Privacy & Cookie Policy

Effective Date: 1st October 2025

1. Introduction

Welcome to Spixy. This Privacy and Cookie Policy (“Policy”) explains how Spixy, a platform owned and operated by Nexxuscore Global Solutions LLP (“we”, “us”, “our”), collects, uses, processes, and protects your personal information when you access or use our platform, mobile application, and related services (collectively, the “Platform”).

By accessing or using our Platform, you acknowledge that you have read, understood, and agree to the practices described in this Policy. This Policy should be read in conjunction with our Terms of Service, which governs your use of the Platform.

2. Information We Collect

We collect information that is necessary to provide, improve, and secure our services. This information is categorized as follows:

2.1. Information You Provide to Us

  • Account Information: When you register for a Spixy account, we collect personal identifiers necessary for account creation and management, including your name, email address, phone number, and profile image.

  • Communications: We collect information that you voluntarily provide when you communicate with us or with other users via the Platform. This includes, but is not limited to, customer support inquiries, feedback, and messages exchanged between Guests and Hosts to facilitate bookings.

2.2. Information Collected Automatically

  • Device Information: When you access our Platform, we automatically collect technical data about your device, including the device type, operating system version, mobile application version, IP address, and unique browser or device identifiers.

  • Usage Data: We automatically log your interactions with our Platform. This includes data such as the pages you view, your searches for Spaces, bookings you have made, timestamps of your activities, and other actions you take on the Platform.

  • Authentication Data: To maintain the security and integrity of your account, we utilize authentication identifiers. This may include your Firebase ID, Google Authentication credentials, JSON Web Tokens (JWT), and other session-related data to verify your access and prevent unauthorized use.

2.3. Location Information

With your explicit permission, we may collect and process your precise Global Positioning System (GPS) location data. This information is used to provide location-based services, such as displaying relevant properties in your vicinity and enhancing booking recommendations. You retain full control over location permissions and can enable or disable this feature at any time through your mobile device’s settings.

2.4. Payment and Transaction Information

When you initiate a booking, your payment information is collected and processed directly by our trusted, secure third-party payment gateways (e.g., Razorpay, PhonePe). We do not store sensitive payment details such as your full credit/debit card numbers or UPI credentials on our servers. We only receive transaction confirmation data, such as transaction IDs and payment status, to confirm and manage your bookings.

3. How We Use Your Information

Your personal data is used for the following specific and legitimate purposes:

  • To Provide and Manage the Platform: We use your information to create and maintain your account, authenticate users, and verify your identity. It is essential for facilitating property searches, processing bookings, and enabling communication between Guests and Hosts. Furthermore, we use it to process payments and send transactional communications, such as booking confirmations, reminders, and essential service updates.

  • To Personalize and Improve Our Services: Your data helps us enhance your experience on the Platform. Location information is used to display nearby properties, and we analyze usage patterns and monitor performance metrics to diagnose issues and optimize the user experience.

  • For Safety, Security, and Compliance: We process your information to maintain a secure environment. This includes activities aimed at preventing fraud, investigating suspicious activity, and enforcing our Terms of Service. We also use your data to comply with our legal obligations under applicable laws, including but not limited to the Digital Personal Data Protection Act (DPDP), 2023.

  • For Marketing and Communications: Subject to your explicit consent, we may use your contact information to send you promotional messages, special offers, and other marketing content that may be of interest to you. You reserve the right to opt-out of receiving such communications at any time.

4. Data Sharing and Disclosure

We are committed to protecting your privacy and do not sell your personal data to third parties. We only share your information in the following limited and clearly defined circumstances:

4.1. Sharing Between Users

To facilitate a confirmed booking and ensure the successful fulfillment of services, we share essential contact information (limited to Name, Contact Number, and Email Address) between the Guest and the Host. This sharing is strictly for the purpose of enabling communication related to the booking.

4.2. Sharing with Third-Party Service Providers

We engage trusted third-party companies and individuals to perform services on our behalf. These service providers include:

  • Cloud & Database Hosting: Secure infrastructure providers such as Supabase, Google Cloud, or similar services for data storage.

  • Authentication & Analytics: Services like Firebase (a Google product) for user authentication, performance analytics, and push notifications.

