Privacy Policy
Version: v1.0
Effective Date: 25th September, 2025
Company: ByteCitadel Pvt. Ltd. (“Company”, “we”, “our”, “us”)
Registered Office: Unjha, Gujarat, India
Correspondence / Grievance Address: Ahmedabad, Gujarat, India
Service: dip – life beyond lectures (“dip”, “App”, “Service”)
Territory: India
This Privacy Policy explains how we collect, use, disclose, transfer, and safeguard your information when you use dip. By using dip, you consent to the practices described here.
1) Who we are & scope
dip is a community app for college students and alumni in India (18+ only). This Policy applies to data collected through our mobile app, website, in-app features, and related services.
2) Information we collect
2.1 Information you provide
Account & profile: mobile phone number (mandatory for registration/authentication), name, email, college/university, graduation status, bio, photos.
Verification artifacts: college email/OTP, student ID or alumni proof (as applicable).
Content: posts/confessions, comments, messages, media you upload.
Support & legal: messages to support, reports/flags, grievance submissions.
Payments (future premium): we do not store card/UPI details; payments are processed by app stores or payment gateways.
2.2 Information collected automatically
Device & app: device model, OS, app version, language, time zone.
Network & logs: IP address, timestamps, headers, diagnostics, crash logs, performance metrics.
Usage: screens viewed, interactions (likes/comments), session duration, referral source, basic attribution.
2.3 Optional device access (permission-based)
Contacts Information:
With your permission, dip may access your phone’s contact list. We store hashed or anonymized identifiers derived from your contacts’ phone numbers to help identify other users on the platform or to enable mentions and notifications. We do not share this information with advertisers or third parties.our address book. Matching may use hashing. You can disable this in OS settings at any time.
Camera/photos: to create posts/confessions or update your profile.
3) How we use your information (purposes)
Provide & operate the Service: account creation, OTP login via mobile number, feeds, messaging, confessions, communities.
Verify eligibility: confirm student/alumni status to preserve college-only integrity.
Safety & moderation: detect, prevent, and respond to spam, fraud, abuse, policy violations, and security incidents.
Improve the product: analytics, diagnostics, performance, research, A/B tests.
Communications: send OTPs and service/security alerts to your registered mobile number and/or email; send important transactional messages and updates.
Legal compliance: respond to lawful requests from courts/government agencies.
Marketing & lead generation: use of (i) aggregate/anonymized analytics and (ii) selected user content/metadata under our ToS license to promote dip (you can opt out of marketing communications — see §10.3).
Contacts: Suggest potential connections and improve friend recommendations. Notify a contact via SMS or in-app, when they are mentioned or tagged in a compliment, feature, or similar action on dip. Support user acquisition (e.g., invite or notification to a tagged non-user), with clear opt-out options during sign up.
We do not sell mobile numbers or personal data to advertisers.
4) Legal bases for processing (DPDP-aligned)
Consent: contact sync, push notifications, marketing SMS/emails/push, certain analytics/SDKs.
Contractual necessity: to provide the Service you request (account + OTP authentication via mobile number; messaging; confessions).
Legitimate interests: product safety, abuse prevention, service improvement, reporting, and operational analytics (balanced against your rights).
Legal obligation: compliance with court/government directions and record retention required by law.
5) Cookies, SDKs & similar technologies
We (and our service providers) use cookies, mobile identifiers, and SDKs (e.g., analytics, crash reporting, messaging) to keep you signed in, remember preferences, measure performance/usage, improve reliability/features, and (if enabled) tailor/measure marketing. You can manage cookies in your browser and control app permissions/ID reset in device settings. Some features may not work without these technologies.
6) Sharing your information
6.1 Processors & partners
We may share your information with:
Service providers (processors): hosting/CDN, cloud storage, analytics, crash reporting, messaging/notifications, OTP/SMS providers, email providers, customer support, fraud prevention, and (if applicable) payment gateways.
Affiliates & partners: within ByteCitadel group or event/feature partners supporting dip’s operations.
Other users: content you share is visible according to audience settings/feature design.
Legal & safety: courts, law enforcement, and government bodies when required by applicable law or lawful order.
Business transfers: in a merger, acquisition, or sale of assets, subject to this Policy’s protections.
We do not sell mobile numbers or personal data.
6.2 Service-initiated sharing (only when you tap “I’m interested”)
We share only the minimum required details with the relevant counterparty after you explicitly tap “I’m interested” in a service flow. Examples:
Flats/Flatmates: your mobile number (so the lister can contact you).
Events: your name (and, if required for entry/RSVP, your mobile number).
Listings/Marketplaces: your name and/or mobile number (exact fields shown on the confirmation screen).
We do not share your data for these services unless you take this action. Your tap is treated as consent for that specific sharing. Before sending, we show a pre-send confirmation naming the recipient and the exact fields to be shared. You can cancel at that screen, and you can email us to revoke consent for future shares.
What’s never shared by default: your address book/contacts, private messages, or other profile data not shown on the confirmation screen.
Record of consent. For safety and auditing, we keep a minimal log of the “I’m interested” action (time, service, fields shared, recipient) for up to 180 days (or longer if legally required).
6.3 Contacts Information
dip does not sell or rent your contact information. Notifications to non-users are sent through our verified communication partners (SMS, email, or WhatsApp) only when initiated by an existing user and in compliance with applicable laws. Recipients can choose to stop receiving such notifications at any time.
7) International data transfers
Your information may be processed on servers and by service providers located outside India. Where we transfer data internationally, we apply contractual and organizational safeguards designed to protect your information consistent with this Policy and applicable law.
8) Data retention
We keep personal data only as long as needed for the purposes in §3 or as required by law.
Account data (including your mobile number): retained for the life of your account. If you delete your account, we remove data from user view immediately and erase from active systems within 30 days; limited backups or legal/operational logs may persist for up to 180 days (or longer if legally required).
Logs/diagnostics: typically 90–180 days (longer where required for security or legal obligations).
Legal holds: if necessary to comply with a legal obligation, resolve disputes, or enforce agreements.
For deleting data: Data deletion page
9) Your rights (DPDP 2023)
Subject to applicable law, you can:
Access personal data we hold about you.
Correct inaccurate or incomplete data (including your mobile number).
Delete your account and personal data (with legal/backup exceptions, see §8).
Withdraw consent for optional processing (e.g., contact sync, marketing SMS/push/emails).
Data portability (where technically feasible and required by law).
Grievance redressal (see §12).
How to exercise: see §12 (Contact & Grievance). We will acknowledge grievances within 72 hours and address them within timelines mandated by law.
10) Your choices & controls
10.1 Permissions & device settings
Contacts / Camera / Photos: enable/disable in your device OS at any time.
Push notifications: configure in OS settings.
Advertising ID: reset and limit ad tracking in device settings.
10.2 Audience & visibility
Choose your post visibility where a feature allows (friends, campus, public). Confessions have special rules to prevent naming/identifying private individuals.
10.3 Marketing preferences
Email/SMS/push marketing: opt out via settings or by emailing support@dipapp.in.
We comply with Indian anti-spam/telecom rules (e.g., TRAI DND). OTP and essential service/security SMS may still be sent to your registered mobile number.
You can also request deletion of all contact-derived data associated with your account by contacting our support at support@dipapp.in
11) Security
We implement technical and organizational measures designed to protect your data, including: encryption in transit (TLS) and at rest (where applicable), access controls/least-privilege policies, audit logging and network protections, and periodic security reviews/vendor due diligence. No method is 100% secure. If we become aware of a security incident that affects your data, we will act in accordance with applicable law and CERT-In advisories, and notify you and/or regulators where required.
12) Contact, requests & grievances
Grievance Officer: Darsh Patel
Email (all requests & queries): support@dipapp.in
Postal Address (for grievances & notices): Ahmedabad, Gujarat, India
Registered Office: Unjha, Gujarat, India
Data requests: Access/Correction/Deletion/Consent withdrawal → email support@dipapp.in from your registered email and describe your request. We may use your registered mobile number for secure verification.
Grievances: We acknowledge within 72 hours and address within the legally prescribed period.
Identity verification: We may request reasonable information to verify your identity before acting on requests.
13) Children’s privacy
dip is strictly 18+. We do not knowingly collect data from minors. If we learn that a minor has registered, we will terminate the account and delete related data.
14) Third-party links & integrations
The Service may link to third-party websites, apps, or services (e.g., payment gateways, event tools). Their processing of your data is governed by their privacy policies. We are not responsible for their practices.
15) Whatsapp Usage
Collection of Phone Numbers
When you sign up or log in using WhatsApp OTP, we collect your phone number to verify your identity.
Use of Phone Numbers
Your phone number is used solely for account verification and essential app communication (e.g., security alerts, login notifications).
With your consent, we may also use your WhatsApp number to share new features of the app or events happening around your college.
OTP Data
We do not store OTP codes. They are generated dynamically and expire immediately after use.
Sharing with WhatsApp (Meta)
OTP messages are delivered through the WhatsApp Cloud API provided by Meta Platforms. Meta processes these messages solely for delivery purposes.
Retention
Your phone number is retained only as long as your dip account is active. If you delete your account, your phone number is permanently erased.
16) Changes to this Policy
We may update this Policy from time to time. Material changes will be notified in-app and/or by email. Your continued use of dip after the effective date constitutes acceptance of the updated Policy.
NOTE: dip complies with the Digital Personal Data Protection Act, 2023 (India) and relevant platform policies (Google Play & App Store). Data access permissions are requested and processed transparently and solely for enhancing the user experience.
Privacy Policy
Version: v1.0
Effective Date: 25th September, 2025
Company: ByteCitadel Pvt. Ltd. (“Company”, “we”, “our”, “us”)
Registered Office: Unjha, Gujarat, India
Correspondence / Grievance Address: Ahmedabad, Gujarat, India
Service: dip – life beyond lectures (“dip”, “App”, “Service”)
Territory: India
This Privacy Policy explains how we collect, use, disclose, transfer, and safeguard your information when you use dip. By using dip, you consent to the practices described here.
1) Who we are & scope
dip is a community app for college students and alumni in India (18+ only). This Policy applies to data collected through our mobile app, website, in-app features, and related services.
2) Information we collect
2.1 Information you provide
Account & profile: mobile phone number (mandatory for registration/authentication), name, email, college/university, graduation status, bio, photos.
Verification artifacts: college email/OTP, student ID or alumni proof (as applicable).
Content: posts/confessions, comments, messages, media you upload.
Support & legal: messages to support, reports/flags, grievance submissions.
Payments (future premium): we do not store card/UPI details; payments are processed by app stores or payment gateways.
2.2 Information collected automatically
Device & app: device model, OS, app version, language, time zone.
Network & logs: IP address, timestamps, headers, diagnostics, crash logs, performance metrics.
Usage: screens viewed, interactions (likes/comments), session duration, referral source, basic attribution.
2.3 Optional device access (permission-based)
Contacts Information:
With your permission, dip may access your phone’s contact list. We store hashed or anonymized identifiers derived from your contacts’ phone numbers to help identify other users on the platform or to enable mentions and notifications. We do not share this information with advertisers or third parties.our address book. Matching may use hashing. You can disable this in OS settings at any time.
Camera/photos: to create posts/confessions or update your profile.
3) How we use your information (purposes)
Provide & operate the Service: account creation, OTP login via mobile number, feeds, messaging, confessions, communities.
Verify eligibility: confirm student/alumni status to preserve college-only integrity.
Safety & moderation: detect, prevent, and respond to spam, fraud, abuse, policy violations, and security incidents.
Improve the product: analytics, diagnostics, performance, research, A/B tests.
Communications: send OTPs and service/security alerts to your registered mobile number and/or email; send important transactional messages and updates.
Legal compliance: respond to lawful requests from courts/government agencies.
Marketing & lead generation: use of (i) aggregate/anonymized analytics and (ii) selected user content/metadata under our ToS license to promote dip (you can opt out of marketing communications — see §10.3).
Contacts: Suggest potential connections and improve friend recommendations. Notify a contact via SMS or in-app, when they are mentioned or tagged in a compliment, feature, or similar action on dip. Support user acquisition (e.g., invite or notification to a tagged non-user), with clear opt-out options during sign up.
We do not sell mobile numbers or personal data to advertisers.
4) Legal bases for processing (DPDP-aligned)
Consent: contact sync, push notifications, marketing SMS/emails/push, certain analytics/SDKs.
Contractual necessity: to provide the Service you request (account + OTP authentication via mobile number; messaging; confessions).
Legitimate interests: product safety, abuse prevention, service improvement, reporting, and operational analytics (balanced against your rights).
Legal obligation: compliance with court/government directions and record retention required by law.
5) Cookies, SDKs & similar technologies
We (and our service providers) use cookies, mobile identifiers, and SDKs (e.g., analytics, crash reporting, messaging) to keep you signed in, remember preferences, measure performance/usage, improve reliability/features, and (if enabled) tailor/measure marketing. You can manage cookies in your browser and control app permissions/ID reset in device settings. Some features may not work without these technologies.
6) Sharing your information
6.1 Processors & partners
We may share your information with:
Service providers (processors): hosting/CDN, cloud storage, analytics, crash reporting, messaging/notifications, OTP/SMS providers, email providers, customer support, fraud prevention, and (if applicable) payment gateways.
Affiliates & partners: within ByteCitadel group or event/feature partners supporting dip’s operations.
Other users: content you share is visible according to audience settings/feature design.
Legal & safety: courts, law enforcement, and government bodies when required by applicable law or lawful order.
Business transfers: in a merger, acquisition, or sale of assets, subject to this Policy’s protections.
We do not sell mobile numbers or personal data.
6.2 Service-initiated sharing (only when you tap “I’m interested”)
We share only the minimum required details with the relevant counterparty after you explicitly tap “I’m interested” in a service flow. Examples:
Flats/Flatmates: your mobile number (so the lister can contact you).
Events: your name (and, if required for entry/RSVP, your mobile number).
Listings/Marketplaces: your name and/or mobile number (exact fields shown on the confirmation screen).
We do not share your data for these services unless you take this action. Your tap is treated as consent for that specific sharing. Before sending, we show a pre-send confirmation naming the recipient and the exact fields to be shared. You can cancel at that screen, and you can email us to revoke consent for future shares.
What’s never shared by default: your address book/contacts, private messages, or other profile data not shown on the confirmation screen.
Record of consent. For safety and auditing, we keep a minimal log of the “I’m interested” action (time, service, fields shared, recipient) for up to 180 days (or longer if legally required).
6.3 Contacts Information
dip does not sell or rent your contact information. Notifications to non-users are sent through our verified communication partners (SMS, email, or WhatsApp) only when initiated by an existing user and in compliance with applicable laws. Recipients can choose to stop receiving such notifications at any time.
7) International data transfers
Your information may be processed on servers and by service providers located outside India. Where we transfer data internationally, we apply contractual and organizational safeguards designed to protect your information consistent with this Policy and applicable law.
8) Data retention
We keep personal data only as long as needed for the purposes in §3 or as required by law.
Account data (including your mobile number): retained for the life of your account. If you delete your account, we remove data from user view immediately and erase from active systems within 30 days; limited backups or legal/operational logs may persist for up to 180 days (or longer if legally required).
Logs/diagnostics: typically 90–180 days (longer where required for security or legal obligations).
Legal holds: if necessary to comply with a legal obligation, resolve disputes, or enforce agreements.
9) Your rights (DPDP 2023)
Subject to applicable law, you can:
Access personal data we hold about you.
Correct inaccurate or incomplete data (including your mobile number).
Delete your account and personal data (with legal/backup exceptions, see §8).
Withdraw consent for optional processing (e.g., contact sync, marketing SMS/push/emails).
Data portability (where technically feasible and required by law).
Grievance redressal (see §12).
How to exercise: see §12 (Contact & Grievance). We will acknowledge grievances within 72 hours and address them within timelines mandated by law.
10) Your choices & controls
10.1 Permissions & device settings
Contacts / Camera / Photos: enable/disable in your device OS at any time.
Push notifications: configure in OS settings.
Advertising ID: reset and limit ad tracking in device settings.
10.2 Audience & visibility
Choose your post visibility where a feature allows (friends, campus, public). Confessions have special rules to prevent naming/identifying private individuals.
10.3 Marketing preferences
Email/SMS/push marketing: opt out via unsubscribe links, in-app settings, or by emailing support@dipapp.in.
We comply with Indian anti-spam/telecom rules (e.g., TRAI DND). OTP and essential service/security SMS may still be sent to your registered mobile number.
You can also request deletion of all contact-derived data associated with your account by contacting our support at support@dipapp.in
11) Security
We implement technical and organizational measures designed to protect your data, including: encryption in transit (TLS) and at rest (where applicable), access controls/least-privilege policies, audit logging and network protections, and periodic security reviews/vendor due diligence. No method is 100% secure. If we become aware of a security incident that affects your data, we will act in accordance with applicable law and CERT-In advisories, and notify you and/or regulators where required.
12) Contact, requests & grievances
Grievance Officer: Darsh Patel
Email (all requests & queries): support@dipapp.in
Postal Address (for grievances & notices): Ahmedabad, Gujarat, India
Registered Office: Unjha, Gujarat, India
Data requests: Access/Correction/Deletion/Consent withdrawal → email support@dipapp.in from your registered email and describe your request. We may use your registered mobile number for secure verification.
Grievances: We acknowledge within 72 hours and address within the legally prescribed period.
Identity verification: We may request reasonable information to verify your identity before acting on requests.
For deleting data: Data deletion page
13) Children’s privacy
dip is strictly 18+. We do not knowingly collect data from minors. If we learn that a minor has registered, we will terminate the account and delete related data.
14) Third-party links & integrations
The Service may link to third-party websites, apps, or services (e.g., payment gateways, event tools). Their processing of your data is governed by their privacy policies. We are not responsible for their practices.