Legal

Privacy Policy

Effective date: 14 July 2026  ·  Last updated: 14 July 2026

01 Who we are and what this covers

ChargeZippy Solutions Private Limited ("ChargeZippy", "we", "us", "our") is a private limited company incorporated in India on 3 April 2025 under the Companies Act, 2013, with its registered office at 1st Floor, 85/86/71, HS Tower, Hosur Road, Bommanahalli, Bengaluru, Karnataka 560068.

  • CIN: U27104KA2025PTC200645
  • GSTIN: 29AAMCC5863E1ZB

We operate electric-vehicle charging infrastructure as a Charge Point Operator. This Privacy Policy explains how we collect, use, disclose and protect your personal data when you:

  • visit chargezippy.com or submit our partner enquiry form;
  • create an account or use the ChargeZippy mobile application on Android or iOS;
  • use, or attempt to use, a charging point operated by us;
  • make a payment, top up your wallet, reserve a charge point, or request a refund;
  • contact our support team.

For the purposes of the Digital Personal Data Protection Act, 2023 ("DPDP Act") we are the Data Fiduciary in respect of the personal data described here, and you are the Data Principal. Where the Information Technology Act, 2000 and the rules made under it apply, we act as the body corporate collecting and processing your information.

If you do not agree with this Policy, please do not use our website, app or charging network.

02 Information we collect

We collect only what we need to run the charging network, take payment and support you.

a. Information you give us

  • Account data: name, mobile number, email address, password (stored only as a salted hash — never in readable form).
  • Vehicle data: make, model, connector type and, if you choose to add it, registration number.
  • Partner enquiry data: if you submit our "Partner With Us" form — your name, company name, email, phone, partner type, site address, city, state, PIN code, country and any message you write.
  • Support data: the content of messages, emails and calls you send us, including any attachments.
  • Business verification data: for business or fleet accounts, we may need to verify your organisation — for example its GSTIN or certificate of incorporation — where the law or our contract with you requires it.

b. Information we collect automatically

  • Charging session data: charge point identifier and location, session start and end time, energy delivered (kWh), duration, tariff applied and amount charged.
  • Device data: device model, operating system and version, app version, language, and diagnostic information about faults and crashes.
  • Log data: IP address, browser type, pages viewed, referring URL, and the date and time of each request. Our partner-enquiry API additionally stores the submitting IP address and browser user-agent string as an anti-abuse measure.
  • Location data: only while you are actively using the app — see section 3.

c. Information we receive from others

  • Payment status from Razorpay — whether a transaction succeeded, failed or was refunded, plus the last four digits and card network of the instrument used. We never receive your full card number.
  • Site host data from property partners who host our chargers, where relevant to a session.

We do not collect your full payment card number, CVV or UPI PIN. We do not track your location in the background. We do not sell your personal data to anyone, and we do not share it with third parties for their own advertising.

03 Mobile app permissions

The ChargeZippy app asks for the three permissions below, and no others. You may decline any of them — but declining one will disable the feature that depends on it. You can change any permission at any time in your device settings.

Permission Why we ask If you decline
Location
(only while using the app)
To show charge points near you, give directions, and confirm you are at the charger you are trying to start. You can still browse and search for chargers by entering a location manually.
Camera To scan the QR code on a charge point so you can start a session without typing its ID. You can start a session by entering the charge point ID manually.
Notifications To tell you when your vehicle has finished charging, when a session fails, and about payment or refund status. You will need to open the app to check session status.

The app does not use background location, and does not request Bluetooth access. Location is read only while the app is open and in use. We never build advertising profiles from it, and we never share your location history with data brokers.

04 How we use your data, and on what basis

Under the DPDP Act we process your personal data on the basis of your consent, or for certain legitimate uses permitted by the Act.

