BETA Biddit is currently in Beta — features may change and some things are still being polished. Share feedback

Privacy Policy

Last updated: 1 January 2026  ·  Biddit Technologies Pvt. Ltd.

1. Information We Collect

We collect the following categories of information when you use the Biddit platform:

  • Account information: Name, email address, phone number, and password (hashed).
  • KYC documents: Aadhaar or PAN number for identity verification (stored securely, not shared).
  • Payment data: All payment processing is handled by Razorpay. We do not store card numbers, UPI IDs, or bank account details.
  • Device data: IP address, device identifier, browser type, and operating system — used for fraud prevention.
  • Behavioral data: Auction views, bids placed, watchlists, and session activity — used to improve your experience.

2. How We Use It

We use your information to:

  • Provide and improve the Biddit platform and its features.
  • Verify your identity and comply with KYC requirements.
  • Process payments and release holds through Razorpay.
  • Send transactional emails (auction won, registration confirmed, shipping updates).
  • Detect and prevent fraud, abuse, and policy violations.
  • Respond to your support requests and inquiries.

3. Information Sharing

We share your data only with the following trusted service providers and only to the extent necessary:

  • Razorpay: Payment processing and mandate management.
  • Firebase / Google: Authentication (if you sign in with Google).
  • Shiprocket: Shipping logistics — name and delivery address only.
  • Government authorities: When required by applicable Indian law or court order.

We do not sell your personal data to third parties. We do not share your data for advertising or marketing purposes.

4. Data Retention

We retain your account data for as long as your account is active. Transaction records are retained for 7 years as required by Indian financial regulations. KYC documents are retained for 5 years after account closure. You may request deletion of your account by emailing privacy@biddit.in, subject to legal retention obligations.

5. Data Security

We implement industry-standard security measures including TLS encryption for all data in transit, hashed password storage (bcrypt), and access controls limiting who can view personal data. However, no system is perfectly secure. We encourage you to use a strong, unique password and to notify us immediately at security@biddit.in if you suspect a breach.

6. Your Rights (DPDP Act 2023)

Under India's Digital Personal Data Protection Act 2023, you have the following rights:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Correction: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your data, subject to legal retention requirements.
  • Right to Withdraw Consent: Withdraw consent for non-essential processing at any time.
  • Right to Grievance Redressal: Raise complaints with our Grievance Officer (Section 10).

To exercise any of these rights, email privacy@biddit.in with your registered email address and the specific request.

7. Cookies

We use session cookies to maintain your login state and preference cookies to remember your settings. We do not use third-party tracking cookies for advertising. You can configure your browser to reject cookies, but some features of the Platform may not work correctly without them.

8. Children's Privacy

The Biddit platform is not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has created an account, please contact us at support@biddit.in so we can take appropriate action.

9. International Data Transfers

Your data is primarily stored in India on servers compliant with applicable regulations. Some service providers (such as Firebase/Google) may process data internationally. Where this occurs, we ensure adequate safeguards are in place as required by the DPDP Act 2023.

10. Grievance Officer

In accordance with the Information Technology Act 2000 and the DPDP Act 2023, we have designated a Grievance Officer to address data-related complaints:

  • Name: [To be appointed]
  • Email: grievance@biddit.in
  • Response time: Within 30 days of receiving the complaint, as required by law.

11. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify registered users via email for material changes. The "last updated" date at the top of this page will always reflect the most recent revision.

12. Contact Us

For any privacy-related questions, write to us at privacy@biddit.in or at: Biddit Technologies Pvt. Ltd., Jaipur, Rajasthan – 302001, India.