Applies To: Users of WIVIY (“App”, “Website”, “Platform”) operated by Zuntra Digital Private Limited ("we", "us", "our")
Your privacy is important to us. This Privacy Policy explains how WIVIY collects, uses, stores, shares, and protects your personal data when you use our website, mobile application, or related services (collectively, the "Platform").
By using the Platform, you consent to this Privacy Policy and our processing of your data in accordance with applicable data protection laws, including
By using the Platform, you consent to this Policy and our compliance with:
If you do not agree with this Policy, please discontinue use of the Platform.
This Policy applies to:
This Policy applies globally to all the users of the platform. Indian users are protected under the DPDP Act, 2023. Users in jurisdiction such as EU, UK, or California are additionally protected under GDPR, UK-GDPR, and CCPA respectively.
We collect personal data and usage information to operate the Platform, enable matchmaking, ensure user safety, verify identities, personalise your experience, and provide core communication features. When you use the Service, certain information is also generated automatically such as your interactions, preferences, device details, and activity logs. We may additionally receive information about you from third parties, including when you choose to sign in using external platforms (such as Google, Facebook, or Apple), import data from another account, or when verification, safety, or analytics partners provide information needed to maintain the security and integrity of our Platform.
This data is collected and processed strictly for the purposes outlined in this Privacy Policy and in accordance with the Digital Personal Data Protection Act, 2023, GDPR, CCPA, and applicable international laws.
We also collect behavioural signals such as swipe patterns, dwell time on profiles, scrolling behaviour, match preferences, and other interaction metrics that help our algorithms recommend and personalise matches.
In addition, we collect metadata used for spam detection, fraud prevention, and bot-identification such as abnormal usage patterns, repeated failed login attempts, or unusual interaction frequency.
We may also collect approximate location derived from your IP address, even when you do not grant precise GPS permissions, for security, localisation, and safety purposes.
You may reset or disable advertising identifiers (such as IDFA or AAID) at any time from your device settings.
We also collect diagnostic and performance data, such as battery usage, network quality, and crash logs, to improve app stability and functionality.
For more information about cookies, see our Cookie Policy.
We may still derive approximate location (such as city or region) from your IP address for safety, localisation, and fraud-prevention purposes. You may withdraw geolocation permission at any time through your device settings, although doing so may limit discovery, distance-based matching, and nearby-user features.
This data is used solely for identity verification, safety, fraud-prevention, and to detect impersonation or fake profiles. Biometric/face geometry data is stored only for the verification period and deleted within 30 days unless required for investigating safety violations or fraud.
You may decline verification at any time; however, this may limit access to certain features (such as visibility boosts, trust badges, or advanced safety functions). We may use trusted third-party verification partners to process this data, who are bound by strict contractual and confidentiality obligations.
We may collect ID data through direct upload, camera capture, or via third-party KYC/verification service providers.
ID documents are stored securely and retained only for the period necessary for verification, compliance obligations, or ongoing safety investigations.
As mentioned above, we may collect and process sensitive information only with your explicit consent, such as:
1. Gender, sexual orientation, relationship preferences
2. Biometric or facial data (for identity or photo verification)
3. Communication content within chats (end-to-end encrypted where possible)
4. Optional health or lifestyle information (if shared voluntarily)
We do not use sensitive data for advertising, cross-platform marketing, or any purpose not expressly stated in this Policy.
You may refuse to provide sensitive personal data; however, certain personalised features (such as compatibility-based recommendations, identity verification, or visibility enhancements) may not function fully.
You may withdraw your consent to the processing of sensitive personal data at any time through your account settings or by contacting us. Withdrawal will not affect processing already lawfully carried out prior to withdrawal.
We do not collect financial or criminal record data unless necessary for verified identity programs or required by law.
We use your information to:
1. To provide our Service to you and improve it over time - including connecting you with Users, personalising your experience, and just helping you make the most out of our Service.
2. To keep all our Users safe and secure while using our Services.
3. To potentially show relevant ads without using sensitive personal data for advertising or marketing purposes.
4. Create and maintain your account.
5. Operating and maintaining the various features on our Service.
6. Organising sweepstakes and contests.
7. Responding to your requests and questions.
8. Monitoring the functioning of our Service and troubleshooting and fixing issues as necessary.
9. To enable your purchases on our Service, including processing payments and offering discounts/promotions/customising prices.
10. Facilitate matchmaking and recommendation algorithms.
11. To operate advertising and marketing campaigns, including:
We do not sell your personal data to advertisers or third parties, and sensitive personal data is never used for targeted advertising.
12. To improve our Service and create new features and Services, including:
13. To keep all Users safe on our Service, including:
14. To comply with legal obligations, exercise, establish and defend legal claims and rights, including:
We share information with law enforcement only upon lawful request, court order, or in cases involving imminent harm.
