Legal
Privacy Policy
How Kaps NextGen Pvt Ltd (operating as Flykup) collects, processes, stores, shares, and safeguards your personal data — in compliance with the Digital Personal Data Protection Act, 2023.
This Privacy Policy describes how Kaps NextGen Pvt Ltd, operating under the tradename Flykup (“Flykup,” “we,” “our,” or “us”), collects, processes, stores, shares, and safeguards your personal data in compliance with the Digital Personal Data Protection Act, 2023 (DPDPA 2023), Information Technology Act, 2000, and applicable RBI and financial regulations.
By accessing or using Flykup — including to register, browse, bid, or complete transactions — you consent to this policy.
Information We Collect
Account & Contact Data
- Full Name
- Mobile Number, Email Address
- Hashed Password
- Shipping & Billing Address
- GSTIN (for verified sellers)
Mandatory KYC & Verification Data
Required for Auctions & Payouts
- Aadhaar (Masked Format), PAN, Passport, Voter ID
- Bank Account Number and IFSC
- Live Selfie or Biometric Verification (Liveness Detection)
- Date of Birth, Gender, Approximate Geolocation
Transactional & Behavioral Data
- Bidding and Purchase History
- Wallet Activity, Payment Logs
- Reviews, Messages, and Follower Data
- Device IDs, IP Addresses, Session Fingerprints
Automated Collection
- Cookies, Tracking Pixels, Session Scripts
- Clickstream and Page View Data
- Error Logs and Crash Reports
Legal Basis and Purpose of Processing
Flykup processes personal data under the following lawful bases per DPDPA 2023:
For marketing communications and analytics
To provide services, facilitate orders, and process transactions
For KYC/AML compliance, taxation, and regulatory reporting
Security monitoring, fraud prevention, and platform improvement
Purpose of Use
- Account creation and user onboarding
- KYC verification for participation in auctions and commerce
- Transaction processing, refunds, and payouts
- Identity and fraud risk assessment
- Marketing and personalized offers (with opt-out)
- Grievance handling and legal defense
Data Security Measures
Flykup follows ISO 27001-aligned data security protocols, including:
Data Localization and Retention
All personal data is stored in India, on servers located within AWS and/or GCP's Indian regions. Encrypted backups are geo-fenced and retained exclusively within India.
Data Retention Periods
| Data Type | Retention Period |
|---|---|
| KYC Documents | 7 years post-account closure (per RBI/PMLA) |
| Financial Transactions | 8 years (as per Income Tax Act) |
| Inactive User Accounts | 2 years (then anonymized/deleted) |
Data Sharing and Disclosure
Flykup shares data only where necessary and with entities bound by Data Processing Agreements (DPAs):
Government Authorities
Upon lawful request (RBI, Income Tax Department, Enforcement Directorate, etc.)
KYC Partners
(e.g., Cashfree) for identity verification
Payment Gateways
(e.g., PayU, Razorpay) — PCI-DSS compliant
Logistics Partners
(e.g., Ecom Express) — Access limited to delivery addresses and contact data
Auction Bodies or Legal Stakeholders
Where legally required
We do not sell or rent personal data to any third parties.
User Rights under DPDPA 2023
Right to Access
Obtain a copy of your personal data in a machine-readable format
Right to Correction
Correct inaccurate or outdated KYC/account details
Right to Erasure
Request deletion of non-mandatory data
Right to Consent Management
Withdraw consent for non-essential processing (e.g., marketing)
Right to Grievance Redressal
File complaints directly with our DPO or escalate to the Data Protection Board of India
📋 How to submit a request: Submit your request to the DPO listed below, along with valid identity proof. We aim to respond within 30 days.
Special Provisions
Flykup is not accessible to individuals under 18 years of age. All users undergo age and identity verification during KYC.
Biometric data is processed only for liveness detection and never stored in raw form.
Essential cookies are mandatory for service functionality. Non-essential cookies require opt-in via your browser settings.
Flykup does not transfer personal data outside India, unless mandated by an Indian authority.
Policy Updates
This Privacy Policy may be modified to reflect legal, technical, or business changes.
Users will be notified 15 days in advance through in-app messages or email for material updates.
Re-consent will be required for changes involving sensitive data usage or consent parameters.
Contact & Grievance Redressal
Kaps NextGen Pvt Ltd
✉️ [email protected]📞 +91 98404 79979📍No. 7, Kambar Street, SRP Mills, Janatha Nagar, Saravanampatti, Coimbatore – 641035, Tamil Nadu, India.
If unsatisfied with the DPO response, escalate to:
Data Protection Board of India
Ministry of Electronics and Information Technology
meity.gov.in/data-protection-board →Governance & Compliance
Data Protection Committee
Flykup's data protection practices are governed by an internal Data Protection Committee.
Quarterly DPIA
Data Protection Impact Assessments (DPIA) are conducted every quarter.
ISO 27001 Audits
Regular audits are performed by ISO 27001-certified third-party firms.
This policy is effective as of February 14, 2025 and applies to all users of the Flykup platform. For questions, contact [email protected].
© 2026 Flykup™ (Kaps NextGen Pvt Ltd). All Rights Reserved.