Privacy Policy

When you create an account and use SeatKnock, we collect:

• Phone number — used as your login identity and as the WhatsApp number for seat alerts. This cannot be changed after account creation.
• Email address — used for email notifications and as an alternative login method (magic link).
• Journey details — the origin station, destination station, travel dates, and seat class you enter when creating an alert.
• Device / session data — standard web session information (cookies, browser type) to keep you logged in for up to 30 days.
• Payment data — if you purchase a paid plan, we record the transaction reference (Razorpay order ID and payment ID). We do not store card numbers or UPI credentials — these are handled entirely by Razorpay.

We do not collect Aadhaar numbers, PAN numbers, or any government-issued identity documents.

We use your data solely to operate the notification service:

• To send you WhatsApp and email seat alerts when availability is detected on your chosen route.
• To authenticate you when you log in.
• To manage your Alert credits (Winks) and plan tier.
• To process payments for paid plans via Razorpay.
• To improve reliability and debug issues (internal logs — not shared externally).

We do not use your data to serve advertisements, build marketing profiles, or sell data to any third party.

We share the minimum necessary data with the following service providers to operate SeatKnock:

• WATI — our WhatsApp Business Service Provider (BSP). Your phone number and alert details are passed to WATI to deliver WhatsApp notifications. WATI operates under Meta's WhatsApp Business Platform terms.
• Resend — our email delivery provider. Your email address and alert details are passed to Resend to deliver email notifications.
• MSG91 — our SMS and OTP provider for login verification and (on Elite plan) SMS alerts. Your phone number is shared with MSG91 for this purpose.
• Razorpay — our payment processor. They handle all payment data directly; we only receive a payment confirmation reference.
• Supabase — our database and authentication infrastructure, hosted on AWS in the India region.

We do not share your data with any other third parties.

Your WhatsApp number is permanently linked to your account identity and cannot be changed after account creation. This is an intentional anti-abuse measure to prevent alert credits from being shared across multiple users. If you registered via phone OTP, that phone number is your WhatsApp alert number. If you registered via email magic link, you set your WhatsApp number once during onboarding — it is locked thereafter.

If you need to change your WhatsApp number for a legitimate reason, you must delete your account and create a new one.

• Your profile data is retained for as long as your account is active.
• Alert history (including fulfilled and expired alerts) is retained for 12 months after the alert closes, then deleted.
• Payment records are retained for 7 years to comply with Indian financial regulations.
• Authentication logs are retained for 90 days.

Under the Digital Personal Data Protection Act 2023 (DPDP Act), you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate personal data.
• Request erasure of your account and associated personal data (subject to legal retention obligations).
• Withdraw consent for data processing, which will result in account deletion.

To exercise any of these rights, contact us at the email below. We will respond within 72 hours.

We use a single session cookie to keep you logged in for up to 30 days. We do not use advertising cookies, tracking pixels, or third-party analytics cookies. The session cookie is essential for the service to function and cannot be opted out of while using SeatKnock.

All data is transmitted over HTTPS. We use Supabase Row Level Security (RLS) to ensure your data is only accessible by your own account. Payment processing is handled entirely by Razorpay — we never see or store card or UPI credentials.

SeatKnock is not intended for users under 18 years of age. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us for immediate deletion.

For privacy questions, data deletion requests, or any other queries, email us at: privacy@SeatKnock.in

Grievance Officer (as required under DPDP Act):
Name: [To be filled before launch]
Email: grievance@SeatKnock.in