SideKamai

Privacy Policy

Last updated: 10 April 2026

1. Introduction

Indwell Technologies LLP("Company", "we", "us", "our") operates the SideKamai platform ("Platform"). We are committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, share, store, and protect your information when you access or use the Platform.

This Policy is compliant with:

  • The Information Technology Act, 2000
  • The IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules")
  • The Digital Personal Data Protection Act, 2023 ("DPDPA")
  • Any other applicable Indian laws and regulations in force from time to time

By using the Platform, you consent to the collection and use of your information as described in this Policy. If you do not agree, please discontinue use immediately.

2. Data Controller

For the purposes of applicable data protection law, the data controller is:

Indwell Technologies LLP

Hyderabad, Telangana, India

Email: privacy@sidekamai.com

3. Information We Collect

3.1 Information You Provide Directly

  • Phone number: collected at registration for OTP-based authentication and identity verification.
  • Display name: optional name visible on your profile.
  • UPI ID: collected for processing Payout transfers to your bank account.
  • Submission content: text feedback, ratings, comments, screenshots, audio recordings, and files submitted as part of Project testing.
  • Referral code: if used during registration, to credit the referring user.
  • Support communications: messages and attachments sent to our support team.

3.2 Information Collected Automatically

  • Device information: device type, model, operating system, browser type and version.
  • Usage data: pages visited, features accessed, click patterns, session duration, and interaction logs.
  • IP address: collected for security, fraud detection, geolocation (country/state), and analytics.
  • Session tokens: stored securely for authentication session management.
  • Referral source: URL parameters used to track how you arrived at the Platform.
  • Error and crash logs: technical logs to diagnose and fix Platform issues.

3.3 Sensitive Personal Data or Information (SPDI)

Under the SPDI Rules, a UPI ID linked to a financial account constitutes sensitive personal data. It is collected solely for Payout processing and is encrypted at rest using AES-256 encryption. We do not collect passwords, full bank account numbers, or card details.

4. How We Use Your Information

We process your personal data for the following purposes:

  • Account creation and management: registration, OTP verification, identity confirmation, and profile management.
  • Service delivery: matching you with Projects, processing Submissions, managing Project assignments and deadlines.
  • Payout processing: transferring approved earnings to your UPI account via regulated payment channels.
  • Tax and regulatory compliance: TDS deduction and reporting as required under the Income Tax Act, maintaining financial records as required by law.
  • Platform communication: sending OTP messages, in-app notifications, Submission status updates, and platform announcements.
  • Fraud detection and security: identifying suspicious activity, preventing multiple accounts, and protecting platform integrity.
  • Analytics and improvement: understanding usage patterns to improve features, performance, and user experience.
  • Referral program management: tracking referrals, upgrades, and reward attribution.
  • Legal proceedings and enforcement: responding to legal orders, defending claims, and exercising our legal rights.

5. Legal Basis for Processing

Under the DPDPA 2023 and applicable law, we process your data on the following bases:

  • Consent: You provide explicit, freely given, informed, and specific consent when you accept these Terms and this Policy during registration.
  • Contractual necessity: Processing required to perform our agreement with you — including account creation, Project delivery, and Payout processing.
  • Legal obligation: Processing required to comply with applicable law, including tax law and regulatory requirements.
  • Legitimate interests: Platform security, fraud prevention, and improving our services — balanced against your rights and interests.

6. Data Storage, Security & Integrity

We implement technical and organisational security measures proportionate to the risk, including:

  • All data is stored on secured cloud infrastructure provided by reputable third-party cloud platforms, with appropriate contractual and technical safeguards to protect your personal data.
  • Session tokens and authentication credentials are hashed using industry-standard cryptographic algorithms (SHA-256, bcrypt).
  • UPI IDs and sensitive financial identifiers are encrypted at rest using AES-256-GCM encryption.
  • All data in transit is protected using TLS 1.2 or higher.
  • Access to personal data is restricted to authorised personnel on a need-to-know basis, governed by role-based access controls.
  • Databases are protected by Row-Level Security (RLS) and least-privilege access roles.
  • Regular security assessments and vulnerability testing are conducted.

While we take all reasonable steps to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security and disclaim liability for breaches resulting from circumstances beyond our reasonable control.

7. Data Sharing & Disclosure

We do not sell, rent, or trade your personal data to any third party. We may share data only as follows:

  • Payment service providers: Regulated UPI-enabled payment processors (e.g. Cashfree, Razorpay) for Payout processing. Only your UPI ID and name are shared. These providers are bound by confidentiality and data protection obligations.
  • Cloud and infrastructure providers: Hosting, database, and storage services used to operate the Platform. Data shared under strict data processing agreements.
  • Analytics partners: Anonymised and aggregated usage data only. No personally identifiable information is shared for analytics purposes.
  • Project clients: Aggregated, non-identifying testing statistics and Submission content only. Your personal identity, phone number, UPI ID, and financial details are never disclosed to clients.
  • Law enforcement and regulators: When required by valid legal process, court order, government directive, or as necessary to protect the rights, property, or safety of the Company, its users, or the public.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, subject to equivalent privacy protections.

8. Your Rights as a Data Principal (Under DPDPA 2023)

You have the following rights regarding your personal data:

  • Right to access: Request a summary of the personal data we hold about you and the purposes for which it is being processed.
  • Right to correction: Request correction of inaccurate, incomplete, or outdated personal data.
  • Right to erasure: Request deletion of your personal data, subject to legal retention obligations. You may exercise this right by deleting your Account within the app.
  • Right to grievance redressal: File a complaint with our Grievance Officer (see Clause 14) regarding any data processing concern. We will respond within 30 days.
  • Right to nominate: Nominate another person to exercise your rights in the event of your death or incapacity.
  • Right to withdraw consent: Withdraw consent for data processing at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal. Withdrawal may result in inability to use the Platform.

To exercise any of these rights, contact us at privacy@sidekamai.com.

9. Data Retention

  • Active accounts: Personal data is retained for as long as your account is active or as necessary to provide services.
  • Deleted accounts: Personal data is deleted or anonymised within 90 days of account deletion, except where retention is required by law.
  • Financial records and payment data: Retained for a minimum of 8 years as required under the Income Tax Act, 1961, and other financial regulations.
  • Submission data: Retained for 3 years following Project completion for quality assurance, dispute resolution, and client reporting purposes.
  • Security logs: Retained for 1 year for fraud prevention and security auditing purposes.

10. Cookies & Local Storage

We use strictly necessary cookies and browser local storage for authentication, session management, and storing your preferences (e.g. referral code from URL). We do not use third-party advertising or tracking cookies. If analytics is enabled, data is fully anonymised and does not identify individual users.

11. Third-Party Services

The Platform uses the following third-party services which may process your data under their own privacy policies:

  • Google Firebase: Phone OTP authentication and App Check security. Subject to Google's Privacy Policy.
  • UPI Payment Processors: For Payout transfers, regulated by the Reserve Bank of India.

We are not responsible for the privacy practices of third-party services. We encourage you to review their policies.

12. Children's Privacy

The Platform is strictly intended for users aged 18 and above. We do not knowingly collect personal data from individuals under 18. If we become aware that a minor has registered, we will promptly delete their account and all associated personal data. If you believe a minor has used the Platform, please contact us at privacy@sidekamai.com.

13. Data Breach Notification

In the event of a personal data breach that is likely to result in risk to your rights and freedoms, we will notify the Data Protection Board of India as required under the DPDPA 2023. We will also notify affected users promptly via in-app notification and/or SMS, with information about the breach, its likely impact, and steps being taken.

14. Grievance Officer

In accordance with the IT Act, 2000, the SPDI Rules, 2011, and the DPDPA, 2023, we have designated a Grievance Officer:

Grievance Officer — Indwell Technologies LLP

Email: grievance@sidekamai.com

Address: Hyderabad, Telangana, India

Response time: Within 30 days of receiving a written complaint

If you are dissatisfied with our response, you may escalate your complaint to the Data Protection Board of India in accordance with the DPDPA 2023.

15. Cross-Border Data Transfers

Your data may be stored and processed on cloud infrastructure and service providers located in various regions. Where data is transferred to or accessed by third-party infrastructure or service providers, such transfer is subject to appropriate contractual safeguards to protect your personal data. By using the Platform, you consent to any such transfer as described in this Policy.

16. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in law, technology, or our business practices. The revised Policy will be posted with an updated "Last updated" date. Material changes will be communicated via in-app notification. Your continued use of the Platform after changes constitutes your acceptance of the updated Policy.

17. Contact Us

For any privacy-related queries or to exercise your data rights, contact us at privacy@sidekamai.com or visit our Contact page.