XchangeSeat - Exchange flight seats, train berths, bus seats, movie and concert seats in India

Privacy Policy

Effective Date: 6th April 2025
Service operated by JDSPARK LLP (LLPIN: ACN-3926)

This Privacy Policy describes how XchangeSeat ("we," "our," or "us") collects, uses, and discloses your information when you use our coordination platform. By accessing or using XchangeSeat, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

1. Information We Collect

Personal Information

  • Contact Details: Phone number (via OTP verification), Email address
  • Profile Information: Display name, user preferences
  • Verification Data: Phone and email verification status

Coordination Information

  • Travel Details: Seat preferences, transport numbers, dates, routes
  • Coordination History: Past coordination attempts and outcomes
  • XPoints Data: Point balance, transaction history, and usage tracking for platform features

Coordination Data

  • Chat Messages: Template-based messages for seat swap coordination (automatically deleted after specified retention period)
  • Contact Information: Phone numbers and seat details shared during coordination (automatically deleted after specified retention period)
  • Swap History: Records of completed or attempted seat exchanges
  • Communication Logs: Interaction history for safety and dispute resolution

Technical Information

  • Device Information: Browser type, operating system, device identifiers
  • Usage Analytics: Page views, feature usage, session duration
  • Location Data: General location for relevant swap matching (not precise GPS)
  • Cookies & Tracking: Essential cookies for functionality, analytics cookies with consent

Communication Records

  • Platform Messages: Template-based messages between users
  • Legal Compliance: Records of consent and legal acceptances
  • Support Communications: Help requests and customer service interactions

2. How We Use Your Information

Platform Operations

  • Facilitate seat coordination between users
  • Verify user identity and prevent fraud
  • Process SwapScore transactions (gamification)
  • Maintain user accounts and preferences

Legal Compliance

⚖ī¸ Legal Requirements

We maintain records for legal compliance, dispute resolution, and regulatory requirements as required by Indian law.

  • Document user consent and legal acceptances
  • Maintain audit trails for coordination activities
  • Comply with data protection regulations
  • Respond to legal requests and court orders

Service Improvement

  • Analyze usage patterns to improve platform features
  • Develop better coordination algorithms
  • Enhance user experience and interface design
  • Monitor platform performance and security

Communications

  • Send service announcements and updates
  • Provide customer support
  • Notify about successful coordination opportunities
  • Share legal and policy updates

3. Information Sharing

Limited User-to-User Sharing

🔒

Contact information is shared only when both parties explicitly consent during coordination process.

  • ✓ Basic profile information (name, rating) visible to potential coordination partners
  • ✓ Contact details shared only with mutual consent
  • ✓ Travel preferences visible for coordination matching

Legal and Regulatory Sharing

  • Required by law enforcement or regulatory authorities
  • Necessary to protect our rights, property, or safety
  • Court orders and legal proceedings
  • Compliance with Indian data protection laws

Service Providers

  • Firebase (Authentication and database services)
  • Google Analytics (Usage analytics and tracking)
  • SMS and email service providers
  • Cloud hosting providers (AWS, etc.)

đŸšĢ We Do Not Sell Personal Data

We do not sell, rent, or trade your personal information to third parties for commercial purposes.

4. Data Security

Technical Safeguards

  • 🔐 End-to-end encryption for sensitive communications
  • 🛡ī¸ Regular security audits and vulnerability assessments
  • 🔑 Multi-factor authentication (OTP-based)
  • 💾 Data encryption at rest and in transit
  • đŸšĢ Access restrictions for sensitive information

Security Limitation

While we implement reasonable security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but maintain industry-standard protections.

5. Cookies and Tracking

đŸĒ Cookie Consent Required

Mandatory Cookie Acceptance

Cookie consent is REQUIRED to use login, registration, and core platform features.We enforce cookie consent before allowing access to authentication services to ensure secure user experience and legal compliance.

