Your Privacy Matters
This Privacy Policy ("Privacy Policy" or "Policy") explains how Hopelock Private Limited, a company incorporated under the laws of India and having its registered office at Devaprabha, Kallekkad 6th Street, Palakkad, Kerala, India, Pincode: 678001 ("Company", "Unarranged", "we", "us", or "our"), collects, receives, stores, organises, uses, processes, discloses, retains, transfers, protects, deletes, anonymises, and otherwise handles personal data and related information in connection with the website, mobile application, communication interfaces, and associated services offered under the brand Unarranged ("Platform").
Scope & Application
This Privacy Policy applies to:
- Visitors who browse or access the Platform
- Users who create or attempt to create Accounts
- Registered users of the Platform
- Individuals whose information is submitted through support, grievance, verification, or compliance channels
- Persons who communicate with the Company in relation to the Platform
This Privacy Policy applies to information collected:
- Directly from you
- Automatically through your use of the Platform
- Through platform operations, support systems, app integrations, security systems, or analytics systems
- Through third-party service providers acting for or on behalf of the Company
- In connection with moderation, grievance resolution, verification, compliance, billing, and fraud prevention
The Platform is operated from India and may be accessed by users within and outside India, including NRIs, OCIs, PIOs, and persons of Indian origin. Users accessing the Platform from outside India do so on their own initiative and remain responsible for understanding the legal consequences of using the Platform in their jurisdiction.
Regulatory Position & Legal Basis
The Company intends to process information in a manner consistent with:
- The Information Technology Act, 2000
- Applicable rules, regulations, and directions issued thereunder
- The Digital Personal Data Protection Act, 2023, to the extent and in the manner applicable
- Contractual necessity and legitimate operational requirements
- Such other laws as may apply to the Company or the relevant data processing activity
Depending on context, the Company may process data on one or more of the following legal bases:
- Your consent
- Performance of a contract or pre-contractual steps
- Compliance with legal obligations
- Protection of rights, safety, or security
- Fraud prevention, platform integrity, or legitimate business administration, where lawful
Nothing in this Privacy Policy is intended to waive any right that cannot lawfully be waived, nor to exclude any obligation that cannot lawfully be excluded.
Categories of Information We Collect
The categories of data collected depend on the way you interact with the Platform, the features you use, and the information you choose or are required to provide.
We may collect:
- Full name
- Age and date of birth
- Email address
- Mobile number
- Password or authentication credentials in processed or encrypted form
- City, state, or general location
- Profile login details and account identifiers
We may collect:
- Photographs, display images, selfies, or profile media
- Gender and profile descriptors
- Educational qualifications
- Occupation, employer category, or professional background
- Profile bio, preferences, lifestyle or matrimonial expectations
- Marital status or equivalent declarations
- Cultural, religious, linguistic, or community-related information if voluntarily provided by you
If you opt for or are required to undergo verification, we may collect or process:
- Selfie captures
- Government identity-related information
- Facial comparison or liveness inputs through third-party tools
- Document images
- Device or onboarding risk signals
- Verification outcomes, status markers, or fraud flags
In relation to Paid Services, we may process:
- Billing status
- Transaction identifiers
- Purchase records
- Subscription history
- Refund or chargeback history
- Payment platform status information
The Company does not represent that it stores full card numbers or equivalent sensitive payment credentials where such processing is handled through app-store billing ecosystems or authorised payment intermediaries.
We may process:
- Support requests
- Grievance submissions
- Moderation reports
- Communication metadata
- Chat-related or platform communication records where necessary for safety, moderation, fraud investigation, legal compliance, dispute resolution, or system administration
We may automatically collect:
- IP address
- Device identifiers
- Device model and operating system
- App version
- Language settings
- Crash reports
- Diagnostics data
- Usage logs and timestamps
- Session activity
- Approximate geolocation where enabled or lawfully available
We may infer or generate:
- Account risk indicators
- Misuse indicators
- Fraud review indicators
- Security anomaly flags
- Engagement patterns
- Moderation or trust-related classifications
We may receive information from third-party service providers, app ecosystems, verification partners, payment processors, analytics providers, security providers, or lawful authorities, to the extent necessary for operation, billing, compliance, safety, or defence of rights.
What We Do Not Intend to Collect
The Platform is not intended as a repository for highly sensitive private records unrelated to matrimonial introductions. Users should not upload or transmit, unless specifically required and lawfully requested by the Platform:
- Full bank account credentials
- Tax filings
- Intimate personal media
- Medical records unrelated to lawful disclosure choices
- Confidential information of third parties
- Identity documents of other persons
Uploading unnecessary or excessive data is done at the User's own risk and may lead to moderation action.
