Publish Date: September 14, 2024
Last Updated: November 17, 2025
ZipZy™ is committed to the principles of fairness, purpose limitation, data minimisation, accuracy, storage limitation, integrity & confidentiality, and accountability as enshrined in the Digital Personal Data Protection Act, 2023.
This Privacy Policy outlines how ZipZy™, a division of Pranava Company Group (operating through zipzy.in, zpzy.in, and associated mobile applications, collectively referred to as “ZipZy™,” “we,” “our,” or “us”), collects, uses, processes, stores, and shares personal data in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000 (IT Act), and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules) as amended up to November 2025. This policy applies to individuals who interact with our services across multiple platforms, including but not limited to URL Shortener, Custom Links, QR Codes, Landing Pages, Advanced Analytics, Branded Links, Link-in-Bio, Mobile Links, API Services, and any other applications or features offered under the ZipZy™ ecosystem (collectively, the “Services”), express interest in our offerings, or to whom we may market our Services. It details your rights regarding your data and provides information on how to contact us with any questions.
Data Storage in India: All personal data is primarily stored on our own secure servers located within India. Backups are maintained on AWS data centers located exclusively within India (Mumbai region). No personal data is stored outside India unless explicitly required for service delivery and only with adequate safeguards under DPDP Act Section 16.
This Privacy Policy does not extend to the practices of businesses that ZipZy™ or Pranava Company Group does not own or control, including third-party websites, services, or applications (“Third Party Services”) that you may encounter through our Services. We recommend that you review the privacy policies of any Third Party Services you access or use. ZipZy™ assumes no responsibility for the content or privacy practices of these Third Party Services.
India: For residents of India, our Privacy Policy is crafted in compliance with the latest Indian data protection regulations, including the DPDP Act, DPDP Rules 2025, and the IT Act with its SPDI Rules. This policy outlines:
Notice under DPDP Act Section 5 & Rule 4: Whenever we collect your personal data directly from you, we provide a Notice in English containing: (i) categories of personal data collected, (ii) purposes of processing, (iii) your rights, (iv) retention period, (v) details of Grievance Officer/DPO, (vi) whether data is shared/transferred outside India, and (vii) how to file a complaint with the Data Protection Board. The Notice is provided at the time of collection or as soon as practicable.
We operate primarily within India, and our privacy practices are tailored to meet Indian legal requirements across all our applications. Personal data is stored on our own servers in India with AWS India (Mumbai) as backup. Any transfer outside India is only to trusted service providers with adequate safeguards (SCCs + DTIA) under DPDP Act Section 16. For any inquiries, contact our Grievance Officer or DPO. We resolve issues within 30 days (or 7 days for simple requests) as mandated by the IT Act.
"ZipZy™" is a trademark in India, protected under Indian trademark law. Unauthorized use of the name "ZipZy™" is strictly prohibited and may result in legal action.
All other product names, logos, and brands are property of their respective owners.
ZipZy™, a division of Pranava Company Group
For your reference, you can view our previous Privacy Policy here.
ACCESSIBILITY NOTICE: If you encounter any difficulties accessing this Privacy Policy, please reach out to us at privacy@zipzy.in for assistance.
At ZipZy™, a division of Pranava Company Group, we prioritize transparency about the information we gather and how we use it across all our applications and platforms. This section details the types of data we collect from various interactions with our Services, as outlined in our Privacy Policy, to enhance your experience and ensure your data is managed securely and respectfully in compliance with the DPDP Act, DPDP Rules 2025, and SPDI Rules.
Personal Information (PI): Any data that can identify an individual, such as name, email address, phone number, or IP address.
Sensitive Personal Data or Information (SPDI): Data including passwords, health data, or biometric data as defined under the SPDI Rules. We do not directly collect payment information; such data is handled and processed by our payment gateway, Razorpay, as described below.
Data Principal: The individual to whom the personal data relates, i.e., you, the user.
