Privacy Policy

1. General

FSTAGE EVENTS LLP, having its registered office at 576/A/7, Diamond Harbour Road, Arcadia, Kolkata - 700034, West Bengal, India ("FSTAGE", "we", "us" or "our") owns and operates the website www.thefstage.com ("Website") and mobile applications "The FStage" (for consumers) and "The FStage Business" (for vendors) (collectively referred to as the "Platforms"). Through these Platforms, FSTAGE facilitates event management services connecting vendors who provide event-related services with consumers seeking such services ("Services") to users of the Platforms ("User" or "Users" or "you" or "your"). The term User/Users means any individual or entity which uses, accesses or browses the Platforms and/or avails Services from the Platforms.

FSTAGE is committed to protecting and respecting your privacy. This Privacy Policy, together with the Terms and Conditions and all other policies notified by us from time to time, governs your use of the Platforms and describes our policies and procedures on the collection, use, disclosure, sharing, processing, transfer, storage, retention and safeguarding of Information provided to us by you through the Platforms and/or pursuant to the availment of Services on the Platforms.

2. Applicability of the Privacy Policy

By using, browsing, accessing, or availing Services from the Platforms and/or by submission of Information (and in case of a minor - submission of such minor's Information by the parents or legal guardian), you agree to be bound by the terms of this Privacy Policy and consent to the collection, use, storage, processing, sharing and retention of your Information as described herein and under applicable Indian law, including the Digital Personal Data Protection Act, 2023. Your Information will primarily be collected, stored and processed in India and governed by applicable Indian laws. This is an electronic record governed by the Information Technology Act, 2000 and related rules. If you do not agree with any provision, please do not use the Platforms.

3. Type of Information Collected

We may collect various types of Information from Users, including Personal Information and Sensitive Personal Data/Information. You may withdraw consent at any time, but withdrawing may affect our ability to provide Services.

3.1 Personal Information

Personal Information may include (but is not limited to):

• Full name
• Email address
• Phone number
• Address (residential/business)
• Profile photographs and images
• Location data (latitude/longitude)
• Device information (model, OS, identifiers)
• App interactions, booking details and transaction history
• Communication preferences

3.2 Additional Information for Vendors

• Business/company details
• GSTIN, PAN or Aadhaar details (where applicable)
• Bank account details for payment processing
• Business photographs, portfolios, certifications and licenses
• Invoice attachments and business documents

3.3 Sensitive Personal Data/Information

We may collect sensitive information such as passwords, financial information (e.g., vendor bank details), payment instrument details processed through our payment gateway, and other details necessary for Services.

3.4 Location & Device Data

When you enable location services we may collect GPS and network-based location to provide location-based Services. Device and technical information (IP, app version, crash logs, analytics data, push tokens) may be collected automatically.

4. Children's Data Protection

Our Platforms are not directed to children under 18. We do not knowingly collect Personal Information from anyone under 18 without verifiable parental consent. If we become aware such data was collected without consent, we will delete it promptly. Parents may contact us at info@thefstage.com to request deletion.

5. App Permissions

Our mobile apps may request permissions including:

• Location — for finding nearby vendors and service areas
• Storage/Photos — to upload/download invoices, attachments and images
• Camera — to capture profile or business photos
• Network/Internet — to access Services and process payments
• Push Notifications — to send booking/payment updates and announcements

You can manage these permissions via your device settings; disabling may limit functionality.

6. Use of Information Collected

We use Information for purposes including:

• Account management and authentication
• Service provision, matching vendors with consumers
• Payment processing
• Personalization and product improvement
• Communication and customer support
• Push notifications
• Analytics and research
• Security and fraud prevention
• Legal compliance
• Marketing communications (with consent)

7. Data Storage and Local Storage

We store data in cloud services (Hostinger and Firebase) with servers in India. Some data may be stored locally on devices using Hive local storage for offline functionality. Data is protected using industry-standard encryption and API calls use HTTPS.

8. Third-Party Services and Data Sharing

We share Information with trusted third-party service providers for platform operation:

• Payment processor: Razorpay (for secure transaction processing)
• Firebase services: Analytics, Cloud Messaging, Crashlytics, Authentication, Cloud Storage
• Google Maps: for location and mapping features
• Cloud storage providers: Hostinger and Firebase
• Between platform users: basic contact information may be shared to facilitate service delivery (with consent)

We do not sell personal data. We may disclose Information to comply with law or to protect rights. In business transfers (merger, sale) data may be transferred subject to privacy protections.

9. Push Notifications and Firebase Cloud Messaging

We use FCM to send notifications (booking/payment updates, promotions). FCM may collect device tokens, installation IDs, delivery receipts and device/app info. You can manage notifications via device or in-app settings. Note that notification data processed through FCM may be accessible to Google as per their policies.

10. Analytics and Crash Reporting

We use Firebase Analytics and Crashlytics to monitor usage and stability. These services collect usage metrics, crash reports, device state, app versions and related data to help improve the Platforms. You may opt-out via device settings or by contacting us.

11. Tracking Technologies

Website and app tracking may be used to remember preferences, analyze traffic, and ensure security. We do not use third-party advertising cookies, though analytics partners may employ their tracking as described in their policies. Manage tracking via browser or device settings.

12. Data Retention

We retain data only as long as necessary for the purposes stated, subject to legal obligations:

• Account data: retained while account is active and for 2 years after deletion for legal/dispute reasons
• Transaction data: retained for 7 years for tax/regulatory compliance
• Analytics data: aggregated/anonymized data retained for 24 months
• Communication records: retained for 3 years for quality and compliance

Upon account deletion or consent withdrawal, we will delete Personal Information within 30 days unless retention is required for legal compliance or fraud prevention.

13. Data Security

We implement technical and organizational measures to protect Information, including:

• Encryption in transit (HTTPS) and at rest (AES-256 where applicable)
• Access controls and regular audits
• Continuous monitoring for vulnerabilities and breaches
• Regular security updates and secure infrastructure

We maintain internal access controls, logging and employee training. In the event of a data breach we will assess, contain and notify authorities/users as required by law. Users are responsible for keeping credentials safe and using secure connections.

14. Automated Decision Making and Profiling

We may use automated systems for vendor recommendations, search rankings, personalization, and fraud detection. You have rights to request information about the logic used, to contest automated decisions, and to request human review—contact info@thefstage.com.

15. Your Rights and Data Control

Under applicable law including the Digital Personal Data Protection Act, 2023, you have rights to access, correct, erase, port, withdraw consent, restrict processing, and redress grievances. To exercise these rights contact info@thefstage.com. We will respond within 7 business days.

16. Marketing Communications and Opt-Out

Marketing communications are sent with consent and can be withdrawn via unsubscribe links, SMS opt-out instructions, push notification settings, or by contacting us. Opting out does not affect essential transactional messages, security notifications, legal notices, or transaction confirmations.

17. Grievance Redressal and Contact Information

We maintain a grievance mechanism for privacy concerns. Contact details for privacy matters:

Grievance process: submit complaint via email; we'll acknowledge within 24–48 hours and aim to resolve within applicable legal timeframes (typically 30 days). If unsatisfied, you may approach the Data Protection Board of India or other regulatory/consumer forums.

18. Third-Party Links and Services

Our Platforms may link to third-party sites. This Privacy Policy does not apply to third parties. Review their policies before providing information. Integration partners include Google (Firebase, Maps, Analytics), Razorpay, Hostinger and other disclosed partners.

19. International Data Transfers and Cross-Border Processing

We primarily store and process data in India. Some third-party services may process data outside India; in such cases appropriate safeguards and legal compliance will be maintained in line with applicable law.

20. Business Changes and Data Transfer

In the event of a merger, acquisition or sale, Personal Information may be transferred to the acquiring entity. We will provide 30 days advance notice by email or prominent notice on Platforms. Any acquiring entity must honour privacy commitments and provide options regarding your data.

21. Policy Updates and Changes

We may update this Privacy Policy to reflect changes in practices, new services, legal requirements or security improvements. Material changes will be notified by email or in-app/website notices 30 days in advance where required. Continued use after updates indicates acceptance.

22. Compliance and Legal Framework

This Policy is designed to comply with the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, RBI guidelines for digital payments, Google Play Store requirements and other applicable Indian laws. We regularly review and document our processing activities for compliance.

23. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of India. Disputes will be subject to the exclusive jurisdiction of courts in Kolkata, West Bengal, India.

24. Severability

If any provision is held invalid or unenforceable, it will be ineffective to the extent of the invalidity without affecting the remainder of this Policy. We will replace invalid provisions with valid provisions that reflect the original intent where possible.

25. Contact Information and Developer Details