Privacy Policy

1. Who We Are

Gocut ("Gocut," "we," "us," or "our") is a lifestyle and wellness booking platform operated by Gocut Cares, a company incorporated and registered in India.

Gocut acts as the Data Fiduciary as defined under the Digital Personal Data Protection Act, 2023 (India) for personal data processed through the Gocut platform.

2. Scope of This Policy

This Privacy Policy applies to:

• The Gocut mobile application available on Google Play Store and Apple App Store.
• The Gocut website at Gocutcares.com and any sub-domains.
• All users — clients who book appointments ("Clients") and businesses listed on the platform ("Partner Establishments").

By using the Gocut app or website you acknowledge that you have read and understood this Policy. If you do not agree, please discontinue use and uninstall the application.

3. Data We Collect

3.1 — Data You Provide Directly

• Account registration: Full name, email address, mobile phone number, and an optional profile photo.
• Booking details: Preferred service, appointment date & time, special requests or notes for the establishment.
• Reviews & ratings: Star ratings and written feedback you submit after a visit.
• Communications: Messages you send to our support team via email or the contact form on our website.
• Partner Establishment data: Business name, registered address, GSTIN (where applicable), bank account or UPI details for payouts, service catalogue, pricing, and opening hours.
• Identity verification: Government-issued ID documents where required for Partner Establishment onboarding (stored encrypted; not shared with Clients).

3.2 — Data Collected Automatically

• Device identifiers: Device model, OS version, unique advertising ID (GAID / IDFA), and app version — used for app functionality, crash diagnostics, and fraud prevention.
• Usage data: Features accessed, screens viewed, search terms entered, tap events, session duration, and booking history — used to improve the product.
• Log data: IP address, timestamps, HTTP request/response data, and error logs — retained for up to 90 days for security and debugging.
• Crash and performance data: Diagnostic reports generated when the app encounters an error, to help us identify and fix bugs quickly.

3.3 — Payment Data

In-app payments are processed by a PCI-DSS-compliant payment gateway. Gocut does not store, process, or transmit full payment card numbers, CVV codes, or banking credentials. We receive only a transaction reference ID and payment status from the gateway. Payout bank details for Partner Establishments are encrypted at rest.

3.4 — Data from Third Parties

• Our payment gateway may share fraud-risk signals and transaction status with us — never full card data.

4. App Permissions

Gocut requests the following device permissions. Location access is required for the app's core functionality of finding nearby establishments. All other permissions are optional and can be managed at any time in your device Settings.

You can revoke any permission at any time via iOS: Settings → Gocut → [Permission]  |  Android: Settings → Apps → Gocut → Permissions. Note that revoking location permission will prevent the app from showing nearby establishments.

5. How We Use Your Data

Service Delivery

• Create and manage your account and authenticate your identity.
• Process appointment bookings and display real-time availability.
• Connect you with Partner Establishments and transmit only the minimum information needed (name, contact, appointment details) for the service.
• Process payments and issue digital receipts.
• Send transactional notifications: booking confirmations, reminders (24 h & 1 h before), and cancellation alerts.

Personalisation

• Surface establishments, services, and promotions relevant to your location, booking history, and stated preferences.
• Display distance-to-establishment based on your location.
• Remember your preferences (favourite establishments, saved addresses) for a faster booking experience.

Safety & Trust

• Detect, investigate, and prevent fraud, abuse, impersonation, and other harmful activities.
• Verify Partner Establishment identity and Gocut Cares compliance.
• Enforce our Terms of Service and Community Guidelines.

Product Improvement

• Analyse anonymised usage patterns to improve app performance and design.
• Conduct A/B testing of new features on aggregated, non-identifiable data.
• Diagnose and fix crashes and errors using crash reports.

Marketing

• Send promotional push notifications about new features, partner offers, or special deals
• You can opt out of promotional push notifications at any time by disabling them in your device Settings.

6. Legal Basis for Processing

Under the Digital Personal Data Protection Act, 2023 (India), we process your personal data under the following grounds:

• Consent: You provide free, informed, specific, and unambiguous consent when you register an account, grant device permissions (location, camera, notifications), or opt in to marketing communications. You may withdraw consent at any time.
• Contractual necessity: Processing required to fulfil a booking, process a payment, or provide support.
• Legitimate uses permitted by law: Fraud prevention, security, legal compliance, and anonymised analytics.
• Legal obligation: Processing required under Indian law (e.g. tax record-keeping, law enforcement requests from competent authorities).

7. Data Sharing & Disclosure

We do not sell, rent, or trade your personal data to any third party for advertising or commercial purposes.

We share data only in the following limited circumstances:

With Partner Establishments

When you confirm a booking, the relevant Partner Establishment receives your name, mobile number, appointment date/time, and any notes you added. This is necessary to provide the service. Partner Establishments are bound by our data processing terms and the Gocut Cares partner agreement.

With Service Providers (Processors)

We engage third-party vendors who process data on our behalf under strict data processing agreements. They may not use your data for their own purposes. Named providers are listed in the Third-Party Services section below.

For Legal Compliance & Safety

We may disclose data to government authorities, regulators, or law enforcement agencies when required by law, a court order, or to protect the safety of our users or the public.

In a Business Transfer

If Gocut is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will provide notice via the app and email at least 30 days before any such transfer, giving you the opportunity to delete your account.

With Your Explicit Consent

We will share data with any other party only with your prior written consent.

8. Third-Party Services

The following third-party services are integrated into the Gocut platform. Each has its own privacy policy governing its data practices:

We only use service providers whose data protection standards meet or exceed applicable Indian law requirements.

9. Data Retention

• Active accounts: Data is retained for the duration your account is active and for 90 days after account deletion, to allow for recovery in case of accidental deletion.
• After account deletion: Personal data is permanently deleted or irreversibly anonymised within 90 days of your deletion request, except as noted below.
• Financial records: Transaction records and invoices are retained for 8 years as required under the Income Tax Act, 1961 and GST regulations.
• Legal hold: Data subject to an active legal proceeding or regulatory investigation will be retained until the matter is resolved.
• Crash & log data: Automatically purged after 90 days.
• Anonymised analytics: Aggregated, non-identifiable data may be retained indefinitely.

10. Your Rights as a Data Principal

Under the Digital Personal Data Protection Act, 2023 (DPDP Act), you have the following rights as a Data Principal:

Right to Access

Request a summary of the personal data we hold about you and how it is being processed.

Right to Correction & Erasure

Request correction of inaccurate or incomplete personal data, or erasure of data that is no longer necessary for the purpose it was collected. You can update most data directly in the app under Settings → Account.

Right to Withdraw Consent

Withdraw consent for any specific processing activity at any time. Withdrawal does not affect the lawfulness of processing before withdrawal. Withdrawing consent for essential processing (e.g. location for booking) may limit app functionality.

Right to Grievance Redressal

Lodge a complaint with our Grievance Officer (see the Grievance Officer & Contact section at the end of this policy). We will acknowledge within 48 hours and resolve within 30 days.

Right to Nominate

Nominate another individual to exercise your data rights on your behalf in the event of your death or incapacity.

How to Exercise Your Rights

Email support@Gocutcares.com with the subject line "Data Rights Request". We will respond within 30 days. We may ask you to verify your identity before fulfilling the request.

If your request is not resolved to your satisfaction, you may escalate to the Data Protection Board of India once established under the DPDP Act.

11. Children's Privacy

12. Security

We implement technical and organisational measures commensurate with the risk of processing, including:

• Encryption in transit: All data between the app and our servers is encrypted using TLS 1.2 or higher.
• Encryption at rest: Sensitive data (including payout bank details and identity documents) is encrypted at rest using AES-256.
• Access controls: Personal data is accessible only to employees and contractors who require it for legitimate business purposes, under strict confidentiality obligations and role-based access control.
• Regular audits: Periodic internal security reviews and vulnerability assessments.
• Secure infrastructure: Application and data hosted on reputable cloud infrastructure with industry-standard physical and network security controls. Servers may be located in one or more countries depending on our cloud provider's infrastructure.

Data breach notification: In the event of a personal data breach that is likely to adversely affect your rights, we will notify you and report to the Data Protection Board of India within the timeframe prescribed under the DPDP Act (not later than 72 hours of becoming aware of the breach where feasible).

No system is 100% secure. We encourage you to use a strong, unique password and to keep your device OS and the Gocut app updated.

13. Cookies & Tracking Technologies

Website (Gocutcares.com)

• Essential cookies: Required for the site to function — session management, CSRF protection, and load balancing. Cannot be disabled without breaking the site.
• Analytics cookies: Anonymised page-view and navigation data to help us improve the website. You may decline these without any loss of functionality.

We do not use advertising cookies, cross-site tracking pixels, or retargeting technologies. You can manage cookie preferences in your browser settings or via our cookie consent banner.

Mobile App

The Gocut app does not use cookies. It uses a session token (stored securely on-device) to authenticate your account, and a device advertising ID (GAID / IDFA) solely for crash reporting and analytics. You can reset or opt out of the advertising ID at any time in your device settings:
Android: Settings → Google → Ads → Reset Advertising ID / Opt out of Ads Personalisation
iOS: Settings → Privacy & Security → Tracking → Allow Apps to Request to Track

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Display a prominent in-app notice at least 14 days before the change takes effect.
• Send an email notification to registered users.
• Update the "Last updated" date at the top of this page.

Your continued use of the Gocut app or website after the effective date of the updated Policy constitutes acceptance of the changes. If you do not agree with the updated Policy, you must stop using the service and may request account deletion.

15. Grievance Officer & Contact

In accordance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, Gocut has appointed a Grievance Officer to address concerns related to personal data processing.

If your grievance is not resolved satisfactorily, you may approach the Data Protection Board of India (to be established under the DPDP Act 2023) or any other competent authority as prescribed by applicable law.