This Privacy Policy ("Policy") describes how Nearcom ("Platform", "we", "us", "our"), operated by Korvex Technologies, collects, uses, stores, and discloses information about you when you use the Nearcom mobile application and associated services (collectively, "Services"). This Policy is published in compliance with:
By creating an account or using the Services, you acknowledge that you have read and understood this Policy and consent to the collection and use of your information as described herein.
Nature of Platform — Intermediary Status
Nearcom is an intermediary as defined under Section 2(1)(w) of the Information Technology Act, 2000. Nearcom is a neutral technology platform that facilitates peer-to-peer communication, community interaction, local marketplace listings, and neighbourhood information exchange between registered users within self-defined geographical areas. Nearcom:
- Does NOT create, author, publish, curate, or editorially control any content posted by users
- Does NOT own, hold, or claim rights over user-generated content, listings, posts, photographs, or communications beyond the limited licence described in Section 8 of this Policy
- Does NOT verify the accuracy, completeness, or legality of user-generated content
- Does NOT initiate, select the receiver of, or modify content transmitted between users
Nearcom's liability in respect of third-party content is governed by Section 79 of the IT Act, which grants intermediary safe harbour protection to platforms acting in good faith and complying with applicable guidelines. Users are solely responsible for the content they post and for their conduct on the platform.
Information We Collect
2.1 Information You Provide at Registration and in Your Profile
- Mobile number (primary identifier, used for OTP-based verification)
- Email address (optional, used for alternate login)
- First name and last name
- Password (stored exclusively as a bcrypt cryptographic hash — never in plaintext)
- Optional profile fields: gender, date of birth, occupation, biography
- Profile photograph
- Residential address (free-text) and precise GPS coordinates (latitude/longitude)
- Your chosen neighbourhood discovery radius (in kilometres)
- Privacy preferences: address visibility toggle, messaging restriction preferences
2.2 Content You Post or Share on the Platform
- Text posts (neighbourhood updates, requests, lost-and-found alerts, emergency/SOS alerts)
- Photographs and images uploaded via device camera or photo gallery
- Marketplace listings (item descriptions, prices, photos)
- Community posts, community group chat messages, and direct messages
- Business and service directory listings (name, description, contact, photos)
- Comments, replies, likes, and reactions to others' content
- Reports and complaints submitted against other users or content
2.3 Information Collected Automatically
- Device information: device type, operating system version, unique device identifiers
- Precise GPS location (latitude and longitude) — collected via
expo-locationwhen you grant permission - Firebase Cloud Messaging (FCM) push notification token stored to deliver notifications
- Log data: IP address, request timestamps, pages/screens visited, session duration
- Advertising identifier (GAID/IDFA): collected by Google AdMob for the purpose of serving in-app advertisements — see Section 6
- Usage and interaction data: features used, content viewed, in-app navigation
2.4 What We Do NOT Collect
- Payment card numbers, bank account details, or UPI identifiers — the platform has no in-app payment gateway; marketplace and business transactions occur entirely offline between users
- Government identity numbers (Aadhaar, PAN, Passport) — we do not request or store these
- Biometric data
- Audio recordings — the
RECORD_AUDIOpermission is declared for potential future feature use only; no audio is currently captured or stored
Precise Location — Special Disclosure
Precise GPS location is fundamental to Nearcom's core functionality. Without it, the Service cannot operate. Specifically:
- Your latitude and longitude are stored in our database and used to calculate which posts, users, marketplace listings, and businesses appear in your neighbourhood feed (computed using the Haversine formula server-side)
- A count of "neighbours nearby" and approximate distance labels are generated from your coordinates
- You choose your discovery radius (in kilometres); only content within that radius is shown to you and vice versa
- Your precise address is NEVER displayed publicly by default. The
show_addresstoggle lets you optionally make your approximate address visible to other users in your neighbourhood
You may revoke location permission at any time via your device operating system settings. Revoking location access will significantly limit the functionality of the Services.
