"One Platform. Every Service. Total Peace of Mind."

Privacy Policy – One Stop Service

Effective Date: 01 February 2026

Introduction

One Stop Service (“we”, “us”, “our”, or “the Platform”) is a multidisciplinary service platform offering a wide range of services, including household repairs, solar solutions, interior design, transport, dairy, vehicle repair, event management, air conditioning, and other services. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, share, store, and protect your personal data when you access or use our website, mobile application, or any related services (collectively, “Services”). It is designed in accordance with the Digital Personal Data Protection Act, 2023 (“DPDP Act”), the Digital Personal Data Protection Rules, 2025 (“DPDP Rules”), the Information Technology Act, 2000.

By accessing or using our Services, you consent to the collection, use, storage, disclosure, and processing of your information as described in this Privacy Policy. If you do not agree with this Policy, please do not use our Services.

Scope and Application

This Privacy Policy applies to all users of One Stop Service, including customers, service professionals, vendors, partners, employees, contractors, and any third parties who interact with our Platform. It governs all personal data collected, processed, or stored by us in connection with the provision of our Services, regardless of the device or medium used to access the Platform.

This Policy is binding on all individuals and entities who access, use, or provide services through our Platform, including but not limited to our head office, branch offices, employees, representatives, and authorized agents.

Definitions and Key Terms

To ensure clarity, the following terms are used as defined under the DPDP Act and Rules:

  • Data Fiduciary: The entity (here, One Stop Service) that determines the purpose and means of processing personal data.

  • Data Principal: The individual to whom the personal data relates (e.g., customers, service professionals).

  • Processing: Any operation performed on personal data, including collection, storage, use, sharing, erasure, or destruction.

  • Personal Data: Any data about an individual who is identifiable by or in relation to such data.

  • Sensitive Personal Data: Includes financial information (bank account, credit/debit card details), passwords, health data, biometric data, sexual orientation, and other categories as defined by law.

  • Consent: A clear, specific, informed, and unambiguous indication of the Data Principal’s wishes, given freely for processing their personal data.

  • Consent Manager: An entity registered with the Data Protection Board that enables Data Principals to manage, grant, withdraw, or review their consent.

  • Data Processor: Any person or organization that processes personal data on behalf of a Data Fiduciary.

  • Grievance Officer: The designated individual responsible for addressing privacy-related complaints and queries.

Types of Personal Data Collected

We collect various categories of personal data to provide and improve our Services. The types of data collected depend on your interaction with the Platform and may include:

1. Identity and Contact Data

  • Name, address, email, phone number, date of birth, gender, profile photograph, and government-issued identification (e.g., Aadhaar, PAN, Voter ID, passport).

2. Service and Transaction Data

  • Details of services requested or provided, booking and transaction history, payment information (UPI ID, credit/debit card details, wallet information), billing and delivery addresses.

3. Technical and Usage Data

  • Device information, IP address, browser type, operating system, device identifiers, access times, page views, clicks, user journey, and usage patterns.

4. Location Data

  • Real-time or last-known location, as permitted by device settings.

5. Communication and Support Data

  • Chat and call records, support tickets, emails, feedback, reviews, survey responses, and other user-generated content.

6. Demographic and Profile Data

  • Age, gender, marital status, occupation, preferences, interests, and other profile information.

7. Sensitive Personal Data

  • Financial information (bank account, card details), health data (if relevant to service), biometric data (if used for authentication), and other special categories as defined by law.

8. Data from Third Parties

  • Information received from service professionals, partners, payment processors, analytics providers, public sources, and affiliate entities.

9. Employee and Contractor Data

  • For employees and contractors: name, contact details, employment records, KYC documents, educational qualifications, and other HR-related data.

Note: We do not intentionally collect personal data from children under 18 years of age without verifiable parental consent. For persons with disabilities, consent must be obtained from a lawful guardian.

How Data is Collected

We collect personal data through the following means:

1. Direct Collection

  • When you create an account, request or provide services, fill out forms, participate in surveys, contact support, or otherwise interact with the Platform.

2. Automated Collection

  • Through cookies, web beacons, pixel tags, server logs, and similar technologies that track your activity on the Platform.

3. Third-Party Sources

  • From service professionals, payment processors, analytics providers, partners, and publicly available sources.

4. Device and Application Data

  • Automatically collected technical and usage data from your device or application when you access our Services.

5. KYC and Verification

  • Through submission of government-issued documents for identity verification, as required by law or for certain services.

We do not collect more data than necessary and always inform you of the purpose and scope of data collection at the time of collection.

Purposes of Data Use

We process your personal data only for specified, explicit, and legitimate purposes, including but not limited to:

  • Service Delivery: To provide, manage, and improve our Services, including facilitating bookings, matching customers with service professionals, and delivering requested services.

  • Identity Verification and Security: To verify your identity, prevent fraud, and ensure the security of our Platform.

  • Payments and Transactions: To process payments, refunds, and related financial transactions securely.

  • Customer Support: To respond to your queries, feedback, complaints, and requests for assistance.

  • Personalization: To tailor service recommendations, offers, and content based on your preferences and usage patterns.

  • Marketing and Communications: To send you service updates, promotional offers, newsletters, and marketing communications, subject to your consent and preferences.

  • Analytics and Research: To analyze usage trends, monitor Platform performance, and conduct research to enhance our Services.

  • Legal and Regulatory Compliance: To comply with applicable laws, regulations, and legal obligations, including responding to law enforcement requests.

  • Grievance Redressal: To address and resolve complaints, disputes, and grievances.

  • Employee and Contractor Management: For HR, payroll, compliance, and administrative purposes.

  • Anonymized and Aggregated Data Use: To generate statistical or demographic insights that do not identify individuals.

We do not use your personal data for purposes incompatible with those stated above without obtaining your explicit consent.

Legal Bases and Consent Mechanisms

1. Consent

We obtain your free, specific, informed, and unambiguous consent before collecting or processing your personal data, except where processing is required by law or for contractual necessity. Consent is sought through clear notices in plain language, and you have the right to withdraw your consent at any time, with the ease comparable to giving consent.

2. Legitimate Uses

In certain cases, we may process your data without consent if required for:

  • Performance of a contract (e.g., fulfilling a service request).

  • Compliance with legal obligations (e.g., KYC, tax, regulatory requirements).

  • Protection of vital interests (e.g., safety, emergency situations).

  • Legitimate interests, provided such interests do not override your rights and freedoms.

3. Consent Management

We use consent management systems and, where applicable, registered Consent Managers to enable you to view, manage, and withdraw your consents easily. Consent notices are available in multiple languages and accessible formats, as required by law.

Data Sharing and Disclosure

We do not sell your personal data to third parties. We may share your data only as necessary for the purposes stated in this Policy, and always with appropriate safeguards:

1. Service Providers and Partners

  • With service professionals, vendors, logistics partners, payment processors, and other third parties who assist in delivering our Services.

  • With analytics, marketing, and IT service providers who process data on our behalf under strict contractual obligations.

2. Affiliates and Group Companies

  • With our affiliates and group companies for internal business purposes, provided such sharing is consistent with this Policy.

3. Legal and Regulatory Authorities

  • When required by law, regulation, court order, or government request.

  • To protect our rights, property, safety, or that of our users or the public.

4. Business Transfers

  • In connection with mergers, acquisitions, restructuring, or sale of assets, provided the recipient agrees to uphold privacy commitments.

5. Account Aggregators and Integrations

  • With account aggregators and third-party platforms, only with your explicit consent and in compliance with applicable frameworks (e.g., RBI Account Aggregator Framework).

6. Other Users

  • With other users of the Platform, where necessary for service fulfillment (e.g., sharing contact details between customer and service professional).

All third-party data sharing is governed by Data Sharing Agreements, ensuring confidentiality, security, and compliance with Indian law.

Third-Party Services and Integrations

Our Platform may contain links to third-party websites, plug-ins, applications, and services (“Third-Party Services”). We do not control or endorse these Third-Party Services and are not responsible for their privacy practices. When you access such services, their privacy policies apply. We recommend reviewing the privacy policies of all third-party providers before sharing your data.

Cookies, Tracking Technologies, and Analytics

We use cookies and similar tracking technologies to enhance your experience, analyze usage, and deliver personalized content and advertisements.

1. Types of Cookies Used

  • Essential Cookies: Necessary for the operation of the Platform.

  • Analytical Cookies: Help us understand how users interact with the Platform.

  • Functionality Cookies: Remember your preferences and settings.

  • Advertising and Retargeting Cookies: Track browsing history to deliver relevant ads.

2. Cookie Consent

Under the DPDP Act and Rules, we obtain your explicit consent before using cookies that collect personal data. You may accept or reject cookies through our cookie banner or preferences center. Essential cookies are active by default; other cookies are activated only upon your consent.

