Privacy Policy
Last updated: 3 July 2026
Who we are
BBSR.one ("we", "us") operates a curated business directory for Bhubaneswar, Odisha, available at https://bbsr.one. This policy explains what personal data we collect, why, and the choices you have. We aim to comply with India's Digital Personal Data Protection Act, 2023 (DPDP Act).
Data we collect
- Account data — name, email, and password (hashed) when you register.
- Enquiry data — name, email, phone, and message when you contact a business through our enquiry form. This is shared with the business (or forwarded by our team when the business has not yet joined the platform).
- Reviews — the content you submit, linked to your account, moderated before publication.
- Payment data — membership payments are processed by Razorpay. We never see or store your card, UPI, or bank details; we store only the payment reference and subscription status.
- Usage data — page views and contact-button taps, recorded with a hashed session identifier. We use privacy-respecting analytics and do not sell or share behavioural data.
Business listing data
Listings contain business information (name, address, phone, category) compiled from publicly available sources and direct contact with businesses. If a listing describes your business and you want it corrected or removed, use the "Update or remove my listing" link on the listing page — we act on such requests within 72 hours. See our verification policy.
How we use data
- To operate the directory: showing listings, delivering enquiries to businesses, displaying moderated reviews.
- To manage memberships and payments via Razorpay.
- To send transactional emails (enquiry notifications, subscription reminders). We do not send marketing email without consent.
- To keep the service secure: rate limiting, abuse prevention, and error monitoring.
Sharing
We share data only with: the business you choose to contact (your enquiry), our payment processor (Razorpay), and infrastructure providers that host our servers, storage, and email delivery. We do not sell personal data.
Retention
Account data is kept while your account exists. Enquiries are retained so businesses can follow up. Click analytics are automatically deleted after 12 months. Encrypted database backups are retained for 30 days.
Your rights
You may request access to, correction of, or deletion of your personal data by writing to us via the contact page. We respond within a reasonable time and in line with the DPDP Act.
Changes
We'll update this page when our practices change and revise the date above.