Privacy Policy

This Privacy Policy describes how Prestix Hospitality ("Prestix", "we", "our", or "us") collects, uses, and protects your personal information when you use our platform. By registering for or using our Platform, you acknowledge that you have read, understood, and agreed to the collection and use of your information as described in this Policy.

1. Introduction


Prestix Hospitality operates a technology platform that connects hospitality businesses with verified gig workers across India. This Privacy Policy applies to all users of our website, mobile application, and related services (collectively, the "Platform"). If you do not agree to this Policy, please discontinue use of our Platform.

This Policy is published in compliance with the Information Technology Act, 2000 (as amended), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (DPDPA).


2. Information We Collect


2.1 Information Collected from Gig Workers

When you register as a gig worker on Prestix, we collect the following categories of information:

  • Identity Information: Full name, date of birth, and gender.
  • Contact Information: Email address, mobile number, and residential address.
  • Government-Issued Identification: PAN card number and Aadhaar number. These are collected for identity verification, tax compliance, and mandatory e-Shram portal registration as required under the Code on Social Security, 2020.
  • Bank and Payment Details: Bank account number, IFSC code, account holder name, account type, UPI ID, and MICR code. These are used to process payments for completed gigs and are also required for e-Shram registration.
  • Professional Information: Educational qualifications, work experience, professional certifications, skills, and any other information you add to your profile.
  • Profile Photo: A photograph that you upload to your profile for identification purposes.
  • e-Shram Registration Data:We assist eligible unorganised-sector workers in registering on the Government of India's e-Shram portal. Information submitted for this purpose includes Aadhaar details, bank details, occupation, and address.

2.2 Information Collected from Businesses

When you register as a business (employer or event organiser) on Prestix, we collect:

  • Business Identity: Official registered business name, nature of business, and business category.
  • Tax Information: GST registration number (GSTIN) for invoicing and statutory compliance.
  • Contact Information: Business email address, official contact number, and the name and designation of the authorised contact person.
  • Address: Registered office address and operational address(es).
  • Account Credentials: Login email and securely hashed password.

2.3 Automatically Collected Technical Information

When you access or use our Platform, we automatically collect certain technical information, including:

  • Device Information: Device type, operating system, browser type and version, device identifiers, and screen resolution.
  • Network Information: IP address, internet service provider (ISP), and network connection type.
  • Location Data: Approximate or precise geographic location, where you grant permission. Location may be collected during active job assignments for safety, compliance, and attendance verification purposes.
  • Usage Data: Pages visited, features used, time spent, search queries, click patterns, and referring URLs.
  • Log Data: Server logs including timestamps of access, error reports, and diagnostic information.
  • Cookies and Similar Technologies: Session cookies, persistent cookies, and similar tracking technologies. See Section 9 for details.

3. How We Use Your Information


We use the information we collect for the following purposes:

  • To create, verify, and manage your account on the Platform.
  • To match gig workers with suitable job opportunities posted by businesses.
  • To process payments to gig workers for completed assignments.
  • To facilitate e-Shram registration for eligible gig workers.
  • To verify identities and conduct background checks using PAN, Aadhaar, and other submitted documents.
  • To issue invoices, GST-compliant receipts, and maintain financial records.
  • To communicate important service updates, job alerts, and promotional offers.
  • To provide customer support and respond to queries, disputes, and complaints.
  • To detect, prevent, and investigate fraud, security breaches, and misuse of the Platform.
  • To comply with applicable laws, regulations, court orders, and government directives.
  • To improve, personalise, and develop our Platform, products, and services.
  • To conduct research and analytics to better understand usage patterns and user needs.

4. Legal Basis for Processing


We process your personal data on the following legal bases under the Digital Personal Data Protection Act, 2023:

  • Consent: Where you have explicitly given us consent to process your data for a specific purpose, such as sending marketing communications or collecting location data.
  • Contract Performance: Where processing is necessary to fulfil our contractual obligations to you, such as facilitating job placements and processing payments.
  • Legal Obligation: Where we are required by law to collect, retain, or disclose certain data, such as tax records or e-Shram registrations.
  • Legitimate Interests: Where processing is necessary for our legitimate business interests, such as fraud prevention and platform security, provided these interests are not overridden by your rights.

5. Third-Party Verification and Service Providers


To ensure the integrity and trustworthiness of our platform, we use third-party APIs and service providers for the following purposes:

  • Identity Verification: We use government-authorised APIs and licensed third-party services to verify Aadhaar numbers and PAN cards in compliance with applicable regulations.
  • Bank Account Verification: We use banking APIs to verify the authenticity of the bank account details provided by workers before processing payments.
  • GST Verification: We verify GSTIN details provided by businesses against the GST Network (GSTN) to ensure compliance.
  • Payment Processing: We partner with licensed payment gateway providers and aggregators to process transactions securely.
  • Cloud Infrastructure: Our platform is hosted on cloud infrastructure providers that comply with international security standards.
  • Analytics: We may use analytics service providers to understand how users interact with our platform.

