RechDot Privacy Policy
This Policy explains how information is collected, used, shared, and protected across the RechDot website and Android/iOS apps, and should be read with our Terms of Use.
Who we are & scope
This Policy applies to the RechDot website hosted at rechdot.com and the RechDot mobile app on Android; it does not cover third‑party websites or independent relationships with businesses interacted with via RechDot.
Using RechDot signifies agreement to this Policy and the Terms of Use. If any part is unacceptable, service use should be discontinued.
What we collect
Information is collected only when necessary to provide services, fulfill legal duties, prevent fraud, and maintain reliability. Some data is optional and controlled by device permissions.
- Personal info: name, email, mobile number, and address for account creation, support, and service delivery.
- Financial info: payment identifiers and purchase history to complete recharges, utility payments, and bill payments; card numbers, CVV, PIN, and net‑banking credentials are not stored.
- Location: approximate and, if permitted, precise location for feature functionality, security, and compliance.
- Contacts: access to contacts is used only to show saved numbers during recharge; the contact list is not collected or stored.
- Photos/files: when content is uploaded for support (for example, photos, receipts, or proofs) or when a feature explicitly needs file access.
- App activity: interactions and limited signals such as installed UPI/payment apps strictly to enable payment selection during checkout.
- Performance/diagnostics: crash logs, device context, and performance metrics to maintain reliability and fix issues.
- Identifiers/technical: device identifiers, IP address, requested/referring URLs, and timestamps for security and operations.
Transport security uses modern TLS (1.2+) and sensitive data at rest is protected with AES encryption in line with internal policies.
Installed UPI apps detection
This app collects the list of installed UPI/payment apps only to allow selection of a payment app for completing a UPI transaction.
No other apps or personal data are collected or shared, and no content within those apps is accessed.
How we use data
- Provide services: recharges, utility payments, bill payments, account features, receipts, and customer support.
- Security & fraud prevention: detect abuse, secure access, and protect service integrity.
- Reliability & improvement: diagnose crashes, measure performance, and improve features.
- Communication: send essential alerts (e.g., OTP, confirmations) and optional updates or newsletters (unsubscribe anytime).
- Compliance: meet legal, tax, accounting, and audit obligations.
Legal bases
Processing is based on consent (where required), contract (to deliver requested services), legal obligation, and legitimate interests (such as securing and improving services) with safeguards for privacy expectations.
Security practices
- Transport encryption: TLS 1.2+ for all data in transit; data is not sent or received without encryption.
- Encryption at rest: AES‑256 (for example, AES‑256‑GCM) for sensitive data stored in databases, with keys safeguarded via Android Keystore or hardware‑backed keystores where available.
- Key exchange and integrity: RSA public/private key–based mechanisms are used as part of secure protocols and channel establishment.
- Authentication: two‑factor authentication for accounts; device biometrics via
androidx.biometricprompt when enabled (raw biometric data is never received or stored). - Least privilege & monitoring: role‑based access, logging, and reviews; production access is restricted to personnel with a legitimate need.
- App integrity: dependency updates, vulnerability remediation, crash/performance monitoring, and abuse detection.
No method is perfect, but safeguards are continuously improved and incidents are investigated with notifications made where legally required.
Retention & deletion
Order history is retained and not deleted, to support service records, reconciliation, and legal/accounting requirements.
Other data may be deleted or de‑identified according to policy. For data deletion requests, email support@rechdot.com with details so the request can be verified and processed. For account deletion, submit a request at https://www.rechdot.com/page/delete-account-request.
Your choices & rights
- Permissions: grant or revoke app permissions in device settings; some features may not work without certain permissions.
- Access & correction: review or update profile details from the Account section or by contacting support.
- Opt‑outs: unsubscribe from marketing emails using the link in the message; essential service messages will continue.
- Deletion: request data deletion via support@rechdot.com or account deletion via the URL above.
Payments & UPI
RechDot supports UPI payments and uses secure, standards‑based flows with the selected UPI/payment app; card numbers, CVV, PIN, and net‑banking credentials are not stored.
Payment gateways used include Cashfree, PayU, SabPaisa, and EaseBuzz under their respective terms; sensitive credentials are handled by the gateway or the chosen UPI app.
SDKs & third‑party services
Common libraries are used to power app features, analytics, crash reporting, messaging, and payments. Disclosures below indicate typical roles and controls.
AndroidX & UI libraries
- Core UI/utilities:
androidx.appcompat,com.google.android.material,androidx.constraintlayout,androidx.activity,androidx.annotation,androidx.swiperefreshlayout. - Graphics & media:
Glide(image loading/caching),androidsvg(SVG),Lottie(animations),MPAndroidChart(charts). - QR scanning:
ZXingcore for on‑device decoding of QR codes.
Networking
Retrofit+Gson— HTTP client and JSON serialization; these libraries do not collect data themselves and operate over TLS.
Google/Firebase & Play services
- Analytics:
firebase-analyticsfor aggregated usage insights; controls are available in OS/Google settings and within app settings where applicable. Learn more: Firebase Privacy. - Stability:
firebase-crashlyticsfor crash diagnostics (e.g., device model, OS version, stack traces). Learn more: Crashlytics Privacy. - Messaging:
firebase-messagingfor push notifications using device tokens; notifications can be disabled in device settings. - Remote config & performance:
firebase-config,firebase-perffor feature tuning and performance metrics. - Play services:
play-services-location(location features, with permission),play:review(in‑app review),play:app-update(in‑app updates),play-services-auth-api-phone(OTP auto‑retrieval).
Authentication & device security
androidx.biometricfor device‑level biometric prompts; raw biometric data is never received or stored by RechDot.
Payments
- UPI/payment apps are detected only to facilitate UPI hand‑off and let a preferred app be selected during checkout.
- Gateways: Cashfree, PayU, SabPaisa, and EaseBuzz process payments under their terms and policies.
Support
- Live chat: Freshchat is used for in‑app support; messages and relevant device/context data provided in the chat are used to resolve issues. Learn more: Freshworks Privacy Notice.
For platform guidance on disclosures, see Google Play’s User Data policy and Data safety section.
Children
Use of RechDot is not permitted for individuals below 18 years of age. If an under‑18 account is identified, it may be terminated without prior notice and associated personal data removed as required by law.
Changes
This Policy may be updated to reflect improvements, regulatory changes, or new features. The “Last updated” date will change and continued use indicates acceptance of the updated terms.
Jurisdiction
This Policy and use of RechDot are governed by the laws of India, with exclusive jurisdiction in the competent courts/tribunals at Kolkata, India.
Contact
For privacy questions, security inquiries, or feedback, email disclosures@rechdot.com.
For data deletion requests, email support@rechdot.com. For account deletion, submit a request at https://www.rechdot.com/page/delete-account-request.