Privacy Policy

1. Who we are

Zapplr Media Private Limited is a company incorporated in India and headquartered in Kochi, Kerala, with regional presence across Bangalore, Chennai, Hyderabad, and Trivandrum. We operate a full-service influencer-marketing agency, connecting brands with creators across Kerala, Tamil Nadu, Karnataka, Andhra Pradesh, and Telangana.

For the purposes of the Digital Personal Data Protection Act, 2023 (the “DPDP Act”) and applicable rules under the Information Technology Act, 2000, Zapplr Media is the Data Fiduciary (controller) for personal information collected through the Site and the Services.

2. Information we collect

We collect personal information directly from you, automatically when you interact with the Site, and from third parties (such as social platforms) when you engage with our campaigns.

Information you provide to us

• Contact details (name, email address, phone number, company name, designation)
• Onboarding details (creator handles, payment details for creator payouts, bank/UPI information processed via third-party payment partners)
• Project or campaign information (briefs, deliverables, performance KPIs, content drafts and approvals)
• Communications with our team (emails, WhatsApp messages, contact-form submissions, meeting notes)
• Marketing preferences and survey or feedback responses

Information we collect automatically

• Device and connection data (IP address, browser type and version, device identifier, operating system)
• Site usage data (pages viewed, referring URL, time spent, clicks, approximate location derived from IP)
• Tracking technologies — see our Cookie Policy

Information from third parties

• Publicly available creator data and audience metrics from platforms such as Instagram, YouTube, Facebook, X, and LinkedIn
• Aggregated analytics and attribution data from our measurement partners
• Information shared by brand or creator clients to enable a campaign

We do not knowingly collect sensitive personal data (such as financial passwords, biometric data, or government-issued identification numbers) through the Site. Where collection of such information is necessary to deliver a Service, we will request it through a secure channel and with your explicit consent.

3. How we use your information

• Respond to enquiries and provide quotes
• Onboard and manage brand and creator engagements, including content production, campaign execution, and reporting
• Pay creators and reconcile invoices through authorised payment partners
• Operate, maintain, secure, and improve the Site and our Services
• Communicate updates, service notifications, and (where you have opted in) marketing material
• Comply with legal, regulatory, tax, and contractual obligations
• Detect, prevent, and respond to fraud, abuse, or security incidents
• Establish, exercise, or defend legal claims

4. Legal basis for processing

• Consent — for marketing communications, optional tracking technologies, and any processing of sensitive personal data
• Performance of a contract — to deliver Services you or your organisation has engaged us for
• Legitimate uses recognised by law — such as compliance with legal obligations, responding to medical or public-safety emergencies, or employment-related processing
• Legal obligation — to comply with tax, audit, and law-enforcement requirements

Where consent is the basis, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

5. How we share information

We do not sell your personal information. We share it only with:

• Service providers and processors — for example cloud hosting, email delivery, CRM, analytics, payment processing, accounting, and IT support partners, each bound by confidentiality and data-protection terms
• Brand and creator counterparties — limited information required to execute a campaign you are part of
• Professional advisers — lawyers, auditors, and bankers, where required
• Authorities — when disclosure is required by law, regulation, court order, or to protect our rights, safety, or property
• Successors — in connection with a merger, acquisition, restructuring, or sale of assets, with appropriate safeguards

6. International transfers

Some of our service providers may process data outside India. Where this happens, we transfer data only to jurisdictions not restricted by the Central Government under the DPDP Act, and we put appropriate contractual safeguards in place.

7. How long we keep your information

• Enquiry and contact-form data: up to 24 months from last contact
• Campaign and engagement records: for the duration of the engagement plus seven years (statutory retention)
• Website analytics: up to 26 months in aggregated form
• Marketing-consent records: until you withdraw consent, plus a reasonable record-keeping period

When retention is no longer required, we securely delete or anonymise the information.

8. Your rights

Subject to applicable law (including the DPDP Act), you have the right to:

• Access a summary of the personal data we process about you
• Request correction, completion, or updating of inaccurate or outdated data
• Request erasure of personal data where retention is no longer necessary
• Withdraw consent that you previously gave
• Nominate another individual to exercise your rights in the event of your death or incapacity
• Lodge a grievance with our Grievance Officer and, if unresolved, with the Data Protection Board of India

To exercise these rights, email privacy@zapplrmedia.com. We may need to verify your identity before acting on your request.

9. Security

We maintain reasonable security practices and procedures consistent with Rule 8 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 and the DPDP Act. These include access controls, encryption in transit, vendor due diligence, and staff training. No system is perfectly secure; if we become aware of a personal-data breach affecting you, we will notify you and the Data Protection Board of India as required by law.

10. Children

The Site and Services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, contact us and we will delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page indicates when it was most recently revised. Material changes will be highlighted on the Site or communicated to you directly where appropriate.

12. Contact us

For any questions, requests, or grievances regarding this Privacy Policy or our handling of your personal data, contact our Grievance Officer:

We aim to acknowledge grievances within 72 hours and resolve them within the timeframes prescribed by the DPDP Act and the IT Rules.