Privacy Policy

1. Introduction

Turfera (“Company”, “we”, “us”, “our”) operates Turfera (“the Platform”). This Privacy Policy explains how we collect, use, store, and protect information when you use our Platform.

By using Turfera, you agree to the collection and use of information in accordance with this policy.

2. Who This Policy Applies To

This policy applies to:

• Tenants — turf and sports venue owners who use Turfera to manage bookings
• Players — individuals who book sports slots via a Turfera-powered booking page or WhatsApp bot
• Visitors — anyone who visits turfera.in

3. Information We Collect

3.1 From Tenants (Venue Owners)

• Name, phone number, and email address
• Business name, location (city, state), and sport types
• Razorpay API credentials (stored encrypted; we never access your funds)
• Court details, pricing rules, and booking data
• WhatsApp number used for the booking bot

3.2 From Players (Customers)

• Name and phone number (collected during booking)
• WhatsApp messages exchanged with the booking bot
• Booking details: date, sport, slots, and payment amount
• Payment confirmation data (from Razorpay webhook — no card or UPI credentials)

3.3 Automatically Collected

• Log data: IP address, browser type, pages visited, timestamps
• Device information for the admin dashboard
• Cookies for session management and authentication

4. How We Use Your Information

• To provide and operate the Turfera Platform
• To send booking confirmations and notifications to players
• To enable the WhatsApp bot to conduct booking conversations
• To process and verify payments via Razorpay webhooks
• To display booking dashboards and analytics to Tenants
• To send account-related communications and support messages
• To detect and prevent fraud or abuse
• To improve and develop the Platform

We do not sell your personal information to third parties. We do not use your data for advertising.

5. Data Sharing

We share data only as necessary to operate the Platform:

• Razorpay: Payment processing. Razorpay receives booking amount and reference data to verify payments. Razorpay's privacy policy applies to payment data.
• Meta (WhatsApp Business API): Messages sent via the WhatsApp bot are processed through Meta's infrastructure. Meta's terms and privacy policy apply.
• Supabase: Our database provider. Data is stored securely in their infrastructure.
• Google Cloud (Cloud Run): Our backend infrastructure provider.
• Legal requirements: We may disclose information if required by law, court order, or government authority.

6. Data Retention

• Tenant account data is retained for the duration of the subscription and up to 90 days after cancellation
• Booking records are retained for up to 3 years for accounting and legal compliance
• WhatsApp conversation data (session data) is cleared after booking completion
• You may request deletion of your data by contacting hello@turfera.in

7. Data Security

We implement industry-standard security measures to protect your data:

• All data is encrypted in transit using HTTPS/TLS
• Razorpay API keys are stored encrypted in our database
• Authentication uses JWT tokens with expiry
• Access to production databases is restricted to authorised personnel only
• Webhook signatures are verified using HMAC for all payment events

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Cookies

We use cookies and local storage for:

• Keeping you logged in to the admin dashboard
• Remembering your subdomain and session preferences
• Basic analytics (page views, session duration)

We do not use third-party advertising cookies. You can clear cookies at any time in your browser settings.

9. Your Rights

You have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your personal data (subject to legal retention requirements)
• Portability: Request your booking data in a machine-readable format
• Withdrawal: Withdraw consent for data processing where consent is the basis

To exercise any of these rights, contact us at hello@turfera.in. We will respond within 30 days.

10. Children's Privacy

Turfera is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us with personal information, we will delete it immediately.

11. Third-Party Links

The Platform may contain links to third-party websites (e.g., Razorpay, WhatsApp). We are not responsible for the privacy practices of those websites and encourage you to review their privacy policies.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a notice on the Platform. The “Last updated” date at the top reflects the most recent revision.

13. Grievance Officer

In accordance with the Information Technology Act 2000 and rules thereunder, the name and contact details of the Grievance Officer are: