Privacy Policy
Effective 29 June 2026 · Last updated 29 June 2026 · Applies to sayzo.in and the SAYZO apps
1. Who we are
SAYZO is a hyperlocal marketplace that connects people who need tasks done ("Task Givers") with people who can do them ("Task Doers"), using location based services and AI assisted matching. The platform is operated by SAYZO PLATFORMS PRIVATE LIMITED, U62099DL2026PTC462201, DPT 808B, F-79 & 80, DLF PRIME TOWER, Okhla Industrial Area Phase-i, South Delhi, New Delhi, Delhi, India, 110020 ("SAYZO", "we", "us"). For the Digital Personal Data Protection Act, 2023, SAYZO is the Data Fiduciary that decides why and how your personal data is processed.
This policy applies to the website and apps and is published under the DPDP Act, 2023 and DPDP Rules, 2025, the Information Technology Act, 2000 and SPDI Rules, 2011, and the Consumer Protection (E-Commerce) Rules, 2020. By using SAYZO you confirm you have read it. Where we rely on consent, we ask for it separately at the point of collection.
2. The data we collect
We collect only what we need to run the marketplace, keep it safe and meet legal obligations:
- Account and contact: name, mobile number, email, and password (stored encrypted).
- Profile, address and location: profile details, service address or work area, and device location (precise or approximate, per your permissions) for hyperlocal matching.
- Identity documents: government issued ID for verification, handled as in Section 6.
- Payments and transactions: transaction amounts, status and payout details, and your task history. Card and bank credentials are handled by our payment partners, not stored by SAYZO.
- Communications, reviews and technical data: in app messages, ratings and reviews, plus device, IP and usage logs for security, fraud prevention and analytics.
We collect this from you directly, automatically through your device, and from verification or payment partners acting on our instructions.
3. Why we use it, and our lawful basis
We use your data to run your account; match Task Givers and Task Doers; enable communication, scheduling and fulfilment; process payments; verify identity and prevent fraud; operate ratings and dispute resolution; provide support; send service messages and, with consent, offers; secure and improve the platform; and comply with law.
Our main lawful basis is your consent. Where the law allows, we may also rely on certain legitimate uses recognised under the DPDP Act. We will not use your data for an incompatible new purpose without telling you and, where required, taking fresh consent.
4. Consent and withdrawal
When we rely on consent, we ask through a clear, plain language request that states the data sought, the purpose, how to exercise your rights, and how to complain to the Data Protection Board of India. Your consent is free, informed, specific and limited to the stated purpose.
You can withdraw consent at any time, as easily as you gave it, through your account settings or the Grievance Officer. Withdrawal does not affect lawful processing already done. If withdrawal makes a feature or the service unworkable, we will tell you before you confirm. When the DPDP Consent Manager framework becomes operational, you will be able to manage consent through a registered Consent Manager.
5. AI assisted matching and automated processing
Our matching uses factors such as location and work area, task category, availability, ratings, distance and past activity to surface relevant tasks and suitable Task Doers. It does not decide your eligibility or produce a legal effect on you without a route to human review.
We also use automated tools to detect fraud and safety risks. If an automated check materially affects your access, for example a fraud suspension, you may ask our Grievance Officer for a human review. We do not make solely automated decisions with significant adverse effects without giving you a way to reach a person.
6. Identity verification
Where we verify identity using a government issued document, we collect only the minimum needed, through permitted and secure methods, and store it encrypted with restricted access. Where an Aadhaar based method is used, we follow the Aadhaar framework and do not store full Aadhaar numbers; Aadhaar is masked or redacted, using routes such as offline verification or DigiLocker.
7. What other users can see
SAYZO is a marketplace, so some information is shared with other users so tasks can be arranged. Before a match, others may see your display name, photo, ratings, task categories and approximate location or distance, not your exact address. After a task is accepted, matched users may see the service address and a way to contact each other through the platform. Reviews and ratings are visible to other users.
8. Sharing and transfers
We do not sell your personal data. We share it with: other users (as above); service providers and processors acting on our instructions (cloud hosting, payment gateways, communications, verification, mapping, analytics, support), bound by contract; regulated payment partners under RBI and PCI DSS requirements; authorities where required by law or to protect safety; and an acquirer in any merger or reorganisation, subject to this policy. Some providers may process data outside India; we may transfer data abroad except to any country restricted by the Central Government, and require appropriate contractual protections.
9. Children's data
SAYZO is for users aged 18 and above. We do not knowingly register minors or process children's data, and we do not track, profile or target advertising at children. If we learn we hold a minor's data without verifiable parental or guardian consent, we will delete it. Contact the Grievance Officer if you believe a minor is using SAYZO.
10. Retention and deletion
We keep personal data only as long as needed for its purpose or as the law requires:
- Account and profile data: for the life of the account, then deleted or anonymised after a defined period.
- Transaction and payment records: as required under tax and accounting law.
- Identity documents: for the life of the account, then securely deleted.
- Logs and traffic data: at least one year, as required under the DPDP Rules.
We delete or anonymise data once the purpose is served or you close your account, except where law requires retention. You can ask us to delete your data at any time, subject to those legal exceptions.
11. Security and breaches
We maintain reasonable safeguards appropriate to the data, including encryption in transit and at rest, access controls, secure development, and monitoring, and require comparable measures from our processors. No system is fully secure, so keep your credentials confidential. If a breach occurs, we will contain and assess it and notify the Data Protection Board of India and affected users as required, explaining its nature, likely consequences, our response and steps you can take.
12. Your rights
As a Data Principal under the DPDP Act, 2023 you may:
- Access a summary of your data, our processing, and who we have shared it with.
- Correct, complete, update or erase your data where it is no longer needed and we are not required to keep it.
- Seek grievance redressal (Section 13) and nominate someone to exercise your rights if you die or become incapacitated.
- Withdraw consent (Section 4).
We will verify your identity before acting on a request. You may also control cookies through your browser and app permissions, such as location, through your device settings.
13. Grievance Officer
For any question, request or complaint about your data, contact our Grievance Officer, who is also the grievance contact under the IT Act, 2000 and the Consumer Protection (E-Commerce) Rules, 2020:
Name: Ayan Srivasthav
Email: contact@sayzo.in
Address: DPT 808B, F-79 & 80, DLF PRIME TOWER, Okhla Industrial Area Phase-i, South Delhi, New Delhi, Delhi, India, 110020
Phone: +91 9335581408
We acknowledge complaints within 48 hours and resolve them within the timelines required by law: one month under the Consumer Protection (E-Commerce) Rules and no later than 90 days for DPDP grievances. If unsatisfied, you may complain to the Data Protection Board of India.
14. Changes and governing law
We may update this policy and will revise the date above and, for significant changes, notify you in the app or by email. This policy is governed by the laws of India, and the courts at New Delhi have jurisdiction, subject to applicable consumer and data protection law.