Privacy Policy

Effective date: 14 July 2026 · Last updated: 14 July 2026

dlabla ("dlabla", "we", "us") is a travel companion platform operated from Pune, Maharashtra, India. This Privacy Policy explains what information we collect through the dlabla mobile application and the website dlabla.com (together, the "Service"), why we collect it, how it is used and protected, and the choices you have. By using dlabla you agree to this policy.

1. Information we collect

CategoryExamplesWhen
Account dataName, mobile number, email address, password (stored as a secure hash), date of birth, genderSign-up and profile editing
Profile dataPhoto, bio, interests, languages, travel preferencesOptional, provided by you
Identity verification (KYC)Government ID images and a selfieOnly if you choose to verify your identity
Emergency contactsName, phone number and relation of contacts you nominateRequired before publishing or joining a trip
Trip & activity dataTrips you host or join, join requests, reviews, expenses you record, group chat and direct messagesAs you use the Service
Location dataPrecise GPS coordinatesOnly when you tap SOS or share a trip check-in — never continuous background tracking
Device dataPush notification token, device model, OS version, app version, IP address, crash logsAutomatically

2. How we use information

3. What we never do

4. Sharing

Limited data is shared only with: (a) other travellers — your public profile (name, photo, bio, interests, verified badge, reviews) and the trips you publish; (b) service providers — Google Firebase (phone verification and push notifications), SMS delivery providers (OTP and SOS messages) and our hosting providers, each bound to process data only on our instructions; (c) your emergency contacts — your name and live location, only when you trigger SOS; (d) authorities — where required by applicable law or to respond to valid legal process, or to protect the safety of any person.

5. Storage & security

Data is stored on secured servers. ID documents are kept in private, access-controlled storage and are never publicly reachable. Passwords are hashed with bcrypt. All traffic uses HTTPS/TLS. Access to personal data within our team is role-restricted and logged.

6. Retention

We keep your data while your account is active. When you delete your account, personal data, KYC documents, emergency contacts and device tokens are removed within 30 days, except minimal records we must retain under Indian law (for example, fraud-investigation or tax records) or content already shared with others where removal is technically impossible (e.g. your messages quoted in another user's report).

7. Your rights

Under India's Digital Personal Data Protection Act, 2023 and comparable laws, you may access, correct, update or delete your personal data, withdraw consent, and nominate a person to exercise your rights. Most actions are available in the app (Profile → Edit; Settings → Delete account). For anything else, email us — we respond within 30 days.

8. Children

dlabla is for users aged 18 and above. We do not knowingly collect data from minors; suspected underage accounts are removed.

9. Changes

We may update this policy as the Service evolves. Material changes are announced in-app at least 7 days before taking effect. Continued use after the effective date means acceptance.

10. Contact & grievances

Data requests and grievances (including under the DPDP Act and IT Rules 2021):
dlabla — Grievance Officer
Email: support@dlabla.com
Pune, Maharashtra, India