Privacy Policy

1. Introduction

1.1 Who We Are

MakeMe Top ("we", "us", "our") operates makemetop.in, a verified business listing platform for Kashmir travel agencies, resorts, hotels, and tour operators. This Privacy Policy explains how we collect, use, protect, and share your personal information.

1.2 Scope

This Privacy Policy applies to:

• MakeMe Top website (makemetop.in)
• MakeMe Top mobile applications (Android, iOS)
• MBP (MakeMeTop Business Profile) listings
• All related services and features

1.3 Acceptance

By using MakeMe Top, you consent to this Privacy Policy. If you disagree with any part, please do not use our platform.

1.4 Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be notified via:

• Email to registered users
• Prominent notice on makemetop.in
• In-app notification (mobile users)

Continued use after changes indicates acceptance of the updated policy.

2. Information We Collect

2.1 Information You Provide Directly

Account Registration (All Users)

Business Listings (Business Users)

Payment Information

• Processed by Razorpay: Credit/debit card, UPI, net banking details
• We store: Transaction ID, amount, date, status
• We do NOT store: Full card numbers, CVV, or banking passwords
• Security: PCI-DSS Level 1 compliant (Razorpay)

Reviews & User-Generated Content

• Review text (publicly visible)
• Star ratings (publicly visible)
• Photos uploaded with reviews (publicly visible)
• Review date and author name (publicly visible)

Communications

• Support messages (email, chat)
• Feedback and suggestions
• Survey responses
• Newsletter subscriptions

2.2 Information Collected Automatically

Device & Usage Data

Location Data

• Approximate location: City/region from IP address (for Kashmir region detection)
• Precise location: Only if you grant permission (mobile app features)
• Purpose: Show nearby businesses, improve search results
• Opt-out: Disable location services in device settings

Cookies & Similar Technologies

We use cookies to enhance your experience. See Section 5 for details.

2.3 Information from Third Parties

Google Sign-In

If you sign in with Google, we receive:

• Name
• Email address
• Profile photo (optional)
• Google account ID (for authentication)

What we DON'T receive: Your Gmail content, Google Drive files, calendar, or any other Google data.

Social Media Sharing

If you share MBP listings on social media, the platform (Facebook, Twitter, WhatsApp) may collect data per their own privacy policies.

Analytics Providers

• Google Analytics: Aggregated usage statistics
• Firebase Analytics: App performance data

3. How We Use Your Information

3.1 Primary Uses

Account Management

• Create and maintain your account
• Authenticate login (email/password or Google)
• Personalize user experience
• Send account-related notifications

Business Listings

• Display MBP listings on makemetop.in
• Index listings on Google Search (SEO)
• Enable tourists to contact businesses
• Verify business authenticity
• Track listing analytics (views, clicks)

Payment Processing

• Process subscription payments (₹799/month or ₹7,999/year)
• Generate invoices
• Handle refunds (if eligible)
• Prevent fraud and chargebacks

Customer Support

• Respond to inquiries and issues
• Troubleshoot technical problems
• Resolve disputes between users
• Provide guidance on platform features

Platform Improvement

• Analyze usage patterns to improve UX
• Identify and fix bugs
• Develop new features
• Optimize performance and speed

Marketing & Communication

• Send promotional offers (with consent)
• Email newsletters about Kashmir tourism
• Announce new features or updates
• Share platform success stories

Opt-out: Unsubscribe link in every marketing email.

3.2 Legal & Security Uses

• Comply with legal obligations (tax, data protection laws)
• Enforce Terms of Service
• Prevent fraud, spam, and abuse
• Protect user safety and platform security
• Respond to legal requests (court orders, government inquiries)

3.3 Research & Analytics

• Aggregated, anonymized data for market research
• Kashmir tourism trends analysis
• Platform usage statistics (e.g., "80% users browse on mobile")

Note: Research data is de-identified and cannot be traced to individuals.

4. How We Share Your Information

4.1 Public Information

The following data is publicly visible on makemetop.in:

• Business name, address, phone, email, website
• Business description and photos
• Reviews and ratings (with reviewer name)
• Services offered and pricing

Why: MakeMe Top is a public directory. Business listings are indexed by Google to help tourists discover Kashmir services.

4.2 Service Providers

We share data with trusted third-party service providers:

Safeguards: All providers sign data processing agreements and comply with GDPR/Indian data protection laws.

4.3 Business Transfers

If MakeMe Top is acquired, merged, or sold, your data may be transferred to the new owner. You will be notified and can delete your account before the transfer.

4.4 Legal Requirements

We may disclose your data if legally required:

• Court orders or subpoenas
• Government investigations
• Tax authorities (for business users)
• Law enforcement (criminal activity)

We will notify you unless legally prohibited.

4.5 With Your Consent

We may share data in other ways with your explicit consent (e.g., partnering with Kashmir tourism boards, case studies).

5. Cookies & Tracking Technologies

5.1 What Are Cookies?

Cookies are small text files stored on your device by your browser. They help websites remember you and your preferences.

5.2 Types of Cookies We Use

Essential Cookies (Required)

• Authentication: Keep you logged in
• Session management: Remember your actions during visit
• Security: Prevent fraud (CSRF tokens)

Duration: Session (deleted when browser closes) or up to 30 days

Analytics Cookies (Optional)

• Google Analytics: Track page views, bounce rate, session duration
• Firebase Analytics: App performance metrics

Duration: Up to 2 years

Opt-out: Disable in browser settings or use Google Analytics Opt-out Add-on

Functional Cookies (Optional)

• Language preference: Remember your chosen language
• Search filters: Save your preferred search settings

Duration: Up to 1 year

5.3 Third-Party Cookies

• Google Sign-In: OAuth cookies for authentication
• Social media widgets: Cookies from Facebook, Twitter (if you interact with share buttons)
• Payment providers: Razorpay cookies during checkout

Note: Third-party cookies are governed by those companies' privacy policies.

5.4 Managing Cookies

Browser Settings:

• Chrome: Settings → Privacy → Cookies
• Firefox: Preferences → Privacy & Security → Cookies
• Safari: Preferences → Privacy → Manage Website Data

Consequences of Blocking Cookies: Some features (login, analytics) may not work properly.

5.5 Do Not Track

We do not currently respond to "Do Not Track" browser signals, as there is no industry standard for DNT compliance. However, you can disable tracking via browser settings.

6. Data Security

6.1 Security Measures

We implement industry-standard security practices:

Encryption

• In Transit: SSL/TLS (HTTPS) for all data transmission
• At Rest: Firebase encryption for stored data
• Passwords: Bcrypt hashing (irreversible, industry-standard)

Access Controls

• Role-based permissions (admin, user, business owner)
• Two-factor authentication (optional, recommended)
• Regular access audits
• Principle of least privilege (employees access only necessary data)

Infrastructure Security

• Hosting: Firebase (Google Cloud Platform) — SOC 2/3 certified
• Firewalls: Prevent unauthorized access
• DDoS protection: Cloudflare integration
• Regular backups: Daily automated backups

Payment Security

• PCI-DSS Level 1 compliance (Razorpay)
• Tokenization (card numbers never stored)
• 3D Secure authentication

6.2 Security Limitations

6.3 Your Security Responsibilities

• ✅ Use strong, unique passwords (12+ characters, mix of letters/numbers/symbols)
• ✅ Enable two-factor authentication
• ✅ Log out after using shared devices
• ✅ Don't share your password with anyone
• ✅ Monitor your account for suspicious activity
• ✅ Report security issues immediately to support@makemetop.in

6.4 Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we will:

1. Notify affected users within 72 hours
2. Describe the breach and data compromised
3. Explain mitigation steps taken
4. Provide recommendations to protect yourself
5. Report to relevant authorities (if legally required)

7. Data Retention

7.1 How Long We Keep Your Data

7.2 Why We Retain Data

• Legal obligations: Tax records, financial reporting
• Dispute resolution: Evidence in case of conflicts
• Fraud prevention: Detect patterns of abuse
• Business operations: Analytics, improvement

7.3 Data Minimization

We collect and retain only data necessary for stated purposes. Unnecessary data is deleted automatically per the schedule above.

8. Your Privacy Rights

8.1 Access Your Data

What: Request a copy of all personal data we hold about you.

How: Email support@makemetop.in with subject "Data Access Request"

Timeline: Provided within 30 days (usually within 7 days)

Format: JSON or PDF file

8.2 Rectify Your Data

What: Correct inaccurate or incomplete personal data.

How: Update directly in your dashboard (Settings → Profile) or email support

Timeline: Immediate (self-service) or 48 hours (support)

8.3 Delete Your Data

What: Permanently delete your account and associated data.

How:

1. Go to makemetop.in/account-deletion.html
2. Submit deletion request with email address
3. Confirm via email link
4. Account deleted within 48 hours

What Gets Deleted:

• ✅ Your account credentials
• ✅ Business listing (if you're business owner)
• ✅ Personal information (name, email, phone)
• ✅ Uploaded photos and documents
• ✅ Saved favorites and preferences

What Remains (Legal Requirements):

• ❌ Payment records (7 years — tax law)
• ❌ Reviews you posted (anonymized — username removed)
• ❌ Support tickets (anonymized)

8.4 Restrict Processing

What: Temporarily suspend processing of your data (e.g., during dispute resolution).

How: Email support@makemetop.in with reason

Effect: Your listing hidden from public view but data retained

8.5 Data Portability

What: Receive your data in machine-readable format (JSON) to transfer to another service.

How: Email support@makemetop.in requesting data export

Timeline: Provided within 7 days

8.6 Withdraw Consent

What: Revoke permission for specific data uses (e.g., marketing emails).

How:

• Marketing emails: Click "Unsubscribe" in any email
• Analytics cookies: Disable in browser settings
• Google Sign-In: Revoke in Google account settings

8.7 Object to Processing

What: Object to data processing for specific purposes (e.g., direct marketing).

How: Email support@makemetop.in stating your objection

Note: We may continue processing if we have compelling legitimate grounds.

8.8 Lodge a Complaint

If you believe we've violated your privacy rights, you can:

1. Contact us first: support@makemetop.in — We commit to resolving complaints within 15 days
2. File complaint with authorities: If unsatisfied with our response, contact:
   • India: Data Protection Officer (once DPDPA comes into force)
   • EU residents: Your local data protection authority

9. Children's Privacy

9.1 Age Restriction

MakeMe Top is not intended for children under 18 years of age. We do not knowingly collect personal information from minors.

9.2 Parental Notice

If you are a parent/guardian and discover your child has created an account:

1. Email support@makemetop.in immediately
2. Provide proof of guardianship (e.g., ID document)
3. We will delete the account within 48 hours

9.3 Discovery of Underage Accounts

If we learn that a user is under 18, we will:

• Immediately deactivate the account
• Delete all associated personal data
• Notify the registered email address

10. International Data Transfers

10.1 Data Location

Your data is primarily stored in India on Firebase servers (Google Cloud Platform). However, some service providers may process data internationally:

• Firebase: Data centers in India, USA (multi-region backups)
• Google Analytics: Data processed in USA, Ireland
• Razorpay: Data processed in India

10.2 Safeguards for International Transfers

When data is transferred outside India:

• ✅ Service providers comply with GDPR (EU standard)
• ✅ Standard Contractual Clauses (EU Commission-approved)
• ✅ Privacy Shield principles (USA)
• ✅ Encryption during transfer and at rest

10.3 EU Residents (GDPR)

If you're in the European Union, you have additional rights under GDPR:

• Right to be forgotten
• Right to data portability
• Right to lodge complaints with supervisory authorities
• Right to withdraw consent anytime

11. Third-Party Links & Services

11.1 External Links

MBP listings may contain links to external websites (business websites, social media, booking platforms). We are not responsible for the privacy practices of these sites.

Recommendation: Review the privacy policy of any website before providing personal information.

11.2 Social Media Plugins

Our platform includes social media sharing buttons (Facebook, Twitter, WhatsApp). When you interact with these:

• The social media platform may set cookies
• They may collect data about your visit
• Their privacy policies govern this collection

11.3 Third-Party Services We Use

• Firebase (Google): Privacy Policy
• Razorpay: Privacy Policy
• Google Analytics: Privacy Policy
• Google Maps: Privacy Policy

12. Changes to This Privacy Policy

12.1 Update Notification

We may update this Privacy Policy to reflect:

• Changes in data protection laws
• New platform features
• Improved security measures
• User feedback

12.2 How We Notify You

• Material Changes: Email notification + prominent website notice (30 days before effective date)
• Minor Changes: Updated "Last Modified" date at top of this page

12.3 Your Options

If you disagree with updated Privacy Policy:

1. Stop using MakeMe Top
2. Delete your account (see Section 8.3)
3. Contact us to discuss concerns

Continued use after notice period indicates acceptance of changes.

12.4 Version History

• Version 2.0 — May 24, 2026: Added GDPR compliance details, expanded security section
• Version 1.0 — January 1, 2024: Initial privacy policy

13. Summary of Key Points