PRIVACY POLICY

Welcome to Ooru (“Application”, “we”, “us”, “our”). This Privacy Policy describes how we collect, use, process, store, disclose and otherwise handle personal data of users (“you”, “user”, “Data Principal”) who access or use the Application and related services.

The Application is a fan engagement platform designed to enable users to participate in fan communities, engage with content, interact with creators, celebrities, sports personalities, brands and campaigns, participate in loyalty and rewards programmes, receive personalized experiences and access third-party integrations and redemption ecosystems.

This Privacy Policy is issued in accordance with the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and applicable laws of India.

By creating an account, accessing or using the Application, you acknowledge that you have read and understood this Privacy Policy and consent to the processing of your personal data for the purposes set out herein.

1. ABOUT THE APPLICATION

The Application enables users to:

  • Participate in fan engagement activities
  • Access content and fan communities
  • Interact with campaigns, creators and events
  • Participate in loyalty programmes and rewards ecosystems
  • Earn and redeem loyalty points and benefits
  • Access personalized recommendations and experiences
  • Interact with third-party applications, partners and integrations
  • The Application may integrate with social media platforms, loyalty partners, merchants, reward providers, marketplaces, event partners and other third-party service providers.

    2. PERSONAL DATA WE COLLECT

    2.1 Registration and Onboarding Information

    At the time of account creation or onboarding, we may collect the following personal data:

    Category Personal Data Collected
    Identity Information Name
    Contact Information Email address, mobile / phone number
    Demographic Information Gender, date of birth
    Social Media Information Social media profiles, handles, profile links and public profile information shared by you
    Location Information City, state, region and location information provided by you or enabled through device permissions
    Preference Information Hobbies, interests, fan preferences and related information

    2.2 Application Usage and Engagement Information

  • Content viewed, liked, shared, saved or interacted with
  • Communities joined
  • Campaigns, contests, polls and events participated in
  • Fan engagement history
  • Loyalty programme participation
  • Rewards earned and redeemed
  • Badges, memberships, tiers and rankings
  • Referral activity
  • Browsing activity and interactions within the Application
  • Communications and feedback
  • Behavioural information and preferences
  • Redemption activity undertaken through the Application or partner ecosystems
  • 2.3 Third-Party Account and Integration Information

    Where you connect or interact with third-party applications, social media platforms, marketplaces, loyalty partners, merchants or service providers through the Application, we may collect information made available by such third parties pursuant to permissions granted by you.

    Such information may include:

  • Public profile information
  • Account identifiers
  • Social media profile information
  • Reward and redemption information
  • Loyalty activity
  • Participation history
  • Information otherwise shared pursuant to your authorization
  • 2.4 Technical and Device Information

    We may collect technical information relating to your use of the Application including:

  • IP address
  • Browser information
  • Device identifiers
  • Operating system information
  • Session information
  • Analytics information
  • Usage logs
  • Application performance information
  • 2.5 Authentication and Verification Information

    We may collect and process information required for authentication and account security purposes, including:

  • Email verification information
  • Phone number verification information
  • One-time passwords (“OTP”)
  • Authentication identifiers
  • Verification status
  • Login records
  • Security logs
  • Account recovery information
  • OTP and verification activities may be processed through third-party authentication, messaging or communication service providers.

    3. PURPOSE OF PROCESSING

    We process personal data only for lawful purposes and in accordance with applicable law.

    3.1 Account Creation, Authentication and Administration

    To:

  • Create and maintain user accounts
  • Authenticate users
  • Verify account ownership
  • Enable login and account recovery functions
  • Undertake email and OTP verification
  • Administer account access controls
  • Prevent misuse and unauthorized access
  • Provide support and account administration services
  • 3.2 Fan Engagement Activities

    To facilitate:

  • Participation in fan communities
  • Campaigns, contests and events
  • Creator interactions
  • Memberships and engagement programmes
  • Promotional activities
  • Community participation
  • Fan experiences
  • 3.3 Personalization, Profiling and Recommendations

    We may process social media information, interests, behavioural information, engagement history, loyalty participation, location information and usage information to create user profiles and deliver personalized experiences.

    Such processing may include:

  • Recommending content and communities
  • Identifying user interests and fan preferences
  • Audience segmentation
  • Personalization of Application experiences
  • Recommending rewards and experiences
  • Recommending campaigns and events
  • Tailoring notifications and communications
  • Displaying personalized offers and partner experiences
  • Improving recommendation systems
  • Profiling and personalization activities are undertaken to improve user experience, Application functionality and engagement.

    3.4 Loyalty Programmes and Rewards Administration

    To:

  • Administer loyalty programmes
  • Allocate loyalty points
  • Manage memberships, badges and tiers
  • Determine eligibility for rewards
  • Process reward accruals and redemptions
  • Facilitate reward fulfilment
  • Administer partner reward programmes
  • Manage loyalty experiences
  • 3.5 Social Media Integration

    To enable social media integrations, sharing functionality and social engagement experiences.

    3.6 Communications

    To send:

  • Account notifications
  • Service updates
  • Event information
  • Campaign communications
  • Promotional communications
  • Loyalty programme notifications
  • Reward notifications
  • Verification messages
  • OTP communications
  • Account recovery notifications
  • Security alerts
  • Customer support communications
  • 3.7 Analytics and Service Improvement

    To:

  • Analyse user behaviour
  • Improve Application functionality
  • Improve campaigns and engagement initiatives
  • Optimize recommendations
  • Develop new services
  • Improve user experience
  • Enhance Application performance
  • 3.8 Legal Compliance and Protection

    To:

  • Comply with legal obligations
  • Enforce Application policies
  • Prevent fraud and misuse
  • Maintain security
  • Investigate violations
  • Protect rights and interests of users and the Application
  • 4. CONSENT

    The Application shall obtain consent from users prior to processing personal data, except where processing is otherwise permitted under applicable law.

    Consent shall be obtained through clear affirmative action by the user through the onboarding process, account creation flow, check-box mechanisms, click-wrap acknowledgements, in-Application consent prompts or other equivalent electronic mechanisms made available by the Application (“Consent Mechanism”).

    The Consent Mechanism shall provide users with notice regarding:

  • Categories of personal data collected
  • Purposes of processing
  • Rights available to users under applicable law
  • Withdrawal mechanisms
  • Grievance redressal details
  • Where required by applicable law, consent shall be:

  • Free
  • Specific
  • Informed
  • Unconditional
  • Unambiguous
  • Provided through a clear affirmative action
  • The Application may obtain separate or granular consent for specific processing activities including:

  • Profiling and personalization
  • Social media integrations
  • Loyalty programmes and rewards
  • Third-party reward fulfilment and redemption activities
  • Sharing with third-party partners
  • Promotional communications
  • Users may withdraw consent at any time through account settings (where available), withdrawal tools made available by the Application or by contacting the Grievance Officer.

    Withdrawal of consent shall not affect processing undertaken prior to such withdrawal but may affect availability of certain Application features or services.

    5. FAN LOYALTY PROGRAMMES, REWARDS AND REDEMPTIONS

    The Application may operate loyalty programmes, points systems, badges, memberships, tiers, rankings and similar engagement mechanisms (“Loyalty Programmes”).

    Users may earn points, credits, badges or rewards through:

  • Participation
  • Campaigns
  • Events
  • Referrals
  • Creator engagement
  • Purchases (where applicable)
  • Other qualifying activities
  • Rewards may be:

  • Redeemed on the Application
  • Redeemed through third-party applications
  • Exchanged for merchandise, experiences, memberships, discounts or benefits
  • Used within partner ecosystems
  • For administration of Loyalty Programmes, we may process:

  • Reward activity
  • Participation history
  • Redemption history
  • Engagement metrics
  • Preference information
  • Fulfilment information
  • Transaction records
  • The Application reserves the right to modify, suspend or discontinue Loyalty Programmes in accordance with applicable terms.

    6. CHILDREN’S DATA

    The Application is not intended for children.

    For purposes of this Privacy Policy, a “child” shall mean an individual who has not completed the age of eighteen (18) years, or such other age as may be prescribed under applicable law.

    The Application shall not knowingly collect or process personal data of children without obtaining verifiable consent from a parent or lawful guardian where required under applicable law.

    Where a user is identified as a child, the Application may implement additional verification measures and parental consent mechanisms prior to enabling access or processing personal data.

    The Application shall not undertake:

  • Tracking of children
  • Behavioural monitoring directed at children
  • Targeted advertising directed at children
  • except as may be permitted under applicable law.

    Parents or guardians may contact the Application for withdrawal of consent, correction or deletion requests relating to a child’s personal data.

    7. LOCATION DATA

    Location information may be used to:

  • Provide localized experiences
  • Recommend nearby campaigns and events
  • Personalize content
  • Facilitate region-specific experiences
  • Recommend rewards
  • Improve user engagement
  • Where precise location information is collected, such collection shall be subject to applicable permissions.

    Users may disable location permissions through device settings.

