Privacy Policy – EventXplore

    Your privacy matters. This policy explains what information EventXplore collects, why we collect it, and how you can control it. We do not sell your personal data to anyone.
  

Who We Are
What Information We Collect
How We Use Your Information
How We Share Information
Location Data
Identity Verification (KYC)
Payments
Push Notifications
Camera & Photos
Advertising
Analytics
Data Retention
Security
Children's Privacy
Your Rights & Choices
Pricing & Free Access
Delete Your Account
For U.S. Users & California Residents
Contact & Grievance Officer

1. Who We Are

EventXplore ("we", "us", or "our") is an event discovery and community platform available at eventxplore.in and as a mobile application on Android and iOS. The service lets users discover local events, register and pay for tickets, volunteer, organise events, and connect with other attendees.

For the purposes of applicable data protection law, the data controller is the developer registered on the Google Play Console and Apple App Store under the EventXplore developer account.

Contact: krishnavijayaram@gmail.com

2. What Information We Collect

2.1 Information You Provide Directly

Account details: name, email address, phone number, gender (optional), profile photo (optional)
Location preferences: up to three pincodes (home / work / native area) used to personalise your event feed
Interests: up to three event categories chosen during onboarding
Event content: events you create, descriptions, photos you upload, comments and reviews
Messages: in-app chat messages between attendees and organisers
Payment details: name and phone number pre-filled during checkout (card/UPI numbers are handled entirely by Razorpay and are never stored on our servers)

2.2 Information We Collect Automatically

Device & usage data: device model, OS version, app version, crash reports, feature usage patterns
Precise location: GPS coordinates, collected only when you grant permission and only while using location-dependent features (e.g., "events near me")
FCM token: a device-specific token used solely to deliver push notifications to your device
Install referrer: the marketing channel through which you installed the app (e.g., a campaign link) — no personal data, aggregated only
Log data: IP address, timestamps, pages visited, search queries within the app

2.3 Information from Third Parties

Google Sign-In: name, email address, and profile picture from your Google account. Today, email-address verification (via your sign-in provider) is the only identity check EventXplore performs.

3. How We Use Your Information

Purpose	Legal Basis	Data Used
Create and manage your account	Contract	Name, email, phone
Show relevant local events	Contract / Legitimate interest	Pincodes, interests, location
Process event registrations & ticket payments	Contract	Name, phone, payment status
Event check-in via QR code	Contract	Registration ID, name
Deliver push notifications	Consent	FCM token
In-app messaging between users	Contract	Messages, user IDs
Fraud prevention & safety	Legitimate interest	Usage patterns, device data
Improve the app (analytics)	Legitimate interest	Aggregated usage data
Show relevant advertisements	Consent	Device identifiers, usage data
Legal obligations	Legal obligation	As required by law

5. Location Data

EventXplore requests access to your device's precise location (GPS) to show events near you and to auto-fill your location when creating an event.

Location is collected only while the app is in use (foreground only — we do not track background location)
You can deny or revoke location permission at any time in your device settings; the app will continue to work using your pincode preferences instead
We do not share raw GPS coordinates with advertisers

6. Identity Verification (KYC)

      EventXplore does not currently perform Aadhaar, PAN, or any other government-ID identity verification. The only identity check today is email-address verification through your sign-in provider (Google Sign-In).
    

Government-ID identity verification may be introduced in the future for two features:

Paid-event ticket collection — when an organiser starts collecting money on tickets, RBI / payment-aggregator KYC rules apply, and identity verification will be required at that point.
Verified Organiser badge — a future, optional feature that lets organisers display a verified-identity badge on their events.

If and when either feature launches, EventXplore will:

Update this Privacy Policy at least 14 days in advance to disclose the chosen verification provider (DigiLocker or an authorised KYC aggregator), the documents accepted, what fields are stored, and the retention period.
Ask for your explicit, freely-given consent before initiating any verification.
Comply with the UIDAI Aadhaar Act, RBI KYC rules, and the DPDP Act 2023.
Never store the raw Aadhaar number; only the verified legal name and (where permitted) the last 4 digits.

Until then, no KYC data is collected, transmitted, or stored.

7. Payments

Ticket payments are processed by Razorpay, a PCI-DSS compliant payment gateway. EventXplore never receives, stores, or has access to your card numbers, UPI credentials, or net banking passwords.

We retain a record of the payment status (success/failure), transaction ID, and amount for your booking history and for organiser payouts.

8. Push Notifications

We send push notifications for:

Event reminders and updates for events you have registered for
Messages from organisers or attendees
New events matching your interests (optional; off by default)

You can disable push notifications at any time in your device's notification settings or within the app under Settings → Notifications.

