1. Introduction
1.1 Who we are
This Privacy Policy (the “Policy”) is issued by BSP Sparton Private Limited, a company incorporated under the Companies Act, 2013 (CIN: U62020AS2024PTC026345), having its registered office at 1B, 1st Floor, Saroj Estate, K.C. Patowary Road, Ulubari, Guwahati 781007, Assam, India (“BSP Sparton”, “AiravatL”, “we”, “our”, or “us”). AiravatL is the operator of the AiravatL Partner mobile application (the “Partner App”).
1.2 Scope of this Policy
This Policy applies to personal data we collect when you (a) download, install, or use the Partner App; (b) register as a Pilot, Transporter, or Employee Driver (each a “Partner”); (c) interact with AiravatL support channels; or (d) otherwise engage with our services. This Policy does not apply to the AiravatL Consignor application, which is governed by a separate privacy policy.
1.3 Our role under the DPDP Act, 2023
For the purposes of the Digital Personal Data Protection Act, 2023 (the “DPDP Act”), BSP Sparton Private Limited is the Data Fiduciary in respect of the personal data processed through the Partner App. You, as a Partner, are the Data Principal whose rights are protected under the DPDP Act and this Policy. Where we engage third-party service providers to process data on our behalf, they act as Data Processors and are bound by contractual and technical safeguards described in this Policy.
1.4 Acceptance of this Policy
By installing, registering on, or using the Partner App, you confirm that you have read and understood this Policy and consent to the collection, use, storage, sharing, and other processing of your personal data as described below. Your consent is also recorded electronically when you accept the Terms of Service at sign-up. If you do not agree, please do not use the Partner App.
1.5 Relationship with other documents
This Policy forms an integral part of the AiravatL Partner App Terms of Service (the “Terms”). Capitalised terms used but not defined in this Policy have the meanings given to them in the Terms. In case of any inconsistency between this Policy and the Terms concerning the processing of personal data, this Policy shall prevail.
1.6 Updates to this Policy
We may update this Policy from time to time to reflect changes in our practices, in applicable law, or in the services we provide. Material changes will be notified to you through the Partner App, by push notification, by SMS, or by email to the contact details registered with your Account, at least seven (7) days before they take effect. Your continued use of the Partner App after the effective date of the revised Policy constitutes acceptance of the revised Policy. Where the DPDP Act requires fresh consent for a material change, we will obtain it before processing your personal data for the new purpose.
2. Definitions
- “Consent” — free, specific, informed, unconditional, and unambiguous agreement provided by you in respect of a specific processing purpose, as required by Section 6 of the DPDP Act.
- “Data Fiduciary” — the person who determines the purpose and means of processing personal data — in this case, BSP Sparton Private Limited.
- “Data Principal” — the individual to whom personal data relates — in this case, you as a Partner.
- “Data Processor” — a person who processes personal data on behalf of a Data Fiduciary.
- “DPDP Act” — the Digital Personal Data Protection Act, 2023, together with the rules, regulations, and notifications issued thereunder from time to time.
- “Personal Data” — any data about an individual who is identifiable by or in relation to such data.
- “Processing” — any operation performed on personal data, including collection, recording, organisation, storage, use, sharing, disclosure, erasure, or destruction, whether by automated or other means.
- “Sensitive Personal Data” — personal data that reveals financial information, passwords, biometric identifiers, or any other category treated as sensitive under applicable law.
- “Services” — the marketplace services provided through the Partner App as described in the Terms.
3. Personal data we collect
We collect only the personal data that is necessary for the purposes described in Section 4.