15. Enable messaging and in-app interactions.
16. Personalise your experience and content suggestions.
The grounds for processing the User data mentioned above is as follows:
1. Performance of our contract with you.
2. Your consent (where sensitive data or other type of data that requires consent is processed).
3. Consent (where required under applicable law) and otherwise our legitimate interest. It is in our legitimate interest to promote our Service and to show ads to our Users which are tailored to their interests, as a way to improve their experience and help fund the parts of our service which are free.
4. Our legitimate interest: It is in our legitimate interest to improve our Service over time.
5. Consent where required under applicable law (e.g., we may process data deemed sensitive or special in certain countries to help make sure that the various communities using our service are being treated fairly and equitably and that our service remains diverse and inclusive)
6. Our legitimate interest: It is in our legitimate interest and that of our Users to keep them safe.
7. Protection of your vital interests and that of other Users.
8. Compliance with legal obligations that apply to us such as taking down illicit content.
9. Our legitimate interest: It is in our legitimate interest to comply with applicable law and protect ourselves, our Users and others, including as part of investigations, legal proceedings and other disputes.
10. Compliance with legal obligations applying to us such as responding to law enforcement requests for information.
1. By registering, you consent to our processing of your personal and sensitive personal data for the purposes described. Consent is taken in a manner that is free, specific, informed, unconditional, and unambiguous, as required under the Digital Personal Data Protection Act, 2023.
2. Sensitive personal data (including sexual orientation, relationship preferences, gender identity, biometric/face verification data, and optional lifestyle information) is processed only based on your explicit consent under Section 7 of the Act. You are not required to provide sensitive personal data unless you choose to enable features that rely on it.
3. You may withdraw consent anytime via your account settings or by emailing **privacy@[appname].com**.
4. Withdrawal of consent may limit your access to certain services or features.
5. You also have the right to refuse consent for optional fields or optional processing (including marketing communications, contact import, personalised advertising, or advanced matchmaking features). Refusal of consent for optional processing will not affect your ability to use core functions of the Service.
6. If we transfer your personal data outside of India, we obtain your consent where required under law and ensure compliance with applicable transfer safeguards.
7. We maintain a record of your consents, withdrawals, and preferences for compliance and audit purposes.
1. Data is stored on secure cloud servers located in India and, where applicable, in other jurisdictions with adequate data protection (e.g., the EU).Where data is stored or processed outside India, such transfers occur with appropriate legal safeguards, including Standard Contractual Clauses, contractual protections, and compliance with applicable cross-border transfer requirements.
2. We retain data only for as long as necessary to fulfill the purposes stated above or as required by law and no longer than is required for lawful, security, operational, or legitimate business purposes. We do not retain personal data in perpetuity.
3. Different categories of data may be retained for different periods based on their purpose. For example, account information is retained during the life of the account; verification selfies/biometric data are stored only for the verification period and deleted within 30 days; chat data is retained for a limited period for safety purposes; abuse reports and moderation logs are retained to prevent repeat violations; and payment records are retained as required under applicable financial laws.
4. Inactive accounts may be deleted after 2 years of non-use, following notice to the User.
5. Once retention periods expire, we securely erase, anonymise, or aggregate the data so that it can no longer identify you.
We may transfer data outside your country of residence (including to the EU, US, or other jurisdictions) for processing, hosting, or backup purposes.
Such transfers occur only:
1. To countries or entities offering adequate data protection, or
2. Under standard contractual clauses, binding corporate rules, or User consent (as per GDPR Article 46).
For Indian Users, cross-border transfer complies with Section 16 of the DPDP Act, 2023.
All entities receiving your data whether affiliates, cloud providers, identity verification partners, analytics vendors, or sub-processors—are contractually obligated to apply the same level of protection to your data as required under this Policy, the DPDP Act, and the GDPR.
We ensure that cross-border transfers include safeguards such as encryption, limited access, audit rights, purpose limitation, and restrictions on onward transfers.
We maintain records of cross-border transfers and ensure that all transfers are logged, monitored, and periodically reviewed for compliance.
We do not sell
or rent User data. We also do not share personal data with third parties
for their own independent marketing or commercial purposes. We may share
limited data only:
1. With verified vendors or service providers (hosting, analytics, security).
2. With law enforcement or government authorities where required by law.
3. With third parties during mergers, acquisitions, or restructuring — under confidentiality obligations. These third parties are permitted to process data solely for the services they provide to us and not for their own purposes.
All third parties with whom we share personal data are bound by Data Processing Agreements (DPAs), confidentiality obligations, strict security controls, data minimisation requirements, and contractual restrictions preventing onward transfer or misuse. They must delete or return data upon completion of services.
We respect your rights over your personal data.
Your rights depend on your jurisdiction and applicable law. All Users, regardless of location, are afforded the highest standard applicable among the DPDP Act, GDPR, CCPA and other data protection laws.
