1. Introduction
Welcome to MotoRinse ("we," "us," or "our"). MotoRinse is a hyperlocal, subscription-based car wash and parking services platform operating in Pune, Maharashtra, India. We are committed to protecting the privacy and security of your personal data in accordance with the Digital Personal Data Protection (DPDP) Act, 2023 of India and all applicable rules framed thereunder.
This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use our mobile application, website (motorinse.com), and related services (collectively, the "Services"). By using our Services, you acknowledge that you have read and understood this Privacy Policy.
2. Definitions
In line with the DPDP Act, 2023:
- Data Principal — The individual to whom the personal data relates (i.e., you, the user).
- Data Fiduciary — The entity that determines the purpose and means of processing personal data (i.e., MotoRinse).
- Personal Data — Any data about an individual who is identifiable by or in relation to such data.
- Processing — Any operation performed on personal data, including collection, storage, use, sharing, and erasure.
- Data Processor — Any person or entity that processes personal data on behalf of the Data Fiduciary.
- Consent Manager — A registered entity that enables Data Principals to manage their consent through an accessible, transparent, and interoperable platform.
3. Personal Data We Collect
We collect the following categories of personal data, depending on your role and interaction with our Services:
3.1 Customer Data
| Category | Data Points | Purpose |
|---|---|---|
| Identity | Name, Phone Number | Account creation, authentication (OTP/password-based login) |
| Address | Society Name, Wing, Flat Number, City, State, Area | Service delivery, wash scheduling, geo-based operations |
| Vehicle | Vehicle Model, Registration Number, Vehicle Type/Size, Colour, Parking Slot | Service matching, subscription management, wash job creation |
| Financial | Wallet Balance, Transaction History | Pay-per-wash billing, refund processing |
| Service | Wash Photos, Job History, Subscription Status, Vacation Mode Preference | Proof of service completion, service tracking, quality assurance |
| Device | Push Notification Tokens | Sending service alerts and notifications |
3.2 Society/B2B Enquiry Data
When housing societies or their representatives submit enquiry forms on our website, we collect: Full Name, Society Name, Number of Flats, and Phone Number — solely for processing your enquiry and scheduling a demo.
3.3 Parking Spot Host Data
If you list a parking spot on our marketplace, we additionally collect: parking location details, spot description, pricing, and availability schedule.
4. Purpose of Processing
We process your personal data only for the following lawful purposes:
- Service Delivery — To provide, manage, and improve our car wash and parking services.
- Account Management — To create and manage your user account, authenticate your identity, and maintain your subscription.
- Billing & Payments — To process wallet top-ups, per-wash deductions, and refund requests through our payment partner.
- Communication — To send you service-related notifications (wash completion, low balance alerts, schedule changes) via push notifications.
- Quality Assurance — To verify wash completion through photographic proof uploaded by service staff.
- Operations — To schedule wash jobs, allocate service staff to societies, and manage service logistics.
- Legal Compliance — To comply with applicable laws, regulations, legal proceedings, or enforceable governmental requests.
- Safety & Security — To detect, prevent, and address fraud, security breaches, and technical issues.
5. Legal Basis for Processing
Under the DPDP Act, 2023, we process your personal data based on:
- Consent (Section 6) — We obtain your explicit consent before collecting and processing your personal data. You provide consent when you register for our Services, submit enquiry forms, or opt in to notifications.
- Legitimate Uses (Section 7) — Certain processing is carried out for legitimate uses as specified under the Act, such as:
- Data voluntarily provided by you for a specific purpose.
- Data necessary for compliance with any law or court order.
- Data required for responding to a medical emergency involving a threat to life.
- Data processed for employment-related purposes (applicable to washer/staff data).
6. How We Collect Data
- Directly from you — When you register, add vehicles, top up your wallet, submit enquiry forms, or configure preferences in our mobile app or website.
- From service operations — Wash photos are captured by our service staff during wash completion. Job scheduling data is generated automatically by our systems.
- From payment processors — Transaction confirmation data is received from Razorpay during wallet top-ups and refund processing.
- Automatically — Device tokens for push notifications are collected when you enable notifications in the app.
7. Data Storage & Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include:
- Encrypted Storage — Personal data is stored in secure PostgreSQL databases. Passwords are hashed using industry-standard algorithms and are never stored in plain text.
- Secure Authentication — We use JSON Web Tokens (JWT) for secure session management.
- Cloud Security — Wash photos and documents are stored on Cloudinary/AWS S3 with access controls and encryption at rest.