When you sign up for a ZipZy™ account to use any of our Services across web, mobile, or API platforms (including URL Shortener, Custom Links, QR Codes, Landing Pages, Advanced Analytics, Branded Links, Link-in-Bio, Mobile Links, API Services, and other applications), we collect essential PI, including your name, phone number, company details, job title, and email address. We do not directly collect payment information; payment details are securely processed by our third-party payment gateway, Razorpay. If you use third-party logins (e.g., Google, Facebook), we collect data shared by these services based on your privacy settings. This data is used to manage your account, provide Services across platforms, and communicate critical updates. You may opt out of non-essential communications via your account settings, but we may still send service-related notifications. You have the option to not provide certain data, though this may limit access to some Services.
When you generate any ZipZy™ content or feature across our platforms, such as links, QR Codes, Landing Pages, Link-in-Bio, or other application-specific elements, we store the original and processed data, along with associated PI such as your IP address, geolocation data, and timestamps. If you share these on social media or integrate with other apps, we log the platform and your username to streamline integration and performance tracking. This data is collected for lawful purposes, such as service delivery and analytics, and is minimized to what is necessary across all applications.
We automatically collect data on how you interact with ZipZy™ Services across devices and platforms, including IP address, location, referring sites, device specifics (e.g., browser type, operating system, app version), and usage patterns. This data enhances our Services, detects issues, and improves user experiences across all applications. Data collection is limited to what is reasonably necessary for these purposes.
To provide a seamless experience across devices and our multiple applications, we track interactions to understand user behavior and prevent fraud. This includes linking your activities using PI like IP addresses or account details, ensuring a secure and tailored experience across the ZipZy™ ecosystem.
We do not collect or store any payment details, such as credit card numbers or banking information. All payment transactions are securely processed by Razorpay, a third-party payment gateway. Razorpay handles the entire payment process, and we only receive limited information, such as transaction IDs and payment status, necessary to complete and verify your transaction across any of our platforms. We do not have access to or store any of your payment information, and any data provided to us is used solely for transaction verification and completion of services.
We use your data for the following lawful purposes across all platforms:
We may process your personal data without additional consent for:
We notify you of these purposes at the point of data collection or through direct communication. Any change in purpose will be communicated, and your consent will be sought if required. We retain PI and SPDI only as long as necessary for these purposes, legal compliance, or business analysis, and erase it upon consent withdrawal or when the purpose is no longer served, whichever is earlier, unless retention is required by law. We also cause our Data Processors to erase such data. Typically, data is deleted after three years of inactivity or upon your request.
We share your data only under the following conditions, with your consent or as permitted by law, across all applications:
Internal Sharing: Within ZipZy™ and Pranava Company Group for service optimization and integrated offerings across platforms.
Public Information: Data from ZipZy™ features may be public and could reveal PI if included by you.
Organizational Sharing: For accounts linked to organizations, we may share account-related data with those entities for enterprise solutions across apps.
Support Services: We handle PI like name, email, and account details to provide customer support across platforms.
Email Validation: We use third-party services to verify email addresses, deleting invalid data post-validation.
Marketing and Communication: We use email marketing tools to send updates, with your consent, and maintain interaction records without sharing data for marketing without permission.
Third-Party Sharing: We share data with trusted service providers for analytics, cloud storage, or service enhancement across applications, ensuring they comply with our data protection standards. Personal data may be transferred outside India to such providers in compliance with DPDP Act Section 16, with adequate safeguards like contractual clauses, unless restricted by government notification.
Service Improvement: Third-party vendors analyze user behavior to optimize our Services across multiple platforms, bound by data protection agreements.
Single Sign-On: We use Single Sign-On services to simplify access across apps, collecting only necessary data.
Legal and Compliance: We may share data for tax, legal, or trust and safety purposes as required by law.
Consent-Based Sharing: We share data as directed by you or when interacting with Third Party Services, with your explicit consent.
