Privacy Policy

Last updated: 18 October 2025
Effective date: 18 October 2025
DgtlStream (“DgtlStream”, “we”, “us”, or “our”) is committed to protecting your privacy and handling your personal data in a transparent, secure, and lawful manner. This Privacy Policy explains how we collect, use, disclose, store, transfer, and otherwise process personal data when you visit www.dgtlstream.com, use our products and services (including ZonicWorks), register an account, or communicate with us. This Policy also explains your rights and how you may exercise them.
This Policy applies to (a) visitors to our websites and applications; (b) users of our platforms and services; and (c) other persons about whom we collect personal data in connection with our business operations.

1. Key definitions

  • Personal data / personal information: Any information that identifies or can reasonably identify an individual (e.g., name, email, phone number, identifiers, payment details, profile information).
  • Special category personal data / Sensitive personal data: Includes health information, identity documents, biometric data, caste/religion (where applicable), and any other categories treated as sensitive under applicable laws.
  • Data Principal: The individual whose personal data is processed.
  • Data Fiduciary: An entity that determines the purpose and means of processing personal data (DgtlStream, in this case).
  • Processor / Service Provider: Third parties who process data on our behalf under contract.

2. Legal framework and compliance

DgtlStream processes personal data in accordance with applicable laws and regulations, including (where applicable) the Digital Personal Data Protection Act, 2023 (DPDPA), the Information Technology Act, 2000 and related rules, and global privacy best practices. We adopt reasonable security practices and procedures consistent with Indian law and international standards. For summary guidance on the DPDP Act and its key rights and obligations, see government guidance.

3. Personal data we collect

We collect the following categories of data, depending on the services you use and the context of your interactions:

  1. Identity & account data — name, username, email, phone number, profile photo, business/organization name, registration number (if applicable), and other profile fields you choose to provide.
  2. Transaction & payment data — billing address, payment method tokens, transaction records, invoices. (Payment card details are not stored by us but by our PCI-DSS-compliant payment processors.)
  3. Contact & communication data — messages between customers and professionals, support requests, feedback, call recordings (where permitted and with consent).
  4. Verification & KYC data — identity documents (e.g., PAN, Aadhaar, passport), certificates, or background-check reports, when you elect to verify your account or as required by law or platform rules.
  5. Usage, device & technical data — IP address, device identifiers, browser type, operating system, referrer, pages visited, features used, cookies, and similar telemetry.
  6. Location data — approximate or precise location where necessary for the service (e.g., delivery addresses, geolocation to match professionals).
  7. Sensitive categories (limited & only if necessary) — health-related information (if you use health-related services), criminal records (only when required for background checks), biometric data (only if you voluntarily provide this for verification), and other sensitive data only when strictly necessary and with appropriate legal basis.

We may receive categories of personal data from third parties (payment providers, identity-verification vendors, public registries, partners) where you have authorized such sharing or where permitted by law.

4. Use of Artificial Intelligence and Automated Processing

We use artificial intelligence (“AI”) and automated technologies to enhance the performance, accuracy, and functionality of our digital solutions. These technologies may assist in analyzing patterns, improving service recommendations, detecting security threats, or personalizing user experiences.

How We Use AI

  • To optimize system performance and improve the reliability of our platforms.
  • To analyze aggregated or anonymized data for insights that help enhance our services.
  • To detect and prevent fraudulent or malicious activities.
  • To personalize content, suggestions, or features based on user interactions and preferences.
  • To support automated decision-making processes that improve efficiency and response times.

Data Handling in AI Systems

  • Any data processed by our AI systems is handled in compliance with applicable data protection laws.
  • We ensure that AI-driven insights are based on aggregated, pseudonymized, or anonymized data wherever possible.
  • Personal data used for AI training or analysis is minimized and protected using strict access controls, encryption, and data retention limits.
  • We do not use AI to make decisions that have legal or significant personal effects on individuals without appropriate human oversight.

Transparency and Human Oversight

We maintain transparency about the use of AI in our services. In any case where automated processing significantly affects users, human review and intervention are always available to ensure fairness, accuracy, and accountability.

