HomeBazaarbaazar-swart.vercel.app
Privacy policy
Last updated: 24 April 2026
ProFixer (“we”, “us” or the “Operator”) respects your privacy. This Privacy policy explains how we collect, use, disclose, and protect personal data when you use the Bazaar Platform in India, including our website and related services (together, the “Service”). It is published in English and is intended to align with the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and the Information Technology Act, 2000, and rules thereunder, as updated from time to time.
This policy should be read with our Terms of use and Disclaimer. By using the Service, you acknowledge this Privacy policy, subject to the choices and rights described below and any consent we obtain where the law so requires.
1. Data fiduciary
For the processing described in this policy, the data fiduciary is ProFixer, operating the Bazaar Service in India. We determine the means and purposes of such processing, except where we act strictly as a processor on clear written instructions of another entity, which we will describe in a separate data processing or service agreement where relevant.
2. What personal data we may collect
Depending on how you use the Service, this may include:
- Account & identity — name, email address, phone number, user ID or reference from your sign-in provider, and account preferences;
- Listing & transaction context — titles, descriptions, photos and videos you upload, price, area or neighbourhood, map coordinates you choose, and in-app offers or messages;
- Technical & device — IP address, device type, browser and app identifiers, time zone, language, and diagnostic logs needed for security;
- Usage & communications — actions on the Service (e.g. saves, searches) and, where the feature is enabled, chat content between you and other users;
- Support & safety — information you provide when you contact us or report a problem, or when we are required to process reports under applicable law and our Terms.
We do not design the Service for children, and you should be at least 18 to register.
3. Purposes and legal bases
We use personal data to:
- operate, secure, and improve the Service, including local discovery and search;
- authenticate you, deliver notifications you request, and prevent fraud or abuse;
- moderate or remove content, enforce the Terms, and meet legal and regulatory requirements;
- communicate service updates, policy changes, and, where the law and your preferences allow, marketing;
- exercise, establish, or defend legal claims.
Where the DPDP Act applies, we rely on appropriate grounds including your consent (where we ask for it, e.g. non-essential cookies or certain communications), the performance of a contract with you, compliance with law, or legitimate uses that are in line with your reasonable expectations and the purposes informed at collection. For sensitive personal data, we will only process in accordance with the DPDP Act and, where required, on the basis you clearly permit.
4. Cookies and similar technologies
We and our service providers may use cookies, local storage, and similar technologies to remember your session, language, theme, and in-product preferences, and to keep the Service secure. You can control some cookies in your browser; blocking essential cookies may affect how the site works. Where we use non-essential analytics or third-party tools, we will ask for your consent as required and describe them in a cookie or preference centre when available in product.
5. Who we may share with
We may share personal data with:
- Other users — in line with the visibility you set for listings and messages;
- Service providers (processors) who host, analyse, or support the Service, under contracts that require them to protect data;
- Authorities and parties when we believe in good faith that disclosure is required by a court order, statutory demand, or valid legal process, or to protect the rights, property, and safety of users, us, or the public, as permitted by law;
- Professional advisers and prospective acquirers in a merger or sale of assets, subject to appropriate confidentiality and continued protection of your rights to the extent required by law.
6. Cross-border transfers
We aim to process personal data in India to the extent practicable. If any processing or storage outside India is necessary, we will do so in compliance with the DPDP Act and applicable government notifications, including where appropriate reliance on standard contractual clauses, adequacy, or your explicit consent, as the law may require from time to time.
7. Retention
We keep personal data only as long as needed for the purposes in this policy, including legal, tax, and dispute-resolution needs. When retention periods end, we delete or de-identify data in a reasonable manner, subject to any mandatory retention.
8. Security
We use appropriate technical and organisational measures for the Service. No method of transmission or storage is fully secure; we cannot warrant absolute security.
9. Your rights (DPDP Act, India)
Subject to conditions and limitations in the DPDP Act, you may have the right to:
- obtain a summary of processing and a list of your personal data we hold;
- seek correction, completion, or updating of inaccurate or misleading data;
- seek erasure, subject to certain exceptions in law (e.g. legal retention);
- withdraw consent, where processing was consent-based, without affecting lawfulness of prior processing, subject to the Act;
- use a consent manager where we offer one to manage consent for non-essential processing;
- nominate another person to exercise your rights in case of your death or incapacity, in the manner prescribed.
You can exercise rights by contacting the grievance / privacy contact below. We will respond in line with applicable timelines under the DPDP Act, including where we are required to take certain steps in 24 to 48 hours for a preliminary response to a grievance, and to resolve or update you in line with the rules in force (subject to change when the Board / rules are notified).
10. Grievance officer (India)
Configure NEXT_PUBLIC_GRIEVANCE_OFFICER_EMAIL (or a general contact that doubles as data grievance) to display a dedicated address here. Until then, use the Contact page.
11. Automated decision-making & AI
We may use automated tools to rank listings, suggest prices, or generate draft text. Any decision with legal or similarly significant effect on you will be designed to comply with the DPDP Act, including the right to human review and contestation where required. You can ask how such processing works for a specific feature in product or via our support / grievance contact.
12. Your duties
The DPDP Act also imposes duties on you as a data principal (e.g. not to impersonate, not to provide false information, to comply with law). We may refuse or limit service where the law so permits, including in case of serious breach.
13. Other Indian rules
We comply with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, where they continue to apply to the categories of data they cover, and with intermediary-related obligations under the Information Technology Act, 2000, and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, as may be amended (including, where required, takedown and redressal flows).
14. Contact
For general questions: our Contact page.
15. Changes to this policy
We may update this Privacy policy. The “Last updated” date on this page will change, and where the law or our processing materially changes, we will provide any further notice required (e.g. in-app or by email) and seek consent where that is the basis of processing.