We process personal data based on service requirements, legitimate interests, or consent, ensuring compliance with the DPDP Act and SPDI Rules. Data retention is aligned with service needs, legal compliance, and business analysis across all platforms, with PI deleted upon request or after three years of inactivity, whichever is sooner, unless legally required to retain it.
| Category | Retention Period |
|---|---|
| Account data (active users) | Duration of account + 3 years |
| Inactive accounts | Deleted after 3 years of inactivity |
| Analytics & logs | Maximum 1 year |
| Consent records | Processing period + 7 years |
We obtain your consent in a clear, specific, informed, unconditional and unambiguous manner with a active action (e.g., by clicking "Sign Up", "Submit", "Log In", or completing any other action that indicates your agreement to the terms). We maintain verifiable records of every consent (date, time, IP, version of notice) for the entire period of processing + 7 years thereafter as required under Rule 5(3) of the DPDP Rules, 2025. You may withdraw consent at any time with effect from the date of withdrawal via account settings or by contacting us. Withdrawal does not affect prior lawful processing.
You can withdraw consent anytime through your account dashboard, email, or by contacting our Grievance Officer. Upon withdrawal, we cease processing within 72 hours unless required by law.
All primary data storage is within India on our own servers. Backups are on AWS Mumbai (India) region. We may transfer personal data to countries outside India only when:
Current recipients (if any): Google Cloud (USA), AWS (Singapore), analytics providers – all bound by intra-group agreements and SCCs approved by the Government of India. No personal data is transferred outside India without compliance with DPDP Act Section 16.
If your data is transferred outside India, we ensure that it is protected in compliance with the applicable laws and data protection regulations.
ZipZy™ uses cookies and other tracking technologies to enhance your experience, provide personalized content, and analyze how our Services are used on our websites and mobile applications. Our cookie consent banner obtains your specific, informed consent for non-essential cookies that process personal data, as required by DPDP Act Section 6.
Cookies: Small text files placed on your device by websites or apps you visit.
Tracking Technologies: Includes web beacons, pixels, device identifiers, and similar technologies to track interactions across web and mobile.
To Improve Our Services: Analyze performance and user behavior across applications.
To Personalize Content: Remember preferences and provide tailored recommendations.
To Advertise Effectively: Deliver relevant ads and measure performance, with your consent.
You can manage preferences through browser/device settings or our consent banner. Disabling may affect features. Visit our Cookies Policy for details.
ZipZy™ respects your privacy and shares or discloses your personal data only in the following circumstances, ensuring compliance with the DPDP Act and SPDI Rules across all platforms:
Explicit Consent: We share your PI or SPDI only with your explicit consent, obtained through clear opt-in mechanisms. You may withdraw consent at any time.
Third-Party Service Providers: We share data with trusted vendors for analytics, cloud storage, customer support, or service enhancement across platforms. These providers are contractually bound to use your data only for specified purposes and comply with Indian data protection laws. We do not collect or store payment information; payment details are processed solely by Razorpay.
Business Transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred. We will ensure the new entity adheres to this Privacy Policy.
Legal Obligations: We may disclose data if required by law, ensuring adherence to principles of legality, necessity, and proportionality.
Enforcement and Protection: We may disclose data to enforce our Terms of Service, protect our rights, property, or safety, or prevent illegal activities.
ZipZy™ and Pranava Company Group: We may share data with affiliates to support business operations and provide a seamless experience across applications.
Non-Personal Data: We may share aggregated, anonymized data that does not identify you for analytical, research, or business development purposes.
External Links: Our Services may link to Third Party Services. We are not responsible for their privacy practices.
ZipZy™ prioritizes safeguarding your Personal Information (PI) and Sensitive Personal Data or Information (SPDI) with robust security measures across all platforms to prevent unauthorized access, loss, or misuse, in compliance with Section 43A of the IT Act, SPDI Rules, and DPDP Act Section 8(5).
Encryption: We use SSL/TLS for transmission security and AES-256 encryption for data storage.
Cloud Security & DDoS Protection: We leverage Cloudflare’s advanced DDoS protection, Web Application Firewall (WAF), and other security services to protect our platform from cyber threats.
Proxy & Load Balancing: Our infrastructure is secured with Nginx as a reverse proxy, which provides additional security layers such as rate limiting and SSL termination.
Secure Storage: Your data is securely stored on our own servers in India, with regular backups in the AWS Mumbai region, ensuring compliance with local data residency requirements.
