e.g. biometric data, medical history, religion, political views)	Photos, videos, or messages
Precise real-time geolocation without explicit consent	Contact lists or address book entries
Data from users under 18 without verifiable parental consent	Browser history or internet activity
—	Financial information, banking credentials
—	Data from users under 18 without verifiable parental consent

5. Payment Processing — Razorpay

All payment transactions on gadgetguruz.com are processed by Razorpay Software Private Limited (razorpay.com), a Reserve Bank of India (RBI) authorised Payment Aggregator. Razorpay is PCI-DSS compliant and operates under RBI Payment Aggregator Guidelines.

Gadget Guruz never stores, accesses, or has access to your full card number, CVV, bank account credentials, or UPI PIN at any point.

You are redirected to or interact with Razorpay's secure checkout environment.
Razorpay collects and processes your payment credentials directly under its own Privacy Policy and Terms of Service.
We receive only a transaction reference number, payment status (success/failure), and billing address for order fulfilment purposes.
Razorpay uses tokenisation, TLS encryption, and strong authentication to protect your financial data.

Razorpay's privacy policy is available at: razorpay.com/privacy. We encourage you to review it.

6. Consent (Section 6, DPDP Act 2023)

We process personal data only on the basis of free, specific, informed, unconditional, and unambiguous consent, unless processing is otherwise permitted under the DPDP Act for legitimate uses. Consent is never bundled into general terms and conditions.

6.1 How We Obtain Consent

Consent is obtained before or at the time of data collection, through a clear and distinct notice.
Each distinct purpose of processing requires a separate consent.
Consent forms are written in plain language, free from legalese or coercive framing.
For PRAMAAN, a dedicated consent screen is displayed during software installation and at first launch, before any diagnostic data is transmitted.
Social login (Google/Facebook) explicitly discloses what profile data is accessed (name and email only) and for what purpose, before authentication.

6.2 Withdrawing Consent

You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal:

Marketing emails: Use the unsubscribe link in any email.
Cookies: Update preferences via the Cookie Preference Panel on gadgetguruz.com at any time.
All data processing: Email privacy@gadgetguruz.net. We will process your withdrawal within 30 days.

6.3 KYC Consent

KYC documents (Aadhaar Card, PAN Card, bank/UPI details) are collected only from users who voluntarily opt to become service partners or request payouts. KYC is not required for general platform use. KYC data will not be used for profiling, marketing, analytics, or any other purpose.

7. Purpose of Processing & Purpose Limitation (Section 4, DPDP Act 2023)

Personal data is collected and used only for the specific purposes stated below. Data will not be used for any purpose incompatible with the original stated purpose without fresh consent.

7.1 GadgetGuruz.com

Service Delivery: Fulfilling repair, buy/sell/recycle orders, e-waste pickup, and doorstep technician bookings.
Account Management: User registration, authentication, profile management, and account security.
Payment Processing: Facilitating transactions via Razorpay. We share only the minimum data required.
KYC & Payouts: Verifying identity of technician/service partners and processing payouts. Exclusively for this purpose.
Customer Support: Resolving queries, disputes, and complaints; providing after-sales service.
Analytics & Product Improvement: Analysing usage patterns using aggregated and anonymised data.
Marketing & Communications: Sending promotional offers, product updates, and newsletters — with explicit prior consent only.
Security & Fraud Prevention: Detecting and preventing unauthorised access, fraudulent transactions, and platform misuse.
Legal Compliance: Meeting obligations under the DPDP Act, IT Act, GST laws, and other applicable regulations.

7.2 PRAMAAN

Device Health Certification: Running automated diagnostics and generating QC certificates with unique IDs and QR verification.
Lifecycle & Repair Tracking: Maintaining diagnostic history, component changes, and repair logs for IT asset management.
Resale & Insurance Valuation: Providing objective hardware health scores for device resale/buyback value or insurance risk class.
Enterprise Reporting: Centralised dashboards for bulk diagnostics across thousands of devices for enterprise and B2B clients.
Fraud Prevention: Detecting hardware modifications to prevent misrepresentation in refurbished device markets.
Software Diagnostics & Improvement: Analysing crash reports and usage statistics to improve diagnostic accuracy and software stability.

