Privacy Policy
Last updated: June 2026
This Privacy Policy is published in accordance with the Information Technology Act, 2000 (“IT Act”), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“IT Rules”), and the Digital Personal Data Protection Act, 2023 (“DPDPA”). It describes how Pivot & Anchor Pvt Ltd (“we”, “us”, “our”), operating the Zapnin mobile application (“Zapnin” or the “App”), collects, uses, stores, shares, and protects your personal data. By creating an account and using the App, you consent to the practices described here.
1. Information We Collect
Account & Profile Information
- Mobile phone number (primary identifier, required for sign-up)
- Display name — first name (required) and last name (optional)
- Profile photo (optional)
- Age, gender, and a short bio (all optional)
- UPI ID(s) (optional — used only to let friends repay you when splitting expenses)
- A “home” location label and approximate coordinates, only if you choose to set one (used to rank suggested venues)
- Your favourite activity types selected during onboarding
Plans, Responses & Coordination Data
- Plan titles, descriptions, dates, times, and chosen locations
- Your responses to plans — In, Out, or Maybe — including any “Maybe” conditions you attach (the people whose attendance you are waiting on)
- Your availability preferences (preferred days and time windows) and your votes on suggested venues
- Cover images you add to a plan
Messages, Media & Other Content
- Chat messages, replies, and emoji reactions you send within a plan
- Read receipts and typing indicators (read receipts can be turned off in Settings)
- Photos and videos you upload to a plan or your profile
Expense & Settlement Data
- Expense amounts, descriptions, who paid, and how a bill is split among participants
- Settlement records — the method (marked manually, or initiated via a UPI app), the amount, and whether it was confirmed
Zapnin is not a payment processor and does not hold or move money. We do not collect or store your payment card numbers, bank account details, UPI PIN, or transaction receipts. When you choose to settle via UPI, the payment happens inside your own UPI app (such as Google Pay, PhonePe, or Paytm); we only record that a settlement was marked as made.
Device & Technical Data
- A randomly generated device identifier (to manage push notifications per device)
- Push notification token, device platform (iOS/Android), and app version
- Diagnostic and crash data, and product-usage analytics (see Section 9)
2. Your Contacts
When you choose to find friends or invite people, Zapnin reads names and phone numbers from your device’s address book with your permission. The phone numbers are sent to our servers only to check which of your contacts already use Zapnin, so we can show you who to invite.
We do not store your contact list. The phone numbers you submit for matching are used for that single look-up and are then discarded; we retain only the phone numbers of people you actually invite to a plan. We do not sell, rent, or share your contacts with anyone, and we do not use them for advertising.
3. Location Data
With your permission, Zapnin uses your device’s approximate (city-block level) location to show nearby venues when you search for a place. This location is used on your device only — it is not transmitted to or stored on our servers. We do not track, monitor, or log your real-time movements.
When a map is displayed in the App, the map provider (Apple Maps on iOS, Google Maps on Android) may process your location to render the map and show your position. That processing is governed by Apple’s and Google’s respective privacy policies. You can deny or revoke location access at any time in your device settings; the App remains usable, with venue search simply less localised.
4. How We Use Your Information
We use the information we collect to:
- Create and secure your account and verify your phone number
- Operate the plan-coordination, group-chat, media-sharing, and expense-splitting features
- Show you which contacts are on Zapnin and help you invite friends
- Send push notifications and, where applicable, SMS messages on your behalf (see Section 6)
- Detect scheduling conflicts between your overlapping plans (visible only to you)
- Maintain reliability and security, debug crashes, and improve the service
- Comply with applicable law and enforce our Terms
Legal Basis for Processing
We process your personal data on the basis of (a) your consent, given when you create an account, grant a device permission, or use a feature; (b) contractual necessity, to provide the service you have requested; and (c) our legitimate interests in securing, maintaining, and improving the App, where those interests are not overridden by your rights.
5. Sharing With Other Users
Zapnin is a social coordination tool, so some information is shared with the other participants of a plan by design:
- Your display name and profile photo are visible to people you plan with
- Your RSVP status, messages, reactions, uploaded media, suggested venues, and votes are visible to the other participants of that plan
- Expense entries and balances are visible to the participants of the bill; your UPI ID is shown to a person only when they go to repay you
The specific people who must attend for your “Maybe” to flip to “In” are kept private — other participants see only your final status, not the underlying condition. Conflict-detection details are likewise shown only to you.
6. SMS Communications to Non-App Users
We use SMS in two ways. First, we send you a one-time password (OTP) by SMS to verify your phone number when you sign in. Second, if you invite someone who does not yet have Zapnin installed, we may send SMS messages on your behalf to deliver the invitation and related updates. These messages identify you as the inviter and are sent through our SMS provider, Twilio.
