Xtromate Logo
Back to Home

Privacy Policy for Users

Effective Date: January 1, 2025

Last Updated: December 25, 2025

1. INTRODUCTION

Welcome to Xtromate!

This Privacy Policy explains how Xtromate ("we", "us", "our") collects, uses, stores, shares, and protects your personal information when you use our home services marketplace platform, including our mobile application, website, and related services (collectively, the "Platform").

We are committed to protecting your privacy and ensuring transparency about how we handle your data. Please read this Privacy Policy carefully to understand our practices regarding your personal information.

Platform Operator:
Xtromate (Sole Proprietorship)
Floor No. 1, Building No. 60, Chopasani Road,
Shyam Nagar, Jodhpur, Rajasthan – 342008, India

GSTIN: 08ODTPK6309G1ZU
Contact: support@xtromate.com | +91 6376500280
Website: www.xtromate.com

By accessing or using the Xtromate Platform, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your personal information as described in this Privacy Policy.

If you do not agree with this Privacy Policy, you must not use the Platform.

2. INFORMATION WE COLLECT

We collect various types of information to provide, maintain, and improve our services. The information we collect falls into the following categories:

2.1 Personal Information You Provide

Account Information:
When you register for an account, we collect:

  • Full name
  • Mobile phone number (required for OTP verification and login)
  • Email address (optional but recommended)
  • Gender (optional)
  • Date of birth (optional)
  • Profile picture (optional)

Service Address Information:
To facilitate service bookings, we collect:

  • Complete service address(es) (house number, street, area, landmark)
  • City, state, and postal code
  • Address type (home, office, other)
  • Default address preference

Business Information (Optional):
If you are booking services for a business:

  • GST Identification Number (GSTIN)
  • Business name
  • Business address

Payment Information:
We collect payment-related information including:

  • Payment method preference (online, cash, XtroCoin)
  • Billing details (for GST invoices)
  • Transaction history
  • XtroCoin balance and transaction records

Note: We do NOT directly store complete credit/debit card numbers, CVV, or banking credentials. Payment card information is securely processed and stored by our third-party payment processor (Cashfree Payment Gateway) in compliance with PCI DSS standards.

Communication and Feedback:

  • Service ratings and reviews
  • Photos uploaded with reviews or service requests
  • Messages, complaints, or feedback sent to customer support
  • Responses to surveys or promotional campaigns

2.2 Information Automatically Collected

Device Information:
When you access the Platform, we automatically collect:

  • Device type, model, and manufacturer
  • Operating system and version
  • Unique device identifiers (Device ID, Advertising ID)
  • Mobile network information
  • App version
  • IP address
  • Browser type and version (for web access)

Location Information:

  • Service location addresses (as provided by you)
  • Approximate location based on IP address
  • GPS location data (only if you grant location permissions and when actively using the app for service-related purposes)

Usage Information:

  • Pages or screens viewed
  • Features used
  • Actions taken within the app
  • Time, frequency, and duration of activities
  • Search queries
  • Booking history and service preferences

Cookies and Similar Technologies:
We use cookies, web beacons, and similar tracking technologies to:

  • Remember your preferences and settings
  • Authenticate your login sessions
  • Analyze usage patterns and improve user experience
  • Deliver personalized content and offers

For more details, see Section 9 (Cookies and Tracking Technologies).

2.3 Information from Third Parties

Payment Gateway:
We receive transaction confirmation and payment status information from Cashfree Payment Gateway.

Technicians:
We may receive information about your service experience from technicians, including service completion status, photos of work performed, and additional service requests.

Referral Sources:
If you were referred by another user, we may receive your contact information from the referring user.

2.4 Sensitive Personal Information

Under applicable Indian law, certain categories of information are considered "sensitive personal data or information" (SPDI). We may collect the following SPDI:

  • Financial information (transaction history, XtroCoin balance - but NOT bank account or card details)

Biometric Authentication:
Biometric authentication data (fingerprint, Face ID) is processed locally on your device through operating system security features. Xtromate does not collect, store, or process biometric data on its servers.

We collect and process SPDI only with your explicit consent and in accordance with applicable laws.

3. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

3.1 Service Provision and Management

  • Create and manage your account: To register, authenticate, and maintain your user profile
  • Process bookings: To facilitate service requests, match you with technicians, and manage your bookings
  • Process payments: To handle advance payments, remaining payments, refunds, and XtroCoin transactions
  • Customer support: To respond to your inquiries, resolve issues, and provide assistance
  • Service delivery: To share your contact information and service address with assigned technicians
  • Order fulfillment: To send service confirmations, technician details, status updates, and completion notifications

3.2 Communication

  • Transactional communications: Booking confirmations, OTPs, payment receipts, service reminders, status updates (you cannot opt-out of these)
  • Customer service: Responding to support requests and inquiries
  • Promotional communications: Special offers, discounts, new services, and marketing messages (you can opt-out)
  • Platform updates: Important announcements about changes to our services, terms, or policies

3.3 Platform Improvement and Analytics

  • Improve services: Analyze usage patterns to enhance features, functionality, and user experience
  • Quality assurance: Monitor and evaluate service quality, technician performance, and customer satisfaction
  • Personalization: Customize content, recommendations, and offers based on your preferences and behavior
  • Research and development: Develop new features, services, and products
  • Analytics: Generate aggregated, anonymized statistics about Platform usage

3.4 Safety, Security, and Legal Compliance

  • Fraud prevention: Detect and prevent fraudulent transactions, abuse, and security incidents
  • Dispute resolution: Investigate and resolve disputes between users and technicians
  • Legal compliance: Comply with applicable laws, regulations, and legal processes
  • Enforce policies: Monitor compliance with our Terms and Conditions
  • Protect rights: Defend our legal rights and interests

We do not continuously monitor user activity or communications beyond what is necessary for service delivery, security, and dispute resolution. Monitoring is limited to specific purposes such as fraud detection, investigating reported issues, and ensuring platform safety.

3.5 Marketing and Advertising

  • Promotional campaigns: Send targeted marketing messages about services, offers, and promotions
  • Referral programs: Manage referral rewards and incentives
  • Retargeting: Display relevant ads on third-party platforms (with your consent where required)
  • Engagement: Conduct surveys, contests, and promotional activities

You can opt-out of marketing communications at any time (see Section 7.4).

Advertising Tracking and Consent:
We do not engage in cross-app tracking or personalized advertising without user consent. Where required by law or platform policies (including Google Play and Apple App Store requirements), advertising identifiers and tracking technologies are used only after obtaining explicit user permission and may be disabled through device or app settings.

4. HOW WE SHARE YOUR INFORMATION

Xtromate does not sell user personal data to third parties.

We share your information with the following categories of recipients:

4.1 Service Technicians

To fulfill your service booking, we share necessary information with the assigned technician, including:

  • Your name and contact number
  • Service address and directions
  • Service details and special instructions
  • Scheduled date and time
  • OTP for service verification

Technicians are independent contractors, not employees of Xtromate. We require technicians to maintain the confidentiality of user information and use it only for providing services, but we cannot fully control their data practices.

Technicians are contractually required to use user data only for service delivery and must delete or anonymize such data after service completion, subject to legal requirements. Any misuse of user data by technicians violates our terms and may result in termination and legal action.

4.2 Payment Service Providers

We share payment-related information with:

  • Cashfree Payment Gateway: To process online payments, refunds, and transaction settlements

Payment information is shared in encrypted form and handled in compliance with PCI DSS standards.

4.3 Service Providers and Business Partners

We may share your information with trusted third-party service providers who assist us in operating the Platform, including:

  • SMS/Email Service Providers (msg91): To send transactional and promotional messages
  • Cloud Infrastructure Providers (AWS): To host and store data securely
  • Analytics Providers (Google Analytics): To analyze usage patterns (in anonymized/aggregated form)
  • Customer Support Tools: To manage and respond to support inquiries
  • Marketing and Advertising Platforms: To deliver targeted advertising (with your consent where required)

These service providers are bound by confidentiality agreements and are permitted to use your information only to provide services to Xtromate.

