This Privacy Policy describes how Vostral Pty Ltd ("Company", "Seatup.in", "we", "our", "us") collects, processes, stores, shares, analyzes, transfers, and protects personal data through our website seatup.in, mobile interfaces, digital platforms, physical locations, and related services (collectively, the “Services”) in Kochi, Kerala, India.

By accessing or using our Services, you acknowledge that you have read, understood, and consented to this Privacy Policy.

---

1. Legal Basis for Processing (India – DPDP Act, 2023)

We process personal data based on:

• User consent
• Legitimate uses permitted under applicable law
• Compliance with legal obligations
• Performance of contractual obligations
• Protection against fraud and unlawful activities

Where consent is required, you may withdraw it at any time, subject to legal or contractual restrictions.

---

2. Categories of Data Collected

We collect extensive categories of personal and non-personal data, including:

2.1 Personal Identification Information

• Full name
• Date of birth
• Gender
• Government-issued identification details (if required for KYC)
• Photograph
• Contact details (email address, phone number, address)
• Emergency contact information

2.2 Account & Booking Information

• Login credentials
• Booking history
• Subscription details
• Seat preferences
• Access logs
• Communication history

2.3 Financial & Payment Information (Website Payments – seatup.in)

When you make payments through our website:

• Name on payment instrument
• Billing address
• Card details (processed via secure gateways)
• UPI ID
• Bank account details
• Transaction IDs
• Payment timestamps
• IP address
• Device fingerprint
• Location at time of transaction

We do not store full card details unless processed in PCI-DSS compliant environments through authorised payment gateways.

2.4 Technical & Device Data

• IP address
• Browser type and version
• Device ID
• Operating system
• Mobile carrier
• SIM information
• GPS location (where permitted)
• Cookies and tracking technologies

2.5 Behavioural & Usage Data

• Session duration
• Clickstream activity
• Page views
• Feature interaction
• Access timestamps
• Movement within physical premises (if applicable)
• CCTV footage in operational areas

2.6 Derived & Analytical Data

We may generate:

• Risk scores
• Fraud probability indicators
• User segmentation categories
• Marketing affinity profiles
• Behavioural analytics models
• AI-based predictive insights

---

3. Methods of Data Collection

We collect data through:

• Direct user input
• Automated tracking technologies
• Payment gateway integrations
• Third-party verification agencies
• Business partners
• Public records
• CCTV systems
• API integrations

---

4. Purposes of Data Processing

We use personal data for:

• Account creation and management
• Seat booking and subscription services
• Payment processing
• Fraud detection and prevention
• Identity verification (KYC, where required)
• Security monitoring
• Legal compliance
• Customer support
• Business analytics
• Service improvement
• Targeted marketing and promotions
• Cross-selling and upselling
• Risk assessment
• Internal research and AI model development

---

5. Payment Processing & Financial Data

Seatup processes payments via authorized third-party payment gateways (such as Razorpay, Stripe, PayU, Cashfree, banks, or UPI networks).

By making payments on seatup.in, you consent to:

• Sharing necessary transaction data with payment processors
• Fraud monitoring and risk analysis
• Sharing transaction logs with banks and card networks
• Data retention for accounting, taxation, and compliance

We implement:

• SSL/TLS encryption
• Tokenization via payment providers
• Secure infrastructure
• Role-based access controls
• Payment event logging

However, no transmission system is completely secure.

---

6. Fraud Monitoring & Automated Decision-Making

We use automated systems, including AI-driven tools, to:

• Detect fraudulent behaviour
• Evaluate transaction risk
• Monitor chargeback probability
• Flag suspicious activity
• Restrict or suspend accounts

Users acknowledge and consent to automated decision-making processes.

---

7. Data Sharing & Disclosure

We may share personal data with:

• Affiliates and subsidiaries
• Payment processors and banks
• Cloud service providers
• Analytics providers
• Marketing partners
• Legal advisors
• Auditors
• Background verification agencies
• Law enforcement and government authorities
• Potential investors or acquirers

Data may be transferred outside India in compliance with applicable law.

---

8. Data Retention

We retain data for as long as necessary to:

• Fulfill the purposes described
• Comply with tax and accounting laws
• Defend against chargebacks
• Resolve disputes
• Enforce agreements
• Maintain security logs

Financial records may be retained for up to 8 years or longer as legally required.

---

9. Cookies & Tracking Technologies

We use:

• Cookies
• Web beacons
• SDKs
• Device fingerprinting
• Analytics tools

These technologies help us:

• Improve performance
• Track engagement
• Deliver targeted advertising
• Prevent fraud

Users may manage cookie preferences via browser settings.

---

10. User Rights Under Indian Law

Subject to applicable law, users may:

• Request access to their data
• Request correction or erasure
• Withdraw consent
• Nominate a representative
• File grievances

Requests must be submitted to the Grievance Officer listed below. Identity verification may be required.

---

11. Children’s Privacy

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors.

---

12. Security Measures

We implement administrative, technical, and physical safeguards, including:

• Encryption
• Access restrictions
• Monitoring systems
• Internal audits
• Secure hosting infrastructure

Despite safeguards, no system guarantees absolute security.

---

13. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for their privacy practices.

---

14. Updates to This Policy

We reserve the right to update this Privacy Policy at any time. Continued use of the Services after updates constitutes acceptance of the revised policy.

---

15. Limitation of Liability

To the maximum extent permitted by law, Vostral Pty Ltd shall not be liable for indirect, incidental, consequential, or punitive damages arising from data processing activities.

---

16. Contact & Grievance Officer

Vostral Pty Ltd (Seatup) Edappally, Kochi, Kerala, India

Email: Grievance Officer: Seatup Admin
Grievance Contact Email: admin@seatup.in

Users may contact us for privacy-related concerns, data access requests, or complaints