9. Camera & Photos

EventXplore requests camera and photo library access for two purposes:

QR code scanning: used by organisers to check in attendees. Camera access is used only during active scanning and is not stored.
Event photo uploads: you may upload photos to an event gallery. Uploaded photos are stored on our servers and visible to other event attendees. You can delete your own photos at any time.

We do not use your camera in the background and do not perform facial recognition.

10. Advertising

EventXplore currently does not display any third-party advertisements. If advertising is introduced in a future version, this policy will be updated and you will be notified in advance.

11. Analytics

We use Google Firebase Analytics to understand how users interact with the app (screen views, feature usage, crash reports). This data is aggregated and pseudonymised — it is used solely to improve the product and is not used to build individual advertising profiles.

You can opt out of Firebase Analytics data collection by disabling "Usage & diagnostics" or equivalent settings on your device, or by contacting us.

12. Data Retention

Data Type	Retention Period
Account & profile data	Until you delete your account
Event registrations & payment records	7 years (legal/tax requirement)
Chat messages	2 years after last activity
Event photos	Until you delete them or delete your account
KYC verification record	Not currently collected — see §6. If introduced in future, retention will be disclosed before any data is collected.
Push notification tokens	Until you revoke permission or delete your account
Analytics data	14 months (Firebase default)
Server logs	90 days

When you delete your account, we delete or anonymise all personal data within 30 days, except where retention is required by law.

13. Security

We implement industry-standard security measures including:

TLS encryption for all data in transit
Firebase Authentication with server-side token validation
Firestore security rules restricting data access to the owning user
Payment processing delegated entirely to Razorpay (PCI-DSS Level 1)

No system is 100% secure. If you discover a security vulnerability, please report it responsibly to krishnavijayaram@gmail.com.

14. Children's Privacy

EventXplore is intended for users aged 13 and above. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal data, please contact us at krishnavijayaram@gmail.com and we will delete it promptly.

15. Your Rights & Choices

You have the following rights regarding your personal data, including the rights granted to data principals under the Digital Personal Data Protection Act, 2023 (DPDP Act):

Access (DPDP §11): request a copy of the data we hold about you, including a summary of how it is processed and a list of the third parties with whom it is shared.
Correction (DPDP §12): update inaccurate or incomplete data. Most fields are editable directly in the app under Profile → Edit; for anything else, email us.
Deletion / erasure (DPDP §12): request deletion of your account and associated personal data via Profile → Delete Account in the app, or by emailing us. We will delete or anonymise personal data within 30 days, except where retention is required by law (see §12) or where the data relates to a public-event organiser record we are required to keep for legal traceability.
Portability: request your data in a machine-readable format.
Withdraw consent (DPDP §6(5)): withdraw any consent you previously gave (notifications, location, future KYC, etc.) as easily as you granted it. Withdrawing consent does not affect the lawfulness of any processing carried out before withdrawal. Withdrawing consent for processing that is necessary to provide the service may make some features unavailable.
Nomination (DPDP §14): nominate another individual to exercise your rights under the DPDP Act in the event of your death or incapacity. To nominate someone, email us the nominee's name and contact details with the subject "DPDP Nomination".
Grievance redressal (DPDP §13): contact our Grievance Officer (see Contact) for any complaint about how we handle your personal data. We will respond within 24 hours and resolve within 15 days. If you are not satisfied with our resolution, you have the right to escalate to the Data Protection Board of India once it is constituted.
Notification opt-out: disable push notifications in device settings at any time.
Location opt-out: revoke location permission in device settings at any time.
Ad personalisation opt-out: reset your Advertising ID in device settings.

To exercise any of these rights, email krishnavijayaram@gmail.com. We will respond within 30 days.

16. Pricing & Free Access

EventXplore is currently free for all users. No subscription card or UPI mandate is debited for any tier. Silver (₹199/month) and Gold (₹499/month) tier subscriptions shown on the Pricing page are planned but not yet active. Early users are guaranteed a free-access period based on join date — this commitment is binding on us.

What "free" means in practice today:

You can install the app, create an account, browse and RSVP to events, host your own events, and use all standard features at no cost.
No subscription is billed against your card or UPI today.
Event tickets are a separate paid surface: some organisers may charge attendees for ticketed events (concerts, workshops, etc.). Those payments go through Razorpay and are governed by the organiser's own pricing — see our Refund Policy for the full terms on those.

We made a binding commitment to reward our early community. The following free-access periods will apply, anchored to whatever date paid Silver/Gold billing first goes live:

When you joined	Free access period
Before 1 July 2026 (Q2 2026 or earlier)	12 months free from billing start date
1 July 2026 – 30 September 2026 (Q3 2026)	6 months free from billing start date
After 30 September 2026	3 months free from billing start date

These free periods will be honoured automatically — your account creation date is recorded server-side and used to calculate your entitlement when paid subscription billing is enabled.

