Privacy Policy
Version 1.0 · Effective April 13, 2026 · DPDP Act 2023 Compliant
We do not sell personal data. We do not show ads. Partners never see your PAN or UPI.
Data Protection Officer: dpo@hangon.live
Data Protection Officer: dpo@hangon.live
1. Who We Are and Who This Covers
HangOn Interactive Private Limited is the Data Fiduciary under the DPDP Act 2023. This policy applies to all Users of any HangOn feature: tournaments, discovery, chat, feed, voice rooms, venue booking, and rewards.
2. What Data We Collect and Why
2.1 Account and Identity
| Data | Why We Collect It | Legal Basis |
|---|---|---|
| Mobile phone number | Account login, OTP verification | Contract |
| Display name | Profile display across all features | Contract |
| Date of birth | Age verification, minor account detection | Legal obligation |
| Profile photo | Discovery, social feed identity | Consent |
| City / location | Local tournament and venue discovery | Consent |
| Guardian phone + PAN + UPI (minor accounts) | Financial compliance for minors | Legal obligation |
2.2 Gaming Profile
| Data | Why | Legal Basis |
|---|---|---|
| In-game names (IGNs) | Tournament registration, profile display | Contract |
| Game player IDs | Tournament verification | Contract |
| Game ranks and stats | Profile display, matchmaking | Consent |
| Gaming platform (Mobile/PC) | Tournament filtering | Contract |
| Playstyle preferences | Discovery matching | Consent |
2.3 Tournament Financial Data
| Data | Why | Shared With | Legal Basis |
|---|---|---|---|
| PAN number | TDS deduction + Form 16A | Income Tax Dept. | Legal obligation |
| UPI ID | Prize payout disbursement | Razorpay only | Contract |
| Entry fee payment ID | Refund processing | Razorpay only | Contract |
| Net winnings per FY | Annual TDS reconciliation | Income Tax Dept. | Legal obligation |
2.4 Partner Financial Data (Partners Only)
| Data | Why | Shared With |
|---|---|---|
| Business name + address | Partner profile, KYC | Not shared |
| PAN / GST number | Tax compliance, KYC | Tax authorities if required |
| Bank account + IFSC | Earnings settlement | Razorpay only |
| Tournament history and earnings | Settlement, analytics | Not shared |
2.5 Social and Communication Data
| Data | Why | Who Can See It |
|---|---|---|
| Social feed posts and media | Feed display | Based on your privacy settings |
| Chat messages | Messaging service | Only the parties in the conversation |
| Voice room participation | Service delivery | Other room participants (live only) |
| Connections / matches | Discovery feature | Only you and the connected user |
| Blocked users list | Safety feature | Only you |
| Reports submitted | Safety and moderation | HangOn safety team only |
2.6 Venue Booking Data
| Data | Why | Shared With |
|---|---|---|
| Booking date/time/venue | Booking confirmation | The booked venue (Partner) |
| Payment for booking | Transaction processing | Razorpay only |
| Booking history | Refund processing, records | Not shared |
2.7 Automatically Collected Data
| Data | Why | Legal Basis |
|---|---|---|
| Device fingerprint (hashed) | Multi-account fraud detection | Legitimate interest |
| IP address | Geographic restriction enforcement | Legal obligation |
| City-level GPS (if permitted) | Local discovery, venue proximity | Consent |
| App version and OS | Bug fixes, compatibility | Legitimate interest |
| Session and usage data | Feature improvement | Legitimate interest |
| Push notification token | Transactional notifications | Contract |
| Crash reports | Stability improvements | Legitimate interest |
3. What We Do NOT Collect
- •Full bank account credentials, card numbers, or net banking passwords
- •Your camera, microphone, or contacts without explicit in-app permission
- •Your location continuously — location is read only when you open the app
- •Data from minors under 13 under any circumstances
4. Data Sharing
4.1 Third-Party Service Providers
| Provider | What They Receive | Purpose | Their Policy |
|---|---|---|---|
| Razorpay | Payment IDs, UPI IDs, bank details | Payment collection + payout | razorpay.com/privacy |
| Cloudflare R2 | Screenshots, profile photos, KYC docs | Secure file storage | cloudflare.com/privacypolicy |
| Expo / Firebase | Push notification tokens only | Notifications | expo.dev/privacy |
| MSG91 / Twilio | Phone number + OTP message | OTP verification | Provider privacy policy |
4.2 Legal Disclosures
We share data with government and law enforcement authorities when: required by a valid court order or warrant, required by law (e.g. quarterly TDS filings with Income Tax Department), or in cases involving imminent threat to life or CSAM. We will attempt to notify you of legal requests unless prohibited by law.
4.3 What We Never Share
- •Your PAN, UPI ID, or bank details with any Partner, other Gamer, or advertiser
- •Your private chat messages with any third party except pursuant to a valid legal order
- •Your personal data with advertisers — HangOn does not run ad-based monetisation
- •Your contact details (phone number, email) with other users through any Platform feature
5. Data Retention
| Data Category | Retention Period | Reason |
|---|---|---|
| Account and profile data | 5 years after account deletion | Legal disputes, audit |
| Tournament and result records | 7 years | Financial record requirement |
| TDS ledger and PAN data | 8 years | Income Tax Act obligation |
| Payment transaction records | 7 years | GST and financial audit |
| Chat messages | 12 months, then permanently deleted | Service delivery |
| Social feed posts | Until you delete them + 30 days | Cached copies |
| Tournament screenshots | 90 days post-tournament | Dispute resolution |
| Device fingerprints | 2 years from last active session | Fraud prevention |
| Fraud signals and logs | 3 years | Pattern detection |
| Venue booking records | 3 years | Dispute and audit |
| Push notification tokens | Until account deletion | Service delivery |
| Voice room data | Not recorded — no retention | N/A |
6. Your Rights under DPDP Act 2023
Right to access
Request a summary of personal data we hold about you and how it is used
Right to correction
Request correction of inaccurate or incomplete data
Right to erasure
Request deletion of your data, subject to legal retention obligations
Right to withdraw consent
Withdraw consent where processing is consent-based (may affect feature access)
Right to nominate
Nominate a person to exercise your rights in case of death or incapacity
Right to grievance
Lodge a complaint with our DPO or the Data Protection Board of India
Exercise your rights by contacting dpo@hangon.live. We respond within 30 days. We may require identity verification before processing a request.
7. Permissions the App Requests
| Permission | Why Needed | When Requested | Can You Decline? |
|---|---|---|---|
| Camera | Profile photo, screenshot upload | When you choose to upload | Yes — use gallery instead |
| Photo Library | Screenshot upload for verification | When submitting match proof | Yes — disqualifies from payout |
| Microphone | Voice rooms | When you join a voice room | Yes — listen-only mode |
| Location (approximate) | Local tournament/venue discovery | When you open discovery | Yes — city selection manually |
| Notifications | Tournament updates, creds, payouts | At onboarding | Yes — use app manually |
| Contacts | Not requested | Never | N/A |
8. Data Security
- •All data in transit: TLS 1.3 encryption
- •PAN, UPI IDs, bank details: AES-256 encryption at rest
- •Screenshots and KYC docs: stored in Cloudflare R2 with signed URL access — not publicly accessible
- •Access to financial data: restricted to named HangOn personnel on need-to-know basis
- •Admin accounts: 2FA mandatory
- •Data breach notification: within 72 hours of discovery to affected users and the Data Protection Board
9. Cookies and Tracking
The HangOn mobile app does not use browser cookies. The HangOn website uses essential session cookies only for authentication. No advertising, analytics, or third-party tracking cookies are used on any HangOn surface. HangOn does not use pixel tracking or fingerprinting technologies on the website beyond what is described in Section 2.7.
10. Children's Privacy
HangOn does not knowingly collect personal data from users under 13. For users aged 13–17, data processing is conducted under Guardian consent. Guardian data is processed only for the purpose of enabling the minor's account and financial transactions. For full minor data protection details see the Child Safety Policy.
11. Contact
Data Protection Officer (DPDP Act)
dpo@hangon.liveGrievance Officer
grievance@hangon.livePrivacy Queries
privacy@hangon.liveData Protection Board of India
www.meity.gov.inHangOn Interactive Private Limited, Delhi, India · hangon.live