Types of Cookies We Use

  • 🔐 Essential Cookies: Required for platform functionality, user authentication, session management, and security. These cannot be disabled.
  • ⚙ī¸ Preference Cookies: Remember your settings, language preferences, and user interface customizations.
  • 📊 Analytics Cookies: Help us understand platform usage, user behavior, and improve our services (Google Analytics).
  • 🛡ī¸ Security Cookies: Protect against fraudulent activity, CSRF attacks, and unauthorized access attempts.
  • đŸŽ¯ Functional Cookies: Enable enhanced features like chat functionality, notifications, and personalized content.

Cookie Management & Consequences

You can control cookies through your browser settings or our cookie banner. However, rejecting essential cookies will prevent you from using login, registration, and most platform features.

If You Reject Cookies:

  • ❌ Cannot login or register
  • ❌ Cannot access user dashboard
  • ❌ Cannot create or manage seat exchanges
  • ❌ Cannot use chat or communication features
  • ✅ Can still browse public listings

6. Phone & Email Communication

📱 Phone Number & OTP Authentication

Primary Authentication Method

Phone numbers are our primary and mandatory authentication method. We use phone-based OTP (One-Time Password) for secure, password-free authentication.

  • 🔐 OTP Delivery: We send secure verification codes via SMS using reliable Indian SMS providers for optimal delivery and user experience.
  • 📞 Phone Verification: Your 10-digit Indian phone number (+91 format) is verified during registration and required for login.
  • 🔄 Auto-retry & Fallback: Our system automatically retries failed OTP deliveries and switches between SMS providers for reliability.
  • ⏱ī¸ OTP Validity: Verification codes expire after 10 minutes for security. You can request new codes with a 60-second cooldown.
  • 🔄 Service Reliability: Multiple SMS provider partnerships ensure consistent OTP delivery across all network operators in India.

📧 Email Communication

  • đŸ“Ŧ Optional Collection: Email addresses are optional for registration but recommended for account recovery and important notifications.
  • 📨 Communication Types: Welcome emails, security alerts, exchange confirmations, and optional promotional content (with consent).
  • 🛡ī¸ Email Security: We use secure SMTP services and encrypt sensitive information in email communications.
  • đŸšĢ Unsubscribe: You can opt out of promotional emails anytime, but security and transactional emails remain necessary.

đŸ“Ŧ Promotional Content & Marketing

📧

Email Marketing Consent: When you provide your email during registration, you may receive promotional content, platform updates, feature announcements, and marketing communications from XchangeSeat.

  • đŸ“ĸ Marketing Communications: Product updates, new features, special offers, partnership announcements, and platform improvements.
  • đŸŽ¯ Personalized Content: Relevant swap opportunities, city-specific updates, and tailored recommendations based on your preferences.
  • 📊 Analytics & Insights: Platform usage statistics, success stories, and community highlights.

✉ī¸ Easy Unsubscribe Options

You can easily unsubscribe from promotional emails using any of these methods:

  • 📧 Email Us: Send an email to [email protected] with "UNSUBSCRIBE" in the subject line
  • ↩ī¸ Reply Back: Simply reply to any promotional email with "STOP" or "UNSUBSCRIBE"
  • 🔗 One-Click: Use the unsubscribe link at the bottom of every promotional email
  • ⚙ī¸ Account Settings: Manage email preferences from your account dashboard
Processing Time: Unsubscribe requests are processed within 24-48 hours. You'll continue to receive essential security and transactional emails even after unsubscribing from marketing communications.

🚨 Communication Requirements

Phone verification is mandatory and cannot be skipped.Without phone verification, you cannot access platform features. Email is optional but highly recommended for account security.

7. Your Privacy Rights

Data Subject Rights

  • Access: Request access to your stored personal data
  • Correction: Request correction of inaccurate information
  • Deletion: Request account deletion (subject to legal requirements)
  • Portability: Request export of your data
  • Objection: Object to certain processing activities
  • Consent Withdrawal: Revoke previously given consents

How to Exercise Your Rights

To exercise these rights, contact us at [email protected]. We will verify your identity before responding to requests.

Response time: 7-10 business days for most requests.

8. Data Retention

Retention Periods

  • Account Data: Retained while account is active
  • Coordination History: 3 years for legal compliance
  • Communication Records: 2 years for dispute resolution
  • Legal Consent Records: 7 years as required by law
  • Analytics Data: 1 year for service improvement

Deletion Process

We delete or anonymize your information upon request, unless legally prohibited or required for ongoing legal compliance.

9. Children's Privacy

🔞 Age Restriction

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately.

10. International Data Transfers

Data Location

Your data is primarily stored in India. When using third-party services, data may be transferred to other countries with adequate data protection measures.

11. Policy Updates

Change Notifications

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Effective Date." Your continued use of our services after any changes indicates your acceptance of the updated Privacy Policy.

12. Account Enforcement & User Blocking

Account Suspension Policy

JDSPARK LLP reserves the right to suspend, block, or terminate user accounts to protect platform integrity and user safety. We maintain records of enforcement actions for legal compliance and dispute resolution.

Data Collection for Enforcement

  • Violation Records: Documentation of policy violations, fraudulent activities, or inappropriate behavior
  • Blacklist Information: Phone numbers, device identifiers, and associated account data for blocked users
  • Investigation Data: Communication logs, transaction histories, and user behavior patterns
  • Legal Documentation: Records of enforcement decisions, appeal processes, and compliance actions

Enforcement Triggers

  • Fraudulent activity or misrepresentation
  • Creating fake or invalid bookings
  • Harassment or inappropriate behavior toward other users
  • Violation of platform terms or operator policies
  • Spam, excessive promotional content, or commercial abuse
  • Payment fraud, chargebacks, or financial misconduct
  • Creating multiple accounts to circumvent system limits
  • Security threats, malicious activity, or system abuse
  • Any behavior deemed harmful to platform users or operations

Data Retention for Blocked Users

🗃ī¸

Information from blocked accounts is retained for legal compliance, fraud prevention, and dispute resolution. This includes contact information, violation records, and associated device/network data to prevent re-registration attempts.

Appeal Process

Users may appeal enforcement decisions by contacting our support team. Appeals are reviewed within 7-10 business days. All enforcement decisions are final and at JDSPARK LLP's sole discretion.

13. Contact Information

Data Protection Officer: [email protected]
Contact Us: [email protected]
Postal Address: Dayanand Vihar, East Delhi, Delhi 110092
Legal Entity: JDSPARK LLP (LLPIN: ACN-3926)
Response Time: 7-10 business days

Privacy Concerns

If you have questions about this Privacy Policy or concerns about how we handle your personal information, please contact us using the information above.

📅

Last Updated: 6th April 2025
Version: 1.0
JDSPARK LLP reserves all rights

⚖ī¸

IMPORTANT: This privacy policy constitutes a legally binding agreement. By using XchangeSeat, you acknowledge understanding and agreement to all provisions. JDSPARK LLP bears no responsibility if users violate operator policies including DGCA airlines, movie theaters, bus operators, theaters, IPL, concerts or other venue regulations.

← Back to PlatformTerms & Conditions →

14. Chat Data & Communication Storage

🗨ī¸ Chat Message Storage Policy

To facilitate safe seat exchanges, we temporarily store coordination messages between users. All chat data is automatically deleted after 5 days to protect your privacy.

Data Retention Schedule

  • Chat Messages: Automatically deleted after 5 days
  • Contact Information: Shared phone numbers deleted after 5 days
  • Seat Details: Temporarily stored seat numbers deleted after 5 days
  • Coordination History: Basic swap completion status retained for safety

Chat Storage Consent

By using our chat features, you explicitly consent to temporary storage of your messages for coordination purposes. You can opt out by not using the chat feature and coordinating through other means.