3.1 Data you provide directly
3.1.1 Account and contact data
- Full name
- Indian mobile number (+91) used for sign-up and OTP verification
- Email address, where provided
- Residential or business address
- Role (Pilot, Transporter, or Employee Driver) and, for Employee Drivers, the inviting Transporter’s reference
3.1.2 Identity and KYC data
- Aadhaar number and copy of Aadhaar card (collected for identity verification as permitted under applicable law)
- Permanent Account Number (PAN) and copy of PAN card
- Commercial Driving Licence number, issuing authority, expiry date, and copy of the licence (for Pilots and Employee Drivers)
- For Transporters: business name, type of entity, business registration or MSME certificate, GST registration certificate (where applicable), and identity/PAN of the authorised signatory
- Photograph of the Partner, where captured during onboarding or KYC
3.1.3 Vehicle data
- Vehicle registration number and Vehicle Registration Certificate (RC)
- Vehicle type, sub-type, body type, capacity, and dimensions
- Insurance certificate, fitness certificate, Pollution Under Control (PUC) certificate, and statutory permits
3.1.4 Banking and payout data
- Bank account number, IFSC code, account holder name, bank name
- UPI Virtual Payment Address (VPA), where UPI payout is chosen
- Penny-drop or UPI handle verification responses received from our Payment Processor
3.1.5 Communications and content
- Messages, voice recordings (where applicable), and support tickets submitted through the Partner App, WhatsApp, email, or phone
- Ratings, reviews, and comments about Consignors
- Photographs and documents uploaded as Loading Proof, Proof of Delivery (POD), or Cargo Incident evidence
3.2 Data we collect automatically from your use of the Partner App
3.2.1 Device and technical data
- Device identifier, device model, operating system and version
- Network information (mobile network operator, approximate connection type)
- App version, language and regional settings, time-zone
- Push notification tokens issued by the push-notification services of your mobile platform
3.2.2 Location data
With your express consent and only during active Trips, we collect:
- Foreground location (latitude, longitude, accuracy, speed, heading) from the time a Trip is started until it is completed or cancelled
- Background location during in_transit stages, to provide live Trip updates to the Consignor, to compute ETA, and to support geofence-based events
- Location is paused automatically during at_pickup and loading stages to conserve battery and reduce unnecessary capture
Outside active Trips, the Partner App does not collect location data.
3.2.3 Trip and transaction data
- Auctions viewed, filters applied, Bids placed, Bids won, Trips accepted, declined, or withdrawn
- Trip status transitions (with timestamps), OTP verification events, upload events, payment events
- Earnings ledger, payout history, chargebacks, and mediation records
3.2.4 Log and diagnostic data
- Server-side and client-side logs generated when you interact with the Partner App, including request timestamps, IP address, crash stack-traces, error codes, and performance metrics
- Automated analytics on how the Partner App is used (for example, screen flows, feature adoption, and funnel completion rates)
3.3 Data we receive from third parties
- OTP delivery confirmations and verification status from our SMS aggregator
- KYC verification results from authorised verification agencies where engaged
- Payment status, UPI handle verification, bank account penny-drop results, and chargeback notifications from our Payment Processor
- Navigation, map, and place-lookup responses from mapping service providers
- Referrals or invitations from Transporters inviting Employee Drivers to join
3.4 Data we do not collect
To set clear expectations, the Partner App does not:
- collect sensitive categories such as caste, religion, political opinions, sexual orientation, health records, or biometric data (other than photographs of the Partner used for identity verification);
- access your contact list, SMS inbox, call log, photo gallery, or microphone, except when you deliberately use a feature that requires it (for example, selecting a photo for Loading Proof activates photo-picker access for that action only);
- sell or rent your personal data to advertisers or data brokers;
- use your personal data to build or train generalised machine-learning models for third parties.
4. How and why we use your data
We process personal data for the purposes set out in this Section 4. For each purpose, we identify the legal basis under Section 7 of the DPDP Act (consent or legitimate use). You have the right to withdraw consent at any time in respect of purposes that rely on consent, subject to Section 9.4 below.
