Privacy Policy

Last updated: February 21, 2026

Rewinity Labs Private Limited ("CommitSure", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, store, and safeguard your personal data when you use our platform, APIs, and related services (collectively, the "Services"). This policy is designed in accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act) of India and applicable data protection regulations.

By using CommitSure, you consent to the collection and processing of your personal data as described in this Privacy Policy. If you do not agree, please do not use our Services.

1. Information We Collect

1.1 Information You Provide Directly

  • Account Registration: Full name, email address, password (hashed), phone number
  • Profile Information: Profile photo, bio, address, city, state, country, postal code
  • Identity Verification (KYC): Government-issued ID documents (Aadhaar card, PAN card, Passport), selfie photograph for identity confirmation
  • Commitment Data: Commitment descriptions, requirements, expected results, deadlines, proof of completion (text, URLs, file uploads), dispute evidence
  • Communication Data: Messages sent through dispute resolution, support requests, and feedback
  • WhatsApp Phone Number: If you opt into WhatsApp notifications, your phone number is linked for messaging purposes

1.2 Information Collected Automatically

  • Device and Browser Data: IP address, browser type and version, operating system, device type, screen resolution
  • Usage Data: Pages viewed, features used, actions taken, timestamps, session duration
  • Log Data: Server logs including access times, error logs, and API request metadata
  • Cookies and Local Storage: Authentication tokens (JWT), theme preferences, session identifiers

1.3 Information from Third Parties

  • Google OAuth: If you sign in with Google, we receive your name, email address, profile picture, and Google account ID
  • Razorpay: Transaction confirmations, payment status, and payment IDs (we do not receive or store card numbers)

2. How We Use Your Information

We process your personal data for the following purposes:

  • Service Delivery: Operating the Platform, managing your account, facilitating Commitments, processing payments, and delivering notifications
  • Identity Verification: Verifying your identity to maintain trust, prevent fraud, and comply with applicable regulations
  • Anti-Fraud and Gaming Detection: Analyzing usage patterns to detect self-dealing, sham commitments, related-party manipulation, and other forms of platform abuse
  • Dispute Resolution: Reviewing evidence submitted by parties to adjudicate disputes
  • Reputation System: Calculating and displaying reputation scores, completion rates, and related public metrics
  • Communications: Sending transactional emails, in-app notifications, WhatsApp messages (if opted in), and urgent alerts related to your Commitments
  • Platform Improvement: Analyzing aggregate usage data to improve features, fix bugs, and enhance user experience
  • Legal Compliance: Meeting legal obligations, responding to lawful requests from authorities, and enforcing our Terms of Service
  • Safety and Security: Protecting the Platform and its Users from security threats, unauthorized access, and malicious activity

3. Legal Basis for Processing

Under the DPDP Act 2023 and applicable law, we process your data based on:

  • Consent: You provide explicit consent when creating your account and using our Services
  • Contractual Necessity: Processing necessary to fulfill our obligations under the Terms of Service
  • Legitimate Interest: Fraud prevention, platform security, and service improvement
  • Legal Obligation: Compliance with applicable laws and regulations, including KYC requirements

4. Information Sharing and Disclosure

We do not sell your personal data. We share your information only in the following circumstances:

  • With Other Users:Your name, profile picture, reputation score, and commitment-related information are visible to the other party in a Commitment. Your email may be shared with the other party as necessary for the Commitment.
  • Service Providers:We share data with trusted third-party service providers who assist in operating our Platform, including:
  • Razorpay — Payment processing (PCI-DSS compliant)
  • Amazon Web Services (AWS) — Cloud hosting, file storage (S3), and infrastructure
  • SMTP Provider — Email delivery
  • Google OAuth — Social sign-in authentication
  • Legal Requirements:When required by law, court order, or governmental authority, or to protect our rights, property, or safety, or that of our Users
  • Business Transfers:In connection with a merger, acquisition, reorganization, or sale of assets, your data may be transferred as part of the transaction
  • Developer API:If you use a third-party application integrated via our Developer API, that application's developer may receive data about your Commitments as authorized by you

5. Data Security

We implement industry-standard security measures to protect your personal data:

  • Encryption: All data transmitted between your browser and our servers is encrypted using TLS/SSL. Passwords are hashed using bcrypt and never stored in plaintext.
  • Secure Storage: Verification documents and uploaded files are stored in encrypted AWS S3 buckets with restricted access policies.
  • Access Controls: Access to personal data is restricted to authorized personnel on a need-to-know basis. Employee/admin access is role-based and audited.
  • Payment Security: Card and payment data is handled exclusively by Razorpay, a PCI-DSS Level 1 compliant processor. We never receive, process, or store your card details.
  • Authentication: JWT-based authentication with automatic token refresh and session management.
  • Monitoring: Automated systems monitor for suspicious activity, unauthorized access attempts, and potential security breaches.

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but commit to promptly notifying affected Users in the event of a data breach as required by law.

6. Data Retention

We retain your personal data for as long as necessary to provide the Services and fulfill the purposes described in this policy:

  • Account Data: Retained for the duration of your active account and for up to 3 years after account deletion to comply with legal and regulatory requirements.
  • Commitment Data: Retained for 5 years after Commitment completion/resolution for record-keeping, audit, and dispute reference purposes.
  • KYC Documents: Retained for the duration of your active account and for 5 years after account closure as required by applicable anti-money laundering and KYC regulations.
  • Payment Records: Retained for 7 years as required by Indian tax and financial regulations.
  • Usage Logs: Retained for up to 12 months for security analysis and then anonymized or deleted.

After the applicable retention period, data is securely deleted or irreversibly anonymized.

7. Your Rights

Under the DPDP Act 2023 and applicable data protection laws, you have the following rights:

  • Right to Access: Request access to the personal data we hold about you
  • Right to Correction: Request correction of inaccurate or incomplete personal data through your account settings or by contacting us
  • Right to Erasure: Request deletion of your personal data, subject to legal retention obligations and resolution of active Commitments
  • Right to Withdraw Consent: Withdraw your consent for data processing at any time. Note that withdrawing consent may limit your ability to use certain Services
  • Right to Grievance Redressal: Lodge a complaint with us or with the Data Protection Board of India if you believe your data rights have been violated
  • Right to Nominate: Nominate another individual to exercise your data rights in the event of your death or incapacity, as provided under the DPDP Act

To exercise any of these rights, contact us at support@commitsure.com. We will respond within 30 days of receiving your request.

8. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

  • Essential Cookies: Required for authentication (JWT tokens), security, and basic Platform functionality. These cannot be disabled.
  • Preference Cookies: Store your settings such as theme preference (dark/light mode) and language.
  • Analytics: We may use anonymized analytics to understand usage patterns and improve the Platform. We do not use third-party advertising trackers.

You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent you from using the Platform.

9. International Data Transfers

Your data is primarily stored on servers in India (AWS Mumbai region). However, some of our service providers may process data in other jurisdictions. Where data is transferred outside India, we ensure that adequate safeguards are in place as required by the DPDP Act 2023 and that the recipient country provides a reasonable level of data protection. By using the Services, you consent to such transfers.

10. Children's Privacy

CommitSure is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that we have collected personal data from a minor without verifiable parental consent, we will take steps to delete such data promptly. If you believe a minor has provided us with personal data, please contact us immediately at support@commitsure.com.

11. Communication Preferences

Transactional Communications: Emails and notifications related to your Commitments, payments, account security, and dispute activity are essential service communications and are sent regardless of marketing preferences.

WhatsApp Notifications: Optional. You may link your WhatsApp number and opt in to receive Commitment-related notifications via WhatsApp. You can unlink your number and opt out at any time through your account settings.

Marketing: If we send promotional communications, they will include an unsubscribe option. We currently do not send marketing emails.

12. Account Deletion and Data Removal

You may request deletion of your account and associated personal data by contacting us or through your account settings. Please note:

  • Active Commitments must be resolved before account deletion
  • Certain data may be retained as required by law (tax records, KYC documents)
  • Anonymized data that cannot be traced back to you may be retained for analytics
  • Data already shared with other Users (e.g., Commitment details, reputation scores) may persist in their view
  • Wallet Credits are forfeited upon account deletion and are non-refundable

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or Platform features. Material changes will be communicated via email or a prominent notice on the Platform at least 15 days before taking effect. Your continued use of CommitSure after the effective date constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

14. Grievance Officer

In accordance with the Information Technology Act, 2000 and the DPDP Act 2023, the details of the Grievance Officer are as follows:

Name: Grievance Officer, CommitSure Technologies

Email: grievance@commitsure.com

Response Time: We will acknowledge your grievance within 48 hours and resolve it within 30 days of receipt.

Contact Us

If you have questions about this Privacy Policy or our data practices:

Privacy Inquiries: privacy@commitsure.com

General Support: support@commitsure.com

Entity: Rewinity Labs Private Limited

Contact Form →

← Back to Home