Under the DPDP Act 2023 (India)
You have the right to:
1. Access your personal data.
2. Correct or update inaccurate data.
3. Withdraw consent.
4. Request deletion of data (“Right to Erasure”).
5. Nominate an individual to exercise rights in the event of death or incapacity (Section 14)
6. Lodge grievances with the Data Protection Board of India.
EU Users have additional rights:
1. Data portability (receive a copy in structured format).
2. Object to automated processing or profiling.
3. File a complaint with your local supervisory authority.
California residents may:
1. Request disclosure of data collected and shared.
2. Request deletion of personal information.
3. Request correction of inaccurate information.
4. Opt out of “sale” or “sharing” of data.
1. Be informed of the personal data we process about you and/or ask for a copy of it.
2. Amend or update your personal data where it is inaccurate or incomplete.
3. Delete or erase personal data.
4. Object to us processing personal data or to request that we temporarily or permanently stop processing personal data.
5. Withdraw a consent you have given us to process your personal data for a specific purpose.
6. Raise a grievance and receive a response within 7 days (DPDP-compliant).
7. Appeal our decision if we deny a request, and escalate to regulatory authorities.
We use cookies, web beacons, and analytics tools to:
1. Improve website performance.
2. Personalise recommendations.
3. Monitor safety and detect suspicious activity.
You can manage cookie preferences through browser settings. Essential cookies cannot be disabled as they are necessary for site functionality.
You may manage or withdraw consent for non-essential cookies through your browser, device settings, or through our in-app cookie controls where available. Consent for cookies is as easy to withdraw as it is to give.
We employ industry-standard technical and organisational security measures to protect your data from unauthorised access, alteration, disclosure, or destruction. These include:
1. End-to-end encryption for chats and encryption at rest for stored data where applicable.
2. HTTPS and TLS protection for all data transmission.
3. Access controls, firewalls, and intrusion monitoring.
4. Regular audits and vulnerability assessments.
5. Zero-trust security architecture with strict role-based access controls (RBAC).
6. Multi-factor authentication and credential-security standards for internal systems.
7. Continuous monitoring for bot attacks, suspicious behaviour, deepfake attempts, and fraudulent activity.
8. Vendor and third-party security reviews to ensure equivalent protections apply across processors.
9. Employee confidentiality agreements and mandatory security training.
Despite our efforts, no method of transmission over the Internet is 100% secure. Users are advised to share personal details cautiously. While we take commercially reasonable measures to protect your data, no system is fully immune to security risks. We therefore encourage Users to exercise caution when sharing personal or sensitive information with others on the Platform.
In the event of a data breach, we will notify affected Users and the relevant authorities, including the Data Protection Board of India or other supervisory authorities, as required by applicable law.
Our platform is not intended for users under 18 years of age. If we become aware that a minor has registered, we will immediately delete their data and disable the account in compliance with the DPDP Act 2023 and COPPA (US). Where required by law, we report child sexual abuse material (CSAM) or other child-safety concerns to law-enforcement authorities and relevant agencies. Underage accounts detected are permanently blocked to prevent re-registration.
We may use algorithms to suggest matches and moderate content. Sensitive personal data (e.g. sexual orientation, gender identity, biometric data) is used in automated systems only with your explicit consent and solely for matchmaking and safety-related purposes. These decisions do not have legal or significant effects and are always subject to User control and reporting mechanisms.
In compliance with Rule 3(2) of the IT Rules 2021 and Section 11 of the DPDP Act, 2023, we have appointed both a Grievance Officer and a Data Protection Officer (DPO).
Complaints will be acknowledged within 24 hours and resolved within 15 days.
The DPO oversees compliance with this Policy, responds to User rights requests, advises on data protection practices, and coordinates with regulators where required. Users may escalate unresolved grievances to the Data Protection Board of India under the DPDP Act, 2023.
We may modify this Privacy Policy from time to time to reflect changes in law or practices. We will notify you via email, in-app notice, or website banner before material updates take effect. Your continued use of the App after such changes constitutes acceptance.
This Data Retention Schedule is prepared in compliance with the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000 and allied Rules, the General Data Protection Regulation (EU), the California Consumer Privacy Act (CCPA/CPRA), and all other applicable sectoral and cybersecurity laws. Retention periods are determined based on statutory mandates, contractual obligations, operational necessity, safety and fraud-prevention requirements, and legitimate business purposes. Where multiple laws apply, the longest legally permissible retention period is followed.
| Data Category | Retention Period |
|---|---|
| Profile data | Until account deletion |
| Photos/videos | Deleted within 30 days of account deletion |
| Verification selfie | 30 days |
| Chat messages | Up to 3 months after deletion |
| Abuse reports | 24 months |
| Device logs | 90 days (IT Rules) |
| Payment records | 7 years (if applicable) |
| Deleted account metadata | 12 months (fraud-prevention) |
Wiviy
Zuntra Digital Private Limited
Developed Plot Estate, Plot No. 61, Perungudi
Chennai – 600096, Tamil Nadu, India
Email: info@withapplication.com