Legal

Privacy Policy

Last updated: March 2025  ·  GDPR & IT Act compliant

Your privacy matters to us. This policy explains exactly what data we collect, why we collect it, and how we keep it safe. We do not sell your data.

Your Rights as a User

  • Request a copy of your data
  • Ask us to delete your account and data
  • Opt out of marketing emails anytime
  • Update your info at any time in profile settings

Expert Profile Visibility

  • Your name, photo & bio are publicly visible
  • Your email is never shared with users
  • Earnings data is private and never disclosed
  • You may request profile removal anytime

1. What We Collect

We collect only the data needed to run the platform:

Data CollectedPurposeRetention
Name & EmailAccount creation and communicationUntil account deletion
Profile photoIdentity & trust on the platformUntil account deletion
Booking historySession management and disputes3 years
Payment detailsProcessed via Razorpay (not stored by us)Not stored
Usage analyticsImproving platform experience12 months

2. How We Use Your Data

We use your data to: create and manage your account, match users with relevant experts, process bookings and payments, send booking confirmations and reminders, and improve our platform through anonymised analytics.

We do not sell, rent, or share your personal data with advertisers.

3. Cookies

We use essential cookies to keep you logged in and a minimal set of analytics cookies. You can manage cookies via your browser settings. See our Cookie Policy for details.

4. Third-Party Services

We use the following trusted third-party services:

  • Razorpay Payment processing — PCI DSS compliant
  • MongoDB Atlas Secure cloud database
  • Cloudinary Profile image storage
  • Gmail SMTP Transactional email delivery

5. Data Security

All data is transmitted over HTTPS. Passwords are hashed using bcrypt and never stored in plain text. JWT tokens expire after 15 minutes; refresh tokens are stored securely in HTTP-only cookies.

6. Data Retention

We retain your account data for as long as your account is active. After deletion, we remove your personal data within 30 days, except for data needed for legal or financial compliance (e.g. transaction records for 3 years per Indian law).

7. Contact the Privacy Team

For any privacy-related requests or concerns, email us at privacy@bookexpert.com