Privacy Policy

Privacy Policy

Last Updated: 20 April 2026

Privacy Policy

This Privacy Policy explains how Navya (“Navya”, “we”, “us”) collects, uses, stores, shares, and protects your personal data when you use our website at navya.in or our mobile application available on the Google Play Store and the Apple App Store (together, the “Service”).

We comply with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the Digital Personal Data Protection Act, 2023 (“DPDP Act”).

1. Data we collect

We collect only what we need to operate the Service safely and well.

  • Account information: name, email, mobile/WhatsApp number, password (hashed).
  • Profile information: age, gender, city, photographs, profession, education, religion, languages, lifestyle preferences, bio, partner preferences.
  • Verification data: a selfie and one government-issued photo ID (Aadhaar, PAN, Driving Licence, or Passport). The ID number is one-way hashed; we do not store a copy of the ID image after verification is complete.
  • Usage data: profiles you view, searches, connection requests, in-app activity, device type, OS version, app version, IP address, approximate location (city level).
  • Payment data: processed by our PCI-DSS compliant payment partner (Razorpay). Navya does not store card numbers, UPI PINs, or banking credentials.
  • Communications: support emails, grievance reports, feedback you choose to send us.
2. How we use your data
  • To create and maintain your account, verify your identity, and surface relevant matches.
  • To facilitate connection introductions, including the WhatsApp deep-link feature.
  • To prevent fraud, abuse, harassment, and other safety risks; to investigate reports and enforce our Community Guidelines.
  • To process payments for Premium memberships and issue invoices/receipts.
  • To respond to your support requests and grievances.
  • To comply with legal obligations under Indian law, including responses to lawful requests from authorised government authorities.
  • To improve the Service through aggregated analytics. We do not use your personal data to train external AI models.
3. Lawful basis (DPDP Act, 2023)
  • We process your personal data on the basis of your free, specific, informed, unconditional, unambiguous consent obtained at signup, which you may withdraw at any time, and on certain “legitimate uses” recognised by the DPDP Act including responding to medical or safety emergencies, fulfilling legal obligations, and preventing fraud.

4. Sharing your data
  • We never sell your personal data. We share data only with:

    • Verification partners for ID verification (e.g. Digio, Hyperverge), bound by data processing agreements.
    • Cloud hosting providers (Amazon Web Services, Mumbai region) where our infrastructure runs.
    • Payment partners (Razorpay) for processing transactions.
    • Communications providers for sending OTPs, transactional emails, and push notifications.
    • Law enforcement and courts only on receipt of a written, lawful order under Indian law.

    All vendors are contractually required to protect your data to standards equivalent to ours, and to use it only for the agreed purpose.

5. Where your data lives

All personal data is stored on servers located in India (AWS Mumbai region). We do not transfer your personal data outside India.

6. Retention
  • Active account data: as long as your account is open.
  • After account deletion: profile and chat data deleted within 30 days.
  • Identity-verification audit logs (hashed): retained for 24 months as required for fraud prevention.
  • Transaction records: retained for 8 years as required under Indian tax law.
  • Records of legal complaints: as long as required by law.
7. Your rights as a Data Principal

Under the DPDP Act 2023 and the IT Act 2000 you have the right to:

  • Access a copy of your personal data we hold.
  • Correct inaccurate or outdated information.
  • Erase your data (delete your account).
  • Withdraw consent for any processing based on consent.
  • Nominate another individual to exercise these rights on your behalf in case of death or incapacity.
  • Grievance redressal through our Grievance Officer (see Section 11).

To exercise any right, write to info@navyasocial.in . We respond within 7 working days.

8. Children

The Service is for adults aged 18 years or older only. We do not knowingly collect data from children. See our Children’s Safety Policy.

9. Security

We follow reasonable security practices and procedures as defined under Section 43A of the IT Act, 2000 and the SPDI Rules, 2011: TLS 1.3 for all traffic, AES-256 encryption at rest, role-based access controls, periodic VAPT audits by CERT-In empanelled auditors, multi-factor authentication for all internal access, and a documented incident response plan. In the event of a personal data breach we will report to the Indian Computer Emergency Response Team (CERT-In) within 6 hours and to the Data Protection Board of India in line with the DPDP Act.

10. Cookies and tracking

See our separate Cookie Policy.

11. Grievance Officer

In compliance with Rule 3(2) of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 and Section 8(10) of the DPDP Act, 2023:

Priya Sharma · Grievance Officer
 9/1, Snuff Mill Street, Kolkata 700056
Email: info@navyasocial.in· Phone: +91 80 4710 2401
Hours: Monday – Friday, 10:00 – 18:00 IST

We acknowledge complaints within 24 hours and resolve within 15 days.

12. Changes

We will notify you of material changes by email and an in-app banner at least 14 days before they take effect.