Privacy Policy

Last updated on 17-May-2026

gOutbound ("we", "us", "the platform") connects Indian businesses with freelance telecallers. This Privacy Policy explains what personal data we collect through the gOutbound website (goutbound.com) and the gOutbound mobile app, why we collect it, who we share it with, and the rights you have under Indian law including the Digital Personal Data Protection Act, 2023 ("DPDP Act").

By using the platform, you agree to the practices described here.

Information We Collect

We collect personal information when you visit the website, create an account, complete KYC, transact, or communicate on the platform. This includes:

  • Account information — Name, email address, phone number, password (stored as a hash), and role (client or freelancer).
  • Profile information — Profile photo, skills, languages, bio, work experience, education, and certifications for freelancers; business profile and contact details for clients.
  • KYC and identity verification — Aadhaar reference token issued by DigiLocker (we do not store your raw Aadhaar number), a face/liveness photo captured during onboarding and verified by our partner (Meon), and geolocation captured by the DigiLocker SDK only during verification.
  • Financial information — Bank account number, IFSC, holder name and address for freelancer payouts (stored encrypted in our backend); UPI virtual payment addresses only as routed through your chosen UPI app. gOutbound does not store your UPI PIN, card numbers, or banking credentials.
  • Transaction records — Gig payments, wallet recharges, withdrawals, and gOutbound+ subscription history.
  • Marketplace activity — Gigs you post or browse, proposals you submit or receive, orders, deliverables, in-app chat messages, files you share with other users, ratings, and reviews.
  • Device and technical information — Device identifiers, operating system, app version, push notification tokens (Firebase Cloud Messaging and OneSignal), app crash and diagnostic logs, and IP address from server logs.
How We Use Your Information
  • To operate the marketplace: matching, posting, ordering, messaging, and payouts.
  • To verify identity so users can trust profiles.
  • To send service notifications about proposals, orders, messages, payments, and KYC status.
  • To prevent fraud, enforce community rules, and resolve disputes.
  • To improve the product through aggregated, non-identifying analytics.
  • To comply with legal, tax, and regulatory obligations.
Who We Share Information With

We never sell your data and never share it with advertisers. We do share it with the following processors, only to the extent needed to provide the service:

  • Other users of the platform — your public profile fields (name, photo, skills, languages, bio, ratings) and any messages or files you choose to send.
  • Google (Firebase Authentication, Cloud Messaging, Analytics) — for sign-in, push notifications, and anonymised analytics.
  • Appwrite (data hosted in Frankfurt, EU) — our primary backend storage for profiles, gigs, orders, messages, and transactions.
  • OneSignal — push notification delivery.
  • DigiLocker and Meon — Aadhaar and face/liveness KYC verification, only during onboarding.
  • UPI apps you select (Paytm, PhonePe, Google Pay, NPCI) — only when you initiate a payment, and only the minimum needed (amount, payee VPA).
  • Shorebird — app version metadata to deliver over-the-air updates.
  • Law enforcement — only on a legally valid request.
Data Retention
  • Account data is retained for as long as your account is active.
  • KYC verification records are retained for the period required under Indian KYC and AML regulations (typically up to 5 years after the last transaction).
  • Transaction records are retained for at least 7 years for tax and audit compliance (Income Tax / GST).
  • Other data is deleted within 30 days of account closure unless retention is required by law.
Your Rights Under the DPDP Act

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data (most fields can be edited in-app; for others, email support).
  • Withdraw consent and request deletion. See our Delete Account page for the full process. Legally required records (KYC, tax) cannot be deleted before their retention period expires.
  • Nominate a person to exercise your rights in case of incapacity.
  • Lodge a complaint with the Data Protection Board of India.
Children

gOutbound is intended for users aged 18 and over. We do not knowingly collect data from anyone under 18. If you believe a minor has provided us with personal data, please contact us and we will delete it.

Data Security
  • All network traffic is encrypted in TLS (HTTPS).
  • Authentication is handled by Firebase and Appwrite using industry-standard practices.
  • Sensitive backend data is access-controlled per user role.
  • Despite our efforts, no system is perfectly secure. Use a strong password and enable biometric unlock where available.
Account Deletion

You may delete your account at any time. For the full process, what data is removed, and what is retained for legal reasons, see our Delete Account page.

Changes to This Policy

We may update this policy from time to time. Material changes will be posted here and surfaced in-app. The "Last updated" date at the top reflects the most recent revision.

Contact Information

For any questions about your privacy or to exercise your rights, contact us at support@goutbound.com or call our toll-free number 1800 8899 697 (Mon–Sat, 10 AM – 6 PM IST).