5. How we collect personal data

  • Directly from you: when you register, create/modify your profile, post/accept service requests, make payments, contact support, upload documents, or otherwise provide data.
  • Automatically: via cookies, web beacons, server logs, analytics, and performance monitoring.
  • From third parties: identity/KYC providers, payment gateways, marketing partners, public sources, or other users who interact with you on our platform.
  • From our affiliates: where you interact with related DgtlStream products or where we operate services across multiple brands.

6. Purpose and legal basis for processing

We process personal data for specified, explicit, and legitimate purposes, including but not limited to:

  • Service delivery & platform operation: create and manage accounts, enable matching and communication between customers and service professionals, manage bookings, and process payments (contractual necessity).
  • Verification & trust & safety: perform identity and background checks, fraud prevention, eligibility screening, and enforcement of our Terms (legitimate interest and compliance).
  • Customer support & dispute resolution: to resolve disputes, refunds, and complaints (contractual/legal basis).
  • Product improvement & analytics: improve service performance, user experience, and product features (legitimate interest, aggregated/anonymized where possible).
  • Marketing & communications: send transactional messages and, with consent, promotional emails and offers; you can opt out of promotional communications.
  • Legal compliance & lawful requests: comply with court orders, statutory obligations, tax and audit requirements, and law-enforcement requests (legal obligation).
  • Security & fraud detection: detect, prevent, and respond to security incidents and misuse (legitimate interest).
  • Archiving & records: keeping to meet legal, tax or regulatory obligations (legal obligation/legitimate interest).

     

Where consent is the legal basis, we will collect and maintain demonstrable records of consent and enable easy withdrawal of consent.

7. Sharing personal data — categories of recipients

We do not sell personal data. We may share personal data with:

  • Service providers & processors (hosting providers, analytics vendors, payment gateways, identity-verification and background-check vendors, customer support platforms, email/SMS providers) — under written contracts with confidentiality and security obligations.
  • Business partners (when you use a partner’s offerings via our platform) — only to the extent required to fulfill services.
  • Legal & regulatory authorities or third parties where required by law, court order, or to protect legal rights (including to respond to lawful requests).
  • Acquirers and corporate counterparties — in connection with corporate changes (sale, merger, reorganization), with notice to users and protections for personal data.
  • Other users — information you elect to make public on the platform (e.g., service listings, professional profiles) will be visible to others as described in your privacy settings.

We impose contractual obligations on processors and require them to implement appropriate technical and organizational security measures.

8. Cross-border transfers

Personal data may be transferred to, stored, and processed in jurisdictions outside India where our service providers operate. When we transfer data abroad, we rely on: (a) adequacy decisions where available; (b) standard contractual clauses or equivalent safeguards; or (c) other lawful transfer mechanisms. We take steps to ensure a comparable level of protection to that provided under Indian law. For high-risk transfers, we apply additional safeguards and contractual protections.

9. Cookies, trackers, and similar technologies

We use cookies, local storage, pixels, and other tracking technologies to operate the site, enhance usability, remember preferences, and analyze performance. Our cookie categories include:

  • Strictly necessary cookies — required for basic site functions (e.g., login, security).
  • Performance and analytics cookies — to understand usage and improve services.
  • Functional cookies — to remember choices and preferences.
  • Advertising/remarketing cookies — with consent, to present relevant offers.

You can control or delete cookies through your browser settings. Disabling certain cookies may limit the functionality of the platform. Our cookie banner and settings page provide granular consent options.

10. Retention policy

We retain personal data only for as long as necessary to fulfill the purposes described in this Policy, to comply with legal obligations, resolve disputes, and enforce agreements. Retention periods are determined by category of data, business needs, and legal requirements (for example, tax laws, financial record retention rules, or litigation hold). Where retention is no longer necessary, we will delete, anonymize, or aggregate data in a secure manner.

11. Security measures

We apply industry standard technical and organizational measures to protect personal data, including (but not limited to):

  • Encryption of data in transit (TLS/SSL) and encryption at rest for sensitive data. 
  • Role-based access control, strong authentication, and least-privilege principles.
  • Regular security testing, vulnerability scanning, and third-party audits.
  • Data minimization, pseudonymization, and secure deletion processes.
  • Incident response and disaster recovery planning.

     

Although we implement strong safeguards, no system is completely immune to risk. If a security incident affecting personal data occurs, we will follow our incident response procedures and notify the affected Data Principals and relevant regulators as required by law.

12. Data breach notification

In the event of a personal data breach that is likely to cause harm, we will: (a) contain the incident and remediate; (b) assess the risk; and (c) notify affected individuals and/or regulators in accordance with applicable law and timelines. We maintain internal records of incidents and follow escalation and reporting requirements.

13. Rights of Data Principals

Where applicable under law, you have the following rights as a Data Principal:

  • Right of access — request a copy of personal data we hold about you.
  • Right to correction — ask us to correct inaccurate or incomplete data.
  • Right to portability — receive your data in a structured, commonly used format and, where technically feasible, have it transmitted to another data fiduciary.
  • Right to erasure (“right to be forgotten”) — request deletion of your personal data, subject to applicable exceptions (e.g., legal obligations, dispute resolution, fraud prevention).
  • Right to withdraw consent — withdraw consent where processing was based on your consent. Withdrawal will not affect processing that occurred prior to withdrawal.
  • Right to restrict or object — restrict or object to processing in certain circumstances.
  • Right to lodge a grievance or complaint — contact our Grievance Officer or approach the regulator as per applicable procedures.
  • Right to not be subject to solely automated decision-making — where applicable, request human review of automated profiling decisions that have legal or significant effects.

To exercise these rights, please contact our Data Protection Officer or Grievance Officer. We will verify your identity before responding and attempt to respond within the timeframes required by applicable law.

14. Automated decision-making and profiling

We may use automated systems and profiling to improve matching, pricing suggestions, fraud detection, and personalization. When automated decision-making produces legal or similarly significant effects on you, we will provide meaningful information about the logic involved, the significance and the envisaged consequences, and provide an option for human review where required by law.

15. Children’s privacy

Our services are intended for individuals aged 18 and above. We do not knowingly collect personal data from children. If we become aware that we have collected personal data of a person under 18 without parental consent, we will take steps to delete the information promptly.

16. Identity verification & retention of verification documents

Where you complete identity verification or provide KYC documents (for trust and safety, payments, or regulatory compliance), such documents may be processed by trusted third-party vendors. We retain verification images and metadata only for as long as necessary for the verification purpose and statutory retention obligations; certain vendors may delete identity images after a fixed retention period as part of their practices (see examples from industry practice).

17. International & third-party platforms / third-party links

Our platform may contain links to third-party websites and services. This Policy does not govern those third-party sites. We encourage you to read their privacy policies before sharing personal data. We are not responsible for the privacy or security practices of third parties.

18. Governance, recordkeeping & accountability

We maintain records of processing activities and implement policies for data protection governance, including training, vendor assessments, DPIAs (Data Protection Impact Assessments) for high-risk processing, and regular reviews of our privacy and security posture. For regulated categories or if designated as a Significant Data Fiduciary (SDF) under law, we will adopt additional controls as required. (See discussion of SDF obligations under applicable statutes.)

19. Grievance redressal and contact details

In accordance with the IT Rules and related guidance, we have designated a Grievance Officer to address complaints and concerns. We aim to acknowledge grievances promptly and resolve them within the timeframes mandated by applicable rules. Contact the Officer at info@dgtlstream.com

If you are not satisfied with our response, you may escalate the matter to the relevant regulator under applicable law. The Digital Personal Data Protection Act provides for grievance redressal rights and mechanisms.

20. Law enforcement & legal requests

We may disclose personal data in response to lawful requests from public authorities, regulators, or courts. We evaluate each request for legal sufficiency and will seek to limit disclosures to what is necessary and lawful. Where permitted, we will notify affected users of such requests unless prohibited by law.

21. Third-party processors & vendor security

We engage third-party processors (e.g., cloud hosting, payment gateways, analytics, messaging vendors). We assess such vendors for security and privacy practices, enter into written contracts requiring confidentiality and security measures, and require sub-processors to meet our standards. If you wish to obtain the list of subprocessors for a specific service, contact info@dgtlstream.com.

22. Policy changes

We may update this Privacy Policy from time to time to reflect regulatory changes, new services, or changes in practice. We will post changes on this page with an updated “Last updated” date. For material changes affecting your rights, we will provide prominent notice (email or in-app notification) and obtain consent where required.

23. How to exercise your rights or contact us

To exercise any of your rights, make requests, or raise a complaint, contact: info@dgtlstream.com 

Please include sufficient information to enable us to verify your identity and locate your records.

Scroll to Top