4.4 Law Enforcement and Legal Authorities

We may disclose your information to government authorities, law enforcement agencies, or other third parties if:

  • Required by law, court order, subpoena, or legal process
  • Necessary to comply with regulatory requirements
  • Needed to investigate, prevent, or take action regarding illegal activities, fraud, or security threats
  • Required to protect the rights, property, or safety of Xtromate, our users, or the public

4.5 Business Transfers

If Xtromate is involved in a merger, acquisition, asset sale, or bankruptcy proceeding, your personal information may be transferred to the successor entity. You will be notified of any such change via email or prominent notice on the Platform.

4.6 With Your Consent

We may share your information with other third parties when you explicitly consent to such sharing, such as:

  • Sharing your reviews or photos for marketing purposes
  • Participating in third-party integrations or partnerships
  • Joining promotional campaigns or contests

4.7 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you with:

  • Business partners for analytics and market research
  • Academic or research institutions
  • Industry reports and publications

5. DATA RETENTION

5.1 Active Accounts

We retain your personal information for as long as your account is active and for the purposes described in this Privacy Policy.

5.2 After Account Deletion

When you delete your account, we retain your personal information for up to 180 days for the following purposes:

  • Legal and regulatory compliance (tax records, transaction history)
  • Dispute resolution and fraud prevention
  • Enforcing our Terms and Conditions
  • Resolving outstanding issues or claims
  • Business analytics (in anonymized form)

After the 180-day retention period:

  • Personal data is either permanently deleted or anonymized such that it cannot be linked back to you
  • Certain aggregated, anonymized data may be retained indefinitely for statistical analysis

5.3 Legal Obligations

We may retain certain information for longer periods if required by law, regulatory requirements, or to defend legal claims.

5.4 Backup Copies

Data deleted from our active databases may persist in backup systems for a limited period (typically 90 days) before permanent deletion.

6. DATA SECURITY

We implement industry-standard security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction.

6.1 Security Measures

Technical Safeguards:

  • Encryption of data in transit (SSL/TLS protocols)
  • Encryption of sensitive data at rest
  • Secure authentication mechanisms (OTP-based login)
  • Regular security audits and vulnerability assessments
  • Firewalls and intrusion detection systems
  • Access controls and authentication requirements

Organizational Safeguards:

  • Strict access controls limiting employee access to personal data
  • Confidentiality agreements with employees and contractors
  • Security awareness training for staff
  • Incident response and breach notification procedures

Third-Party Security:

  • We partner only with reputable service providers that maintain robust security practices
  • Payment processing is handled by PCI DSS-compliant payment gateways
  • Cloud infrastructure hosted on secure, certified platforms

6.2 Your Responsibilities

While we take extensive measures to protect your data, you also play a crucial role in security:

  • Keep your login credentials (OTP-verified phone number) confidential
  • Do not share your account with others
  • Use secure devices and networks when accessing the Platform
  • Report suspicious activity or unauthorized access immediately
  • Log out after using the app on shared devices

6.3 Limitations

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. You acknowledge and accept this inherent risk when using the Platform.

6.4 Data Breach Notification

In the event of a data breach that compromises your personal information, we will:

  • Notify affected users within 72 hours of discovering the breach (where feasible and legally required)
  • Inform relevant authorities as required by law
  • Take immediate remedial action to mitigate harm
  • Provide guidance on protective measures you can take

7. YOUR RIGHTS AND CHOICES

You have certain rights regarding your personal information under applicable Indian laws and our policies.

7.1 Access and Correction

Right to Access:
You have the right to access the personal information we hold about you. You can:

  • View and update your profile information through the app settings
  • Request a copy of your personal data by contacting support@xtromate.com

Right to Correction:
You can correct inaccurate or incomplete information by:

  • Editing your profile details in the app
  • Updating your service addresses
  • Contacting customer support for assistance

7.2 Data Deletion

Right to Deletion ("Right to be Forgotten"):
You can request deletion of your personal information by:

  • Deleting your account through the app settings
  • Contacting support@xtromate.com with a deletion request

Please note:

  • After deletion, we will retain data for up to 180 days as described in Section 5
  • We may retain certain information if required by law or for legitimate business purposes
  • Deletion is irreversible; you will lose access to your account, booking history, and XtroCoin balance

7.3 Data Portability

You have the right to receive a copy of your personal information in a structured, commonly used, and machine-readable format. To request data portability, contact support@xtromate.com.

