DoorFix  Mobile All policies
  Privacy

Privacy Policy

Last Updated: 23 May 2026

This Privacy Policy ("Policy") explains how DoorFix Mobile ("Company", "we", "us", "our") collects, uses, shares, retains, and protects the personal data of customers and website visitors ("you", "your"). This Policy is issued in compliance with the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Information Technology Act, 2000, and the rules made under them.

For the purposes of this Policy, the Company is the Data Fiduciary in respect of personal data we collect about you.

1. Definitions

1.1. "Personal Data" means any data about an individual who is identifiable by or in relation to such data.

1.2. "Processing" means any operation or set of operations performed on Personal Data, including collection, recording, organisation, storage, retrieval, use, disclosure, or erasure.

1.3. "Data Principal" means the natural person to whom the Personal Data relates - in most cases, you.

1.4. "Data Fiduciary" means the person who, alone or in conjunction with others, determines the purpose and means of Processing - the Company.

1.5. "Data Processor" means a third party that Processes Personal Data on behalf of the Data Fiduciary.

2. Personal data we collect

2.1. Identity and contact data. Name, mobile number, alternate phone number, email address, and postal address.

2.2. Device data. Make, model, IMEI number, serial number, device colour, network/operator, condition photographs and videos taken before, during, and after Service.

2.3. Service data. Symptom description, repair history disclosed by you, parts installed, batch and serial numbers of parts, technician assigned, date and time of Service, Tamper Seal photographs, Liquid Damage Indicator photographs, Pre-Service Consent record, Post-Service Acceptance record, and any signed amendment to scope.

2.4. Payment data. Payment mode, transaction reference, amount paid, and invoice details. We do not store full card numbers, CVV, UPI PIN, or banking credentials.

2.5. Communication data. Records of calls, messages, WhatsApp interactions, emails, and chat sessions with our staff for the purposes of Booking, support, and Service.

2.6. Identification data. A photograph or photocopy of a valid photo identity document, where required to verify ownership of the Device.

2.7. Website and app data. IP address, device type, operating system, browser type, language, pages visited, time spent on each page, and cookies and similar trackers (only with your consent).

2.8. We do not collect. We do not collect, access, copy, or back up the personal data stored on your Device - including your photos, contacts, messages, app data, banking apps, social media accounts, or stored credentials. See clause 6 below.

3. Purposes for which we process your data

3.1. To accept and fulfil your Booking and provide the Service.

3.2. To verify the lawful ownership of the Device and to check IMEI status against the CEIR portal.

3.3. To maintain a service record, issue invoices, comply with applicable tax laws, and honour the Extended Warranty.

3.4. To investigate and process warranty claims and complaints.

3.5. To prevent fraud, including evidence-based defence against fabricated claims.

3.6. To improve our Services, train our staff, and develop new offerings.

3.7. To send service-related communications (Booking confirmations, technician on-the-way, payment receipts, warranty card, claim updates).

3.8. To send marketing communications, only where you have given separate consent, and only by the channel you have consented to. You may withdraw such consent at any time.

3.9. To comply with applicable law and lawful requests of governmental, regulatory, judicial, or law enforcement authorities.

4. Legal basis under the DPDP Act

4.1. We Process your Personal Data on the following lawful bases under the DPDP Act:

4.1.1. Consent - for marketing communications, optional analytics cookies, and any Processing for which the DPDP Act requires consent.

4.1.2. Certain legitimate uses (Section 7 DPDP Act) - including Processing necessary to perform the Service you have requested, to comply with law, to respond to a medical emergency, or for employment-related purposes.

4.2. Where we rely on your consent, you may withdraw it at any time by contacting us at doorfixmobile@gmail.com. Withdrawal does not affect Processing done before the withdrawal.

5. How we share your data

5.1. Service providers. We share data with carefully selected Data Processors who help us run our business, including cloud hosting, payment gateways, communication providers (SMS, email, WhatsApp), accounting and tax providers, and analytics providers. These Processors are bound by contract to handle your data only on our instructions and only for the purposes we permit.

5.2. Third-party motherboard repair vendors. If the Service requires motherboard or chip-level work, the Device will be sent to a third-party repair vendor only after you sign a separate Third-Party Vendor / Motherboard Outsourcing Consent. The vendor will not be given access to your personal data on the Device; they will receive only the Device, the symptom, and the IMEI as needed.

5.3. Law enforcement and regulators. We may share data when required by law, court order, or governmental request, or to protect our rights and the safety of others.

5.4. Business transfers. In the event of a merger, acquisition, or sale of all or part of our business, your data may be transferred to the acquiring entity, which will be bound by this Policy or a successor policy that offers equivalent protection.

5.5. No sale of personal data. We do not sell your Personal Data.

6. The data on your Device

6.1. The Company's Technicians are instructed by policy not to access, view, copy, or back up any personal data stored on your Device. This includes photos, videos, contacts, messages, call logs, emails, app data, banking apps, payment apps, social media accounts, browsing history, and stored credentials.

6.2. Where a Service requires the Device to be powered on and unlocked (for example, to confirm functionality after a display replacement), the Technician will request a temporary unlock and will only access the screen areas required for the functional check. You should consider removing or temporarily locking sensitive apps before tendering the Device.

6.3. You are responsible for backup. Before tendering the Device for Service, you must back up any data you wish to preserve. We do not back up data. See the separate Data Loss, Backup and Device Access Disclaimer.

6.4. Some Services (for example, certain charging-port or display repairs) carry an inherent risk of factory reset or data loss. We are not liable for any loss of data arising from the Service.

7. Cookies and similar technologies

7.1. Our website uses essential cookies to provide core functionality (such as session management and security). These cookies do not require consent.

7.2. With your consent, we may also use analytics cookies and similar trackers to understand how our website is used and to improve it.

7.3. You can manage cookie preferences through the cookie consent banner on our website. You can also clear or block cookies through your browser settings, though doing so may affect the functionality of the website.

8. Data retention

8.1. We retain Personal Data only for as long as needed for the purposes set out in this Policy or as required by law.

8.2. Service records. Three (3) years from the date of Service. This period covers the Extended Warranty window, applicable tax record-keeping, and the limitation period for most consumer disputes.

8.3. Financial and tax records. Eight (8) years from the relevant financial year, as required by Indian tax laws.

8.4. Marketing communications. Until you withdraw consent or unsubscribe.

8.5. Identification documents. Where collected, deleted within ninety (90) days of completion of the Service, unless retention is required by law.

8.6. After the retention period, your Personal Data is either deleted or anonymised so that you can no longer be identified.

9. Your rights as a Data Principal

Under the DPDP Act, you have the following rights in respect of your Personal Data:

9.1. Right to access - to obtain a summary of the Personal Data we hold about you and the Processing activities we have undertaken.

9.2. Right to correction and erasure - to ask us to correct inaccurate or incomplete Personal Data or to erase Personal Data that is no longer necessary.

9.3. Right to grievance redressal - to lodge a complaint about our handling of your Personal Data. See clause 13 and the Grievance Redressal Policy.

9.4. Right to nominate - to nominate another individual to exercise your rights in the event of your death or incapacity.

9.5. Right to withdraw consent - to withdraw consent that you have previously given, at any time.

9.6. To exercise any of these rights, please contact our Grievance Officer at the details in clause 13. We will respond within a reasonable time and in any case in accordance with the timelines under the DPDP Act.

10. Children's data

10.1. Our Services are intended for users aged 18 years and above. We do not knowingly collect Personal Data of a child (a person under 18) or of a person with disability without the verifiable consent of the parent or lawful guardian. If you believe we have collected such data inadvertently, please contact us so we can delete it.

11. Security

11.1. We maintain reasonable security safeguards to protect Personal Data against unauthorised access, alteration, disclosure, or destruction, in line with the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 and the DPDP Act.

11.2. Despite our best efforts, no system is perfectly secure. If a personal data breach affecting your data occurs, we will notify the Data Protection Board of India and the affected Data Principals as required by the DPDP Act.

12. Cross-border transfers

12.1. Personal Data may be Processed and stored in India and in such other jurisdictions as the Central Government may notify under the DPDP Act for cross-border transfer. We do not transfer Personal Data to jurisdictions to which transfer is restricted under the DPDP Act.

13. Grievance Officer

13.1. As DoorFix Mobile is a small-business Data Fiduciary (not a "Significant Data Fiduciary" notified under the DPDP Act), we are not required to appoint a separate Data Protection Officer. The Grievance Officer below is the single point of contact for both service complaints and personal-data complaints under the DPDP Act and the IT Act.

13.2. Grievance Officer:

13.3. We will acknowledge complaints within seventy-two (72) hours of receipt and aim to resolve them within thirty (30) days, in accordance with the Grievance Redressal Policy.

13.4. Escalation to the Data Protection Board of India. If you are not satisfied with our response, you may approach the Data Protection Board of India established under the DPDP Act.

14. Changes to this Policy

14.1. We may update this Policy from time to time. The "Last Updated" date at the top reflects the latest revision. Material changes will be communicated by email or by a notice on our website.

15. Contact

For any question about this Policy or about your Personal Data, please contact us:

Acceptance. By tapping Book Now, by signing the Pre-Service Consent, or by using our website or app, you acknowledge that you have read, understood, and accepted this Policy.

Related Documents

Terms of Service Data Loss Disclaimer Grievance Redressal All policies