Invitation-related SMS may include:
- The initial plan invitation with a link to download Zapnin
- A reminder or nudge before the plan
- A confirmation when the plan is locked in
By inviting non-app users you confirm you have a personal relationship with them and that they would reasonably expect to hear from you. We rate-limit these messages to avoid misuse. When a non-app user later signs up with the same phone number, their account is linked to any pending invitations.
7. Data Storage & Security
Your account, plan, chat, and expense data is stored in our cloud database hosted on Railway. Photos and videos you upload are stored in Google Firebase Cloud Storage. All data in transit is protected with TLS encryption, and data at rest is encrypted. Sensitive data cached on your device is stored in encrypted on-device storage, with the encryption key held in your device’s secure keychain/keystore.
While we implement reasonable and industry-standard security measures, no method of electronic storage or transmission is completely secure, and we cannot guarantee absolute security.
In the event of a personal-data breach that is likely to affect you, we will notify the affected users and the relevant authorities (including the Data Protection Board of India) as required under the DPDPA and applicable law.
8. Data Retention
- Account data: retained for as long as your account is active.
- Activity logs & transient records: plan activity history is automatically deleted after 90 days, and delivery receipts, read receipts, and notifications are deleted on a rolling short-term schedule.
- Plan, chat & expense content: retained while the plan exists, so that participants keep a consistent record; it is removed when the plan is deleted.
- Account deletion: handled as described in Section 11.
- Contacts submitted for matching: not stored (see Section 2).
9. Third-Party Services (Sub-Processors)
We rely on the following service providers to operate Zapnin. Each receives only the data needed for its function and is bound to protect it:
- Railway — cloud hosting for our application servers and database
- Google Firebase Cloud Storage — storage of photos and videos you upload
- Google Places & Maps — venue search and map display
- Apple Maps — map display on iOS
- Twilio — delivery of OTP and SMS invitations
- Expo, Apple Push Notification service (APNs) & Firebase Cloud Messaging (FCM) — delivery of push notifications
- Sentry (servers in the EU) — crash and error diagnostics, which may include your user ID
- Mixpanel — product analytics; we send only usage events keyed to internal user or device identifiers and never include message content, contacts, or other personal details
Some of these providers may process data outside India. Where they do, we rely on appropriate safeguards. We do not sell your personal data, and we do not use it for third-party advertising or cross-app tracking. Zapnin does not collect any advertising identifier (IDFA/GAID).
10. Notifications & Your Controls
You control how Zapnin reaches you:
- Push notifications: toggle on or off in Settings, or from your OS settings
- Quiet hours: suppress notifications overnight (configurable)
- Reminder frequency & bill updates: adjustable in Settings
- Read receipts: turn off so others cannot see when you have read their messages
- Per-plan mute: silence a specific plan
- Permissions: revoke contacts, location, camera, photos, or notification access at any time in your device settings
11. Account Deletion
You can permanently delete your account at any time from Settings → Delete account in the App. Deletion is immediate and irreversible. When you delete your account, we erase your personal identifiers — your name, phone number, profile photo, age, gender, bio, and UPI ID(s) — and we delete your registered devices, push tokens, notifications, saved places, and similar personal records.
Because plans are shared with other people, content you contributed to a group plan (for example, messages or a plan you created) is not deleted from other participants’ records but is anonymised — your name is replaced with “Deleted User” so the group’s history stays intact while you are no longer identifiable. You may also email us to request deletion.
12. Children’s Privacy
Zapnin is intended for users aged 18 and over. The App is not directed at children, and we do not knowingly collect personal data from anyone under 18. If we learn that we have collected data from a person under 18 without verifiable consent of a parent or guardian as required under the DPDPA, we will delete it promptly.
If you believe a minor has provided us personal data, please contact us at people@pivotandanchor.com so we can take appropriate action.
13. Your Rights
Subject to applicable law, including the DPDPA, you have the right to:
- Access a summary of the personal data we hold about you
- Correct, complete, or update inaccurate information
- Delete your account and associated personal data
- Withdraw consent for processing (which may limit some features)
- Nominate another individual to exercise your rights in the event of death or incapacity
- Grieve — raise a complaint with our Grievance Officer (Section 14) and, if unresolved, with the Data Protection Board of India
14. Grievance Officer
In accordance with the IT Act, the IT Rules, and the DPDPA, the following person has been designated as the Grievance Officer for concerns regarding the processing of your personal data:
- Name: Spruha Chitturu
- Email: people@pivotandanchor.com
Complaints will be acknowledged within 24 hours and resolved within 15 days of receipt.
15. Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes, we will update the “Last updated” date above and, for material changes, notify you through the App. Your continued use of Zapnin after a change takes effect constitutes acceptance of the updated policy.
16. Contact Us
If you have questions about this Privacy Policy or our data practices, contact us at people@pivotandanchor.com.