| Purpose | Data used | Legal basis (DPDP) |
|---|---|---|
| Account creation, OTP verification, role assignment, and onboarding | Mobile number, name, role selection, OTP confirmations | Consent |
| KYC verification and document validation | Aadhaar, PAN, driving licence, RC, insurance, GST, business registration, photographs | Consent + legitimate use (compliance with laws incl. PMLA, MV Act) |
| Operation of the marketplace (Auctions, Bids, Trip matching, status updates) | Account data, vehicle data, trip events, communications | Performance of Terms (legitimate use) |
| Live Trip tracking, ETA, and geofence events | Location data (foreground + background) during active Trips | Consent |
| Processing payments, advances, final payments, detention charges, and payouts | Banking / UPI data, transaction data, Payment Processor responses | Performance of Terms + legal compliance |
| Safety, fraud prevention, anti-abuse, and security | Device and log data, location data, transaction patterns, uploaded media | Legitimate use (safety of Data Principals + Data Fiduciary) |
| Customer support, mediation of disputes, Cargo Incident investigation | All data relevant to the issue, including communications and Trip logs | Performance of Terms |
| Regulatory, tax, legal, and audit compliance | KYC and transaction data, communications, records of consent | Legal obligation |
| Service improvement, product analytics, and error diagnostics | Usage events, crash logs, performance metrics (de-identified where feasible) | Consent |
| Transactional communications (SMS, push, in-app, email) | Contact data, Trip data | Performance of Terms |
| Marketing and promotional communications about AiravatL services | Contact data, role, approximate location | Consent (you may opt out at any time) |
We do not use your personal data for purposes materially different from those listed above without first obtaining fresh consent, except where such processing is required or permitted by law.
5. Consent and how to withdraw it
5.1 How we obtain consent
- At sign-up, through a consent checkbox accompanying the Terms of Service and this Policy;
- When you grant permission to the Partner App to access location (foreground and background), camera, photo library, and notifications — through the operating system’s permission dialogs;
- At specific points in the user interface where a new purpose requires fresh consent (for example, marketing preferences);
- For KYC and payout verification, through an explicit consent action before documents are collected and shared with the relevant verifier or Payment Processor.
5.2 The itemised notice
In line with Section 5 of the DPDP Act, we provide you an itemised notice at or before the time consent is sought, describing (a) the personal data we intend to collect; (b) the purpose of processing; (c) the manner in which you may exercise your rights; and (d) the manner in which you may make a complaint. This Policy, together with the in-app consent prompts, constitutes that notice.
5.3 How to withdraw consent
- through the in-app settings where available;
- by modifying your device’s operating-system permissions for the Partner App (for example, disabling background location);
- by emailing our Grievance Officer at admin.airavatl@bspsparton.in with the subject line “Withdrawal of Consent”, specifying the purpose for which consent is being withdrawn.
5.4 Consequences of withdrawal
- Revoking consent for KYC data will prevent account activation or continuation.
- Revoking consent for location tracking during Trips will prevent the Partner App from matching you with Consignors for real-time-tracked Trips, will trigger persistent warning banners, and may over time result in reduced Bid visibility as described in the Terms.
- Revoking consent for banking data will prevent us from disbursing payouts.
Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal, or processing that continues under a different lawful basis (for example, records we are required by law to retain).
5.5 Consent Manager under the DPDP Act
Once Consent Managers are operationalised and registered with the Data Protection Board of India under Section 6(7) of the DPDP Act, you will be able to give, manage, review, and withdraw your consent through an interoperable Consent Manager of your choice. We will update this Policy and the Partner App when such functionality becomes available.
6. How we share your data
6.1 Our general principle
We share personal data only where necessary for the purposes described in Section 4, only with recipients bound by appropriate obligations of confidentiality and security, and only to the extent necessary.
6.2 With Consignors and other marketplace participants
- your name (or, for Transporters, the business name)
- your masked or callable mobile number, during the active Trip window
- your vehicle type, registration number, and live location during the Trip
- Loading Proof and POD photographs, rating, and average star score
Data is shared with the Consignor only for trips on which they are a counter-party. Consignors do not have access to your KYC documents, banking details, or broader profile data.
6.3 With Transporters (for Employee Drivers)
- your name and mobile number
- your driving licence details and verification status
- the Trips assigned to you, with status, route, and earnings information
- your ratings and Trip history within that Transporter’s fleet
We do not share your Aadhaar, PAN, or other identity documents with the Transporter.
