Privacy Policy

1 Compliance & Legal Frameworks

This policy is designed to comply with data protection regulations across our operating regions, including:

• Sri Lanka: Personal Data Protection Act (PDPA)
• India: Digital Personal Data Protection Act (DPDPA)
• Middle East: Relevant data protection laws including the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL) and Saudi Arabia's Personal Data Protection Law (PDPL).
• Other South Asian Nations: Applicable local data protection statutes.

2 Data We Collect

To operate a secure and trustworthy Digital ROSCA / Chit Fund platform, we collect the following types of information:

• Identity and Contact Information: We collect your full legal name, registered phone number (which serves as your primary identifier via telecommunications OTP verification), active email address, and optional profile photographic identifying material.
• Financial and Transactional Data: Certain banking particulars are collected exclusively for the facilitation of fund disbursements, including transaction receipts (uploaded as Proof of Payment) and platform wallet balance logs. We strictly eschew the direct storage of full primary account numbers (PAN) or credit card details.
• Verification and KYC Data: In strict compliance with Anti-Money Laundering (AML) directives and to formulate legally binding mutual agreements, we require government-issued identification integers, authenticated dates of birth, and verified photographic copies of identity documentation.
• Usage and Device Telemetry Data: We systematically record IP addresses, browser typologies, systematic interaction logs, and specific device configurations strictly to enforce platform security, execute fraud deterrence protocols, and monitor system performance.
• Communication and Log Data: Inter-user messaging logs (ChitChat), administrative support ticketing histories, and SMS delivery receipts are persistently retained to ensure platform integrity, enforce compliance, and formally resolve disputes.

3 How We Use Your Data

We systematically process your personal data under the strict premise of facilitating and executing our stipulated platform services:

• Core Operational Provisioning: The establishment, administration, and continuous oversight of Chit Funds, the orderly execution of reverse auction mechanics, the prompt processing of scheduled payouts, and the meticulous maintenance of our transparent internal accounting protocol, designated "The Glass Ledger".
• Statutory and Legal Obligations: The requisite generation and preservation of legally binding, digitally validated mutual agreements among participating circle members, alongside mandatory Know Your Customer (KYC) compliance vetting operations.
• Essential Communications: The mandated transmission of operationally critical notifications—incorporating One-Time Passwords (OTPs), binding auction timeline reminders, and mandatory payment exigency alerts—executed via SMS protocols, electronic mail, or integrated WhatsApp services.
• Trust, Safety, and Risk Mitigation: The automated computation of individual participant "Reputation Scores", the proactive identification and suppression of potentially fraudulent behaviors, and the rigorous internal enforcement of platform community guidelines.

4 Data Sharing & Transparency

Due to the inherent localized transparency prerequisites of collective ROSCA mechanisms, specific data sharing is unequivocally mandatory. By actively joining a fund, you formally acknowledge that:

• Disclosure to Co-Members: In the interest of absolute transparency, your legal name, authorized profile verification image, historical contribution ledger, and active auction bidding records are fully disclosed to all other participants localized within your specific designated Chit Fund mutual circle. Subject to overarching territorial privacy regulations and individual fund configuration parameters, your registered telephone number may be subjected to cryptographic masking.
• Disclosure to Authorized Service Providers: We strategically delineate access to your data with fully vetted third-party service entities—including certified SMS gateway operators, designated email delivery infrastructure, authorized KYC verification agencies, and secure cloud hosting infrastructure—such disclosures being governed strictly by encompassing, legally binding confidentiality agreements.
• Disclosure to Competent Legal Authorities: We unequivocally reserve the right, and may accept the obligation, to unilaterally disclose applicable user data to established law enforcement bodies, recognized regulatory agencies, or competent judicial courts, directly conditional upon statutory legal mandates or where reasonably necessary to insulate the Platform against arising legal liabilities.

5 Cross-Border Data Transfers

Your data may be transferred to and stored on secure cloud servers located outside your country of residence. We ensure that such transfers comply with the applicable data protection laws of your jurisdiction and that adequate safeguards (such as standard contractual clauses) are in place to protect your information.

6 Data Security & Retention

We implement robust technical and organizational security measures to protect your data. We retain your personal data only as long as necessary to fulfill the purposes outlined in this policy. Note that financial regulations and anti-money laundering laws require us to retain certain transaction records, agreements, and KYC data even after you close your account.

7 Your Privacy Rights

Depending on the applicable data protection laws in your jurisdiction, you are entitled to certain statutory rights regarding your personal information, which may include the right to:

• Right of Access: Request and receive partial or complete disclosure of the personal data we maintain concerning you.
• Right to Rectification: Request the expedited correction, amendment, or updating of any inaccurate or incomplete personal data.
• Right to Erasure (Right to be Forgotten): Request the permanent deletion or removal of your personal data, subject strictly to our compliance with overriding mandatory legal, regulatory, and financial retention obligations.
• Right to Withdraw Consent: Revoke any previously granted consent for data processing at any given time; provided, however, that such revocation may strictly limit or entirely preclude your continued access to and utilization of the Zeettu platform.
• Right to Lodge a Complaint: Formulate and lodge a formal regulatory complaint regarding our data processing methodologies with the competent supervisory authority or statutory data protection regulator within your respective applicable jurisdiction.

8 Contact Us

If you have questions regarding this Privacy Policy or wish to exercise your privacy rights, please contact our Data Protection Officer at: