Back to home

Privacy Policy

Last updated · 19 May 2026

This Privacy Policy explains what data Spotig Sports collects when you use spotig.com, why we collect it, who we share it with, and the rights you have over your data under India's Digital Personal Data Protection Act, 2023 (DPDP Act).

1. Who we are

Spotig Sports (referred to as "Spotig", "we", "us", or "our") is a sole proprietorship registered in India. Our GSTIN is 06EPLPA4273P1ZF and our principal place of business is at Faridabad, Haryana, India.

2. Data we collect

We collect the following categories of personal data:

  • Identity & contact data: name, mobile number, email address, date of birth (optional), shipping/billing addresses.
  • Business data (B2B only): business name, GSTIN, point of contact details.
  • Order & transaction data: products ordered, prices, shipping method, payment method (we do not store card numbers), order history, tracking events.
  • Device & usage data: IP address, browser type, device type, pages visited, time on site, clicks. Collected via cookies and similar technologies — see Section 7.
  • Communications: emails, WhatsApp messages, or support tickets exchanged between you and Spotig.

We do not knowingly collect data from individuals under 18. If you are under 18, please do not provide your personal data on this site.

3. Why we collect it

  • To fulfill your orders, dispatch goods, and process refunds.
  • To verify your identity at sign-in (OTP, password, OAuth).
  • To issue GST-compliant invoices and meet statutory tax obligations.
  • To send you order updates via SMS, email, and WhatsApp.
  • To handle returns, replacements, and customer support.
  • To improve the storefront — understand which products are popular, where visitors come from, what fails on which device.
  • To prevent fraud, abuse, and policy violations.
  • To send marketing messages — only with your explicit consent. You can withdraw consent at any time.

4. Who we share it with

We share only the minimum data needed with the following service providers, each bound by their own privacy obligations:

  • Razorpay (payments) — we send your name, phone, email, and payable amount. Razorpay handles card/UPI/wallet data directly; we never see your full card number.
  • Shiprocket (logistics) — we share your name, phone, address, and order details so they can pick up and deliver your shipment.
  • MSG91 (SMS / OTP) — we send your phone number and the message content (e.g. OTP, order tracking link).
  • Supabase (authentication + database hosting) — your account data and order history are stored on Supabase's infrastructure.
  • Vercel + Cloudflare (web hosting + CDN) — store request logs and basic device data for security and performance.
  • PostHog and Google Analytics (product analytics) — receive anonymised event data (page views, clicks) and a hashed device identifier. No personally identifiable information.
  • Sentry (error monitoring, EU region) — receives JavaScript stack traces, browser version, and an anonymised session ID when something goes wrong on the site. We configure Sentry not to collect your IP address or identifying profile data, and error reports are sent only after you accept analytics cookies.
  • Resend (transactional email) — receives your email address and the message body for order confirmations and notifications.

We do not sell your personal data. We do not share it with third-party advertisers. We will disclose data to law enforcement if required by a valid Indian legal process.

5. Where it's stored

Most of your data is processed and stored on servers located outside India:

  • Supabase (your account, addresses, orders) — United States
  • Cloudflare R2 (product images, return-claim photos) — global edge network
  • Sentry (error events, anonymised) — European Union
  • Vercel (request logs, edge caches) — global edge network with primary region in the United States
  • PostHog & Google Analytics — United States
  • Razorpay (payment metadata) — India
  • Shiprocket (shipping address & phone) — India
  • MSG91 (your phone number & SMS text) — India

These transfers are permitted under Section 16 of the Digital Personal Data Protection Act, 2023, which allows personal data to be transferred to any country or territory that the Central Government has not restricted by notification. We maintain data-processing agreements with each provider that require them to safeguard your data and process it only on our instructions. Payment data handled by Razorpay is stored in India in line with Reserve Bank of India directions.

6. How long we keep it

  • Order data: 7 years (Indian statutory tax requirement).
  • Account profile: until you request deletion, or 5 years after your last sign-in — whichever is earlier.
  • Cart abandonment data: 90 days.
  • Marketing communication records: until you withdraw consent.
  • Analytics events: 1 year, then anonymised.

7. Cookies and similar technologies

We use cookies and local storage for:

  • Essential: session authentication, cart state, theme preference. These cannot be disabled — the site won't work without them.
  • Analytics: PostHog and Google Analytics. Anonymised. You can opt out via our cookie banner.
  • Marketing: Meta Pixel and Google Ads conversion tags (once enabled). Only loaded with your consent.

8. Your rights under the DPDP Act

  • Access: request a copy of the personal data we hold about you.
  • Correction: request that we update inaccurate data.
  • Erasure ("right to be forgotten"): request that we delete your account and PII. We will action this within 30 days; order history is retained in a pseudonymised form for the 7-year statutory window.
  • Portability: request your data in a machine-readable JSON export.
  • Grievance redressal: raise a concern with our grievance officer.

To exercise any of these rights, email support@spotig.com from your registered address. We will respond within 30 days.

9. Security

All traffic to spotig.com is encrypted via TLS 1.3. Passwords are hashed by Supabase using bcrypt; we never store them in plain text. Card data is handled entirely by Razorpay and never touches Spotig's servers. Admin actions are logged for audit. Despite our best efforts, no online service is ever 100% secure — please use a strong, unique password.

10. Grievance officer

In accordance with the Information Technology Act, 2000 and the DPDP Act, 2023, the name and contact details of our Grievance Officer are:

  • Name: Rajat Arora
  • Email: grievance@spotig.com
  • Phone: +91 98918 10918
  • Address: Faridabad, Haryana, India

11. Changes to this policy

We may revise this policy from time to time. The "Last updated" date at the top reflects the current version. Material changes will be communicated by email to registered users.

12. Contact us

Questions about this policy? Email support@spotig.com.