This launch draft is written for an India-based community product and anticipates the staged commencement of the Digital Personal Data Protection Act, 2023 and Rules, 2025. It must be reviewed against Club 60’s final company details, vendors and data flows before public launch.
1. Who this policy applies to
This policy applies when you use the Club 60 mobile application, website, support channels and related services (together, the “Service”). In this policy, “Club 60,” “we,” “us” and “our” refer to the entity that operates Club 60.
2. Personal data we may collect
| Category | Examples | When collected |
|---|---|---|
| Account and profile | Mobile number, display name, profile photo, district or region, language, account and verification status. | When you register, complete your profile or verify your account. |
| Identity or KYC information | Only the minimum details needed for a stated verification purpose, plus the result and date of the check. | Only where verification is offered or required and after a clear notice. |
| Content and communications | Circle and live-room messages, direct messages, comments, reactions, images, voice notes, PDFs and saved messages. | When you create, send, receive, react to or save content. |
| Connections and preferences | Circles, friends, friend requests, blocked or muted accounts, interests, favourites and notification choices. | When you use social and preference features. |
| Trips and events | Trips viewed, favourites, expressions of interest, related timestamps and any later enquiry you choose to make. | When you browse or interact with a trip or event listing. |
| Safety and support | Reports, complaint details, relevant content snapshots, support messages and actions taken. | When you report content, appeal a decision or ask for help. |
| Device and usage | Device type, app version, IP address, language, push token, logs, approximate location derived from your selection, and security events. | When you use the Service. |
Information from other people
Another member may add you to a Circle, send you a friend request, include you in a report or upload content that mentions you. We may also receive information from a service provider you ask us to use, such as an identity-verification provider.
3. Why we use personal data
We process personal data for the specific purposes described at collection, with consent where required, and for permitted legitimate uses under applicable law. These purposes include:
- creating and securing your account, including phone-based sign-in;
- showing your profile and connecting you with people, Circles and rooms you choose;
- delivering messages, media, reactions, notifications and saved messages;
- showing trips, live broadcasts and interest-based content;
- handling trip interest and enabling an organiser to follow up when you request it;
- preventing spam, abuse, fraud and unauthorised access;
- reviewing reports, enforcing our rules and responding to complaints;
- providing support, improving accessibility and fixing technical problems; and
- complying with lawful requests and other legal obligations.
Identity or KYC data collected for verification will not be reused for an unrelated purpose without a separate, clear basis.
5. How long information is kept
- Live-room messages and media: designed to expire 24 hours after creation; a room is removed after its last active message expires.
- Circles and direct messages: kept while the account or conversation remains active, unless a member or authorised admin deletes content.
- Saved messages: kept until you remove them or delete your account, even if the original is no longer available.
- Friend requests: pending requests are designed to expire after 30 days.
- Trip interest and support records: kept only as long as reasonably needed for the enquiry, safety, audit or legal purpose communicated to you.
- Closed accounts and moderation evidence: certain registration information and preserved evidence may be kept for at least 180 days, or longer when applicable law or a lawful order requires it.
- Security logs and backups: kept for a limited period based on security, recovery and legal requirements, then deleted or de-identified where appropriate.
Deletion from active systems may not be immediate in encrypted backups. Information will be isolated and removed through the normal backup cycle unless it must be retained by law.
6. Your privacy choices and rights
Subject to applicable law and available product features, you may:
- review or correct profile and account information;
- choose who may send friend requests and what notifications you receive;
- withdraw consent for a specific optional purpose as easily as you gave it;
- request access to a summary of your personal data and how it is processed;
- request correction, completion, updating or erasure;
- delete individual content where the feature allows, or request account deletion;
- raise a grievance and appeal eligible intermediary decisions; and
- nominate another person to exercise applicable data rights in the event of death or incapacity, when that right applies.
We may need to verify your identity before acting on a request. We will explain when we cannot complete a request because another law requires retention or another person’s rights would be affected.
7. Security
Club 60 should use reasonable technical and organisational safeguards appropriate to the risk, including encryption in transit, encrypted storage where appropriate, access controls, logging, monitoring, secure development practices, vendor controls, backups and an incident-response process.
No internet service can guarantee absolute security. If a breach creates a risk to you, we will provide a clear notice through your account or registered contact method as required by applicable law.
8. Age and children
Club 60 is designed for adults and is intended primarily for people aged 60 and above. It is not directed to children. A person under 18 should not create an account. If we learn that a child’s personal data was collected, we will take appropriate steps to delete it.
9. Where information is processed
Club 60 is intended for users in India. Service providers may process data in India or another permitted country. Where data is transferred, we will use contractual, security and other safeguards required by applicable law and comply with any government restrictions on cross-border transfer.
10. Changes to this policy
We may update this policy as Club 60 changes or the law develops. We will publish the new date and provide a prominent notice for material changes. Where required, we will ask for consent again. Applicable intermediary rules may also require periodic reminders about this policy and the user agreement.
11. Contact and grievances
For privacy questions or rights requests, email [email protected].
For content, account or user grievances, email [email protected]. We aim to acknowledge intermediary complaints within 24 hours and handle them within the timelines required by applicable law.
Pre-launch requirement: the legal entity name, registered address, named Grievance Officer and final business contact must be inserted here before the Service is made public.