Purpose Data used Basis
Create and operate your account Account data Performance of our contract with you / consent
Start, run and end charging sessions Session, location, vehicle data Performance of our contract with you
Take payment, run your wallet, issue invoices and process refunds Session data, payment status Performance of contract; legal obligation (tax records)
Hold and honour your reservations Account and session data Performance of contract
Provide customer support Account, session and support data Performance of contract
Prevent fraud, abuse and spam Device data, IP address, log data Legitimate use — preventing fraud
Diagnose faults and improve reliability Device data, diagnostics, session data Legitimate use / consent
Respond to a partner enquiry Partner enquiry data Consent (given when you tick the box on the form)
Send you marketing about our services Name, email, phone Consent — and you may withdraw it at any time
Comply with law and respond to lawful requests Any of the above, as required Legal obligation

We do not use your personal data to make solely automated decisions that produce legal effects for you.

05 Payments and card data

Payments for charging sessions, reservations and wallet top-ups are processed by Razorpay Software Private Limited, a payment aggregator authorised by the Reserve Bank of India.

We never see, store or process your full card number, CVV, UPI PIN, net-banking password or any other payment credential. Those are captured directly by Razorpay on a PCI-DSS compliant environment. We receive only:

  • a transaction identifier;
  • the amount and currency;
  • whether the transaction succeeded, failed or was refunded;
  • the last four digits and network of the card, or the masked UPI handle, so you can recognise which instrument you used.

Where you choose to save an instrument for future use, it is tokenised by Razorpay or the card network in accordance with RBI's card-on-file tokenisation requirements. We store only the token, which is useless to anyone outside Razorpay.

Razorpay processes your data as an independent controller under its own privacy policy, available at razorpay.com/privacy.

For how and when money is returned to you, see our Refund & Cancellation Policy.

06 How we share your data

We share personal data only in the circumstances below, and only to the extent necessary.

  • Service providers (Data Processors) who work on our instructions — hosting, payment processing, mapping, and SMS/OTP delivery. They are bound by contract to process your data only for us, and to protect it. They are listed in section 7.
  • Site hosts and roaming partners where a session takes place on infrastructure they own or operate. In that case we share the minimum needed to settle the session — typically session time, energy delivered and amount, not your identity, unless a dispute requires it.
  • Professional advisers — auditors, lawyers, insurers — where they need it and are under a duty of confidentiality.
  • Authorities, where we are required to disclose by law, a court order, or a lawful request from a government or regulatory body; and where we need to establish, exercise or defend a legal claim.
  • An acquirer, if we are involved in a merger, acquisition or sale of assets. We will tell you before your data becomes subject to a different privacy policy.

We do not sell your personal data. We do not share it with third parties for their own independent marketing.

07 Third-party services we use

These are the only third parties that receive personal data when you use our app or website.

Service Purpose Data it receives
Razorpay
Razorpay Software Pvt Ltd
Payments, wallet top-ups and refunds Name, contact details, payment instrument, amount
Google Maps
Google LLC
Showing charge points on a map and giving directions Your location while the app is in use
Our SMS / OTP partner Sending one-time passwords and transactional messages Your mobile number

We do not use advertising SDKs, behavioural-tracking SDKs, or data brokers. Our website itself loads no third-party trackers, advertising pixels or external fonts — every asset is served from chargezippy.com.

08 How long we keep your data

We keep personal data only for as long as we need it for the purpose we collected it, or for as long as the law requires — whichever is longer.

DataRetention period
Account dataWhile your account is active, then deleted or anonymised within 90 days of closure
Charging session & invoice recordsUp to 8 years, as required by Indian tax and companies legislation
Payment transaction recordsUp to 8 years (statutory financial-records requirement)
Partner enquiry submissions24 months from submission, unless a partnership begins
Support correspondence24 months from case closure
Web server access logs90 days

When a retention period ends we delete the data, or irreversibly anonymise it so it can no longer identify you. Note that we may be obliged to retain invoice and transaction records even after you close your account — this is a legal duty and we cannot waive it.

09 How we protect your data

  • All traffic to our website, app and APIs is encrypted in transit with TLS. Plain HTTP requests are redirected to HTTPS.
  • Passwords are stored only as salted hashes. Nobody at ChargeZippy can read your password.
  • Our application databases are not reachable from the public internet and are accessed by our services over the local network only, using least-privilege credentials.
  • Access to production systems and personal data is restricted to staff who need it, and is logged.
  • Form submissions are rate-limited and validated on the server to resist abuse and injection.
  • Payment credentials never touch our servers — see section 5.