30-day advance notice: We will notify you at least 30 days in advance before any Silver / Gold subscription billing takes effect, via in-app notification and email. You may cancel any subscription at any time from Profile → Settings → Subscription → Cancel; access continues until the end of your current billing cycle.

Refunds & cancellation: See our Refund Policy for the full terms covering both subscription refunds (when active) and paid-event ticket refunds (active today).

No subscription billing is currently active. The tier prices on the Pricing page describe what will apply when Silver/Gold billing is enabled.

17. Delete Your Account

      You can permanently delete your EventXplore account and all associated data directly from within the app — no email required.
    

How to delete your account in the app

Open the EventXplore app
Tap Profile in the bottom navigation bar
Scroll to the bottom of your profile page
Tap Delete Account (shown in red)
Confirm twice when prompted
Authenticate with your biometric or device PIN

What gets deleted

Your profile (name, email, phone number, pincodes, interests, and any future KYC data once that feature is introduced)
Your event registrations and participation history
Your group memberships
Your saved events
Your push notification token
Your in-app comments

What is retained

Payment records — retained for 7 years as required by Indian tax law (GST compliance). These records are anonymised and not linked to your profile after deletion.
Events you organised — kept as community content but stripped of personal association

Account deletion is immediate and irreversible. All personal data is deleted or anonymised within 30 days.

If you are unable to access the app, you can also request deletion by emailing krishnavijayaram@gmail.com with the subject line "Account Deletion Request". We will process your request within 30 days.

18. For Users in the United States & California Residents

EventXplore is distributed in India and the United States. The following section summarises rights specific to U.S. users.

EventXplore does not sell or share your personal information. We do not engage in cross-context behavioural advertising, do not share personal information for monetary or other valuable consideration, and have no plans to.

Even though EventXplore is below the California Consumer Privacy Act (CCPA / CPRA) revenue and user-count thresholds that would mandate full compliance, we voluntarily honour the following rights for all U.S. users:

Right to Know: request a copy of the personal information we hold about you.
Right to Delete: request deletion of your personal information (subject to legitimate retention exceptions — e.g., your past events may be retained with your name replaced by "Organiser no longer available", per §17).
Right to Correct: ask us to fix inaccurate personal information about you.
Right to Opt Out of Sale/Sharing: not applicable because we do not sell or share personal information, but you may still submit a request and we will confirm in writing that none has occurred.
Right to Non-Discrimination: we will not deny service, charge different prices, or provide different quality of service if you exercise any of these rights.

Paid plans not offered to U.S. users today: the Silver and Gold subscription tiers described in §16, when activated, will initially be available to users in India only. U.S. users will continue to have full free-tier access.

How to exercise these rights: email grievance@eventxplore.in from the email associated with your EventXplore account. We will respond within 30 days. Verifiable consumer requests will be acknowledged within 10 business days per CCPA §1798.130(a)(2)(B).

Children under 13 (COPPA): EventXplore is not directed at children under 13 and we do not knowingly collect personal information from anyone under 13. If you believe a child under 13 has created an account, please email the Grievance Officer (see §19) and we will delete the account within 7 days of verification.

Other U.S. state privacy laws (Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, Iowa, Indiana, Tennessee, Texas, etc.) impose similar rights at higher thresholds that EventXplore is currently below. We extend the four rights above (Know, Delete, Correct, Opt-Out) to all U.S. residents as a courtesy regardless of state.

19. Contact & Grievance Officer

Grievance Officer (as required under India's Information Technology Rules 2021, Consumer Protection (E-Commerce) Rules 2020, and the Digital Personal Data Protection Act 2023):

Name: Krishna Vijayaram
Designation: Grievance Officer & Data Protection Contact
Organisation: EventXplore (sole proprietorship)
Address: West Mambalam, Chennai, Tamil Nadu 600033, India
Email: grievance@eventxplore.in (forwards to krishnavijayaram@gmail.com)

Service-level commitment:

Acknowledgement of every grievance within 24 hours of receipt
Resolution within 15 days from receipt (most issues resolved in 48 hours)
For data-subject requests under DPDPA 2023 (access, correction, erasure, withdrawal of consent): resolved within 30 days
For data-breach concerns: emergency response within 72 hours, per DPDPA Rule 7

For general questions, concerns, or requests about this Privacy Policy or your data, you may also contact:

General email: krishnavijayaram@gmail.com
Website: eventxplore.in

We may update this Privacy Policy from time to time. We will notify you of material changes via a notice in the app or by email at least 14 days before the change takes effect. Continued use of EventXplore after that date constitutes acceptance of the updated policy.

Contents