Purposes for Which Information Is Used
The Company may use data for one or more of the following purposes:
- Create and administer Accounts
- Display profiles
- Enable user discovery and interaction
- Operate communication features
- Provide account access and support
- Conduct onboarding checks
- Reduce impersonation and fraud risk
- Detect suspicious behaviour
- Investigate violations, abuse, or payment misuse
- Preserve platform integrity
- Process subscriptions and transactions
- Administer paid services
- Handle refunds, chargebacks, and billing issues
- Maintain transactional records
- Review complaints and reports
- Moderate content
- Investigate harassment, scams, or child-safety issues
- Preserve evidence where legally or operationally necessary
- Understand feature usage
- Diagnose crashes and bugs
- Improve performance and reliability
- Evaluate the effectiveness of features
- Refine onboarding and trust systems
- Send service alerts
- Respond to support requests
- Send account and security notices
- Notify users of material policy changes
- Send lawful promotional or marketing communications where permitted
- Comply with legal obligations
- Respond to lawful requests from regulators, authorities, or courts
- Establish, exercise, or defend legal claims
- Enforce contractual rights and platform policies
We do not sell your personal data.
Marketing Communications & Continued Contact
You acknowledge that the Company may send transactional, operational, billing, security, support, grievance, moderation, and policy-related communications that are necessary for operation of the Platform.
Subject to applicable law and user choice architecture, the Company may use or retain limited contact information, such as email address or mobile number, to send product updates, feature announcements, campaigns, offers, newsletters, or other promotional communications.
Where lawful and operationally justified, limited contact data and consent/suppression records may be retained even after account closure or inactivity for:
- Compliance with opt-out preferences
- Proof of consent history
- Lawful direct marketing governance
- Suppression management
- Re-engagement campaigns where permitted by law
You may opt out of promotional communications by:
- Using unsubscribe functionality
- Adjusting settings where available
- Contacting the Company through prescribed channels
Opting out of marketing communications does not affect service communications, legal notices, billing communications, or grievance/compliance communications.
Cookies, SDKs, Device Tools & Similar Technologies
The mobile application is not represented by the Company as operating through browser cookies in the ordinary sense.
The Platform may nevertheless rely on software development kits, local storage, app-instance identifiers, security logs, diagnostic tools, or equivalent technical systems for functionality, security, analytics, fraud prevention, or crash reporting.
Where the app does not use cookies, the Company shall not misdescribe app technologies as cookies merely for convenience.
If and to the extent the web platform uses browser-based technologies or essential site tools, such use may be addressed separately and accurately by the Company through website notices or an auxiliary cookie statement if required.
Sharing & Disclosure of Information
The Company does not sell personal data as a general business model. However, data may be disclosed or shared in the following circumstances:
With third-party vendors or service providers performing functions such as hosting, communications, infrastructure support, analytics, app operations, billing support, verification, security monitoring, and moderation assistance.
In connection with merger, acquisition, restructuring, financing, due diligence, insolvency, or transfer of business or assets, subject to lawful confidentiality and continuity protections.
Where required by law, regulation, court order, governmental process, lawful investigation, or competent authority.
Where disclosure is reasonably necessary to:
- Protect the rights, property, or safety of the Company, Users, or the public
- Investigate fraud, abuse, CSAM-related conduct, or security threats
- Prevent harm or platform misuse
With auditors, external counsel, consultants, and advisors, where reasonably necessary and subject to confidentiality obligations.
Where you elect to disclose profile information or communicate with another user, such disclosure is a direct consequence of your use of the Platform and is subject to your own risk and judgment.
Data Storage, Security & Protection
The Company implements reasonable technical and organisational measures designed to protect data from unauthorised access, misuse, loss, alteration, or disclosure. These may include:
- Role-based access controls
- Logging and monitoring
- Security review measures
- Encryption or equivalent technical controls where appropriate
- Vendor management and internal access discipline
No system is entirely secure. Accordingly, the Company does not warrant absolute protection against cyberattack, unauthorised access, infrastructure compromise, credential theft, social engineering, or technical vulnerabilities.
The Company shall not be liable for loss or compromise resulting from:
- User negligence
- Password sharing
- Phishing
- Device compromise
- Use of unsecured networks
- Unauthorised sharing of personal information by the User
Data Retention
The Company retains data for as long as reasonably necessary for the purposes set out in this Policy, including service delivery, fraud prevention, moderation, safety, billing, compliance, dispute resolution, legal defence, and internal administration.
For active Accounts, the Company may retain data as long as the Account remains active and reasonably necessary for operation of the Platform.
Even after account deletion, closure, or inactivity, the Company may retain some categories of data for:
- Legal and regulatory compliance
- Audit trails
- Fraud prevention
- Complaint investigation
- Enforcement of terms
- Chargeback defence
- Litigation hold
- Suppression or consent history
- Legitimate business record-keeping
Subject to law and user choice, limited contact data and marketing-governance records may continue to be retained after account closure for lawful marketing management, opt-out compliance, consent records, and suppression controls.
Where data is no longer reasonably required in identifiable form, the Company may delete, anonymise, aggregate, archive, suppress, or otherwise reduce the identifiability of such data, subject to law and operational necessity.
User Rights & Requests
Subject to applicable law, you may seek to:
- Access your personal data
- Correct inaccurate or outdated data
- Request deletion of your data
- Withdraw consent where consent is the legal basis
- Object or complain in relation to certain processing activities
- Exercise such additional rights as may be available to you under applicable law
The Company may require verification of identity before acting on such requests and may refuse, defer, or limit compliance where permitted by law, including where retention is necessary for legal, fraud-prevention, billing, grievance, or enforcement reasons.
Children, Age-Restricted Use & CSAE Prohibition
The Platform is intended for adults who are legally eligible to seek matrimonial alliances under the laws applicable to them. In accordance with Indian matrimonial law, the minimum eligible age of marriage is 18 years for women and 21 years for men. The Platform is designed exclusively for persons who meet or exceed these age thresholds. The Company does not knowingly permit minors, or any person below the applicable minimum age, to create Accounts or use the Platform. If the Company becomes aware that an underage person has accessed or used the Platform, it may suspend or delete the relevant Account and associated content without prior notice.
Unarranged, operated by Hopelock Private Limited, explicitly prohibits all forms of Child Sexual Abuse and Exploitation (CSAE) on its platform. CSAE includes, but is not limited to, child sexual abuse material (CSAM), grooming of minors, sexual solicitation of children, trafficking of minors for sexual purposes, and all other forms of sexual abuse or exploitation of persons under 18 years of age. The Unarranged platform does not allow, facilitate, or tolerate any content, conduct, or communication constituting CSAE. Violations shall result in immediate account termination, evidence preservation, and mandatory reporting to competent law enforcement authorities, including under the Protection of Children from Sexual Offences Act, 2012 (POCSO) and Section 67B of the Information Technology Act, 2000.
Unarranged has designated a specific child safety point of contact responsible for receiving and coordinating responses to reports relating to CSAE, CSAM, and the safety of minors on the platform:
This contact is responsible for receiving reports, escalating matters to senior management, liaising with law enforcement, and ensuring compliance with child safety obligations.
Unarranged provides an in-app reporting mechanism that allows users to report profiles, content, or conduct they believe constitutes CSAE, CSAM, grooming, or any other harm to children. This mechanism is live, operational, and accessible to all registered users directly within the app interface. Upon receipt of a credible report of CSAM or CSAE, the Company shall:
- Immediately disable the reported content and associated account
- Initiate an internal review within 24 hours
- Permanently remove confirmed CSAM
- Preserve all relevant evidence
- Report to competent law enforcement authorities, cybercrime authorities, child-protection authorities, and/or relevant regional reporting bodies, including the National Center for Missing and Exploited Children (NCMEC) CyberTipline where legally or operationally applicable, and Indian law enforcement as required under POCSO and all other applicable law
Cross-Border Access & International Users
The Platform is operated from India. Infrastructure, service administration, moderation, billing support, and record retention may be undertaken from or coordinated through India and systems supporting Indian operations.
Users outside India understand that information may be processed in jurisdictions relevant to operation of the Platform or its authorised service providers, subject to lawful controls, vendor arrangements, and applicable restrictions.
International Users remain responsible for assessing whether their use of the Platform is lawful in the jurisdiction from which they access it.
Grievances, Complaints & Data Incidents
Complaints relating to privacy, misuse of data, impersonation, unauthorised profile use, or similar matters may be addressed through the Grievance Redressal Policy.
The Company may investigate actual or suspected misuse, breaches, or incidents and may take actions including suspension, content removal, reporting to authorities, preservation of records, and user notification where required by law.
While the Company may take measures in response to incidents, nothing in this Policy shall be construed as an admission that every technical anomaly, report, or suspicion amounts to a legally recognised data breach or incident requiring notification under all circumstances.
Third-Party Links & External Environments
The Platform may contain or depend upon app ecosystem interfaces, third-party login layers, billing systems, communication layers, or external technology environments. The Company is not responsible for the privacy, security, or practices of third-party services except to the extent it directly controls the relevant processing activity.
Policy Changes
The Company may amend, revise, supplement, or replace this Privacy Policy from time to time. Revised versions may be made available through the Platform, the website, email, or notice channels. Continued use of the Platform after such revision constitutes acceptance of the revised Privacy Policy to the extent permitted by applicable law.
Governing Law & Jurisdiction
This Privacy Policy shall be governed by the laws of India. Privacy-related disputes shall be addressed in accordance with the dispute resolution structure in the Terms of Use. The seat and venue of arbitration shall be Kochi, Kerala, and courts at Kochi, Kerala shall have jurisdiction to the extent court jurisdiction is invoked under applicable law.
Severability
If any provision of this Privacy Policy is held invalid, unenforceable, or unlawful, the remaining provisions shall continue in full force and effect to the maximum extent permitted by law.
Contact & Grievance Channel
For privacy-related complaints, access/correction/deletion requests, or related communications, you may contact the designated grievance or privacy contact identified in the Grievance Redressal Policy.
Account Deletion
Users have the right to request deletion of their account and associated personal data at any time.
You may request account deletion through the following method:
Within the app, navigate to: Account → Account → "Delete Account"
Upon receiving a deletion request:
- Your account will be permanently deleted from our active systems
- Personal data associated with your account (such as profile information, preferences, and activity data) will be deleted or anonymised
- You will no longer be able to access your account or retrieve any associated data
Account deletion requests are processed within 7 days.
- Certain data may be retained for a limited period if required for legal, security, or fraud prevention purposes
- Account deletion is irreversible.