Privacy Policy

• "Data Principal" means the individual to whom personal data relates — i.e., you, the customer or user of SimDel.
• "Data Fiduciary" means the entity that determines the purpose and means of processing personal data — i.e., SimDel / Ansh Store.
• "Data Processor" means a person who processes personal data on behalf of the Data Fiduciary — e.g., the Operator, travel booking platform, or biller to whom service data is forwarded.
• "Personal Data" means any data about an identifiable individual — including name, mobile number, address, email, UPI ID, travel details, bill account numbers, and transaction records.
• "Processing" means any operation performed on personal data including collection, storage, use, disclosure, and deletion.
• "Consent" means a freely given, specific, informed, and unambiguous indication of the Data Principal's agreement to the processing of personal data.
• "Data Breach" means any unauthorised or unlawful access, disclosure, alteration, loss, or destruction of personal data.
• "Data Protection Board" means the Data Protection Board of India established under the DPDP Act, 2023.

This Privacy Policy applies to all personal data collected by SimDel through:

• The SimDel website (simdel.netlify.app and all subpages)
• WhatsApp communication (+91 8858018999) for all service requests, payment verification, travel booking, bill payment, and support
• In-store interactions at Ansh Store for SimDel telecom and device services
• Telephone calls and SMS communication with customers

This policy applies to all customers, prospective customers, and visitors of SimDel — for all five service categories: Telecom, Bills & Utilities, Travel & Transport, Entertainment & Finance, and Devices & Accessories.

3.1 Data Provided Directly by You

3.2 KYC Documents (Forwarded to Operator — NOT Stored by SimDel)

For SIM purchase and activation: Aadhaar card, PAN card, Voter ID, Passport, or Driving Licence may be required.

3.3 Data Collected Automatically (Website)

• IP address, browser type and version, device type and OS.
• Pages visited, time spent, referral URL — for website analytics and security.

No personally identifiable information is collected via cookies without consent.

3.4 Call Records

SimDel may maintain call logs (timestamps and numbers) for service tracking and dispute resolution. Call content is NOT recorded unless explicitly disclosed.

• Directly from you: when you submit a service request, send a WhatsApp message, visit Ansh Store, or contact us via any channel.
• From service providers: limited status updates (e.g., activation confirmation, porting status, booking confirmation, payment receipt) shared by Operators, booking platforms, or billers after processing your request.
• Automatically: via website analytics and server logs when you visit simdel.netlify.app.

Under the DPDP Act, 2023 and the IT Act, 2000, SimDel processes your personal data on the following lawful bases:

• Consent: For data collected via the website and for service requests. You provide implicit consent by submitting a service request or using the website.
• Contractual Necessity: Processing is necessary to perform the service you have requested — recharge, SIM delivery, porting, bill payment, travel booking, etc.
• Legal Obligation: Processing required to comply with Operator KYC mandates (DoT norms), TRAI regulations, and applicable Indian law.
• Legitimate Interest: For fraud prevention, website security, and resolving disputes.

SimDel processes your personal data strictly for the following purposes:

• Telecom Service Delivery: To process SIM orders, recharges, porting requests, SIM swaps, DTH recharges, broadband bookings, and OTT subscriptions.
• Bill & Utility Payment Processing: To receive your bill account details, verify the bill amount, collect payment, and submit payment to the respective biller (electricity board, water authority, gas company, insurance provider, FASTag issuer, etc.).
• Travel Booking: To receive travel details (passenger names, travel dates, destinations), search availability on IRCTC/MakeMyTrip/RedBus, confirm pricing with you, collect payment, and deliver e-tickets to your WhatsApp/email.
• Entertainment & Finance Services: To deliver Google Play codes, brand gift vouchers, and process credit card bill, EMI, tax, and donation payments.
• Device & Accessory Purchase: To confirm stock availability and arrange device delivery or store pickup.
• KYC Compliance: To forward identity data to the Operator for DoT-mandated KYC verification for SIM services.
• Payment Verification: To manually verify UPI payments for all Payment-First services.
• Customer Communication: To contact you regarding order status, payment confirmation, delivery updates, e-ticket delivery, and service completion.
• Dispute Resolution: To investigate and resolve refund requests, incorrect transactions, or service complaints.
• Fraud Prevention: To detect and prevent fraudulent activities, fake payment screenshots, or identity fraud.
• Legal Compliance: To comply with valid law enforcement or court orders requesting customer data.
• Website Improvement: To analyse usage patterns and improve the SimDel website experience.