3. Managing Cookies

You can manage or withdraw your cookie preferences at any time through your browser settings or our cookie management tool. Disabling certain cookies may affect the functionality of the Platform.

4. Third-Party Cookies

Some cookies may be placed by third-party service providers (e.g., analytics, advertising networks). We do not control these cookies and recommend reviewing the privacy policies of such providers.

Data Retention and Deletion

We retain your personal data only as long as necessary to fulfill the purposes stated in this Policy or as required by law.

1. Retention Periods

  • Service and transaction data: Retained for the duration of your relationship with us and as required for legal, accounting, or regulatory purposes.

  • Marketing data: Retained until you withdraw consent or unsubscribe.

  • Employee and contractor data: Retained as per HR, tax, and legal requirements.

  • Logs and backups: Retained for a minimum period as required by law (typically one year), after which they are securely deleted.

2. Deletion and Erasure

You may request deletion of your personal data at any time. Upon receiving a valid request, we will erase your data unless retention is required by law (e.g., for tax, regulatory, or dispute resolution purposes). We will notify you of any data that cannot be deleted and the reasons for such retention.

3. Anonymized and Aggregated Data

We may retain anonymized or aggregated data for analytics, research, and business purposes. Such data cannot be used to identify you.

User Rights and How to Exercise Them

As a Data Principal, you have the following rights under the DPDP Act and Rules:

1. Right to Access

You may request a summary of your personal data processed by us, including processing purposes and recipients.

2. Right to Correction, Completion, and Updating

You may request correction of inaccurate or misleading data, completion of incomplete data, and updating of outdated data.

3. Right to Erasure

You may request deletion of your personal data, subject to legal retention requirements.

4. Right to Withdraw Consent

You may withdraw your consent for processing at any time, with the same ease as giving consent. Upon withdrawal, we will cease processing your data for the relevant purposes.

5. Right to Nominate

You may nominate another person to exercise your rights in the event of your death or incapacity.

6. Right to Grievance Redressal

You may raise complaints regarding data processing, which will be addressed by our Grievance Officer within the prescribed timelines.

To exercise your rights, please use the self-service dashboard on our Platform or contact our Grievance Officer (see Contact Information below). We will respond to all requests within 90 days, as mandated by law.

Security Measures and Reasonable Security Practices

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction.

1. Technical Safeguards

  • Encryption of data at rest and in transit.

  • Access controls and authentication mechanisms.

  • Regular security audits, vulnerability assessments, and penetration testing.

  • Secure storage and backup systems.

  • Monitoring and logging of access to personal data.

2. Organizational Safeguards

  • Employee training on data privacy and security.

  • Strict internal policies and procedures for data handling.

  • Vendor and third-party risk assessments.

  • Incident response and breach management protocols.

3. Payment Data Security

  • Compliance with Payment Card Industry Data Security Standard (PCI DSS) for handling card data.

  • Secure payment gateways and tokenization of sensitive financial information.

4. Data Minimization and Purpose Limitation

  • Collecting only the data necessary for specified purposes.

  • Limiting access to personal data to authorized personnel.

Data Breach Notification and Incident Response

In the event of a personal data breach, we will promptly notify the Data Protection Board of India and all affected individuals, as required by law.

1. Notification Timelines

  • Data Protection Board: Notified without delay and within 72 hours of becoming aware of the breach.

  • Affected Individuals: Notified without undue delay, with clear information on the nature of the breach, likely consequences, and recommended actions.

2. Incident Response

  • Immediate containment and investigation of the breach.

  • Implementation of remedial measures to mitigate risks.

  • Documentation and reporting of the incident for regulatory compliance.

3. Dual Reporting

  • In addition to DPDP requirements, certain incidents may require reporting to the Indian Computer Emergency Response Team (CERT-In) within six hours, as per IT Act and CERT-In Directions.

4. Penalties

  • Failure to comply with breach notification obligations may result in penalties up to ₹250 crore.

Children and Vulnerable Persons

We are committed to protecting the privacy of children and vulnerable persons.

1. Children’s Data

  • We do not knowingly collect personal data from children under 18 years of age without verifiable parental or guardian consent.

  • Age verification mechanisms are implemented using DigiLocker, Aadhaar-based tokens, or other government-approved methods.

  • Parental consent is required for all processing of children’s data, except where processing is necessary for essential services (e.g., healthcare, education).

  • We prohibit behavioral tracking, targeted advertising, and profiling of children.

2. Persons with Disabilities

  • For individuals unable to act independently, consent must be obtained from a lawful guardian, verified as per applicable laws.

3. Exemptions

  • Certain processing activities by healthcare providers, educational institutions, or government authorities may be exempt from parental consent requirements, strictly for essential purposes.

Cross-Border Data Transfers and International Processing

We may transfer your personal data outside India, subject to the following conditions:

  • Cross-border transfers are permitted except to countries notified as restricted by the Government of India.

  • Transfers are made only with your consent, for contractual necessity, or as required by law.

  • We ensure that the recipient entity provides a comparable level of data protection.

  • For significant data fiduciaries, additional restrictions and data localization requirements may apply.

  • All cross-border transfers are governed by contractual safeguards and compliance with Indian law.

Payment and Financial Data Handling

We take special care in handling payment and financial data:

  • Payment data is processed through secure, PCI DSS-compliant payment gateways.

  • UPI, card, and wallet transactions are encrypted and tokenized.

  • We do not store sensitive payment information beyond what is necessary for transaction processing and legal compliance.

  • All payment data is subject to strict access controls and regular security audits.

Grievance Redressal and Contact Information

We have appointed a Grievance Officer to address your queries, concerns, and complaints regarding the processing of your personal data.

Grievance Officer:
Prasad Guldagad
Proprietor
One Stop Service

Moshi, Pune. 412105
8600511833
help@onestopservice.io

You may contact the Grievance Officer by email or through the Platform’s support portal. All grievances will be acknowledged within 72 hours and resolved within 90 days, as required by law. If you are dissatisfied with the resolution, you may escalate the matter to the Data Protection Board of India.

Changes to the Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, business practices, or technology. Any changes will be posted on this page with the date of the last update. We encourage you to review this Policy periodically. Continued use of our Services after changes constitutes acceptance of the updated Policy.

Data Processing by Service Professionals and Marketplace Providers

Service professionals and marketplace providers using our Platform are required to comply with this Privacy Policy and applicable data protection laws.

  • Service professionals may access customer data only as necessary to fulfill service requests.

  • All data shared with service professionals is subject to contractual safeguards, confidentiality obligations, and security requirements.

  • Service professionals must not use customer data for unauthorized purposes or share it with third parties without consent.

Marketing Communications and Preference Management

We may send you marketing communications about our Services, offers, and updates, subject to your consent and preferences.

  • You may opt-in or opt-out of marketing communications at any time through your account settings or by using the unsubscribe link in emails.

  • We do not use pre-ticked boxes or bundled consent for marketing; all consent must be explicit and specific.

  • We do not send marketing communications to children or use their data for targeted advertising.

Anonymized and Aggregated Data Use

We may use anonymized or aggregated data for analytics, research, and business purposes. Such data does not identify individuals and is not subject to this Privacy Policy. We employ industry-standard anonymization techniques to ensure irreversibility and prevent re-identification.

Employee and Contractor Data Handling

Employee and contractor personal data is processed in accordance with this Policy and applicable employment laws.

  • Data is collected for HR, payroll, compliance, and administrative purposes.

  • Access to employee data is restricted to authorized personnel.

  • Employees have rights to access, correct, and request deletion of their data, subject to legal retention requirements.

  • Data is shared with third parties (e.g., payroll processors, regulators) only as necessary and with appropriate safeguards.

Legal Compliance, Law Enforcement Requests, and Disclosures

We may disclose your personal data to law enforcement, regulatory authorities, or other government agencies as required by law or to protect our rights, property, or safety.

  • All disclosures are made in good faith and in compliance with applicable legal processes.

  • We maintain records of all such disclosures and ensure that only the minimum necessary data is shared.

  • We may challenge overbroad or unlawful requests and seek to protect your rights to the extent permitted by law.

Table: Summary of User Rights under the DPDP Act

Explanation:
The table above summarizes your core rights as a Data Principal under Indian law. You can exercise these rights through self-service tools on our Platform or by contacting our Grievance Officer. We are committed to responding to all requests within the legally mandated timelines and providing clear explanations for any denials or limitations.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Grievance Officer at:

Prasad Guldagad.
One Stop Service

Moshi, Pune. 412105. India.
8600511833
help@onestopservice.io

www.onestopservice.io

Effective Date: 01 February 2026

By using One Stop Service, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy.

Contact

Reliable help for repairs and maintenance

Email

help@onestopservice.io

© 2025. All rights reserved by One Stop Service

Connects with us