Privacy Policy — Small Fare®

01

Introduction & Scope

Small Fare Services Private Limited ("Small Fare®", "we", "our", or "us"), a company incorporated under the laws of India with its registered office at 7-1-458 Ameerpet, Hyderabad, Telangana 500016, operates as a next-generation digital services company and is the parent entity of a portfolio of purpose-driven brands including Events Fare, Payblee, Filmskart, and Viral Wave.

This Privacy Policy ("Policy") governs the collection, use, disclosure, and protection of personal information we receive from users across all our websites, mobile applications, platforms, and services (collectively, "Services"). By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Policy.

This Policy is compliant with the Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable provisions of the Information Technology Act, 2000 and its rules. If you are located in the European Economic Area, additional rights under the GDPR may apply.

This Policy applies to all Small Fare® platforms and brands. Individual brands may have supplementary privacy notices specific to their services, which should be read alongside this Policy.

02

Information We Collect

We collect personal data only when necessary and with appropriate legal basis. The categories of information we may collect include:

2.1 Information You Provide Directly

Account Registration: Name, email address, phone number, password, and profile details when you create an account on any of our platforms.
Transactions: Payment information, billing address, transaction history, and financial account details when you make purchases or payments through Payblee or Events Fare.
Communications: Messages, enquiries, feedback, and correspondence you send to our support or sales teams.
User-Generated Content: Reviews, comments, and content you submit on our platforms including Filmskart and Events Fare.
Influencer & Creator Data: Portfolio information, social media handles, audience metrics, and campaign preferences provided through Viral Wave.
Marketing Preferences: Preferences you set for communications, newsletters, and promotional offers.

2.2 Information Collected Automatically

Device Information: IP address, browser type, operating system, device identifiers, and mobile network information.
Usage Data: Pages visited, features used, time spent, click patterns, search queries, and interaction data within our Services.
Location Data: General geographic location derived from IP address; precise location only if you grant permission through our mobile applications.
Cookies & Tracking Technologies: Data collected via cookies, web beacons, pixels, and similar technologies. See our Cookie Policy for full details.
Log Data: Server logs including access timestamps, error logs, and referral URLs.

2.3 Information from Third Parties

Social Media Platforms: Profile data when you connect or log in using Google, Facebook, or other social accounts.
Payment Processors: Transaction confirmation and fraud prevention data from partners like PhonePe, Razorpay, Cashfree, and EaseBuzz.
Analytics Providers: Aggregated behavioural data from analytics services to improve our platforms.
Business Partners: Contact and professional information from partner organisations in connection with B2B services.

We do not collect sensitive personal data such as biometric data, health information, genetic data, religious beliefs, or caste unless explicitly required by a specific service and with your express consent.

03

How We Use Your Information

We process your personal data on one or more of the following legal bases: your consent, performance of a contract, legitimate interests, or compliance with a legal obligation.

Purpose	Data Used	Legal Basis
Provide and operate our Services	Account, payment, transaction data	Contract performance
Process payments and settlements	Financial data, transaction records	Contract performance
Send transactional notifications	Email, phone, preference data	Contract performance
Improve and personalise Services	Usage data, behavioural analytics	Legitimate interests
Send marketing communications	Email, name, preferences	Consent
Detect and prevent fraud	Device, IP, transaction data	Legitimate interests / Legal obligation
Comply with legal obligations	Any data as required by law	Legal obligation
Resolve disputes and enforce terms	Relevant account and transaction data	Legitimate interests / Legal obligation
Conduct analytics and research	Anonymised / aggregated usage data	Legitimate interests
Match brands with influencers (Viral Wave)	Creator profile and campaign data	Contract performance / Consent

We do not sell your personal data to third parties for their own marketing purposes. We use data only for the purposes described in this Policy unless we obtain your additional consent.

04

Sharing Your Information

We may share your personal information with the following categories of recipients, and only to the extent necessary:

4.1 Within the Small Fare® Group

We may share data among our group entities and brands (Events Fare, Payblee, Filmskart, Viral Wave) for integrated service delivery, unified customer support, and fraud prevention. All group entities are bound by this Policy.

4.2 Service Providers and Partners

Payment Processors: PhonePe, Razorpay, Cashfree, EaseBuzz — for processing transactions.
Banking Partners: Axis Bank, IndusInd Bank — for settlements and financial services.
Cloud Providers: For data hosting, storage, and computing infrastructure.
Analytics Providers: For platform analytics and performance monitoring.
Email & Communication Services: For sending transactional and marketing communications.
Customer Support Tools: For managing user queries and support tickets.

All service providers are contractually required to process data only under our instructions, maintain appropriate security standards, and not use your data for their own purposes.

4.3 Legal and Regulatory Disclosures

We may disclose your information when required to do so by applicable law, court order, government authority, or to protect the rights, property, or safety of Small Fare®, our users, or the public.

4.4 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of all or part of our business, your personal data may be transferred to the acquiring entity, subject to equivalent privacy protections.

We never sell your personal data to advertisers or data brokers. Any third-party data sharing is governed by data processing agreements and restricted to the stated purposes.

05

Data Storage & Security

5.1 Data Localisation

In compliance with the DPDP Act, 2023, personal data of Indian residents is stored and processed primarily within India. Where cross-border transfers occur, we ensure appropriate safeguards are in place as required by applicable law.

5.2 Security Measures

We implement industry-standard technical and organisational security measures to protect your data from unauthorised access, disclosure, alteration, or destruction:

End-to-end encryption for financial transactions and sensitive data in transit (TLS 1.3)
Encryption at rest for stored personal data using AES-256
Role-based access controls limiting internal data access to authorised personnel
Regular security audits, penetration testing, and vulnerability assessments
Multi-factor authentication for administrative systems
Incident response procedures for data breach detection and reporting

5.3 Retention Periods

Data Category	Retention Period	Basis
Account data	Duration of account + 2 years post-closure	Contractual / Regulatory
Transaction records	7 years from transaction date	Income Tax Act / RBI norms
Support communications	3 years from last interaction	Legitimate interests
Marketing preferences	Until withdrawal of consent + 90 days	Consent
Analytics data	18 months (anonymised thereafter)	Legitimate interests
Fraud prevention logs	5 years	Legal obligation
KYC documents (Payblee)	Per RBI / PMLA requirements	Legal obligation

Upon expiry of retention periods, data is securely deleted or anonymised. You may request early deletion subject to our legal obligations.

06

Cookies & Tracking Technologies

We use cookies and similar tracking technologies to operate our platforms, understand usage patterns, and deliver personalised experiences. Our full Cookie Policy provides complete details on the types of cookies used, their purposes, and how to manage your preferences.

In summary, we use:

Essential Cookies: Required for platform functionality — cannot be disabled.
Analytics Cookies: Help us understand how users interact with our Services.
Preference Cookies: Remember your settings and personalise your experience.
Marketing Cookies: Used for relevant advertising — require your consent.

You can manage cookie preferences through your browser settings or our cookie consent manager. Please note that disabling certain cookies may affect the functionality of our Services.

07

Your Rights & Choices

Subject to applicable law, you have the following rights in relation to your personal data. You may exercise these rights by contacting our Grievance Officer (details in Section 11).

Right	Description	Response Time
Access	Obtain a copy of the personal data we hold about you	30 days
Correction	Rectify inaccurate or incomplete personal data	15 days
Erasure	Request deletion of personal data (subject to legal obligations)	30 days
Data Portability	Receive your data in a structured, machine-readable format	30 days
Withdraw Consent	Withdraw consent for processing based on consent (future only)	Immediate
Opt-out of Marketing	Unsubscribe from marketing communications at any time	10 business days
Grievance Redressal	Lodge a complaint with our Grievance Officer	30 days
Nomination	Nominate a person to exercise rights in case of death/incapacity	As applicable

To exercise any of these rights, submit a request to privacy@smallfare.com or use the contact form on our Contact page. We may need to verify your identity before processing certain requests.

7.1 Marketing Opt-Out

You may unsubscribe from marketing emails at any time by clicking the "Unsubscribe" link in any marketing email or by emailing privacy@smallfare.com. Note that you will continue to receive transactional and service-related communications.

08

Children's Privacy

Our Services are not directed at children under the age of 18 years. We do not knowingly collect, process, or store personal data from children under 18 without verifiable parental or guardian consent.

In accordance with the DPDP Act, 2023, if we become aware that we have inadvertently collected data from a child under 18, we will delete such data promptly and notify the parent or guardian where possible.

If you are a parent or guardian and believe your child has provided personal data to us without your consent, please contact our Grievance Officer immediately at privacy@smallfare.com.

Payblee's financial services are available only to individuals who are 18 years or older and who have the legal capacity to enter into binding agreements under Indian law.

09

Third-Party Links & Services

Our platforms may contain links to third-party websites, applications, or services not owned or controlled by Small Fare®. This Policy does not apply to those third-party services, and we are not responsible for their privacy practices.

We encourage you to review the privacy policies of any third-party services you access through our platforms, including but not limited to:

Payment gateway providers (PhonePe, Razorpay, Cashfree, EaseBuzz)
Social media platforms used for login or content sharing
Event venues and organisers listed on Events Fare
Film studios and merchandise manufacturers on Filmskart

Third-party integrations are selected for their compliance with applicable data protection standards, but Small Fare® accepts no liability for their independent data handling practices.

10

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

Update the "Last Updated" date at the top of this page
Send an email notification to registered users where the changes are significant
Display a prominent notice on our platforms for at least 30 days
Where required by law, seek your renewed consent

Your continued use of our Services after the effective date of any changes constitutes your acceptance of the revised Policy. If you do not agree with any changes, you should discontinue use of our Services and contact us to close your account.

We maintain an archive of previous versions of this Policy. You may request a copy of any previous version by contacting our Grievance Officer.

11

Contact & Grievance Officer

In accordance with the Information Technology Act, 2000, and the Digital Personal Data Protection Act, 2023, Small Fare® has appointed a Grievance Officer to address privacy-related concerns. If you have any questions, complaints, or requests regarding this Policy or our data practices, please contact:

Grievance Officer — Small Fare®

Small Fare Services Private Limited
7-1-458 Ameerpet, Hyderabad
Telangana, India — 500016

Email: privacy@smallfare.com
General: info@smallfare.com
Phone: 040 47088764
Hours: Monday – Saturday, 9:00 AM – 7:00 PM IST
Response Time: Within 30 days of receipt

If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Board of India once established under the DPDP Act, 2023, or with any other applicable supervisory authority.