How We Use Your Information
- To verify your identity at registration and login via OTP and to maintain secure authenticated sessions using JWT tokens
- To assign you to the correct neighbourhood and power all location-based features of the platform
- To display your profile, posts, marketplace listings, and business listings to other users within your radius
- To deliver push notifications about activity relevant to you (likes, comments, friend requests, emergency alerts, community messages)
- To deliver OTP codes via SMS for authentication and password reset
- To serve in-app advertisements via Google AdMob
- To detect, investigate, and prevent spam, fraud, abuse, harassment, and violations of our Terms and Conditions
- To operate our moderation and Trust & Safety systems including review of reported content
- To maintain moderation logs and security event records as required for platform safety and legal compliance
- To respond to your queries, complaints, and grievances
- To generate anonymised, aggregated analytics that cannot identify any individual user
- To comply with applicable Indian law, court orders, and valid government directives
We do NOT sell, rent, or trade your personally identifiable information to any third party for their independent commercial or marketing purposes.
Legal Basis for Processing (DPDP Act, 2023)
Under the Digital Personal Data Protection Act, 2023, we process your personal data on the following grounds:
- Consent: You provide explicit, informed consent at registration to the collection and use of your personal data as described in this Policy
- Legitimate Use: Processing necessary to provide the Services you have registered for and to fulfil our contractual obligations to you
- Legal Obligation: Processing required to comply with Indian law, court orders, or valid orders of competent government authorities
- Reasonable Purpose: Processing for fraud prevention, network security, and platform safety
As a Data Principal under the DPDP Act, you have the right to: (a) access information about your personal data being processed; (b) correct inaccurate or incomplete personal data; (c) erasure of personal data subject to legal retention obligations; (d) nominate another individual to exercise rights on your behalf; and (e) withdraw consent, subject to the consequence that certain Services may no longer be available to you. To exercise these rights, contact us at: contact@korvextechnologies.com.
Third-Party Services and Data Processors
The following third-party services are actively integrated into the Nearcom platform and may process certain user data:
Google AdMob (Alphabet Inc.)
Delivery of in-app advertisements. AdMob may collect your device's advertising identifier (GAID on Android / IDFA on iOS), device type, OS version, general location, and usage data to serve targeted advertisements. You may opt out of personalised advertising via your device settings.
Firebase Cloud Messaging (Google LLC) and Expo Push Notification Service
Delivery of push notifications to your device. Your device push token is shared solely for notification delivery.
SMS Gateway (MSG91 / Gupshup / Twilio — planned integration)
Delivery of OTP codes for authentication and password reset. Your mobile number is shared solely for the purpose of sending OTP messages.
MongoDB (database infrastructure)
Primary data storage for all platform data. Hosted on infrastructure controlled by or contracted by Korvex Technologies.
Nearcom Server Filesystem (Korvex Technologies)
Storage of images and media files uploaded by users. Files are stored on our own backend servers. No third-party cloud storage is currently used.
Messaging and Communications — Important Disclosure
Nearcom offers 1:1 direct messaging between users and community group chat. You should be aware of the following:
- Messages are encrypted in transit (HTTPS/TLS) and encrypted at rest using AES-256-GCM. Because Nearcom manages the encryption keys, direct messages and community chat are NOT end-to-end encrypted. Authorised moderation staff can decrypt and access message content when investigating reports or complying with lawful requests
- You may restrict who can message you via the
friends_only_messagingsetting - You may block any user to prevent them from messaging you
- You may report any message that violates our Terms and Conditions
Please exercise caution and do not share sensitive personal, financial, or confidential information through the platform's messaging features.
User-Generated Content — Ownership and Limited Licence
All content posted by users on Nearcom — including posts, photographs, videos, marketplace listings, business listings, comments, messages, and any other material — is and remains the sole intellectual property and responsibility of the user who created it. Nearcom does NOT claim ownership of user-generated content.
By posting content on Nearcom, you grant Korvex Technologies a non-exclusive, royalty-free, sublicensable, worldwide licence to store, reproduce, display, and distribute your content solely for the purposes of operating, maintaining, and improving the Nearcom platform. This licence terminates when you delete the content or your account, subject to the retention obligations described in Section 10.
Marketplace and Business Directory — No Financial Liability
The Nearcom marketplace and local business directory are informational platforms only. Nearcom does not facilitate, process, or intermediary any financial transactions between users. All negotiations, payments, and exchanges for goods or services listed on the platform occur entirely offline and directly between the parties involved.
Nearcom makes no representations or warranties regarding the quality, safety, legality, or accuracy of any listing, product, service, or business on the platform. Nearcom expressly disclaims any and all liability arising from transactions or interactions between users in connection with marketplace listings or business directory entries.
Data Retention
- Active account data is retained for as long as your account remains open and active
- Upon account deletion, your personal profile data will be deleted or anonymised within 90 days, except where retention is required by applicable law
- Deleted user-generated content is soft-deleted for up to 180 days for moderation and audit purposes, then permanently purged
- Content removed by our moderation team is retained in restricted moderation logs as legally required
- OTP codes are short-lived and hashed at rest; they are not retained after expiry
- Moderation logs, security event records, and reports are retained for a minimum of 3 years in compliance with the IT (Intermediary Guidelines) Rules, 2021
Device Permissions
Nearcom requests the following device permissions. All permissions are sought at the relevant point of use and you may manage them via your device's operating system settings:
- ACCESS_FINE_LOCATION / ACCESS_COARSE_LOCATION: Required for neighbourhood matching, feed generation, and nearby user/content features. Core to the Service.
- CAMERA: Required to capture photos for posts, profile, marketplace listings, and messages.
- Photo Library / Storage: Required to upload images from your device gallery.
- RECORD_AUDIO: Declared for potential future feature use. No audio is currently captured or stored.
- INTERNET: Required for all network communication.
- VIBRATE / WAKE_LOCK / SYSTEM_ALERT_WINDOW: Required for push notifications and foreground alert delivery.
- POST_NOTIFICATIONS (Android 13+): Required to display push notifications.
Security
Nearcom implements reasonable security measures consistent with Rule 8 of the SPDI Rules, 2011, including:
- All data is encrypted in transit using HTTPS/TLS; private message content and sensitive personal fields (residential address, date of birth, gender, occupation, email) are encrypted at rest using AES-256-GCM
- Passwords are stored exclusively as bcrypt hashes and are never retrievable in plaintext
- OTP codes are hashed at rest and expire within a short validity window
- JWT access tokens include a token-version mechanism that immediately invalidates all sessions upon logout or password change
- Role-based access controls limit employee and admin access to personal data on a need-to-know basis
- Moderation logs and security event logs are maintained for audit purposes
No method of electronic storage or internet transmission is 100% secure. While we take commercially reasonable steps to protect your data, we cannot guarantee absolute security.
Children's Privacy
Nearcom is intended for users aged 18 years and above. We do not knowingly collect personal data from individuals below the age of 18. If we become aware that a minor has registered an account, we will take prompt steps to delete such data and suspend the account. Parents or guardians who believe their child has registered on Nearcom should contact us immediately at contact@korvextechnologies.com.
Cookies and Tracking Technologies
The Nearcom mobile application does not use browser cookies. However, the platform uses device-level tracking technologies including the device advertising identifier (GAID/IDFA) through Google AdMob as described in Section 6. You may limit ad tracking via your device's advertising settings. Analytics data collected by Nearcom is aggregated and anonymised and is not used to personally identify users.
Disclosure to Government and Law Enforcement
Nearcom may disclose your personal data to government authorities, law enforcement agencies, or courts when required to do so by applicable Indian law, court order, or valid direction of a competent authority, including under Section 69 of the IT Act, 2000 or Section 91 of the Code of Criminal Procedure, 1973. We will endeavour to notify affected users of such disclosures to the extent permitted by law.
Grievance Officer
In accordance with Rule 3(2) of the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, the details of our Grievance Officer are:
Grievance Officer — Nearcom
Organisation: Korvex Technologies
Email: contact@korvextechnologies.com
Working Hours: Monday – Friday, 10:00 AM – 7:00 PM IST
The Grievance Officer will acknowledge your complaint within 24 hours of receipt and endeavour to resolve it within 15 days. Privacy-related complaints will be resolved within 30 days.
Changes to This Policy
Korvex Technologies reserves the right to update this Privacy Policy at any time. Material changes will be notified to registered users via in-app notification at least 7 days before the effective date of the change. Continued use of the Services after the effective date of any revision constitutes your acceptance of the updated Policy.
Governing Law and Jurisdiction
This Privacy Policy and all matters relating to privacy and data protection in respect of the Nearcom platform shall be governed by and construed in accordance with the laws of the Republic of India. Any disputes shall be subject to the exclusive jurisdiction of the competent courts located in Anupgarh, Rajasthan, India.
Contact
For any questions, requests, or concerns regarding this Privacy Policy or your personal data:
Nearcom — Privacy & Data Team
Operated by: Korvex Technologies