- Access Controls — Role-based access ensures only authorised personnel can access specific data sets.
- Infrastructure — Our servers are hosted on reputed cloud platforms (Render/Railway/AWS) with industry-standard security practices.
8. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy or as required by law:
- Active Accounts — Data is retained for the duration of your active account and subscription.
- Post-Deletion — Upon account deletion request, we will erase your personal data within 30 days, except where retention is required for legal, regulatory, or dispute resolution purposes.
- Transaction Records — Financial transaction records may be retained for up to 8 years as required under applicable Indian tax and accounting laws.
- Wash Photos — Photographic records of wash jobs are retained for 90 days after the wash date for quality assurance and dispute resolution, after which they are automatically deleted.
- Enquiry Data — Lead/enquiry form data is retained for up to 12 months from the date of submission.
9. Data Sharing & Third Parties
We may share your personal data with the following categories of recipients, solely for the purposes described:
| Third Party | Data Shared | Purpose |
|---|---|---|
| Razorpay | Payment transaction data | Processing wallet top-ups, refunds, and payment verification |
| Cloudinary / AWS S3 | Wash photos | Secure cloud storage of proof-of-service images |
| Expo (Push Notifications) | Device push tokens | Delivering service notifications to your device |
| Cloud Hosting Providers | All service data (encrypted) | Infrastructure hosting and data processing |
We do not sell, rent, or trade your personal data to any third party for marketing or advertising purposes.
10. Cross-Border Data Transfers
Some of our third-party service providers (e.g., Cloudinary, AWS, Expo) may process or store data on servers located outside India. In accordance with Section 16 of the DPDP Act, 2023, we ensure that your personal data is only transferred to countries or territories that are not restricted by the Central Government of India. We take reasonable steps to ensure that such third parties maintain adequate data protection standards.
11. Children's Data
Our Services are not directed at or intended for individuals below the age of 18 years. We do not knowingly collect personal data from children. In accordance with Section 9 of the DPDP Act, 2023, if we become aware that we have inadvertently collected personal data from a child without verifiable parental or guardian consent, we will take immediate steps to delete such data from our records. If you believe a minor has provided us with personal data, please contact our Grievance Officer immediately.
12. Your Rights as a Data Principal
Under the DPDP Act, 2023, you have the following rights:
- Right to Access (Section 11) — You have the right to obtain a summary of your personal data being processed and the processing activities undertaken.
- Right to Correction & Erasure (Section 12) — You can request correction of inaccurate or misleading personal data, completion of incomplete data, updating of outdated data, and erasure of data that is no longer necessary for the stated purpose.
- Right to Grievance Redressal (Section 13) — You have the right to register a complaint with our Grievance Officer regarding any issue related to the processing of your personal data.
- Right to Nominate (Section 14) — You have the right to nominate an individual who can exercise your rights in the event of your death or incapacity.
- Right to Withdraw Consent — You may withdraw your consent at any time by contacting us. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. Please note that withdrawal of consent may result in termination of access to certain features of our Services.
To exercise any of these rights, please contact our Grievance Officer using the details provided in Section 13 below.
13. Grievance Officer
In accordance with Section 8(10) of the DPDP Act, 2023, we have appointed a Grievance Officer to address your concerns regarding the processing of your personal data:
Grievance Officer
Name: MotoRinse Grievance Cell
Email: grievance@motorinse.com
Address: Pune, Maharashtra, India
Response Time: We will acknowledge your request within 48 hours and resolve it within 30 days from the date of receipt.
If you are not satisfied with our response, you may file a complaint with the Data Protection Board of India established under the DPDP Act, 2023.
14. Data Breach Notification
In the event of a personal data breach, we will comply with Section 8(6) of the DPDP Act, 2023 by notifying the Data Protection Board of India and each affected Data Principal in the prescribed manner and timeframe. Our notification will include the nature of the breach, the data compromised, and the remedial steps taken.
15. Cookies & Tracking Technologies
Our website may use cookies and similar technologies for:
- Essential Cookies — Required for the website to function properly (e.g., session management).
- Analytics Cookies — To understand how visitors interact with our website, helping us improve user experience.
You can manage cookie preferences through your browser settings. Disabling certain cookies may affect website functionality.
16. Updates to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated through the app (via push notification), by prominently posting a notice on our website, or by email. We encourage you to review this policy periodically. The "Last updated" date at the top of this page indicates the most recent revision.
17. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
MotoRinse
Email: support@motorinse.com
Grievance Email: grievance@motorinse.com
Address: Pune, Maharashtra, India