7.4 Opt-Out and Communication Preferences

Marketing Communications:
You can opt-out of promotional communications by:

  • Adjusting notification preferences in the app settings
  • Clicking "Unsubscribe" links in promotional emails
  • Replying "STOP" to promotional SMS messages
  • Contacting support@xtromate.com

Transactional Communications:
You cannot opt-out of essential transactional communications (booking confirmations, OTPs, service updates) as they are necessary for the Platform to function.

Push Notifications:
You can disable push notifications through your device settings.

Location Data:
You can revoke location permissions through your device settings. Note that this may limit certain features of the Platform.

7.5 Right to Object

You have the right to object to:

  • Processing of your data for direct marketing purposes (opt-out anytime)
  • Automated decision-making or profiling (we currently do not engage in automated decision-making with legal or significant effects)

7.6 Withdrawal of Consent

Where we process your data based on consent, you have the right to withdraw consent at any time. This will not affect the lawfulness of processing based on consent before withdrawal.

To withdraw consent, contact support@xtromate.com.

7.7 Exercising Your Rights

To exercise any of the above rights, please contact us at:

  • Email: support@xtromate.com
  • Phone: +91 6376500280
  • Subject Line: "Data Privacy Request - [Your Name]"

We will respond to your request within 30 days. In some cases, we may require additional information to verify your identity before processing your request.

8. CHILDREN'S PRIVACY

The Xtromate Platform is not intended for individuals under the age of 18.

We do not knowingly collect personal information from children under 18. If you are under 18, you must not use the Platform or provide any personal information to us.

If we become aware that we have collected personal information from a child under 18 without parental consent, we will take steps to delete that information as soon as possible.

If you believe we have inadvertently collected information from a child under 18, please contact us immediately at support@xtromate.com.

9. COOKIES AND TRACKING TECHNOLOGIES

9.1 What Are Cookies?

Cookies are small text files stored on your device when you visit a website or use an app. They help us recognize your device and remember certain information about your visit.

9.2 Types of Cookies We Use

Essential Cookies:

  • Required for the Platform to function properly
  • Enable core features like login, account access, and secure transactions
  • Cannot be disabled as the Platform will not work without them

Functional Cookies:

  • Remember your preferences and settings (language, location, default address)
  • Enhance user experience and convenience
  • Optional, but disabling them may reduce functionality

Analytics Cookies:

  • Collect anonymous usage data (pages visited, features used, time spent)
  • Help us understand user behavior and improve the Platform
  • Powered by Google Analytics and similar tools
  • Data is aggregated and anonymized

Advertising/Marketing Cookies:

  • Track your activity across websites to deliver targeted ads
  • Measure effectiveness of marketing campaigns
  • Used only with your consent (where required by law)
  • Note: Advertising cookies primarily apply to the website and web-based experiences; in-app advertising controls are governed through device-level privacy settings

9.3 Managing Cookies

Browser Settings:
You can control cookies through your browser settings:

  • Block all cookies
  • Delete existing cookies
  • Receive notifications when cookies are set

App Settings:
You can manage app-level tracking through:

  • Device privacy settings
  • App notification and permissions settings

Note: Disabling certain cookies may affect the functionality of the Platform.

9.4 Third-Party Cookies

Third-party service providers (e.g., Google Analytics, advertising networks) may set cookies on our Platform. We do not control these cookies. Please refer to their respective privacy policies for more information.

10. THIRD-PARTY LINKS AND SERVICES

The Platform may contain links to third-party websites, services, or integrations (e.g., payment gateways, social media platforms).

We are not responsible for the privacy practices of third-party services. When you click on a third-party link or use a third-party service, you are subject to that party's privacy policy.

We encourage you to review the privacy policies of any third-party services you interact with.

Third-Party Services We Use:

  • Cashfree Payment Gateway: For payment processing
  • msg91: For SMS and email delivery
  • AWS (Amazon Web Services): For cloud infrastructure
  • Google Analytics: For usage analytics

11. INTERNATIONAL DATA TRANSFERS

11.1 Data Storage Location

Your personal information is primarily stored on servers located in India (Mumbai region).

