Haazir Ho
← Back to Haazir Ho

Privacy Policy

Last updated: 5 June 2026

Haazir Ho ("we", "us", "our") operates the platform available at haazry.com and its associated mobile-accessible interface. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our platform. It is prepared in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000, and the rules and regulations made thereunder.

By creating an account or using Haazir Ho, you consent to the data practices described in this policy. If you do not agree, please do not use the platform.

1. Who We Are (Data Fiduciary)

Haazir Ho is the Data Fiduciary as defined under the DPDP Act, 2023. For any questions, requests, or concerns about your personal data, contact us at: hello@haazirho.com.

2. What Personal Data We Collect

2.1 Account Data (provided by you at signup)

  • Full name — used to identify your account and personalise your experience.
  • Email address — used for login, transactional emails (welcome, password reset), and platform communications.
  • Phone number — collected to help organisers coordinate event attendance. This field is required.
  • Password — stored as a one-way cryptographic hash (bcrypt, 12 rounds). We never store or transmit your plain-text password.
  • Terms acceptance timestamp — the date and time you accepted these Terms of Service, stored as a legal record of consent.

2.2 Profile Data (optional, provided by you)

  • Profile picture (URL to an image you upload or link)
  • Short bio
  • Interest tags
  • Social media profile links (Instagram, Twitter/X, LinkedIn, website, or a custom link)

2.3 Event Registration Data

When you register for an event listed on Haazir Ho, we collect:

  • Full name, email address, and phone number (as entered in the registration form)
  • Answers to organiser-specified questions or about-yourself prompts
  • A unique QR code identifier assigned to your registration for attendance tracking

2.4 Authentication and Session Data (collected automatically)

  • Access tokens (JSON Web Tokens, valid for 15 minutes) and refresh tokens (valid for 7 days) — issued at login and stored in our database and cache to keep you logged in securely.
  • Password reset OTP codes — temporary one-time codes valid for 10 minutes, stored in our cache and purged upon use or expiry.
  • Standard server logs — your IP address and request metadata are captured in server access logs for security, debugging, and abuse prevention purposes.

2.5 Google Sign-In Data

If you choose to sign in with Google, we receive your name and email address from Google via OAuth 2.0. We do not receive your Google password. Google's data practices are governed by the Google Privacy Policy.

3. How We Use Your Data

  • To create and maintain your Haazir Ho account
  • To authenticate you and keep your session secure
  • To send you a welcome email upon successful registration
  • To send a one-time password (OTP) if you request a password reset
  • To facilitate your registration for events and track attendance (QR code check-in)
  • To allow organisers to view the registration details of users who have registered for their events
  • To display your public profile (name, avatar, bio) to other users when you follow or interact with organisers
  • To maintain the security, integrity, and performance of the platform
  • To comply with our legal obligations under Indian law

We do not use your data for automated profiling or algorithmic decision-making that produces legal or significant effects on you.

4. Who We Share Your Data With

We do not sell, rent, or trade your personal data to any third party. We share data only with the following trusted service providers who process data on our behalf:

  • Resend — email delivery service used to send welcome emails and OTP codes. Only your name and email address are shared for this purpose.
  • Google — if you choose to log in via Google. Refer to Google's Privacy Policy.
  • Vercel — our hosting and deployment platform. Your data may pass through Vercel's infrastructure in accordance with their Privacy Policy.
  • Managed PostgreSQL database provider — your account, event, and registration data is stored in a managed database.
  • Redis cache provider — session tokens and OTP codes are temporarily stored in a managed cache.

We also share your registration data (name, email, phone, registration answers) with the event organiser of any event you register for, for the sole purpose of coordinating your attendance.

5. Data Retention

  • Account data: Retained while your account is active. After deletion, your data is retained for up to 2 years for legal, dispute resolution, and compliance purposes, then permanently deleted.
  • Refresh tokens: Expire automatically after 7 days or upon logout, whichever is earlier.
  • OTP codes: Expire after 10 minutes and are purged from our cache upon expiry or use.
  • Event registration data: Retained for 3 years from the date of the event for record-keeping, then deleted.
  • Server access logs: Retained for up to 90 days for security purposes.

6. Your Rights as a Data Principal

Under the Digital Personal Data Protection Act, 2023, you have the following rights:

  • Right to access: Request a summary of personal data we hold about you and how it is being processed.
  • Right to correction: Request correction of inaccurate or incomplete personal data.
  • Right to erasure: Request deletion of your personal data, subject to our legal retention obligations.
  • Right to know about sharing: Request details of the third parties with whom your personal data has been shared.
  • Right to withdraw consent: Withdraw your consent to data processing at any time. Note that withdrawal will result in your account being deactivated, as data processing is necessary for us to provide the service.
  • Right of nomination: Nominate another individual to exercise these rights on your behalf in the event of your death or incapacity.

To exercise any of these rights, write to us at hello@haazirho.com. We will respond within 30 days of receiving your request.

7. Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Passwords stored using bcrypt hashing with 12 rounds — never stored in plain text
  • JWT-based authentication with short-lived access tokens (15 minutes)
  • HTTPS encryption for all data in transit
  • Refresh token rotation and revocation on logout

While we take reasonable steps to protect your data, no system is entirely immune to security risks. We cannot guarantee absolute security.

8. Cookies and Local Storage

Haazir Ho stores your authentication session in your browser's local storage (not cookies) to keep you logged in. This data is cleared when you log out. We do not use advertising cookies or third-party tracking cookies.

9. Children's Privacy

Haazir Ho is intended for users who are 18 years of age or older. We do not knowingly collect personal data from minors. If you believe a minor has registered on our platform, please contact us at hello@haazirho.com and we will promptly delete the account.

10. Grievance Redressal

In accordance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, we have designated the following contact for grievance redressal:

  • Grievance Officer: Haazir Ho Privacy Team
  • Email: hello@haazirho.com
  • Response time: We will acknowledge your grievance within 48 hours and resolve it within 30 days of receipt.

If you are not satisfied with our response, you may approach the Data Protection Board of India once established under the DPDP Act, 2023.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email or by displaying a notice on the platform. The date of the most recent revision is shown at the top of this page. Continued use of the platform after changes are posted constitutes your acceptance of the revised policy.

12. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of India, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023.