Your data, the dealbyu way.

• • We collect what we need. Name, contact, address, payment data (passed to the payment gateway, not stored on our servers), order history, support chats.
• • We never sell your data. Period.
• • We share with vendors who help fulfil your order. Payment gateways (Razorpay, PayU, Cashfree), shipping partners (Shiprocket, Delhivery), email and WhatsApp providers, analytics tools, and our hosting / database provider (Firebase / Google Cloud).
• • You have rights under the DPDP Act — to access, correct, erase, withdraw consent, and complain. See the Your Rights section.
• • You can reach our Grievance Officer at support@dealbyu.com.

This policy applies to personal data that dealbyu (operated by sole proprietor Vijay Kumar Nishad) collects when you visit our website, place an order, use our repair, sell-to-us or PC builder services, contact us via support, walk into our service centre, or otherwise interact with the dealbyu business.

We are the "Data Fiduciary" under the DPDP Act for the data described here. You are the "Data Principal." References to "we", "us", "our", "dealbyu" mean the dealbyu business; "you" and "your" mean the person whose data we hold.

We collect data only to the extent we need it. The categories are:

• Fulfilment. Process your orders, ship items, accept returns, replace damaged goods, settle dealbyu credits.
• Service delivery. Run repair tickets, sell-to-us quotes, custom-build orders, post-sale support, walk-in queues.
• Compliance. Issue GST invoices on new products, retain records as required by Indian tax law and the Consumer Protection (E-Commerce) Rules, 2020.
• Security & fraud prevention. Detect suspicious activity, prevent payment fraud, protect our staff and customers.
• Communication. Send order updates, replacement-claim updates, and (with your consent) marketing about offers, flash sales, and product launches.
• Improvement. Use aggregated, de-identified analytics to improve listings, search, and the dealbyu site.

We process your personal data on one of the following lawful bases under the Digital Personal Data Protection Act, 2023:

• Your consent — for marketing emails, marketing WhatsApp messages, optional analytics cookies, and optional account features. You can withdraw consent at any time (see Your Rights).
• Necessary for performance of a contract with you — order fulfilment, shipping, returns, dealbyu credits, repair / sell-to-us tickets.
• Legitimate uses as recognised under the DPDP Act — fraud prevention, debugging, statutory compliance, responding to legal processes.

We share only the data each of these vendors needs to do their job, under written agreements that require them to keep your data confidential and limit its use to that purpose.

Where any of these vendors are located outside India, we ensure the transfer complies with the DPDP Act and the rules made under it, and we do not transfer data to any country in respect of which the Central Government has issued a notification of restriction.

We use two kinds of cookies:

• Essential cookies — needed for the site to work (cart contents, login state, CSRF tokens, language). These are set without consent because the site cannot function without them.
• Optional cookies — analytics (Google Analytics) and marketing (Meta Pixel, retargeting). These are set only after you click "Accept all" on the cookie banner. You can change your choice at any time by clearing the dealbyu cookie consent in your browser; the banner will reappear on the next visit.

If you subscribe to our newsletter, opt in to WhatsApp marketing, or accept marketing cookies, we may send you occasional messages about offers, flash sales, new arrivals, and dealbyu services. You can opt out at any time by:

• clicking the unsubscribe link in any marketing email;
• replying STOP to any marketing WhatsApp / SMS;
• or emailing support@dealbyu.com from the address subscribed.

Transactional messages — order confirmations, dispatch notices, replacement updates, repair status — are not marketing and continue to be sent to fulfil your order.

• Order records, GST invoices, accounting — kept for as long as required by Indian tax law (currently 8 years from the end of the relevant financial year).
• Account, contact and address data — kept while your account is active and for 18 months after the last interaction. You may request earlier deletion (see Your Rights).
• Support and repair tickets — kept for 24 months for warranty and quality purposes.
• Marketing data — kept until you withdraw consent.
• Analytics data — retained at the analytics tool's default windows (typically up to 26 months).

Under the DPDP Act, you have the following rights:

• Right to access. Ask us what personal data we hold about you and a summary of the processing.
• Right to correction. Ask us to correct inaccurate or incomplete data.
• Right to erasure. Ask us to delete your personal data, subject to data we are required to keep by law (e.g. tax records).
• Right to withdraw consent. Withdraw consent at any time for processing that relies on it (e.g. marketing) — without affecting processing done before the withdrawal.
• Right to nominate. Nominate another individual to exercise your rights in case of your death or incapacity.
• Right to grievance redressal. Lodge a complaint with our Grievance Officer (see below). If unresolved, you may approach the Data Protection Board of India.

To exercise any of these rights, email us at support@dealbyu.com with the subject line "Privacy request — <your request>". We will respond within 30 days, as required by the DPDP Act.

We protect your data with reasonable technical and organisational measures: HTTPS / TLS for all traffic, encrypted-at-rest storage with our cloud provider, role-based access for staff, multi-factor authentication on admin accounts, periodic backups, and least-privilege access for vendor integrations. Payment data is tokenised by the payment gateway you use (Razorpay / PayU / Cashfree) and never lands on our servers.

No system is perfectly secure. If you believe your account or data has been compromised, contact us immediately so we can act. We will notify you and the Data Protection Board of India in accordance with the DPDP Act if a breach materially affects you.

dealbyu hosts the website and database on Firebase / Google Cloud in India where supported (region asia-south1, Mumbai). Some of our vendors (analytics, advertising) may process data from servers outside India. We rely on contractual safeguards required by the DPDP Act and only transfer data to countries that are not subject to a restriction notification by the Central Government.

dealbyu is not directed to children under 18 years of age. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided personal data to us, please contact us at support@dealbyu.com and we will delete it.

We may update this policy from time to time. The latest version is always at /privacy with the effective date at the top. For material changes (for example, new categories of data or new vendors), we will use reasonable means to notify you — typically a banner on the site, an email if you have an account, or a WhatsApp message if you opted in.

In accordance with the Information Technology Act, 2000, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the DPDP Act, the contact details of the Grievance Officer of dealbyu are:

We acknowledge grievances within 48 working hours and resolve them within 30 days, as required by the applicable rules. If you are not satisfied with our resolution, you may approach the Data Protection Board of India under the DPDP Act.