SimDel does NOT use your data for:

• Selling or renting to third parties for their own marketing.
• Targeted advertising on third-party platforms.
• Automated decision-making that affects your legal rights.
• Any purpose not listed above without fresh consent.

7.1 Authorised Sharing

SimDel shares your data with the following parties only as necessary to deliver the requested service:

• Jio / Airtel / Vi (Operators): Name, mobile number, address, KYC documents — for SIM activation, porting, or recharge.
• Billers (Electricity boards, Water authorities, Gas companies, Insurance providers, FASTag issuers, etc.): Bill account/consumer number and payment amount — for bill payment processing.
• Travel Booking Platforms (IRCTC, MakeMyTrip, RedBus, Goibibo): Passenger names, travel dates, and contact details — for ticket booking.
• Courier / Delivery Personnel: Name and delivery address — for SIM or device doorstep delivery.

7.2 Disclosure Under Law

SimDel may disclose personal data if required by: a valid court order, TRAI/DoT regulatory direction, or a request from law enforcement agencies in connection with a criminal investigation under applicable Indian law.

7.3 Prohibitions

SimDel will NOT sell your data, share it with advertisers or data brokers, or share it with any entity not directly involved in delivering your requested service.

• KYC documents are collected at Ansh Store or via the Operator's authorised app/portal on SimDel's retailer device.
• Documents are submitted directly to the Operator's e-KYC or manual KYC system via Operator-certified software.
• SimDel does NOT retain, photograph, print, or store copies of KYC documents in any form.
• Biometric data (fingerprint/iris for Aadhaar e-KYC) is authenticated exclusively by UIDAI-certified devices. This data is encrypted at point of capture and transmitted directly to UIDAI — SimDel employees never access it.
• Once submitted to the Operator, KYC data is governed by the Operator's own data handling and privacy policies.

• SimDel collects UPI transaction IDs (UTR numbers) and payment screenshots for manual payment verification — for all services requiring UPI payment.
• SimDel does NOT collect or store credit card numbers, debit card details, CVVs, ATM PINs, or bank account credentials.
• Payment screenshots are reviewed by authorised SimDel personnel only for confirming payment receipt.
• Payment screenshots are retained for 30 days post-service and then deleted.
• UTR numbers are retained for up to 1 year for dispute resolution.

UPI infrastructure is regulated by NPCI and RBI. SimDel has no access to the underlying payment rails or bank account information.

SimDel uses WhatsApp (Meta Platforms Inc.) as its primary channel for all service requests, payment confirmations, travel details, bill account numbers, and support. When you message SimDel:

• Your WhatsApp number, name (as registered in WhatsApp), message content, and sent media (screenshots, documents) are visible to SimDel's authorised personnel.
• WhatsApp messages related to service execution are retained for 90 days then deleted from SimDel's chat history.
• WhatsApp messages are stored on Meta's servers per WhatsApp's own Privacy Policy. SimDel is not responsible for WhatsApp's data handling practices.
• End-to-end encryption of WhatsApp messages is provided by WhatsApp's Signal Protocol.

SimDel retains personal data only as long as necessary to fulfil the purpose it was collected for, or as required by law:

After the retention period, personal data is securely deleted or anonymised. Customers may request early deletion of non-mandatory retained data (see Section 15).

SimDel implements appropriate technical and organisational measures to protect your personal data:

• Access Control: Only authorised SimDel personnel access customer data, on a need-to-know basis.
• Device Security: Retailer devices used for Operator systems are protected with passwords and antivirus software.
• Secure Transmission: Data submitted to Operator portals, booking platforms, and biller systems is transmitted over their secure, encrypted channels.
• WhatsApp Security: Communication via WhatsApp is end-to-end encrypted by WhatsApp's Signal Protocol.
• Physical Security: Physical documents or devices at Ansh Store are secured within the store premises.
• Minimal Data Principle: SimDel collects only the minimum data necessary for each service. KYC documents are not retained beyond the submission point.

