Spinvic

Privacy Policy

Last updated: 11 April 2026

This Privacy Policy describes how Spinvic Private Limited ("Spinvic", "we", "us", or "our") collects, uses, stores, discloses, and protects personal data when you use our website, mobile applications, and related services (collectively, the "Platform"). We are committed to protecting your privacy in accordance with the Information Technology Act, 2000 ("IT Act"), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), and the Digital Personal Data Protection Act, 2023 ("DPDP Act") of India, as applicable.

By using the Platform, you acknowledge that you have read and understood this Policy. If you do not agree, please do not use the Platform. For tournament-specific processing, please also read our Tournament Terms & Conditions.

1. Data fiduciary and scope

Spinvic Private Limited acts as the Data Fiduciary for personal data processed through the Platform in India, unless stated otherwise for a specific program. This Policy applies to visitors, registered users, academy leads, tournament participants, coaches, and partners who interact with us online.

2. Categories of personal data we collect

Depending on how you use the Platform, we may collect:

  • Identity and profile: name, age or date of birth (where collected for eligibility), gender (if voluntarily provided), photographs or images you upload (including team logos and profile pictures), and similar profile content.
  • Contact data: email address, phone number, WhatsApp number, and messaging identifiers used to reach you.
  • Government identifiers: Aadhaar or other KYC identifiers only where permitted by law and strictly necessary for a stated purpose (for example, regulated payments, subsidies, or official verification). We do not collect Aadhaar unless a specific product flow requires it and you are informed at the point of collection.
  • Location and geography: district, local body, academy location, or event venue selections you provide.
  • Transaction and program data: registrations, enrolments, orders, communications with support, and preferences.
  • Technical and usage data: IP address, device type, browser, pages viewed, approximate region derived from IP, cookies, and similar technologies (see Cookie Policy below).

3. Purposes of processing

We process personal data for lawful purposes including:

  • Providing, operating, and improving the Platform, academies, events, and tournaments.
  • Processing registrations, payments, waitlists, and customer support.
  • Sending service messages, confirmations, and (where permitted) marketing communications.
  • Safety, fraud prevention, security monitoring, and enforcing our terms.
  • Compliance with legal obligations, court orders, and regulatory requests.
  • Analytics in aggregated or de-identified form where appropriate.

We process personal data based on your consent (where required under the DPDP Act), performance of a contract, compliance with law, and legitimate interests that are not overridden by your rights.

4. Cookies and similar technologies

We use cookies and similar technologies to maintain sessions, remember preferences, measure traffic, and improve user experience. You can control cookies through your browser settings; disabling certain cookies may limit some features. Where required, we will obtain consent before using non-essential cookies.

5. Disclosure and third-party processors

We may share personal data with trusted service providers who process data on our instructions and under appropriate agreements, including:

  • Razorpay (or other payment partners) for payment processing, refunds, and reconciliation.
  • AiSensy (or similar WhatsApp Business API providers) for sending transactional or service-related WhatsApp notifications you have opted into or that are necessary to deliver the service.
  • CricHeroes (or comparable sports-tech partners) where you choose to connect or sync player profiles, stats, or identity through integrations offered on the Platform.
  • Cloud hosting, email delivery, analytics, customer support tools, and professional advisers, as needed.

We do not sell your personal data. Third parties process data under their own policies for portions of the service they directly control (for example, payment pages hosted by Razorpay); we encourage you to review their privacy notices.

6. Storage, transfers, and security

Personal data may be stored on servers located in India and, where necessary for legitimate operations, in other jurisdictions with appropriate safeguards as permitted under applicable law. We implement reasonable technical and organisational measures—including access controls, encryption in transit where appropriate, secure development practices, and vendor assessments—to protect personal data against unauthorised access, loss, or alteration. No method of transmission over the Internet is completely secure; we cannot guarantee absolute security.

7. Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Policy, including legal, accounting, and reporting requirements. Typical retention includes: active account and relationship period; a further period after closure of your account or last interaction (for example, up to three (3) years unless a longer period is required by law or for pending disputes); and longer retention where mandated for tax, payments, or regulatory records. When retention ends, we delete or anonymise data in line with our internal schedules.

8. Your rights (DPDP Act and applicable law)

Subject to applicable conditions and exemptions, you may have the right to:

  • Obtain confirmation of processing and a meaningful overview of personal data we hold about you.
  • Request correction of inaccurate or incomplete personal data.
  • Request completion of incomplete personal data.
  • Request erasure or restriction of processing where grounds under law apply.
  • Withdraw consent where processing is consent-based, without affecting the lawfulness of prior processing.
  • Nominate another individual to exercise rights on your behalf in case of death or incapacity, as prescribed.
  • Grievance redressal and appeal through the mechanisms described below.

We may need to verify your identity before responding. Some requests may be limited where they affect others' rights, trade secrets, or legal obligations.

9. Children

Our services may be accessed by minors only with verifiable parental or guardian consent where required by law. We do not knowingly collect personal data from children below the permissible age without appropriate consent. If you believe we have collected such data in error, contact us and we will take appropriate steps.

10. Grievance officer / Data protection contact

For questions, requests, or complaints regarding this Policy or your personal data, please contact our Grievance Officer / Data Protection contact:

We will endeavour to acknowledge and address grievances within timelines prescribed under applicable law. You may also have the right to escalate to the Data Protection Board of India once operational under the DPDP Act, as applicable.

11. Updates to this Policy

We may update this Privacy Policy from time to time. The revised version will be posted on this page with an updated effective date. Where changes are material and consent is required, we will obtain consent in the manner prescribed by law.

12. Disclaimer

This document is provided for transparency and compliance purposes and does not constitute legal advice. Statutory references are included for user information and may be amended by future legislation or rules.