11.2 Cross-Border Transfers

As our service is currently available only within India, we do not intentionally transfer your data outside of India.

However, some of our third-party service providers (e.g., cloud infrastructure, analytics tools) may have servers or operations in other countries. In such cases:

  • Data transfers are conducted in accordance with applicable data protection laws
  • We implement appropriate safeguards to protect your data (e.g., standard contractual clauses, adequacy decisions)

11.3 International Users

If you access the Platform from outside India, please note that:

  • Your data may be transferred to and processed in India
  • By using the Platform, you consent to such transfer and processing
  • Data protection laws in India may differ from those in your country

12. UPDATES TO THIS PRIVACY POLICY

12.1 Right to Modify

We reserve the right to update, modify, or revise this Privacy Policy at any time to reflect:

  • Changes in our data practices
  • New features or services
  • Legal or regulatory requirements
  • Industry best practices

12.2 Notification of Changes

When we make material changes to this Privacy Policy, we will notify you by:

  • Updating the "Last Updated" date at the top of this document
  • Posting a notice on the Platform
  • Sending an email or in-app notification (for significant changes)

12.3 Acceptance of Changes

Your continued use of the Platform after changes take effect constitutes your acceptance of the updated Privacy Policy.

If you do not agree to the changes, you must stop using the Platform and may delete your account.

12.4 Version History

We maintain a version history of this Privacy Policy. You may request previous versions by contacting support@xtromate.com.

13. GRIEVANCE REDRESSAL

If you have any concerns, complaints, or grievances regarding the processing of your personal information, you may contact our Grievance Officer:

Grievance Officer: Designated Representative (Founder/Proprietor)
Email: support@xtromate.com
Address:
Floor No. 1, Building No. 60, Chopasani Road,
Shyam Nagar, Jodhpur, Rajasthan – 342008, India

Response Timeline:
We will acknowledge your complaint within 48 hours and aim to resolve it within 30 days.

If you are not satisfied with our response, you may escalate the matter to the appropriate regulatory authority in India.

14. LEGAL BASIS FOR PROCESSING (FOR EU/EEA RESIDENTS)

These provisions are included for transparency and informational purposes only. Xtromate currently operates primarily in India and does not actively target residents of these jurisdictions.

Although our services are currently available only in India, if EU/EEA residents use the Platform, we process personal data based on the following legal grounds:

  • Consent: When you explicitly agree to processing (e.g., marketing communications)
  • Contract Performance: To fulfill our contractual obligations (e.g., provide services you requested)
  • Legal Obligation: To comply with applicable laws and regulations
  • Legitimate Interests: For business purposes such as fraud prevention, analytics, and improving services (where not overridden by your rights)

15. CALIFORNIA PRIVACY RIGHTS (CCPA)

These provisions are included for transparency and informational purposes only. Xtromate currently operates primarily in India and does not actively target residents of these jurisdictions.

If you are a California resident (though our services are India-focused), you may have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know whether personal information is sold or disclosed
  • Right to opt-out of the sale of personal information (we do NOT sell personal information)
  • Right to deletion
  • Right to non-discrimination for exercising CCPA rights

To exercise these rights, contact support@xtromate.com.

16. CONTACT INFORMATION

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Xtromate Customer Support

Email: support@xtromate.com
Phone: +91 6376500280
Address:
Floor No. 1, Building No. 60, Chopasani Road,
Shyam Nagar, Jodhpur, Rajasthan – 342008, India

Business Hours: Monday to Saturday, 9:00 AM – 6:00 PM IST

Grievance Officer: support@xtromate.com

We will respond to all inquiries within 48 business hours.

17. CONSENT AND ACKNOWLEDGMENT

BY USING THE XTROMATE PLATFORM, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND CONSENT TO THE COLLECTION, USE, DISCLOSURE, AND PROCESSING OF YOUR PERSONAL INFORMATION AS DESCRIBED HEREIN.

If you do not agree with this Privacy Policy, please do not use the Platform.

Thank you for trusting Xtromate with your personal information!

Document Version: 1.0
Effective Date: January 1, 2025
Last Updated: December 25, 2025

Your privacy matters to us. We are committed to protecting your personal information and using it responsibly.

Back to Home