6.4 With Data Processors
| Processor category | Identification | Data shared / purpose |
|---|---|---|
| Cloud database & hosting | A cloud database and application-hosting provider | Account, trip, transaction, and supporting data / hosting & operations |
| Cloud media storage | A cloud object-storage provider | Loading Proof, POD, uploaded documents / secure storage with 90-day retention |
| Payment Aggregator | Razorpay, an RBI-authorised Payment Aggregator, and its affiliates (incl. payout orchestration) | Name, mobile, bank/UPI, transaction amounts / payments collection and payout |
| SMS / OTP delivery | A DLT-registered SMS and OTP delivery aggregator operating in India | Mobile number, OTP / delivering OTP and transactional SMS |
| Push notification service | Push-notification services operated by Android and iOS platform providers | Device push tokens / delivering notifications to your device |
| Mapping & routing services | A mapping, routing, and places-lookup service provider | Approximate or precise coordinates, place identifiers / routing and ETA |
| KYC verification agencies | Authorised identity and document-verification agencies, where engaged | Aadhaar / PAN / bank details / verification of identity & accounts |
| Diagnostic & analytics tools | Crash, error, and product-usage analytics tools (current or future) | Device, app, and interaction metadata / service reliability and improvement |
6.5 With legal, regulatory, and law-enforcement authorities
- to comply with a subpoena, court order, notice, or other legal process
- to respond to a lawful request from law-enforcement, tax, or regulatory authorities (including in connection with Cargo Incident investigations)
- to enforce our Terms or protect our rights, property, or safety, or the rights, property, or safety of our users or the public
- in connection with a prospective or actual merger, acquisition, reorganisation, financing, or sale of all or substantially all of our business or assets
6.6 With Employee Drivers’ transporters, and vice versa
Within a Transporter’s fleet, Transporter administrators have visibility of Employee Driver trip activity and performance as described in Section 6.3. Employee Drivers do not have visibility of other Employee Drivers’ personal data.
6.7 No sale of data
We do not sell, rent, or trade your personal data to advertisers or data brokers for monetary or other valuable consideration. Operational sharing with Processors and partners described above is not a sale.
7. Storage, security, and cross-border transfer
7.1 Where your data is stored
Personal data is stored primarily on cloud infrastructure located in India. Some supporting media may be stored on globally-distributed infrastructure operated by our Processors. All storage is access-controlled and protected by industry-standard technical safeguards including encryption in transit, encryption at rest for supported categories, role-based access control, and network segmentation.
7.2 Cross-border transfer
Where any personal data is transferred outside India to a Processor operating from another jurisdiction, such transfer is made in accordance with Section 16 of the DPDP Act. We do not transfer personal data to any country or territory notified as restricted by the Central Government from time to time.
7.3 Security measures
- Transport-layer encryption (TLS) for all client-server and server-server communications
- Role-based access controls enforced at the database level
- Presigned, time-limited URLs for media uploads and retrievals
- Restricted back-office access on a need-to-know basis
- Audit logging of administrative actions
- Secret-management practices that prevent credentials from being exposed in client applications
- Device-level controls including OTP-only authentication and rate-limiting on OTP requests
- Anti-fraud safeguards including detection of mock locations, rooted or jail-broken devices, and multi-account abuse
Despite these measures, no system of electronic transmission or storage is entirely secure. We encourage you to use strong device-level protections to protect access to your Account.
7.4 Personal data breach notification
In the event of a personal-data breach affecting your data, we will, as required by Section 8(6) of the DPDP Act, notify the Data Protection Board of India and each affected Data Principal in the manner and within the time specified by the applicable rules.
8. How long we keep your data
8.1 Retention principle
We retain your personal data only for as long as necessary to fulfil the purposes described in Section 4, including to comply with our legal, regulatory, tax, and record-keeping obligations, and to establish, exercise, or defend legal claims. When the retention period lapses, we either delete your data or, where deletion is not feasible, irreversibly anonymise it.
8.2 Indicative retention periods
| Category | Retention period | Why |
|---|---|---|
| Loading Proof, POD, and other Trip media | 90 days from upload | Dispute window and routine operations |
| Cargo Incident media and records | Duration of mediation / investigation + 3 years thereafter | Legal and evidentiary needs |
| Account KYC records | Duration of the Account + 5 years after closure | PMLA and tax record-keeping |
| Transaction and payout records | 8 years from the financial year of transaction | Income Tax Act & GST record-keeping |
| Location data | Up to 180 days from Trip completion | Dispute support and safety investigations |
| Log and diagnostic data | Up to 365 days | Service reliability and incident investigation |
| Support tickets and communications | 3 years from closure | Quality assurance, legal defence |
| Records of consent and withdrawal | Duration of the Account + 3 years | DPDP compliance |
8.3 Deletion on Account closure
If you close your Account by written request sent to airavatlogistic@gmail.com, we will erase or anonymise your personal data within ninety (90) days of the request, subject to legally-mandated retention categories described above.
9. Your rights as a Data Principal
9.1 Right to information
You have the right to obtain from us a summary of the personal data about you that is being processed and the processing activities, together with the identities of all other Data Fiduciaries and Data Processors with whom the data has been shared, and a description of the data shared.
9.2 Right to correction, completion, and updating
You have the right to request correction of inaccurate or misleading personal data, completion of incomplete personal data, and updating of outdated personal data.
9.3 Right to erasure and account deletion
You have the right to request erasure of your personal data and deletion of your Account at any time, subject to the retention categories described in Section 8.2.
9.3.1 How to request account deletion
To request deletion of your Account and associated personal data, send an email to airavatlogistic@gmail.com with the following details:
- Subject line: “Request for Account Deletion — [Your Registered Mobile Number]”
- the mobile number and name registered with your Account;
- your role on the Partner App (Pilot / Transporter / Employee Driver);
- a brief reason for the deletion request;
- any additional information we may reasonably request to verify your identity and prevent unauthorised deletion of another person’s account.
9.3.2 What happens after you submit a request
- We will acknowledge your request within forty-eight (48) hours of receipt.
- We may ask you to confirm the request from your registered mobile number (for example, by a confirmation OTP).
- If you have any active Trips, pending payouts, outstanding chargebacks, open Cargo Incident mediations, or unresolved disputes, deletion may be deferred until they are resolved.
- Once verified and cleared, we will erase or irreversibly anonymise your personal data within ninety (90) days, except for data we are legally required to retain.
- We will send you a confirmation email once deletion is complete.
9.3.3 Consequences of account deletion
- you will lose access to the Partner App, your Trip history, ratings, and earnings ledger;
- you will not be able to restore your Account; if you wish to use the Partner App again, you must register afresh and complete KYC again;
- any pending payouts that have not been withdrawn may be forfeited, unless you arrange settlement with AiravatL Support prior to deletion;
- legally-retained records (per Section 8.2) will not be part of your re-registered Account but may be referenced if fraud, dispute, or regulatory matters arise.
9.3.4 Where to track account deletion
For the latest instructions and to initiate a deletion request, you may also visit the account-deletion page linked from the AiravatL website.
9.4 Right to withdraw consent
You have the right to withdraw any previously-given consent at any time, as described in Section 5.3. Consequences of withdrawal are described in Section 5.4.
9.5 Right to grievance redressal
You have the right to a readily-available means of grievance redressal, described in Section 10. You also have the right to escalate unresolved grievances to the Data Protection Board of India in accordance with the DPDP Act.
9.6 Right to nominate
You have the right to nominate another individual who, in the event of your death or incapacity, will exercise your rights under the DPDP Act in respect of your personal data.
9.7 How to exercise your rights
To exercise any of the rights above, please contact our Grievance Officer at admin.airavatl@bspsparton.in with a clear description of the right you wish to exercise, the Account mobile number or email associated with your request, and any information necessary to verify your identity.
