Privacy Policy
How SeekhoBecho.com collects, uses, stores, and protects your Personal Data — compliant with the Digital Personal Data Protection Act, 2023. Your privacy is your right.
Your data, your rights. SeekhoBecho.com is operated by RLS Retail Private Limited and is committed to protecting your privacy under the Digital Personal Data Protection Act, 2023. This Policy explains what data we collect, why, how we use it, who we share it with, how long we keep it, and how you can exercise your rights. By using the Platform, you confirm you have read and accepted this Policy.
About This Privacy Policy
SeekhoBecho.com — operated by RLS Retail Private Limited ("we," "us," "our," "Company") — respects your privacy and is committed to protecting your Personal Data. This Privacy Policy explains how we collect, use, store, share, and protect your data when you use our mobile application, website, and all associated services.
This Privacy Policy applies to:
- The SeekhoBecho.com mobile app (Android via Google Play Store, iOS via Apple App Store);
- The website at www.seekhobecho.com and all subdomains;
- All subscription plans: Silver, Gold, Titanium, Elite, Platinum, Platinum Plus, and Diamond;
- The Pearl Economy, gamification features, skill-based competitions, and prize draws;
- All courses, content, catalogues, ecommerce integrations, and marketing tools provided through the Platform;
- All communications between you and SeekhoBecho.com.
By using the Platform, you confirm that you have read, understood, and consented to this Privacy Policy. If you do not agree, please do not use the Platform.
Legal Framework
This Privacy Policy is governed by and complies with the following laws and regulations applicable in India:
| Law / Regulation | Application |
|---|---|
| Digital Personal Data Protection Act, 2023 (DPDP Act) | Primary data protection law for Personal Data of Indian Data Principals |
| Information Technology Act, 2000 (as amended) | Electronic records, digital signatures, intermediary liability |
| IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 | Grievance Officer designation, content takedown procedures |
| IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 | Reasonable security practices for sensitive personal data |
| Consumer Protection (E-Commerce) Rules, 2020 | E-commerce transparency, grievance redressal |
| Promotion and Regulation of Online Gaming Act, 2025 (PROG Act) | Gaming data, OGAI compliance, Pearl Economy classification |
| Bharatiya Nyaya Sanhita, 2023 | Penal provisions for data-related offences |
| Reserve Bank of India guidelines (where applicable) | Payment data handling via authorised payment gateways |
This Privacy Policy is principally governed by the Digital Personal Data Protection Act, 2023 — India's comprehensive data protection law. The DPDP Act establishes the rights of Data Principals (you), the obligations of Data Fiduciaries (us), and the framework for processing Personal Data within India.
Data Fiduciary & Roles
3.1.Data Fiduciary
For the purposes of the DPDP Act, 2023, RLS Retail Private Limited is the Data Fiduciary responsible for the processing of your Personal Data on SeekhoBecho.com.
| Detail | Information |
|---|---|
| Legal Entity | RLS Retail Private Limited |
| CIN | U52609HR2019PTC078962 |
| GSTIN | 06AAJCR4683G1Z3 |
| Registered Office | Plot-76-D, Phase IV, Udyog Vihar, Sector 18, Gurugram, Haryana – 122001, India |
| Data Privacy Officer | [email protected] |
| Grievance Officer | Venjula — [email protected] |
3.2.You — the Data Principal
For the purposes of the DPDP Act, 2023, you are the Data Principal — the natural person whose Personal Data is processed by us. You have specific rights under this Policy and the DPDP Act (see Section 15).
3.3.Data Processors
We engage third-party Data Processors to provide infrastructure, payment processing, analytics, customer support, and marketing services. These processors handle your data only on our instructions and are bound by Data Processing Agreements. See Section 8 for the list of categories.
Data We Collect
4.1.Categories of Personal Data
We collect the following categories of Personal Data:
| Category | Examples | Source |
|---|---|---|
| Identity Data | Full legal name, date of birth (18+ verification), gender, photograph (optional) | You — at signup / KYC |
| Contact Data | Mobile number (OTP-verified), email address, delivery address, alternate contact | You — at signup / profile update |
| KYC & Verification Data | Aadhaar (last 4 digits only), PAN (masked storage), GSTIN, IEC (for international plans), bank account (masked) | You — for plan-specific KYC |
| Transactional Data | Subscription payments, Pearl Recharge purchases, prize claims, refund requests, GST invoices | Payment gateways + you |
| Pearl Economy Data | Pearl earn events, spend events, balance history, expiry timeline, wallet (Silver/Gold) activity | Platform automatic capture |
| Gamification & Gaming Data | Roz Ka Inaam entries, Lucky Hour multipliers, 1v1 Skill Challenge outcomes, MahaJackpot entries, Season Pass progression, Clan affiliation, prize draws | Platform automatic capture |
| Course & Learning Data | Course enrolments, module completion, watch time, quiz attempts, Skill Certificates earned | Platform automatic capture |
| Ecommerce & Selling Data | Product listings, marketplace orders (Amazon/Meesho/Flipkart), shipping data, returns, customer feedback | You + marketplace integrations |
| Device & Technical Data | Device model, OS version, app version, IP address, advertising ID (if consented), crash logs, performance metrics | Platform automatic capture |
| Behavioural & Usage Data | App screen views, click events, feature usage, session duration, in-app search queries | Platform automatic capture |
| Communication Data | Support tickets, grievance submissions, chat with customer success, email correspondence | You + Platform |
| Marketing Preferences | Opt-in/opt-out status for promotional messages, WhatsApp updates, push notifications | You — explicit consent |
4.2.Sensitive Personal Data
We minimise the collection of Sensitive Personal Data. Where collected (e.g., for KYC), it is processed under explicit consent, stored with strong encryption, and retained only as long as legally required.
We do NOT collect:
- Biometric data (no fingerprint, face, or iris scans stored by us);
- Health or medical records;
- Sexual orientation, political affiliation, or religious beliefs;
- Caste, tribal, or community data;
- Genetic data;
- Full Aadhaar numbers (only last 4 digits for matching);
- Unmasked bank account numbers (we use payment gateway tokens);
- Children's data — Platform is strictly 18+.
How We Collect Data
5.1.Direct Collection
You provide most data directly when you:
- Sign up and create an account;
- Complete KYC for your plan;
- Make payments via the Platform;
- List products, upload catalogues, or use selling tools;
- Submit support tickets or grievances;
- Participate in gamification, courses, or prize draws.
5.2.Automatic Collection
The Platform automatically captures the following through standard app/website technology:
- Device identifiers (model, OS, app version);
- IP address and approximate geo-location (city/region level);
- App usage analytics (Firebase, custom logging);
- Crash and performance data (Sentry);
- Cookies and similar tracking on the website (see Section 12).
5.3.From Third Parties
We may receive Personal Data from:
- Payment gateways (Razorpay) — masked card/UPI/account references;
- Marketplace integrations (Amazon, Meesho, Flipkart) — your order data when you authorise the integration;
- KYC verification services — Aadhaar/PAN verification status (no full document numbers stored);
- Referral sources — when a referred user signs up, the referring user receives confirmation.
Why We Process Data
6.1.Legal Bases for Processing (DPDP Act, 2023)
Under the DPDP Act, we process your Personal Data only on the following grounds:
| Legal Basis | Application |
|---|---|
| Consent | Marketing communications, optional analytics, cookies (where consent required) |
| Contractual Necessity | Subscription delivery, plan activation, payment processing, customer support |
| Legal Obligation | GST compliance, TDS deduction, KYC requirements, regulatory reporting |
| Legitimate Use (DPDP §7) | Fraud prevention, security monitoring, debt recovery, employer-employee processing (not applicable to users) |
| Court / Authority Direction | Compliance with valid legal orders from courts or regulators |
6.2.Purposes of Processing
We process your data to:
- Operate the Platform and deliver your subscription benefits;
- Verify your identity (KYC) and process payments;
- Operate the Pearl Economy — credit/debit Pearls, calculate balances, manage expiry;
- Run gamification — calculate entries, draw winners, deliver prizes;
- Provide courses, certificates, and learning analytics;
- Integrate with marketplaces (Amazon, Meesho, Flipkart) and process orders;
- Provide customer support and resolve grievances;
- Send service notifications (renewal reminders, prize alerts, order updates);
- Send marketing communications (only with your opt-in consent);
- Improve the Platform via analytics and aggregated insights;
- Detect and prevent fraud, abuse, and security threats;
- Comply with applicable laws and respond to legal requests.
How We Use Your Data
7.1.Specific Use Cases
Below is a transparent map of how your data flows through the Platform:
| Data Category | Used For | Retention Logic |
|---|---|---|
| Identity & Contact | Account creation, communication, prize delivery | Active account + 5 years for legal records |
| KYC documents | Compliance verification, regulatory filings | 10 years (Prevention of Money Laundering Act timeline) |
| Transactional | Invoicing, GST filing, refund/chargeback handling | 8 years (Income Tax Act) |
| Pearl Economy | Wallet operation, fraud detection | Active + 2 years post-account-closure |
| Gamification | Prize eligibility, anti-cheat, OGAI compliance | 5 years for prize records |
| Course & Learning | Certificate generation, progress tracking | Active + 3 years |
| Ecommerce & Marketplace | Order fulfilment, returns, customer support | Active + 5 years |
| Device & Technical | Security, debugging, abuse prevention | 180 days for raw logs; aggregated indefinitely |
| Communication | Support history, grievance trail | 3 years from ticket closure |
7.2.We Never Sell Your Data
SeekhoBecho.com does not sell, rent, or trade your Personal Data to any third party. We share data only as described in Section 8 — for operational, legal, or your explicitly consented purposes.
Sharing of Your Data
8.1.Categories of Recipients
We share your data only with:
| Recipient Category | Specific Examples | Purpose |
|---|---|---|
| Payment Processors | Razorpay, NPCI (for UPI) | Process subscription payments, Pearl Recharge, prize disbursements |
| Cloud Infrastructure | AWS, Google Cloud, Firebase | Hosting, app analytics, real-time data sync |
| Communication Tools | WhatsApp Business API, email service providers, SMS gateways | OTPs, transactional alerts, opted-in marketing |
| Customer Support Tools | Freshdesk, HubSpot CRM | Support tickets, customer success outreach |
| Analytics & Monitoring | Firebase, Looker Studio, BigQuery, Sentry, UptimeRobot | App health, usage analytics, error monitoring |
| Marketplace Partners | Amazon, Meesho, Flipkart APIs | Where you authorise marketplace integration — order data flow |
| KYC Verification | Authorised KYC service providers (Aadhaar/PAN verification) | Identity verification for plan activation |
| Accounting & Tax | Zoho Books, Chartered Accountant (under NDA) | GST filing, TDS compliance, financial audit |
| Legal & Regulatory | Courts, law enforcement, regulators — only on valid legal request | Compliance with applicable laws |
| Acquirers & Successors | In the event of merger/acquisition | Continuity of services — subject to same data protection obligations |
Every third-party processor of your data is bound by a Data Processing Agreement (DPA) requiring:
- Processing only on our instructions and only for the specified purpose;
- Implementing reasonable security measures including encryption;
- Notifying us of any data breach within 24 hours;
- Deleting or returning data within 30 days of contract end;
- Audit and compliance verification rights for the Company.
8.2.No Sale, No Rental, No Trade
We do not sell, rent, lease, or trade your Personal Data to any third party for marketing or commercial purposes — including data brokers, advertising networks, or unrelated businesses.
9.1.Pearl Activity Data
The Platform records all Pearl Economy activity for operational, security, and audit purposes. This includes:
- Pearl earn events (activity, timestamp, Pearl amount);
- Pearl spend events (feature, timestamp, Pearl amount);
- Pearl Recharge transactions (linked to payment record);
- Wallet balance history per wallet (Silver, Gold, Platinum, Platinum Plus dual wallets);
- Pearl expiry events and forfeiture logs.
9.2.Privacy of Pearl Data
- Pearl activity data is treated as Personal Data and protected under the DPDP Act;
- It is shared only with payment processors (for Pearl Recharge purchases) and internal teams on need-to-know basis;
- It is never sold, shared with marketing partners, or used for cross-platform advertising.
9.3.Pearl Classification — Not Financial Data
Pearls are non-monetary, non-convertible internal engagement units. Pearl balances do not constitute financial data, prepaid instruments, or virtual digital assets. The handling of Pearl data is not subject to RBI prepaid instrument regulations, but is protected as Personal Data under the DPDP Act.
10.1.Gaming Data Collection
For gamification and skill-based competitions, we collect:
- Entry submissions (Roz Ka Inaam, Lucky Hour, Daily Spin, Lucky Box, 1v1 Skill Challenge, Grand Tambola, MahaJackpot);
- Game session data (timestamps, scores, outcomes);
- Anti-cheat monitoring data (device fingerprint, behavioural patterns);
- Prize claim data (KYC for prizes above ₹10,000, TDS information per Section 194B IT Act);
- Season Pass progression, XP, Clan affiliation, Selling League performance.
10.2.PROG Act 2025 Compliance
Under the Promotion and Regulation of Online Gaming Act, 2025 and PROG Rules, 2026:
- SeekhoBecho gamification constitutes "Online Social Games" — not "Online Money Games";
- We do not process any "stakes" data — Pearls are not stakes within Section 2(x) of PROG Act;
- We will share data with the Online Gaming Authority of India (OGAI) where mandated by valid order;
- We will register voluntarily with OGAI upon reaching applicable subscriber thresholds.
10.3.Anti-Cheat & Fraud Monitoring
To maintain skill-based integrity, we deploy automated anti-cheat monitoring on all gamification features. This processes device fingerprint, behavioural patterns, and gameplay data. Manipulation attempts result in immediate account termination and forfeiture per the Terms of Service.
Children's Data
SeekhoBecho.com is strictly intended for users aged 18 years and above. We do not knowingly collect, process, or store Personal Data of children (any person under 18 years).
If we discover that an account has been created by or on behalf of a minor, we will:
- Immediately suspend and terminate the account;
- Delete all Personal Data of the minor (subject to legal retention requirements);
- Forfeit all Pearl balances and prizes — no refund.
11.1.Reporting a Minor's Account
If you believe a minor has created an account on SeekhoBecho.com, please report immediately to [email protected] with details. We will investigate and take action within 48 hours.
11.2.DPDP Act Position
The DPDP Act, 2023 requires verifiable parental consent for processing children's data. Since SeekhoBecho.com is an adult platform with explicit 18+ eligibility, we do not engage with children's data at all. This is a structural compliance choice, not an operational one.
12.1.Cookies on the Website
The website www.seekhobecho.com uses cookies and similar technologies. We use the following cookie categories:
| Cookie Type | Purpose | Consent |
|---|---|---|
| Strictly Necessary | Session management, login, security, fraud prevention | No consent required — essential |
| Functional | Remembering preferences (language, display) | Implied consent on continued use |
| Analytics | Google Analytics, Hotjar — usage patterns, performance | Explicit opt-in via cookie banner |
| Marketing / Advertising | Retargeting (where applicable) | Explicit opt-in only |
12.2.App Tracking
The mobile app uses Firebase Analytics, Sentry crash reporting, and standard app SDKs for performance monitoring. We do not use cross-app tracking. On iOS, App Tracking Transparency consent is sought as required by Apple guidelines.
12.3.Managing Cookies
You can manage cookies through your browser settings. Disabling strictly necessary cookies may impair core Platform functionality. Disabling analytics/marketing cookies has no impact on Platform operation.
Data Security
13.1.Security Measures
We implement reasonable security practices and procedures as required by Section 8 of the DPDP Act, 2023 and the IT Rules, 2011, including:
- Encryption: Data encrypted in transit (TLS 1.2+) and at rest (AES-256);
- Access Control: Role-based access (RBAC) with quarterly reviews; Multi-Factor Authentication for all admin and production systems;
- Network Security: Firewalls, intrusion detection, vulnerability scanning;
- Application Security: Secure coding practices, code review, dependency scanning;
- Monitoring: Real-time error monitoring (Sentry), uptime monitoring (UptimeRobot), payment fraud monitoring;
- Vendor Security: All third-party processors bound by DPAs and security requirements;
- Employee Training: Mandatory cybersecurity training; access only on need-to-know basis;
- Incident Response: Documented breach response plan with 72-hour DPDP Act notification protocol.
13.2.User Responsibility
While we implement strong security on our side, you are responsible for:
- Maintaining confidentiality of your login credentials and OTPs;
- Not sharing your account access with others;
- Reporting unauthorised access immediately to [email protected];
- Using a secure network and device (not public Wi-Fi for sensitive transactions).
14.1.Retention Principle
We retain your Personal Data only as long as necessary for the purposes set out in this Policy or as required by applicable law. After the retention period, data is either deleted, anonymised, or archived per the matrix below:
| Data Category | Active Subscription | Post-Closure Retention | Legal Basis |
|---|---|---|---|
| Identity & Contact (PII) | Throughout subscription | 5 years post-closure | General record retention |
| KYC documents (Aadhaar/PAN/GSTIN/IEC) | Throughout subscription | 10 years post-closure | PMLA 2002, IT Act |
| Transactional & Invoices | Throughout subscription | 8 years post-closure | Income Tax Act §44AA / GST |
| Pearl Economy Activity | Throughout subscription | 2 years post-closure | Audit, fraud prevention |
| Gamification & Prize Records | Throughout subscription | 5 years post-closure | Section 194B compliance, OGAI |
| Course Progress & Certificates | Throughout subscription | 3 years post-closure | Certificate verification |
| Marketplace Orders | Throughout subscription | 5 years post-closure | Consumer dispute resolution |
| Device/Technical Logs (raw) | 180 days rolling | Deleted after 180 days | Security, debugging |
| Aggregated Analytics | Throughout subscription | Retained indefinitely (anonymised) | Business intelligence |
| Support & Grievance Tickets | Throughout subscription | 3 years from ticket closure | Customer service records |
| Marketing Consent Status | Throughout subscription | 3 years post-withdrawal | Demonstration of compliance |
14.2.Earlier Deletion on Request
Where you exercise the right to erasure (Section 15), we will delete data earlier than retention periods wherever legally permissible. Data we are legally required to retain (e.g., GST records, KYC under PMLA) cannot be deleted until the legal retention expires.
Your Rights Under DPDP Act
15.1.Your Five DPDP Rights
As a Data Principal under the DPDP Act, 2023, you have the following rights with respect to your Personal Data:
| Right | What You Can Do | How to Exercise |
|---|---|---|
| Right to Access (§11) | Request a summary of what Personal Data we process about you and how it is used | Email [email protected] |
| Right to Correction (§12) | Correct inaccurate or incomplete data | Profile settings in app OR email [email protected] |
| Right to Erasure (§12) | Request deletion of Personal Data (subject to legal retention) | Email [email protected] — see Section 14 |
| Right to Grievance Redressal (§13) | Raise a complaint about how we handle your data | Email [email protected] |
| Right to Nominate (§14) | Nominate another individual to exercise your rights in case of death or incapacity | Email [email protected] |
15.2.Right to Withdraw Consent
Where processing is based on your consent (e.g., marketing communications), you may withdraw consent at any time. Withdrawal does not affect processing that is based on other legal grounds (contractual necessity, legal obligation).
To withdraw consent:
- Marketing emails: click "Unsubscribe" in any marketing email;
- WhatsApp updates: reply "STOP" to any marketing message;
- Push notifications: disable in app settings;
- All other: email [email protected].
15.3.Response Timelines
We will respond to your rights requests within:
- Access requests: Within 30 days;
- Correction requests: Within 7 business days;
- Erasure requests: Within 30 days (subject to legal retention);
- Grievances: Acknowledged within 48 hours, resolved within 30 business days.
15.4.Verification of Your Identity
To protect your data, we may require you to verify your identity before responding to a rights request. We will verify using the registered mobile number (OTP) and email on file.
15.5.Right to Approach Data Protection Board
If you are not satisfied with our response, you may approach the Data Protection Board of India (when constituted under the DPDP Act, 2023) with your grievance. Details will be published on the Board's official portal.
Cross-Border Transfers
16.1.Default — Data Stored in India
By default, your Personal Data is processed and stored on servers located within India. Our primary cloud infrastructure (AWS Mumbai region / Google Cloud Mumbai region) keeps data within Indian borders.
16.2.Limited Cross-Border Transfers
Some processing may require limited cross-border transfer where:
- A specific service requires global infrastructure (e.g., WhatsApp Business API, certain analytics);
- Marketplace integrations (Amazon.com USA for Platinum Plus plan) inherently involve international data flow;
- You voluntarily use international features (cross-border ecommerce).
Such transfers occur only to countries not restricted by the Central Government under Section 16 of the DPDP Act, and with appropriate contractual safeguards (DPAs, standard contractual clauses).
16.3.Your Consent for Transfers
Where required, we will obtain your explicit consent before any cross-border transfer of your Personal Data.
In the event of a Personal Data breach, we will:
- Notify the Data Protection Board of India within 72 hours of becoming aware of the breach, per Section 8(6) of the DPDP Act, 2023;
- Notify affected Data Principals as soon as practicable, with information about:
- Nature of the breach,
- Categories and approximate number of affected users,
- Likely consequences,
- Measures we have taken and will take to mitigate.
17.1.Our Incident Response
Our Cybersecurity Policy CY-02 (Data Breach Response & Incident Management) governs internal incident response. Key elements:
- Severity classification (P1/P2/P3/P4) within 1 hour of detection;
- Containment within 2 hours for P1 incidents;
- Post-Incident Report (PIR) within 14 days of resolution;
- Records retained for 5 years from incident date.
17.2.Reporting a Suspected Breach
If you suspect your account has been compromised or that a Personal Data breach has occurred, please report immediately to:
18.1.Updates to This Policy
We may update this Privacy Policy from time to time to reflect:
- Changes in applicable law (DPDP rules, OGAI directives, IT Act amendments);
- New Platform features or processing activities;
- New third-party processors or integrations;
- Operational improvements in data handling.
18.2.Notification of Changes
Material changes will be communicated through:
- In-app notification at next login;
- Email to your registered address;
- Banner on the website;
- Minimum 7 days advance notice before changes take effect, where feasible.
18.3.Version Control
The version number and "Last Updated" date at the top of this document indicate the currently active version. Historical versions are archived and available on request at [email protected].
Grievance Officer & Contact
19.1.Grievance Officer — IT Rules 2021
In compliance with Rule 3(2) of the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, the Company has designated a Grievance Officer:
| Detail | Information |
|---|---|
| Name | Venjula |
| Designation | Grievance Officer, RLS Retail Private Limited |
| Primary Email | [email protected] |
| Response Commitment | Within 48 hours of receipt |
| Resolution Target | 30 business days |
| Working Hours | 9 AM – 7 PM IST, Monday to Saturday |
| Office Address | Plot-76-D, Phase IV, Udyog Vihar, Sector 18, Gurugram, Haryana – 122001 |
19.2.Data Privacy Officer
For all DPDP Act 2023 related queries — including rights requests, data deletion, consent withdrawal, or breach reporting:
Reach Us at the Right Channel
For any question, concern, or grievance related to your Personal Data and privacy:
19.3.Statutory Authorities
- Data Protection Board of India — once operational under DPDP Act, 2023;
- National Consumer Helpline: 1800-11-4000 (toll-free) | consumerhelpline.gov.in;
- Cyber Crime Helpline: 1930 | cybercrime.gov.in (for cyber-related crimes only).