8. Data Minimisation

We collect only data that is adequate, relevant, and limited to what is strictly necessary for the stated purpose:

Postal address is collected only at the time of service booking or product delivery — not at general account registration.
Social login scope is limited to name and email address only; we do not request access to contacts, posts, or other profile data.
KYC documents are collected only from users voluntarily opting into the service partner/payout program.
PRAMAAN collects only hardware-level system metrics. No personal files, emails, browser history, or user activity are accessed or transmitted.
PRAMAAN registration fields are clearly marked as mandatory or optional.
Diagnostic data is collected at the granularity needed for accurate health assessment — no surplus telemetry is gathered.

9. Software Permissions — PRAMAAN

To perform device diagnostics, PRAMAAN requires certain system-level permissions used strictly and exclusively for hardware health testing purposes:

Permission Required	Why It Is Needed
System hardware access	To read CPU, RAM, and component performance metrics
Storage health monitoring	To run SMART diagnostics on drives (sector health, error rates, read/write reliability)
Battery & power access	To assess battery health, cycle count, and charge capacity
Network interface access	To test network adapter status and connectivity
Thermal sensor access	To monitor CPU and system temperature during stress testing
Display and sensor diagnostics	To test screen quality and hardware sensors (camera, microphone functionality tests — not recording)

None of these permissions are used to access, read, copy, or transmit your personal files, communications, location, or any data unrelated to hardware diagnostics.

10. Notice to Data Principals (Section 5, DPDP Act 2023)

Before or at the time of collecting personal data, we provide a clear and accessible Notice informing you of:

The personal data being collected and its categories.
The specific purpose(s) for which it is collected.
The legal basis for processing.
The identity and contact details of the Data Fiduciary and Grievance Officer.
Any third parties with whom data may be shared.
Your rights as a Data Principal and how to exercise them.
The data retention period applicable to your data.

For PRAMAAN, this Notice is displayed as a mandatory consent screen prior to first use and is incorporated into the EULA. For gadgetguruz.com, the Notice is presented at account registration and at the point of KYC/service-partner onboarding.

11. Sharing of Personal Data

We do not sell, rent, or trade your personal data. We may share data only in the following circumstances:

11.1 Payment Processor — Razorpay

We share the minimum necessary transaction data (billing address, order value, and transaction reference) with Razorpay to facilitate payment processing.

11.2 Service Providers & Sub-Processors

We engage third-party vendors for hosting, cloud infrastructure, analytics, customer support tools, and logistics. All sub-processors are bound by Data Processing Agreements (DPAs) requiring DPDP-equivalent data protection standards.

11.3 Enterprise Clients (PRAMAAN)

For enterprise deployments, device diagnostic data is shared with the authorised enterprise administrator as contracted. Data is visible only to authorised personnel within the enterprise organisation.

11.4 Third-Party Integrations (PRAMAAN)

PRAMAAN may integrate with enterprise IT asset management (ITAM) systems, device repair workflows, and cloud infrastructure providers. These integrations are disclosed to enterprise customers at onboarding.

11.5 Legal Requirements

We may disclose personal data when required by applicable law, court order, regulatory directive, or a valid legal process. We will, where legally permissible, notify affected users before such disclosure.

11.6 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of company assets, personal data may be transferred. We will notify affected Data Principals before such a transfer.

11.7 Protection of Rights

We may share data to protect the rights, property, or safety of Gadget Guruz, our users, or the public — including to prevent fraud, cybercrime, or threats to platform security.

11.8 Cross-Border Transfers

If we use international cloud infrastructure or third-party platforms that involve transferring personal data outside India, such transfers shall be conducted only to countries notified as permissible by the Central Government under the DPDP Act, or where adequate contractual safeguards are in place. A list of key sub-processors is available on request.