All third-party service providers with whom we share your data are bound by contractual obligations to handle your data securely and only for the specific purposes we have authorised. We do not permit our service providers to use your data for their own independent purposes.


6. Data Sharing and Disclosure


We do not sell, rent, or trade your personal data. We may share your information only in the following limited circumstances:

  • Between Workers and Businesses: When a worker is matched with or assigned to a business, we share relevant profile information (such as name, skills, and ratings) with the business, and relevant job details with the worker.
  • Service Providers: As described in Section 5, we share data with trusted third-party providers who assist us in operating the platform.
  • Government and Regulatory Authorities: We may disclose your data to government agencies, law enforcement authorities, or regulatory bodies when required by law or to protect the rights, property, or safety of Prestix, our users, or the public.
  • Business Transfers: In the event of a merger, acquisition, restructuring, or sale of assets, your data may be transferred to the successor entity, provided that the successor is bound by a privacy policy that is no less protective than this one.
  • With Your Consent: We may share your data with third parties when you have provided explicit consent to do so.

7. Data Security


We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. These measures include:

  • AES-256 encryption for data stored at rest, including all KYC and financial information.
  • TLS (Transport Layer Security) encryption for all data transmitted between your device and our servers.
  • Strict access controls and role-based permissions, ensuring only authorised personnel can access sensitive data.
  • Regular security audits, vulnerability assessments, and penetration testing.
  • Secure hashing of passwords using industry-standard algorithms (bcrypt).
  • Multi-factor authentication for administrative access.

Despite our best efforts, no method of electronic storage or transmission over the internet is 100% secure. If you suspect a security incident involving your account, please contact us immediately at privacy@prestixhospitality.com.


8. Data Retention


We retain your personal data for as long as your account is active or as necessary to provide you with our services. Specific retention periods are determined by the following criteria:

  • Account Data: Retained for the duration of your account and for up to 3 years after account closure, unless a longer retention period is required by law.
  • Financial and Tax Records: Retained for a minimum of 7 years as required under the Income Tax Act, 1961 and GST regulations.
  • KYC Documents: Retained for the period mandated by applicable regulations, typically 5 years after the end of the business relationship.
  • e-Shram Registration Data: Retained in accordance with the requirements of the Ministry of Labour and Employment.
  • Technical Logs: Typically retained for 90 days for security monitoring and debugging, unless a specific incident requires extended retention.

When your data is no longer required, we securely delete or anonymise it so that it can no longer be associated with you.


9. Cookies and Tracking Technologies


We use cookies and similar technologies (such as web beacons and local storage) to enhance your experience on our Platform. These technologies help us remember your preferences, keep you logged in, understand how our Platform is used, and deliver relevant content.

  • Essential Cookies: Required for the Platform to function correctly, including authentication and security features. These cannot be disabled.
  • Analytical Cookies: Help us understand how users interact with our Platform so that we can improve performance and user experience.
  • Functional Cookies: Remember your preferences such as language settings and login status.
  • Marketing Cookies: Used to deliver relevant advertisements and measure the effectiveness of our marketing campaigns. These are only set with your consent.

You can manage or disable cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the Platform.


10. Your Rights


Under the Digital Personal Data Protection Act, 2023 and other applicable laws, you have the following rights regarding your personal data:

  • Right to Access: You have the right to request a copy of the personal data we hold about you.
  • Right to Correction: You have the right to request correction of inaccurate or incomplete personal data.
  • Right to Erasure: You have the right to request deletion of your personal data, subject to our legal obligations to retain certain records.
  • Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before withdrawal.
  • Right to Grievance Redressal: You have the right to file a complaint with our Data Protection Officer if you believe your rights have been violated.
  • Right to Nominate: Under the DPDPA 2023, you have the right to nominate an individual to exercise your rights in the event of your death or incapacity.

To exercise any of these rights, please contact our Data Protection Officer at privacy@prestixhospitality.com. We will respond to your request within 30 days.


11. Children's Privacy


Our Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If you are a parent or guardian and believe that your child has provided personal data to us without your consent, please contact us immediately at privacy@prestixhospitality.com, and we will take steps to delete such information as soon as reasonably practicable.


12. Cross-Border Data Transfers


Your personal data is primarily stored and processed within India. In cases where we engage cloud service providers or third-party services that may process data outside India, we ensure that adequate safeguards are in place to protect your data in accordance with applicable Indian law and international security standards.


13. Changes to This Privacy Policy


We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last Updated" date at the bottom of this page and, where appropriate, by sending you a notification via email or through the Platform.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of the Platform after any changes constitutes your acceptance of the updated Policy.


14. Contact Us and Grievance Officer


If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact our Grievance Officer:

  • Name: Ayaz Amdani
  • Designation: Co-Founder
  • Email: contact-us@prestixhospitality.com
  • Address: India


Last updated on — 19 April 2026