Privacy Policy
Last updated: February 18, 2026
1. Introduction
Nirman Creations ("we", "us", or "our") operates the website www.nirmancreations.in and related services (collectively, the "Platform"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our Platform, in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000, and the General Data Protection Regulation (GDPR) where applicable.
2. Data We Collect
2.1 Information You Provide
- Account Data: Full name, email address, phone number, password (hashed)
- Profile Data: Business name, address, city, state, pincode, service areas, specializations
- KYC Documents: Aadhaar number (masked), PAN card, business registration certificate, address proof
- Financial Data: Bank account details (for payouts), transaction history, wallet balance
- Communication Data: Messages exchanged between clients and vendors on the platform
- Project Data: Project descriptions, requirements, budgets, photos, milestones
2.2 Automatically Collected Data
- Device Information: IP address, browser type, operating system, device identifiers
- Usage Data: Pages visited, time spent, clicks, search queries, referral sources
- Location Data: Approximate location based on IP address (for service area matching)
- Cookies & Tracking: Session cookies, analytics cookies (with consent)
3. How We Use Your Data
- Service Delivery: Matching clients with verified vendors, processing payments, managing projects
- Identity Verification: KYC/AML compliance using Aadhaar and PAN verification
- Communication: Sending transactional emails/SMS (quotes, milestones, payments)
- Platform Improvement: Analytics, performance monitoring, debugging issues
- Legal Compliance: GST invoicing, tax reporting, dispute resolution
- Security: Fraud detection, abuse prevention, audit logging
4. Legal Basis for Processing (GDPR)
| Purpose | Legal Basis |
|---|---|
| Account creation & service delivery | Contract performance |
| KYC verification | Legal obligation |
| Payment processing & GST invoicing | Legal obligation + Contract |
| Analytics & platform improvement | Legitimate interest |
| Marketing emails | Consent |
| Cookie tracking (non-essential) | Consent |
5. Data Sharing & Disclosure
We do not sell your personal data. We may share data with:
- Payment Processors: Razorpay (for payment processing and payouts)
- Cloud Infrastructure: Railway (hosting), Vercel (frontend), AWS S3 (file storage)
- Analytics: Google Analytics (anonymized usage data, with cookie consent)
- KYC Providers: Government verification APIs for Aadhaar/PAN validation
- Legal Authorities: When required by law, court order, or to prevent fraud
6. Your Rights
Under DPDP Act (India) and GDPR (EU), you have the right to:
- Access: Request a copy of all personal data we hold about you
- Correction: Update or correct inaccurate personal data
- Deletion: Request deletion of your account and personal data ("Right to be Forgotten")
- Data Portability: Export your data in a machine-readable format (JSON)
- Withdraw Consent: Opt out of marketing communications and non-essential cookies
- Grievance Redressal: Lodge a complaint with our Data Protection Officer
To exercise any of these rights, navigate to Settings → Privacy in your dashboard, or email us at privacy@nirmancreations.com. We will respond within 30 days.
7. Data Retention
- Account Data: Retained while your account is active + 90 days after deletion request
- Financial Records: Retained for 8 years (as per Indian tax laws / GST requirements)
- KYC Documents: Retained for 5 years after account closure (AML regulations)
- Audit Logs: Retained for 90 days, then auto-purged
- Analytics Data: Anonymized after 26 months
8. Data Security
- All data transmitted over HTTPS/TLS 1.3
- Passwords hashed using bcrypt with salt rounds
- KYC documents stored encrypted at rest in AWS S3
- JWT-based authentication with short-lived access tokens
- Rate limiting, CSRF protection, and Helmet security headers
- Audit logging for all sensitive operations
- Regular security reviews and penetration testing
9. Cookies
We use the following categories of cookies:
| Category | Purpose | Consent Required |
|---|---|---|
| Essential | Authentication, session management | No |
| Functional | User preferences, language | No |
| Analytics | Google Analytics, usage tracking | Yes |
| Marketing | Ad tracking, retargeting | Yes |
You can manage cookie preferences at any time via the cookie consent banner or in your browser settings.
10. Children's Privacy
Our Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe a child has provided us with personal data, please contact us immediately.
11. International Data Transfers
Your data is primarily stored in India (Railway hosting, Mumbai region). When data is transferred to third-party processors outside India (e.g., Vercel CDN edge nodes, AWS global infrastructure), we ensure adequate safeguards through Standard Contractual Clauses (SCCs) or processor compliance certifications.
12. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be notified via email and/or a prominent notice on the Platform. Continued use after changes constitutes acceptance.
13. Contact Us
Data Protection Officer
Nirman Creations Pvt. Ltd.
Email: privacy@nirmancreations.com
Phone: +91-XXXXX-XXXXX
For grievances under DPDP Act, you may also contact the Data Protection Board of India.