No system is perfectly secure, and we cannot guarantee absolute security. If we become aware of a personal data breach we will notify the Data Protection Board of India and affected users as required under the DPDP Act.

10 Your rights

As a Data Principal under the DPDP Act you have the right to:

  • Access — obtain a summary of the personal data we hold about you and how we process it.
  • Correction and completion — have inaccurate or incomplete data corrected or completed.
  • Erasure — have your personal data deleted, unless we are required to retain it by law.
  • Withdraw consent — at any time, as easily as you gave it. Withdrawing consent does not affect processing already carried out, and may mean we can no longer provide a service.
  • Grievance redressal — complain to our Grievance Officer (section 16) and receive a response.
  • Nominate — nominate another individual to exercise your rights in the event of your death or incapacity.

To exercise any right, email hello@chargezippy.com. We will respond within 30 days. We may ask you to verify your identity first, so that we do not disclose your data to someone else.

If you are not satisfied with our response, you may complain to the Data Protection Board of India.

11 Deleting your account and data

You can ask us to delete your ChargeZippy account and the personal data associated with it at any time.

To request deletion: email hello@chargezippy.com from your registered email address, with the subject line "Delete my account".

You do not need to install the app, or have it installed, to make this request.

We may ask you to verify your identity before we act, so that we do not delete someone else's account on their behalf.

What gets deleted: your name, email address, mobile number, password, vehicle details, saved payment tokens, and your support history.

What we must keep, and why: invoices and transaction records associated with completed charging sessions, for up to 8 years, because Indian tax and companies law requires us to retain them. These are held in a restricted financial-records system and are not used to contact you or to profile you.

Deletion requests are actioned within 30 days. Any unused wallet balance should be withdrawn before you ask us to delete your account — see the Refund Policy.

12 Children

Our services are not directed at children. You must be at least 18 years old to create a ChargeZippy account, and we do not knowingly collect the personal data of anyone under 18.

Under the DPDP Act, processing a child's personal data requires verifiable parental consent, and behavioural advertising to children is prohibited. We do not target advertising at children. If we learn that we have collected data from a child without the required consent, we will delete it promptly. If you believe a child has given us personal data, contact hello@chargezippy.com.

13 Cookies and similar technologies

Our public website chargezippy.com does not set any cookies and loads no third-party trackers or analytics. You can use it without being tracked.

If we introduce cookies or analytics in future, we will update this section and — where the law requires it — ask for your consent before setting any non-essential cookie.

Within the mobile app we use device identifiers only for the purposes described in section 7, never for advertising.

14 International transfers

We are based in India and our primary infrastructure is located in India. Some of our service providers — notably Google, which provides our mapping — may process your data on servers outside India.

Where that happens, we transfer data only to countries not restricted by the Central Government under the DPDP Act, and only under contractual terms requiring a standard of protection comparable to our own.

15 Changes to this Policy

We may update this Policy from time to time. When we do, we will change the "Last updated" date at the top of this page.

If the change is significant — for example, if we begin collecting a new category of data or use your data for a new purpose — we will notify you in the app, by email, or by a prominent notice on this website before it takes effect, and where the law requires it we will ask for your consent again.

16 Grievance Officer and contact

In accordance with the Information Technology Act, 2000, the rules made under it, and the DPDP Act, the contact details of our Grievance Officer are set out below. You may contact them with any complaint about how we handle your personal data.

Grievance Officer

Name
Mr Sivaprasad Damodaran
Designation
Director, ChargeZippy Solutions Private Limited
Email
hello@chargezippy.com
Phone
+91 86060 66606
Post
ChargeZippy Solutions Private Limited,
1st Floor, 85/86/71, HS Tower, Hosur Road,
Bommanahalli, Bengaluru, Karnataka 560068, India
Response time
We acknowledge complaints within 24 hours and resolve them within 15 days, as required by the IT Rules.

For anything else, write to us at hello@chargezippy.com or call +91 86060 66606.