Overview
Clique ("we," "our," "us") operates the Clique application and website (the "Platform"). We are committed to protecting your personal data and respecting your privacy.
This Privacy Policy applies to all users of the Clique Platform — Guests, Hosts, and visitors. By using the Platform, you consent to the practices described in this Policy.
This Policy is subject to, and must be read alongside, our Terms of Service.
Data We Collect
We collect the following categories of personal data:
- —Mobile phone number (required for OTP-based login)
- —Full name and username
- —Date of birth and gender
- —Profile photo (optional)
- —Email address (optional)
- —City of residence
- —Posts, comments, and likes you create on the Platform
- —Events you view, save, book, or attend
- —Search queries you make
- —Follows, blocks, and social connections
- —Your Cliquescore and engagement history
- —Device type, OS version, and app version
- —IP address and approximate location derived from it
- —Precise GPS location — only when you actively use "Events Near Me" and only with your explicit in-app permission
- —City-level location from your profile (set by you)
- —We do not track your location in the background
- —Booking records (event, date, amount, status)
- —QR pass details (token hash — never the raw token)
- —Payment status and transaction reference IDs from Razorpay
- —We never store your full card number, CVV, or bank credentials — all payment processing is handled by Razorpay
- —Government-issued identity document
- —Event venue address and images
- —Selfie for identity verification (optional)
- —Bank account details for payment settlement
How We Use Your Data
We use your personal data for the following purposes, relying on the legal bases indicated:
- —Contract performance: Processing bookings, issuing QR passes, settling host payments, handling refunds.
- —Legitimate interests: Operating the social feed, detecting fraud, preventing abuse, improving the Platform, sending transactional notifications.
- —Consent: Sending promotional push notifications (you can opt out at any time in Settings), accessing your GPS location for Near Me features.
- —Legal obligation: Retaining payment records and responding to lawful government or court requests.
Data Retention
We retain your personal data only for as long as necessary for the purposes set out in this Policy or as required by law.
- —Account data: retained while your account is active. Deleted within 30 days of account deletion request, subject to legal holds.
- —Payment and booking records: retained for 7 years to comply with Indian financial and tax regulations.
- —Host verification documents: retained for 3 years after the verification decision.
- —Posts and social content: deleted when you delete them, or within 30 days of account deletion.
- —Device and IP logs: retained for 90 days on a rolling basis for security and fraud purposes.
- —Anonymised, aggregated analytics data: retained indefinitely (not linked to you).
Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration.
- —All data in transit is encrypted using TLS 1.2 or higher.
- —Passwords and OTP tokens are never stored in plain text.
- —QR pass tokens are hashed — raw tokens are never stored.
- —Payment data is handled exclusively by Razorpay (PCI-DSS Level 1). We never receive or store card details.
- —Access to production databases is restricted to authorised personnel only, with audit logging.
- —We conduct periodic security reviews and penetration tests.
Your Rights
Under the Digital Personal Data Protection Act 2023 (India) and applicable law, you have the following rights:
- —Right to access: You can request a copy of the personal data we hold about you.
- —Right to correction: You can update or correct inaccurate data directly in the app (Profile → Edit Profile) or by contacting us.
- —Right to erasure: You can delete your account at any time. We will erase your personal data within 30 days, except where retention is required by law.
- —Right to withdraw consent: Where processing is based on consent (e.g., push notifications, GPS), you can withdraw consent at any time in Settings without affecting prior processing.
- —Right to nominate: Under DPDPA 2023, you may nominate another individual to exercise your rights in the event of your death or incapacity.
- —Right to grievance redressal: You may raise a grievance with our Data Protection Officer (DPO) and, if unresolved, with the Data Protection Board of India.
To exercise any of these rights, email us at privacy@clique.app or use the in-app support feature. We will respond within 30 days.
Children's Privacy
If you believe a minor has registered on the Platform, please contact us immediately at privacy@clique.app and we will delete the account and all associated data promptly.
International Transfers
Clique is operated from India. If you access the Platform from outside India, your data may be processed in India or in other countries where our cloud providers operate.
We ensure that any transfer of personal data outside India is made only to countries or recipients that provide adequate levels of data protection, or is subject to appropriate safeguards such as contractual clauses.
DPDPA 2023 Compliance
Clique is committed to compliance with the Digital Personal Data Protection Act, 2023 (India). The following measures are in place:
- —Consent: We obtain explicit, informed consent before collecting personal data, presented in clear language at the point of collection.
- —Purpose limitation: We collect data only for the purposes stated in this Policy and do not process it for incompatible purposes.
- —Data minimisation: We collect only the data necessary for each purpose.
- —Data Principal Rights: We honour all rights of Data Principals (users) under the DPDPA 2023, including access, correction, erasure, grievance redressal, and nomination.
- —Data Fiduciary obligations: As a Data Fiduciary, Clique maintains a record of processing activities and has appointed a Data Protection Officer.
- —Breach notification: In the event of a personal data breach, we will notify the Data Protection Board of India and affected users within the timeframes required by law.
Our Data Protection Officer can be reached at dpo@clique.app.
Policy Changes
We may update this Privacy Policy from time to time. When we make material changes, we will:
- —Update the effective date at the top of this Policy.
- —Send a push notification and/or in-app message to all active users.
- —Where required by law, obtain fresh consent.
Continued use of the Platform after the effective date of a revised Policy constitutes your acceptance of the changes.
Contact Us
If you have questions, concerns, or requests relating to this Privacy Policy or your personal data, please reach out: