1. Who We Are
Bharat Mechanics (the "Platform") is an Indian automotive parts and mechanic-services marketplace accessible via web and Android application. This Privacy Policy applies to all users — customers, mechanics and shop partners — and covers data processed within India.
2. Information We Collect
a) You provide directly
- Full name, mobile number, email, password (hashed).
- Vehicle details — type, brand, model, RC number (for service bookings).
- KYC documents — Aadhaar / PAN / DL / GSTIN etc. as applicable.
- Delivery & service addresses, landmarks, pincode.
- Content you upload — vehicle photos, damage photos, feedback, reviews.
- Voice recordings (only when you explicitly use AI Voice Booking).
b) Collected automatically
- Device information — model, OS version, unique device identifier, language.
- App usage analytics — screens visited, taps, crash logs, performance metrics.
- IP address, network type, approximate location from IP.
- Precise GPS location (only when the app is open or with your explicit background-location consent, for live tracking of a mechanic visit).
- Cookies & similar technologies on the website (see Cookies section).
c) From third parties
- Payment status & transaction ID from the payment gateway (e.g. Razorpay).
- Map & reverse-geocoding data from map providers (e.g. OpenStreetMap / Google Maps).
- SMS delivery status from SMS gateway (for OTPs and transactional alerts).
We do NOT collect:
- Your full card number or CVV — handled entirely by the PCI-DSS compliant payment gateway.
- The content of your personal SMS, call logs, contacts list, or any unrelated files / media.
3. Android / Play Store Permissions
The Bharat Mechanics Android app requests only those permissions that are genuinely needed to deliver a feature you have asked for. You may revoke any permission at any time from your device settings — some features will then stop working.
| Permission | Why we ask | Required? |
|---|---|---|
| Location — Approximate & Precise (foreground) | To detect your current location when you tap "Use current location", to show nearby mechanics / shops, to calculate service ETA and distance, and to help you attach an accurate pickup / service address. | Required |
| Location — Background | Requested only if you enable live mechanic tracking for an ongoing service, or SOS roadside assistance. Used solely while that service is active; you can stop at any time. | Optional |
| Camera | To let you capture and upload photos of your vehicle, damage, invoices or KYC documents directly during a service request. No silent or background capture is performed. | Required |
| Photos & Media / Storage (READ_MEDIA_IMAGES) | To let you attach existing images from your gallery when creating a booking or submitting feedback, and to save downloaded invoices. | Required |
| Microphone | Only used for the AI Voice Booking feature — we record audio only when you tap the microphone button and stop as soon as you tap stop. | Required |
| Phone (Call) | To open your dialler with the mechanic's number when you tap "Call Mechanic". We never auto-dial. | Optional |
| Notifications | To send booking updates, payment confirmations, order status, promotions (you can opt-out), and emergency SOS acknowledgements. | Required |
| SMS (SMS Retriever API) | Used only to automatically read the 6-digit OTP we send you during login, so you do not need to switch apps. We do not read any other SMS. We do not request READ_SMS. | Required |
| Internet & Network State | Core connectivity — to communicate with our servers and adapt content to your network speed. | Required |
| Post-Install Receiver / Foreground Service | Used for live-tracking foreground service during an active roadside / SOS assistance request, with a persistent notification so you always know tracking is running. | Required |
In compliance with Google Play's User Data, Permissions and Families policies, we clearly disclose the above permissions in the app's Play Store listing under "Data safety" and request runtime consent before accessing any sensitive data.
4. How We Use Your Data
- To create and authenticate your account.
- To match you with suitable mechanics / shops and fulfil your orders and service requests.
- To process payments, issue invoices, and manage wallet / rewards / referrals.
- To provide customer support and resolve disputes.
- To send transactional and promotional communications (promotional can be opted-out).
- To improve our services — aggregate analytics, fraud detection, safety, and model training (where applicable, on anonymised data only).
- To comply with legal, tax, regulatory and government obligations within India.
5. Sharing Your Data
We share only the minimum data needed, and only with:
- Assigned mechanics / shop partners — your name, mobile, service address and issue description, to deliver the service you booked.
- Payment gateways — transaction amount, order ID, and basic customer details, to process payments and refunds.
- Logistics / courier partners — for delivery of physical parts you order.
- SMS, email and push-notification providers — to deliver messages you have subscribed to.
- Analytics & crash-reporting services — on an anonymised / aggregated basis wherever possible.
- Law-enforcement agencies — where required by law, pursuant to a valid written notice / court order under Indian law.
We never sell your personal data to advertisers or data brokers.
6. Data Retention
We retain your data only as long as required to provide the service, for as long as your account is active, or as mandated by Indian law (e.g. GST records are kept for at least 8 years under the CGST Act, 2017). Inactive accounts may be anonymised after a defined retention period.
7. Security
We use HTTPS (TLS 1.2+) for all traffic, bcrypt-hashed passwords, JWT-based authentication, role-based access control for employees, encrypted backups, and regular security reviews. Payments are handled on PCI-DSS compliant gateways — card data never touches our servers.
In the unlikely event of a data breach affecting your personal data, we will notify you and the Data Protection Board of India within the timelines prescribed under the DPDPA, 2023.
8. Your Rights under DPDPA 2023
- Right to access — obtain a summary of personal data we hold about you.
- Right to correction & erasure — ask us to correct inaccurate data or delete data that is no longer needed.
- Right to withdraw consent — withdraw any consent you previously gave (for example, marketing emails or background location).
- Right to nominate — nominate another person to exercise your rights in the event of death or incapacity.
- Right to grievance redressal — reach our Grievance Officer (below) free of cost.
Most rights can be exercised directly from your profile settings. For others, write to our Grievance Officer.
9. Cookies & Similar Technologies (Web)
The website uses a limited number of strictly-necessary cookies (authentication, cart) and optional analytics cookies. You can clear cookies from your browser settings at any time.
10. Children's Data
Bharat Mechanics is not intended for children under 18 years of age. We do not knowingly collect data from minors. If you believe a minor has created an account, please contact the Grievance Officer and we will remove the account promptly.
11. Grievance Officer
In accordance with Rule 3(11) of the IT (Intermediary Guidelines) Rules, 2021 and Section 10 of the DPDPA, 2023, the details of the Grievance Officer are:
Name: Grievance Officer, Bharat Mechanics
Email: grievance@bharatmechanics.in
Support: support@bharatmechanics.in
Phone: +91 1800-123-4567 (Mon–Sat, 9 AM – 7 PM IST)
Response time: Acknowledgement within 24 hours, resolution within 15 days.
12. Updates to this Policy
We may update this Privacy Policy from time to time. The "Last updated" date reflects the latest version. Material changes will be notified via email or in-app notification.