WYPPER

Privacy Policy

Your privacy matters to us. Learn how we collect, use, and protect your personal information.

Effective: April 25, 2026 · Last updated: April 25, 2026

This policy explains what personal data Wypper Tech Private Limited ("Wypper", "we", "us") collects when you use the Wypper mobile app or our website at wypper.in, why we collect it, who we share it with, and what choices you have. By using Wypper you agree to this policy.

Wypper is operated from India. We process data in line with the Information Technology Act, 2000 (and Rules) and the Digital Personal Data Protection Act, 2023.

What We Collect

Only the information needed to deliver the wash. Nothing you don't expect.

Account information

When you create an account, we collect:

  • Phone number — required for OTP login
  • Name (first, middle, last) — for receipts and addressing
  • Email — optional, for receipts and recovery
  • Referral data — phone/name of friends you refer

Vehicle & service data

  • Vehicle details — registration, brand, model, colour
  • Parking address & slot — where and when to clean
  • Wash photos — before/after, uploaded by our wipers as proof
  • Wash records — date, status, your feedback

Technical & safety data

Collected automatically:

  • Push token — to send wash and payment notifications
  • Anonymous crash reports via Sentry — device, OS, app version
  • Server logs — IP, request path, timestamp; retained 30 days

What we do not collect

  • Card number, CVV, or UPI PIN — Razorpay handles all of it; we only see a payment reference
  • Contacts, calendar, microphone, photo library
  • Real-time location — only the parking address you enter

Why We Use Your Data

Each purpose is tied to a specific lawful basis under the IT Act and DPDP Act, 2023.

Service delivery

Scheduling and proving each wash, using vehicle & parking details and the photos our wipers take.

Account & auth

Creating your account, verifying you via OTP, and keeping the session secure.

Payments

Processing monthly subscription payments through Razorpay; storing transaction references for receipts.

Notifications

Sending wash-done, payment, and service alerts to your push token.

Abuse prevention

Server logs and OTP throttle counters to spot fraud and protect users.

Legal compliance

Retaining transaction records for tax (Income Tax Act, CGST Act).

Who We Share With

We share data only with the providers we need to run the app:

  • Razorpay (India): phone, name, email, transaction amount — for payment processing.
  • Amazon Web Services (Mumbai): hosting all data we store.
  • MSG91 / Amazon SNS: phone number + OTP body for SMS delivery.
  • Sentry: anonymous crash reports — no name, no phone.
  • Apple / Google / Expo: push token + notification body.
  • Legal authorities: only when validly required.

We never sell your personal data to third parties.

Your Rights

Under the IT Act and DPDP Act, 2023, you can:

  • Access: request a copy of the data we hold about you
  • Correct: update wrong data — most fields are editable in-app
  • Delete: close your account — see deletion page
  • Portability: export your data in a readable format
  • Withdraw consent for marketing communications
  • File a grievance — see Section below

To exercise these rights, write to support@wypper.in. We respond within 30 days.

How long we keep it

  • Active accounts: for as long as you have an account.
  • Deleted accounts: personal identifiers anonymised within 7 days. Wash & transaction records retained 8 years per Income Tax Act and CGST Act, but de-linked from your identity.
  • Server logs: 30 days, then deleted.
  • Crash reports: 90 days in Sentry.

How we secure it

  • TLS 1.2+ on every connection between the app and our servers.
  • AES-256 at-rest encryption inside AWS-managed services.
  • Multi-factor auth on all production systems; access is logged.
  • Card data never touches our servers — it goes from your device straight to Razorpay.
  • If we ever detect unauthorised access, we'll notify you and the authorities as required by law.

Children

Wypper is not directed to children under 18. We do not knowingly collect data from anyone under 18. If you believe a child has created an account, contact us and we will delete it.

Contact & grievance

For any privacy question or to file a grievance under the IT Act and DPDP Act, 2023:

Wypper Tech Private Limited
CIN: U96010DL2025PTC457253

Grievance Officer / Data Protection Officer
Email: support@wypper.in
Registered office: Flat no. 66, Sector-12, PKT-8 Dwarka, N.S.I.T. Dwarka, New Delhi, South West Delhi — 110078, Delhi, India.

If you are not satisfied with our response, you may also approach the Data Protection Board of India once it becomes operational.

Changes to this policy

If we change this policy materially, we will notify you in the app and by email. Continued use of Wypper after a change means you accept the new policy.