Restricted Access: Access to sensitive data is strictly role-based and only authorized personnel can access it, based on job responsibilities.
Authentication: Multi-factor authentication (MFA) is enforced for all employees and users to ensure secure access to the platform.
Data Breach Notification: In the event of a personal data breach, we will notify the Data Protection Board of India and affected Data Principals without undue delay, and where feasible, within 72 hours after becoming aware of it (DPDP Rule 11). The notification will include the nature of the breach, categories of affected data, likely consequences, and measures taken.
If notified as a Significant Data Fiduciary, we will appoint a Data Protection Officer (DPO), conduct Data Protection Impact Assessments (DPIAs), and undergo periodic audits to ensure compliance with the DPDP Act.
To help us keep your data safe, please use strong passwords, enable Multi-Factor Authentication (MFA) on your account, and report any suspicious activity immediately to support@zipzy.in.
ZipZy™ is committed to respecting your rights under the DPDP Act and SPDI Rules across all platforms. As a Data Principal, you have the following rights regarding your PI and SPDI:
Right to Access: Request a copy of your data.
Right to Correction: Update inaccurate or incomplete data.
Right to be Forgotten: You can request erasure of your personal data that is no longer necessary, consent is withdrawn, or processing is unlawful. We will erase or anonymise the data within 30 days unless retention is required by law.
Right to Restriction: Request restriction in certain cases.
Right to Data Portability: Receive your data in a structured, machine-readable format.
Right to Object: Object to processing for legitimate interests or direct marketing.
Right to Nominate: Nominate another individual to exercise your rights in case of death or incapacity.
Submit requests to privacy@zipzy.in. We will verify identity and respond within 30 days (or 7 days for simple requests). We acknowledge grievances within 24 hours.
Our Services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If we learn that we have collected data of a person below 18 without verifiable parental consent, we will delete it immediately as required under DPDP Act. Contact privacy@zipzy.in if you believe we have such data.
If you believe that we have collected personal data from someone under 18 years of age without verifiable parental consent, please contact us at privacy@zipzy.in so that we can take appropriate action.
Additionally, if you log in using social accounts such as Google, Zoho, Facebook, or any other third-party login services, we only collect basic profile information (such as name, email address, and profile picture) as per their respective privacy policies. We do not collect any additional data beyond what these services provide.
These third-party services (such as Google, Zoho, and Facebook) have their own privacy policies that govern the collection, use, and sharing of data. By logging in through these services, you agree to their terms and policies. However, we do not knowingly allow users under the age of 18 to access our services through these login methods. We recommend that parents or guardians monitor their children's online activities and ensure that their children do not use third-party services inappropriately.
If we find that a user is under the age of 18, we may suspend their account and delete any data collected, in accordance with the DPDP Act and other applicable laws.
In accordance with the IT Act and SPDI Rules, ZipZy™ has appointed a Grievance Officer and Data Protection Officer to address your concerns.
Grievance Officer:
Email: grievance@zipzy.in
Data Protection Officer (DPO):
Name: Prince Tyagi
Email: dpo@zipzy.in
Address: ZipZy™, a division of Pranava Company Group, 62, Mandola, Loni, Ghaziabad, Uttar Pradesh 201102, Bharat (India)
If dissatisfied, you may lodge a complaint with the Data Protection Board of India after exhausting our internal process.
We may update this Privacy Policy to reflect changes in our practices, Services, or legal requirements. Significant changes will be communicated via email, in-app notifications, or updates on our websites, with the effective date clearly indicated. Continued use of our Services after changes signifies acceptance of the updated terms. Previous versions are available upon request. Contact privacy@zipzy.in.
For questions, concerns, or requests, contact our Grievance Officer or DPO:
Email: grievance@zipzy.in | dpo@zipzy.in
Address: ZipZy™, a division of Pranava Company Group, 62, Mandola, Loni, Ghaziabad, Uttar Pradesh 201102, Bharat (India)
We are committed to addressing your inquiries and resolving issues within 30 days (or 7 days for simple requests), as required by the IT Act.