12. Rights of Data Principals (Sections 11–14, DPDP Act 2023)

As a Data Principal, you have the following statutory rights:

Right	What It Means	How to Exercise
Right to Access (S.11)	Request a summary of your personal data held by us, the processing activities, and the identities of data processors we engage.	Email privacy@gadgetguruz.net — Subject: 'Data Access Request'
Right to Correction & Completion (S.12)	Request correction of inaccurate, outdated, or incomplete personal data.	Update directly in Profile Settings, or email us.
Right to Erasure (S.12)	Request deletion of your personal data, subject to legal retention obligations.	Use 'Delete Account' in the app or email us. All data including KYC will be permanently deleted.
Right to Grievance Redressal (S.13)	Lodge a complaint with our Grievance Officer and receive a substantive response within 30 days.	Email privacy@gadgetguruz.net — Subject: 'Privacy Grievance'
Right to Nominate (S.14)	Nominate another individual to exercise your rights in the event of your death or incapacity.	Submit a written nomination to privacy@gadgetguruz.net
Right to Withdraw Consent	Withdraw consent for any processing activity at any time without affecting past lawful processing.	Via unsubscribe link (marketing), Cookie Settings panel, or email us.
Right to Data Portability (anticipated)	Receive a copy of your data in a structured, machine-readable format where technically feasible.	Contact us at privacy@gadgetguruz.net

We will acknowledge all rights requests within 48 hours and resolve them within 30 days. If a request is denied, we will provide written reasons and inform you of your right to escalate to the Data Protection Board of India.

13. Children's Data (Section 9, DPDP Act 2023)

Our platforms are not directed at children under the age of 18. We do not knowingly collect personal data from minors. Users are required to confirm they are 18 years or above at the time of account registration.

As mandated by Section 9 of the DPDP Act, processing of personal data of any user who is or may be under 18 requires verifiable consent from a parent or lawful guardian before any data is collected or processed.

If you are a parent or guardian and believe your child has provided personal data to us without your consent, please contact privacy@gadgetguruz.net immediately. We will promptly delete such data from our systems.

14. Data Security (Section 8, DPDP Act 2023)

We implement reasonable and appropriate technical, administrative, and organisational safeguards to protect your personal data from unauthorised access, disclosure, alteration, loss, or destruction. Our security measures include:

TLS/HTTPS encryption for all data transmitted between your device and our servers.
Encryption of personal data and KYC documents at rest using industry-standard algorithms.
Strict role-based access controls — only authorised personnel can access personal data, limited to what their role requires.
Multi-factor authentication for internal system access and enterprise PRAMAAN dashboards.
Regular internal security audits, vulnerability assessments, and penetration testing.
Contractual data protection obligations imposed on all third-party processors and sub-processors.
Incident response and data breach management procedures.
Payment data is never stored on our servers — all payment credentials are processed exclusively by Razorpay under PCI-DSS standards.

In the event of a personal data breach, we will notify the Data Protection Board of India and affected Data Principals in the manner and within the timelines prescribed under the DPDP Act. We encourage you to use strong, unique passwords and to report any suspected unauthorised access to privacy@gadgetguruz.net immediately.

15. Data Retention & Deletion

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Upon expiry, data is securely deleted or irreversibly anonymised.

Data Type	Retention Period
Active account data	For the duration of account activity
Inactive account data	3 years from last login, then permanently deleted
Repair and service history	5 years (for warranty management and dispute resolution)
KYC documents (Aadhaar, PAN, bank details)	As required by applicable financial/IT regulations — typically 5 years post-service relationship end
Payment transaction records	5 years (tax and financial compliance obligations)
PRAMAAN diagnostic reports	Duration of active enterprise license + 1 year; individual users' data deleted on account closure
Marketing consent records	Until consent is withdrawn, then retained for 1 year as evidence of prior consent
Data breach incident logs	5 years from date of incident (regulatory requirement)
Support and communication records	3 years from resolution of the interaction
Crash logs and anonymised analytics	24 months on a rolling basis

Upon account deletion, all personal data — including KYC documents — is permanently deleted from active systems. Residual copies in secure backups are purged within 90 days of the deletion request.

16. Cookies and Tracking Technologies

GadgetGuruz.com uses cookies and similar tracking technologies to improve your browsing experience, analyse site performance, deliver relevant content, and support security functions.

16.1 Types of Cookies

Essential Cookies (Required): Necessary for basic website functionality (e.g. maintaining your login session, shopping cart, and security tokens). These cannot be disabled without breaking core site features.
Session Cookies: Temporary cookies that expire when you close your browser. Used to maintain your browsing session.
Persistent Cookies: Remain on your device for a defined period. Used to remember your preferences across visits.
Analytics Cookies: Help us understand how visitors interact with our site. Enabled only with your consent.
Marketing Cookies: Used to serve personalised advertisements and measure campaign performance. Enabled only with your consent.

16.2 Your Cookie Choices

You can manage your cookie preferences at any time via the Cookie Preference Panel on gadgetguruz.com. For full details, see our Cookie Policy.

17. Third-Party Links and Services

Our platforms may contain links to third-party websites and may integrate with third-party services. These third parties operate under their own independent privacy policies. We do not control these third-party websites or services and are not responsible for their data practices.

Razorpay — Payment processing (PCI-DSS compliant, RBI authorised Payment Aggregator). Policy: razorpay.com/privacy
Google Analytics / Firebase — Usage analytics and crash reporting (opt-out available via cookie settings).
Google / Facebook — Social login (name and email only, with your consent).
Amazon Web Services (AWS) or equivalent — Cloud hosting and infrastructure.
Enterprise ITAM systems — Integrated as contracted with enterprise PRAMAAN clients.

18. Grievance Redressal Mechanism (Section 13, DPDP Act 2023)

We are committed to addressing your data-related concerns promptly and fairly. If you have any grievance regarding the collection, use, storage, or disclosure of your personal data, please contact our Grievance Officer:

Grievance Executive	Atul Kishan
Email	privacy@gadgetguruz.net
Postal Address	Gadget Guruz Technologies Pvt Ltd, F – 90/31, Okhla Phase 1, New Delhi
Acknowledgment	Within 48 hours of receipt
Resolution Target	Within 30 days of acknowledgment

If you are not satisfied with the outcome of your grievance, you have the right to escalate your complaint to the Data Protection Board of India, as established under Section 18 of the DPDP Act, 2023.

19. Applicable Laws and Legal Framework

This Privacy Policy and our data processing practices comply with the following applicable laws and standards:

Digital Personal Data Protection (DPDP) Act, 2023 — India's primary data protection legislation.
Information Technology Act, 2000 (and the IT Amendment Act, 2008) — Governing electronic records, cybersecurity, and data handling.
IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 — Security standards for sensitive personal data.
Payment Card Industry Data Security Standard (PCI-DSS) — Applicable to payment data handling (via our processor Razorpay).
Reserve Bank of India (RBI) Payment Aggregator Guidelines — Applicable to our payment processing partner Razorpay.
Applicable enterprise data security standards and software governance practices relevant to PRAMAAN deployments.

20. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our data practices, legal requirements, or regulatory obligations. When we make material changes, we will:

Post the updated Policy on gadgetguruz.com and pramaan.gadgetguruz.com with a revised Effective Date and version number.
Notify registered users via email or in-app notification for significant changes.
Where required under the DPDP Act, seek fresh and explicit consent for any new or expanded processing activities.
Maintain a changelog of material revisions for user reference.

Continued use of our platforms after the Effective Date of any revision constitutes your acceptance of the updated Policy. If you do not agree with the changes, you may exercise your right to erasure and close your account.

21. Contact Us

For any questions, requests, or concerns regarding this Privacy Policy or our data practices, please reach out through any of the following channels:

Privacy & Data Requests	privacy@gadgetguruz.net
General Support	support@gadgetguruz.com
Phone	7838423438 (11 AM – 7 PM, Monday to Saturday)
Live Chat	Via 'Saarthi' AI Support Agent on gadgetguruz.com
Policy Page	gadgetguruz.com/privacy-policy
PRAMAAN Policy	pramaan.gadgetguruz.com/privacy-policy.php

This Privacy Policy is effective as of April 2025 (Version 2.0) and supersedes all prior versions.
© 2025 Gadget Guruz Technologies Pvt Ltd. All rights reserved. | privacy@gadgetguruz.net | support@gadgetguruz.com