Privacy Policy
Effective Date: 16.06.2025
Spotted (AAR Tech Ventures Private Limited) ("Spotted", "we", "us", or "our") respects the privacy of its users and is committed to protecting their personal and transactional data.
This Privacy Policy explains how we collect, use, store, and share your information when you access or use our mobile application, website, and related services (collectively referred to as the "Platform").
1. Information We Collect
a. Personal Information
Name, phone number, email address
Location (GPS or IP-based)User profile image or device-specific data (when permitted)
b. Payment & Transactional Data
Virtual Payment Address (VPA)UPI Transaction ID, timestamp, amount, and merchant details
Cashback eligibility and reward status.
c. Usage Data
App interaction logs
Scan and payment frequency
Post engagement (likes, shares, views)Device type, OS version, and session analytics
2. Purpose of Data Use
We use the collected data to:
Facilitate secure UPI-based QR payments
Determine cashback eligibility and reward issuance
Generate and publish Spotted Posts (user-tagged location/activity content)Enhance user experience through personalization and analytics
Provide real-time support, fraud detection, and abuse mitigation
3. Data Storage and Retention.
Data is stored on ISO 27001-certified infrastructure.
Personally Identifiable Information (PII) is encrypted using AES-256.TLS 1.3 is enforced for all client-server communication.
Transactional logs are retained for a minimum of 180 days or as mandated by RBI/NPCI.
User posts may remain public unless deleted by the user or flagged.
4. Data Sharing and Disclosure
We may share your data with:
NPCI-certified TPAPs/PSPs for UPI transaction processing
Merchants for attribution of rewards and reporting
Third-party vendors for cloud hosting, analytics, or fraud control (bound by data processing agreements)Government or legal authorities if required under law or regulatory obligation
Note: We do not sell or rent your data to advertisers or third parties.
5. User Control and Consent
You control whether a post is published during the transaction journey.
You may request deletion of your account and associated data by emailing support@tryspotted.com.
Consent is collected explicitly before accessing location, camera, or contact data.
Users can opt-out of push notifications and marketing messages from settings.
6. Cookies and Tracking
We may use secure, encrypted cookies for session management. No third-party ad trackers are integrated.
Analytics tools (e.g., Mixpanel, Firebase) may collect anonymized usage metrics.
7. Children’s Privacy
Spotted does not knowingly collect personal information from users under the age of 13. If we discover such information has been collected inadvertently, we will delete it promptly.
8. Data Breach Protocol
In case of a data breach:
Affected users will be notified within 72 hours
An incident report will be shared with regulatory bodies if required
Compromise scope, rectification steps, and action plans will be communicated transparently
9. Changes to this Policy
We may update this Privacy Policy to reflect operational, legal, or regulatory changes. Users will be notified via app update or email.
10. Contact Information
For any privacy concerns, data deletion requests, or complaints, please contact:
AAR Tech Ventures Pvt. Ltd.
Email: support@tryspotted.com
By continuing to use the Spotted Platform, you acknowledge that you have read and understood this Privacy Policy.
Spotted (AAR Tech Ventures Private Limited) ("Spotted", "we", "us", or "our") respects the privacy of its users and is committed to protecting their personal and transactional data.
This Privacy Policy explains how we collect, use, store, and share your information when you access or use our mobile application, website, and related services (collectively referred to as the "Platform").
1. Information We Collect
a. Personal Information
Name, phone number, email address
Location (GPS or IP-based)User profile image or device-specific data (when permitted)
b. Payment & Transactional Data
Virtual Payment Address (VPA)UPI Transaction ID, timestamp, amount, and merchant details
Cashback eligibility and reward status.
c. Usage Data
App interaction logs
Scan and payment frequency
Post engagement (likes, shares, views)Device type, OS version, and session analytics
2. Purpose of Data Use
We use the collected data to:
Facilitate secure UPI-based QR payments
Determine cashback eligibility and reward issuance
Generate and publish Spotted Posts (user-tagged location/activity content)Enhance user experience through personalization and analytics
Provide real-time support, fraud detection, and abuse mitigation
3. Data Storage and Retention.
Data is stored on ISO 27001-certified infrastructure.
Personally Identifiable Information (PII) is encrypted using AES-256.TLS 1.3 is enforced for all client-server communication.
Transactional logs are retained for a minimum of 180 days or as mandated by RBI/NPCI.
User posts may remain public unless deleted by the user or flagged.
4. Data Sharing and Disclosure
We may share your data with:
NPCI-certified TPAPs/PSPs for UPI transaction processing
Merchants for attribution of rewards and reporting
Third-party vendors for cloud hosting, analytics, or fraud control (bound by data processing agreements)Government or legal authorities if required under law or regulatory obligation
Note: We do not sell or rent your data to advertisers or third parties.
5. User Control and Consent
You control whether a post is published during the transaction journey.
You may request deletion of your account and associated data by emailing support@tryspotted.com.
Consent is collected explicitly before accessing location, camera, or contact data.
Users can opt-out of push notifications and marketing messages from settings.
6. Cookies and Tracking
We may use secure, encrypted cookies for session management. No third-party ad trackers are integrated.
Analytics tools (e.g., Mixpanel, Firebase) may collect anonymized usage metrics.
7. Children’s Privacy
Spotted does not knowingly collect personal information from users under the age of 13. If we discover such information has been collected inadvertently, we will delete it promptly.
8. Data Breach Protocol
In case of a data breach:
Affected users will be notified within 72 hours
An incident report will be shared with regulatory bodies if required
Compromise scope, rectification steps, and action plans will be communicated transparently
9. Changes to this Policy
We may update this Privacy Policy to reflect operational, legal, or regulatory changes. Users will be notified via app update or email.
10. Contact Information
For any privacy concerns, data deletion requests, or complaints, please contact:
AAR Tech Ventures Pvt. Ltd.
Email: support@tryspotted.com
By continuing to use the Spotted Platform, you acknowledge that you have read and understood this Privacy Policy.