  • Payment Gateways: Regulated and PCI-DSS compliant payment processors like Razorpay, Paytm, and PhonePe to securely handle financial transactions.

    These third parties are granted access only to the information necessary to perform their designated functions and are contractually obligated to protect your data and use it solely for the purposes for which it was disclosed.

4.3. Legal and Compliance Disclosures

We may disclose your information to courts, law enforcement agencies, or governmental authorities if required to do so by law or if we believe in good faith that such disclosure is reasonably necessary to (a) comply with a legal process or governmental request; (b) enforce our Terms of Service; (c) respond to claims that any content violates the rights of third parties; or (d) protect the rights, property, or personal safety of Spixy, its users, or the public.

5. Data Retention

We retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

  • Your account data is retained for the duration your account remains active.

  • If your account is inactive for a continuous period of twenty-four (24) months, we may anonymize or permanently delete your data in accordance with our data retention policies.

  • Booking and transaction records are retained for longer periods to comply with applicable legal, tax, and regulatory obligations.

  • We may retain certain information if it is necessary for legitimate business interests, such as fraud prevention, dispute resolution, or the enforcement of our agreements.

6. Your Rights and Choices

In accordance with the Digital Personal Data Protection Act (DPDP), 2023, and other applicable data protection laws, you have the following rights concerning your personal data:

  • Right to Access: You have the right to request a copy of the personal information that we hold about you.

  • Right to Correction: You have the right to request the correction of any inaccurate or incomplete information in your user profile and other personal data.

  • Right to Deletion (Erasure): You may request the deletion of your account and its associated personal data. This right is subject to our legal and contractual retention obligations.

  • Right to Withdraw Consent: Where we rely on your consent to process your data (such as for marketing communications), you have the right to withdraw that consent at any time. You can do so through the settings in our application or by clicking the “unsubscribe” link in our emails.

    To exercise any of these rights, please contact our support team. We will take necessary steps to verify your identity before processing your request to ensure the security of your information.

7. Data Security

We implement and maintain robust technical, administrative, and physical security measures designed to protect your personal data from unauthorized access, loss, destruction, or alteration. These measures include:

  • Encryption: All data transmitted between your device and our servers is secured using industry-standard transport layer security protocols (HTTPS/TLS). Passwords and other sensitive tokens are encrypted at rest.

  • Authentication: User sessions are protected by secure, industry-standard authentication methods, including the use of JWT, to prevent unauthorized account access.

  • Access Controls: Access to personal data within our organization is strictly restricted to authorized personnel on a “need-to-know” basis and is subject to confidentiality obligations.

8. Children’s Privacy

The Spixy Platform is not intended for or directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected personal data from a child under the age of 18, we will take immediate steps to delete such information from our systems.

9. Cookie Policy

Our web platform and mobile application use cookies and similar tracking technologies (such as local storage) to ensure functionality, enhance user experience, and analyze performance.

  • What are Cookies? Cookies are small text files that are stored on your device (computer, smartphone, or tablet) when you visit a website. They help us remember information about your visit and preferences.

  • How We Use Them:

    • Essential Cookies: These are necessary for the core functionality of the Platform, such as maintaining your login session, ensuring security, and processing transactions. The Platform cannot function properly without them.

    • Functional Cookies: These are used to remember your preferences and settings (e.g., language or location choices) to provide a more personalized experience.

    • Analytics Cookies: These cookies help us collect anonymous, aggregated data on how users interact with our Platform. This information allows us to understand usage patterns, identify areas for improvement, and optimize our services.

  • Your Choices: You can manage or disable cookies through your browser or device settings. Please be aware that if you choose to disable essential cookies, certain features of the Spixy Platform may be limited or may not function correctly.

10. Changes to This Policy

We reserve the right to modify this Privacy and Cookie Policy at any time. If we make material changes to this Policy, we will notify you either by email or through a prominent notice on our Platform prior to the changes becoming effective. Your continued use of the Platform after the effective date of the revised Policy will constitute your acceptance of the changes.

11. Contact Us

If you have any questions, concerns, or requests regarding this Policy or your privacy, please contact our Data Protection Officer at:

Email: [email protected]

For general support inquiries, please contact:

Email: [email protected]