10. Grievance redressal and contact
10.1 Grievance Officer
BSP Sparton Private Limited
1B, 1st Floor, Saroj Estate, K.C. Patowary Road, Ulubari, Guwahati 781007, Assam, India
Email: admin.airavatl@bspsparton.in
Phone: +91-7099220645
Hours: Monday to Saturday, 9:30 AM to 6:30 PM IST (excluding public holidays)
10.2 How to raise a grievance
- emailing the Grievance Officer at the address above, with a clear description of your concern;
- writing to the postal address above; or
- calling the helpline at +91-7099220645 during working hours.
10.3 Our response timelines
We will acknowledge every privacy-related grievance within forty-eight (48) hours of receipt. We will endeavour to resolve grievances within fifteen (15) days of acknowledgment, in line with the timeline contemplated by the Information Technology (Intermediary Guidelines) Rules, 2021.
10.4 Specific timelines for rights-based requests
| Request type | Response / resolution target |
|---|---|
| Right to information (summary of processing) | Within 15 days |
| Right to correction, completion, updating | Within 7 days for in-app fields; within 15 days for KYC re-verification |
| Right to erasure / Account deletion | Ack within 48 hours; deletion within 90 days (via airavatlogistic@gmail.com), subject to §8.2 |
| Withdrawal of consent | Within 7 days from receipt, with explanation of consequences |
| Nomination | Within 15 days |
10.5 Escalation to the Data Protection Board
If your grievance is not resolved to your satisfaction, you may escalate to the Data Protection Board of India, which has been constituted under Chapter V of the DPDP Act. We will cooperate with any investigation conducted by the Board.
11. Third-party links and integrations
11.1 External links
The Partner App may contain links to third-party websites or services. This Policy does not apply to such third-party websites or services.
11.2 Third-party platform privacy
Where you access the Partner App through app stores (Google Play Store or Apple App Store), the store operator may collect separate information governed by its own policies.
12. Age restriction
The Partner App is intended solely for persons who are at least eighteen (18) years of age. We do not knowingly collect personal data from children (persons under 18). If you believe a child’s data has been submitted to us, please contact the Grievance Officer immediately.
13. Automated decision-making
The Partner App uses a limited number of automated rules and ranking signals. Examples include:
- auction-matching filters based on vehicle compatibility and verification status;
- automated blocking of bids or trip assignments where statutory documents have expired;
- automated cool-downs for wrong-OTP attempts and rate limits on OTP requests;
- anti-fraud signals including detection of mock locations and rooted/jail-broken devices.
These controls are rule-based, not predictive profiling, and do not involve solely-automated decisions that produce legal or similarly-significant effects on you without the opportunity for human review.
14. Marketing and communications preferences
Transactional communications — such as OTPs, trip-request alerts, status updates, payment confirmations, KYC reminders, and policy notices — are sent in connection with the Services and cannot be opted out of while your Account is active.
Marketing or promotional communications are sent only with your consent. As at the effective date of this Policy, AiravatL does not send any marketing or promotional communications to Partners.
15. Employee Drivers and Transporters
15.1 Data of Employee Drivers
If you are an Employee Driver, your data is processed both by AiravatL (for the operation of the Partner App) and by your Transporter. AiravatL’s processing of your data is governed by this Policy. Additional processing by your Transporter is the Transporter’s responsibility.
15.2 Transporter access and limits
The Transporter has visibility of your name, mobile number, driving licence details (verification status), and Trip-level activity under their fleet. Your Aadhaar, PAN, and other identity-verification documents are not shared with the Transporter.
15.3 Transfer between Transporters
If you move from one Transporter to another, your Trip and rating history is retained on AiravatL, but visibility to the previous Transporter ceases upon removal from their fleet.
16. Contact information
CIN: U62020AS2024PTC026345
1B, 1st Floor, Saroj Estate, K.C. Patowary Road, Ulubari, Guwahati 781007, Assam, India
Email (Grievance Officer): admin.airavatl@bspsparton.in
Phone: +91-7099220645
17. Acknowledgment
By registering on or continuing to use the Partner App, you acknowledge that you have read, understood, and agreed to this Privacy Policy.
— End of Privacy Policy —