The SimDel website may use the following cookie categories:

• Strictly Necessary Cookies: Required for basic website functionality. Cannot be disabled.
• Analytics Cookies: Used to understand visitor interactions (pages visited, time spent). SimDel may use Google Analytics for this purpose.
• No Third-Party Advertising Cookies: SimDel does NOT use cookies to serve targeted advertisements.

You can manage or disable cookies via your browser settings. Continued use of the SimDel website after being informed of cookie usage constitutes consent.

SimDel's services are primarily intended for adults (18+). SimDel does not knowingly collect personal data from children under 18 without verifiable parental consent.

• As per the DPDP Act, 2023, processing personal data of children requires verifiable parental consent.
• If SimDel becomes aware that a minor's data has been collected without parental consent, it will promptly delete such data.
• If you are a parent or guardian and believe your child's data has been collected by SimDel, contact ravigupta81341@gmail.com immediately.

Under the DPDP Act, 2023 and applicable Indian laws, you have the following rights:

• Right to Access: Request a summary of personal data held by SimDel and how it has been processed.
• Right to Correction: Request correction of inaccurate, incomplete, or misleading personal data.
• Right to Erasure: Request deletion of your personal data where it is no longer necessary (subject to legal retention obligations).
• Right to Withdraw Consent: Withdraw consent for data processing at any time. Withdrawal does not affect processing done prior.
• Right to Grievance Redressal: File a complaint regarding any data processing concern.
• Right to Nominate: Under the DPDP Act, nominate a person to exercise rights on your behalf in event of death or incapacity.
• Right to Complain to Data Protection Board: If SimDel fails to address your request satisfactorily, you may complain to the Data Protection Board of India (once fully constituted).

How to Exercise Your Rights

• WhatsApp: +91 8858018999
• Email: ravigupta81341@gmail.com (subject: 'DATA RIGHTS REQUEST')

SimDel will acknowledge within 72 hours and respond fully within 30 days.

SimDel's primary operations are within India. Limited cross-border transfer may occur via:

• WhatsApp: Messages are processed by Meta Platforms Inc., which operates servers globally.
• Cloud Services: If SimDel uses tools hosted outside India (e.g., Google Workspace for email), limited data may reside on international servers.
• Travel Booking Platforms: International flight bookings may involve data transfer to airline systems operating globally.

Any cross-border transfer is conducted in compliance with the DPDP Act, 2023 and subject to countries not being restricted by the Government of India.

SimDel uses or integrates with the following third-party services:

• WhatsApp (Meta): Primary communication platform for all services.
• UPI Apps (Google Pay, PhonePe, Paytm, BHIM, etc.): Payment processing — governed by NPCI regulations and respective app privacy policies.
• Operator Portals (Jio, Airtel, Vi): KYC and telecom service submission.
• Travel Booking Platforms (IRCTC, MakeMyTrip, RedBus, Goibibo): For train, flight, bus, hotel bookings.
• Biller Portals: For electricity, water, gas, insurance, and other utility bill payments.
• Website Hosting (Netlify): simdel.netlify.app is hosted on Netlify.

SimDel is not responsible for the data practices of these third-party services. We encourage you to review their privacy policies independently.

In the event of a personal data breach likely to result in harm:

• SimDel will notify the Data Protection Board of India as required by the DPDP Act, 2023.
• Affected Data Principals will be informed of the breach nature, data compromised, and remedial measures taken within a reasonable timeframe.
• SimDel will take immediate steps to contain the breach and prevent further unauthorised access.

SimDel acknowledges its obligations as a Data Fiduciary under the Digital Personal Data Protection Act, 2023:

• Processes personal data only for lawful purposes, with consent or legitimate interest of the Data Principal.
• Provides clear notice to Data Principals about data collected and purpose of processing (Section 5, DPDP Act).
• Maintains reasonable security safeguards to prevent personal data breaches.
• Deletes personal data upon fulfilment of purpose or upon request, subject to legal retention requirements.
• Supports all Data Principal rights including access, correction, erasure, and grievance redressal.

Full compliance with DPDP Rules 2025 (consent manager requirements, detailed breach notification, Significant Data Fiduciary obligations) will be implemented by the statutory timeline of 13 May 2027.

For all privacy-related queries, complaints, data rights requests, or data breach reports: