Purewin privacy policy: how we collect, use, store, and protect your personal data. Compliant with India's Digital Personal Data Protection Act.
Account information: mobile number, name (optional), email (optional), state. We collect this when you sign up to verify identity and comply with state-specific gaming regulations. KYC information: PAN card number, Aadhaar number (last 4 digits only, full Aadhaar not stored), bank account details. Collected for withdrawals above Rs 10,000 and to comply with anti-money laundering regulations.
Usage information: app interactions (which contests you view, which teams you build, which features you use), device information (device model, OS version, app version, IP address). We use this to improve the app, detect fraud, and personalize your experience. We do not collect precise location data.
Payment information: deposit and withdrawal amounts, payment methods (UPI ID, bank account, Paytm wallet), transaction IDs. We do not store full bank account numbers or UPI PINs - only masked references. Payment data is processed by PCI DSS-compliant payment partners; we never see your full card number or PIN.
Provide core service: process deposits, run contests, calculate fantasy points, settle winnings, process withdrawals. We use your mobile number as your unique account identifier - it's how we recognize you across sessions and devices.
Compliance and legal: verify identity (KYC), prevent fraud, comply with anti-money laundering regulations, report transactions to tax authorities, restrict access in prohibited states. We are required by Indian law to maintain certain records for 5+ years.
Improve service: analyze usage patterns to improve app design, identify bugs, develop new features, optimize contest formats. We aggregate data across users for analytics - individual data is never sold or shared with third parties for marketing.
Encryption: all data in transit is encrypted with TLS 1.3. All data at rest is encrypted with AES-256. KYC documents (PAN, Aadhaar) are stored in encrypted vaults with access limited to authorized compliance personnel only.
Access controls: employee access to user data is on a need-to-know basis, logged, and audited. Two-factor authentication is required for all admin access. We conduct quarterly security audits by independent third parties.
Incident response: in case of a data breach, we will notify affected users within 72 hours as required by India's Digital Personal Data Protection Act. We maintain incident response plans and have a 24/7 security operations center monitoring for threats.
Access: you can request a copy of all personal data we hold about you. We will provide it in a machine-readable format within 30 days as required by law.
Deletion: you can request deletion of your account and personal data. We will delete your data within 30 days, except for records we are legally required to retain (KYC documents, transaction history for tax purposes, etc.).
Opt-out: you can opt out of marketing communications (push notifications, emails, SMS) at any time. Go to Profile > Notifications to manage preferences. Note: critical service notifications (account security, contest deadlines) cannot be opted out of.
Purewin retains user data for specific periods based on legal, regulatory, and business needs. This section explains what data we keep, how long, and why.
Account data: while your account is active, plus 5 years after closure. The 5-year retention is required by Indian tax law (Income Tax Act) and anti-money laundering regulations (PMLA). We keep: your name, mobile number, email, registration date, account history. We do not keep KYC documents after account closure.
KYC documents: PAN card and Aadhaar verification data is kept for 5 years after account closure, as required by the Prevention of Money Laundering Act (PMLA). After 5 years, KYC documents are securely deleted. We never sell, share, or use KYC data for any purpose other than identity verification and regulatory compliance.
Transaction history: deposit and withdrawal records are kept for 7 years after the transaction, as required by Indian tax law (Section 44AB of Income Tax Act for audit purposes). After 7 years, transaction records are anonymized (your name and details are removed) and kept for statistical analysis only.
Usage data: app interactions, device info, IP address, browsing history within the app are kept for 2 years. After 2 years, usage data is anonymized and aggregated for analytics. We may use this data to improve the app, but it cannot be linked back to you personally.
Communication records: in-app chat transcripts, email correspondence, phone call recordings (with consent) are kept for 1 year for quality assurance and dispute resolution. After 1 year, records are deleted. You can request deletion of your communication records at any time, except where retention is required for legal proceedings.
International data transfer: Purewin stores all user data on servers in India (AWS Mumbai region). We do not transfer user data to servers outside India, except for: payment processing (which may involve international payment networks), customer support (if you request support from a non-India-based specialist), and analytics (using tools like Google Analytics, which may process data in other countries). All international transfers are protected by standard contractual clauses and comply with India's Digital Personal Data Protection Act.
Third-party data sharing: Purewin shares data only with: payment processors (Razorpay, PayU), KYC verification services (Signzy, IDfy), cloud infrastructure (AWS), and analytics tools (Google Analytics). We do not sell user data to advertisers or marketing companies. We do not share data with other fantasy platforms or competitors. All third-party processors are contractually bound to protect your data and are subject to security audits.
Rs 1 entry contests. Instant withdrawals. Skill-based fantasy cricket.
Common questions about Privacy Policy.