    8. DISCLOSURE OF PERSONAL DATA

    We may disclose personal data to:

  • Affiliates and group entities
  • Cloud hosting providers
  • Technology service providers
  • Customer support providers
  • Analytics providers
  • Personalization and recommendation providers
  • Authentication providers
  • OTP service providers
  • SMS gateways
  • Email service providers
  • Security providers
  • Campaign partners
  • Creators and brands
  • Event organizers
  • Loyalty programme operators
  • Reward fulfilment partners
  • Redemption partners
  • Merchants and marketplace operators
  • Social media integration providers
  • Third-party application operators
  • Governmental, regulatory or law enforcement authorities where legally required
  • Where rewards or experiences are redeemed through third-party ecosystems, information reasonably necessary for fulfilment, verification and redemption may be shared.

    We do not sell personal data.

    9. THIRD-PARTY APPLICATIONS, LINKS AND PARTNERS

    The Application may contain links to, integrate with or permit interactions with third-party applications, websites, social media platforms, marketplaces, reward partners, merchants, event partners and service providers (“Third-Party Applications”).

    Use of Third-Party Applications shall be governed by their own terms and privacy policies.

    We are not responsible for:

  • Privacy practices of Third-Party Applications
  • Independent processing activities
  • Content or services offered by them
  • Their acts or omissions
  • Users should review the applicable privacy policies before interacting with Third-Party Applications.

    10. ANALYTICS, PROFILING AND AUTOMATED PROCESSING

    We may use analytics systems, recommendation tools and automated processing mechanisms to:

  • Analyse engagement behaviour
  • Assess preferences and interests
  • Create audience segments
  • Improve recommendations
  • Optimize campaigns
  • Improve Application experiences
  • Determine reward eligibility
  • Improve personalization
  • The Application does not use automated processing to make decisions producing legal or similarly significant effects except as permitted by applicable law.

    11. ACCOUNT SECURITY AND AUTHENTICATION

    The Application may use authentication mechanisms including email verification, phone verification, OTP authentication and other security measures.

    Users are responsible for:

  • Safeguarding account credentials
  • Maintaining confidentiality of OTPs
  • Promptly notifying unauthorized access
  • Maintaining accurate contact information
  • OTP communications are intended solely for authentication and security purposes and should not be shared.

    12. DATA RETENTION

    Personal data shall be retained only for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law.

    Personal data may be deleted, anonymized or de-identified where:

  • The processing purpose no longer exists
  • Retention is no longer required
  • Consent has been withdrawn and no lawful basis remains
  • Account deletion requests may be submitted through the Application or to the Grievance Officer.

    13. YOUR RIGHTS AS A DATA PRINCIPAL

    Subject to applicable law, users may have the right to:

  • Obtain information regarding processing activities
  • Seek correction, completion or updating of personal data
  • Request erasure of personal data
  • Withdraw consent
  • Nominate another person to exercise rights upon death or incapacity
  • Access grievance mechanisms
  • Requests may be submitted using the contact details below.

    14. DATA SECURITY

    We implement reasonable technical and organizational measures to protect personal data against unauthorized access, disclosure, misuse, alteration or loss.

    Security measures may include:

  • Encryption
  • Access controls
  • Monitoring and logging
  • Restricted access protocols
  • Secure infrastructure
  • Security review procedures
  • No system can guarantee absolute security.

    15. PERSONAL DATA BREACHES AND INCIDENT RESPONSE

    The Application maintains procedures and controls intended to identify, investigate, contain and respond to personal data breaches and security incidents.

    In the event of a personal data breach involving personal data processed by the Application, the Application shall take appropriate measures in accordance with applicable law, which may include:

  • Assessment and containment of the incident
  • Implementation of remedial actions
  • Mitigation of adverse effects
  • Preservation of relevant records
  • Notifications required under applicable law
  • Where required under the DPDP Act or applicable rules, the Application shall notify:

  • The relevant authorities
  • Affected users
  • in the manner and within the timelines prescribed under applicable law.

    The Application may provide information regarding:

  • Nature of the breach
  • Categories of affected information
  • Potential consequences
  • Mitigation measures
  • Actions recommended for affected users
  • 16. CROSS-BORDER TRANSFERS

    Personal data may be processed or stored outside India where permitted under applicable law and subject to implementation of appropriate safeguards.

    Cross-border transfers shall be undertaken in accordance with applicable restrictions under the DPDP Act and applicable governmental notifications.

    17. GRIEVANCE REDRESSAL

    For questions, complaints or requests regarding this Privacy Policy or processing of personal data:

    Grievance Officer

    Name: Mr.Saish Patil

    Email: saish.patil@aer.media

    Complaints shall be handled in accordance with applicable legal timelines.

    18. CHANGES TO THIS PRIVACY POLICY

    We may revise this Privacy Policy from time to time.

    Material changes may be notified through the Application, email or other appropriate channels.

    Continued use of the Application following updates shall constitute acceptance of the revised Privacy Policy.