BIMABOX — Privacy Policy

BIMABOX is designed to handle sensitive family and insurance-related information.

We aim to collect only the information required to provide, secure, improve, and support our services.

We do not sell your personal data, claim ownership of your uploaded insurance documents, or use your uploaded insurance documents for unrelated advertising.

This Privacy Policy applies to users who create a BIMABOX account, users who upload policy documents, family members, nominees, dependents, or trusted contacts invited to access a BIMABOX vault, visitors to our website or application, and users who contact us for support, refunds, privacy requests, or grievances.

Depending on how you use BIMABOX, we may collect account information such as name, email address, mobile number, authentication credentials, OTP verification status, profile details, account preferences, and login or activity history.

Where required for platform safety, verification, fraud prevention, or regulatory purposes, we may collect identity and verification information such as PAN details, Aadhaar-related verification details where lawfully permitted, date of birth, address, identity verification status, and other documents or details required for verification.

When you upload or enter policy details, we may collect policy document PDFs, images, or files, policyholder name, policy number, insurer name, policy type, sum insured or assured, premium amount, premium due date, renewal date, maturity date, nominee details, agent or advisor details, claim-related information, and any other information visible in the uploaded policy document.

If you add family members, nominees, dependents, or trusted contacts, we may collect name, relationship, email address, mobile number if provided, access permissions, invitation status, and policy visibility preferences.

If you purchase a paid plan or service, we may collect plan details, billing amount, payment status, transaction ID, invoice details, tax-related information where applicable, and refund or payment dispute details. We do not store full card numbers, UPI PINs, net-banking passwords, or sensitive payment credentials.

We may collect device and technical information such as IP address, device type, browser type, operating system, app version, login time, usage logs, crash logs, security logs, and approximate location derived from IP or device settings.

When you contact us, we may collect support requests, complaint details, refund requests, privacy requests, feedback, communication history, and email messages.

We may use your information to create and manage your BIMABOX account, verify your identity, store and organize insurance documents, extract and summarize policy information, enable family-member or trusted-contact access, send reminders and alerts, provide customer support, process payments and refunds, improve platform features, detect fraud or security threats, maintain audit logs, comply with legal obligations, and send service-related communications.

We may send marketing communication where permitted by law or consent.

By using BIMABOX and submitting your personal data, you consent to our collection, storage, and processing of your information as described in this Privacy Policy.

Where required, we may request specific consent for uploading insurance documents, processing identity information, adding family members or trusted contacts, sending reminders through email, SMS, WhatsApp, or push notifications, using OCR, AI, or automation to extract policy details, and sending marketing communication.

You may withdraw consent by contacting us at info@xyptmedia.com. Withdrawal of consent may affect our ability to provide some services.

If you upload documents or enter information relating to another person, including a spouse, parent, child, nominee, dependent, or family member, you confirm that you have lawful authority or consent to do so, the information is accurate to the best of your knowledge, you will not misuse BIMABOX to access or expose another person’s private information, and you will inform such person where required that their information is being stored on BIMABOX.

BIMABOX is intended to be used by adults.

If information about a minor is uploaded as part of a family insurance policy, it must be uploaded only by a parent, lawful guardian, or authorized adult.

We do not knowingly allow minors to independently create accounts without appropriate lawful consent.

We may share information only where necessary and lawful. This may include sharing with cloud hosting and storage providers, payment gateways, email, SMS, WhatsApp, or notification providers, OCR and AI processing providers, customer support tools, analytics and security monitoring providers, legal, tax, audit, or compliance advisors, government, regulatory, judicial, or law-enforcement authorities where required, and family members, nominees, or trusted contacts authorized by the account owner or Karta.

We do not sell your personal data to advertisers.

BIMABOX does not automatically share your uploaded documents with insurers, agents, advisors, brokers, or third parties unless you authorize such sharing, it is required to provide a feature requested by you, it is required by law, or it is necessary to protect users, the platform, or our legal rights.

BIMABOX may use automated tools to read, extract, classify, and simplify insurance policy documents.

These tools may process personal data contained in uploaded documents.

Automated extraction may be inaccurate, incomplete, or outdated. You should always verify extracted data with the original policy document and insurer records.

We use reasonable technical and organizational measures to protect personal data, including appropriate access controls, secure cloud infrastructure, restricted internal access, audit logs, and encryption where feasible.

However, no method of electronic storage or transmission is completely secure. You are responsible for protecting your account, device, OTPs, email account, and passwords.

We retain personal data for as long as necessary to provide BIMABOX services, maintain your account, store your policy vault, meet legal, regulatory, tax, accounting, and security obligations, resolve disputes, prevent fraud or misuse, and maintain backups for a limited period.

When data is no longer required, we may delete, anonymize, or securely archive it in accordance with applicable law and internal policies.

Subject to applicable law, you may have the right to access your personal data, correct inaccurate or incomplete personal data, withdraw consent, request deletion of your account, ask for information about processing, nominate another person to exercise rights in the event of death or incapacity where applicable, and raise a grievance.

To exercise your rights, contact info@xyptmedia.com.

You may request deletion of your account and documents by contacting info@xyptmedia.com.

Before deleting your account, we may verify your identity. Some data may be retained where required for legal compliance, fraud prevention, tax and accounting records, payment disputes, security logs, and backup deletion cycles.

Our website or application may use cookies, pixels, SDKs, analytics tools, and similar technologies to keep you logged in, remember preferences, improve performance, understand product usage, detect security threats, and measure marketing performance.

You may control cookies through browser settings, but disabling cookies may affect platform functionality.

We may send service updates, reminders, educational content, product announcements, offers, or marketing communication through email, SMS, WhatsApp, push notification, or other channels.

You may opt out of marketing communication where applicable. Even after opting out, you may still receive important service, account, security, payment, refund, privacy, or policy-vault related communication.

Some of our technology or service providers may process or store data outside India. Where cross-border transfer is involved, we will take reasonable steps to ensure that such processing is consistent with applicable Indian law.

If we become aware of a data breach affecting your personal data, we will take reasonable steps as required under applicable law. This may include notifying affected users and relevant authorities where legally required.

For any grievance, complaint, privacy concern, account issue, data deletion request, or request relating to your personal data, please contact the Grievance Officer at XYPT Media Private Limited, operating brand BIMABOX, Jodhpur, Rajasthan, India.

Email: info@xyptmedia.com

We will review and respond to grievances in accordance with applicable Indian law.

We may update this Privacy Policy from time to time.

If we make material changes, we may notify users through email, app notification, website notice, or other reasonable method.

Your continued use of BIMABOX after the update means you accept the revised Privacy Policy.

For privacy-related requests, account deletion, data correction, consent withdrawal, support, refunds, or grievances, please contact XYPT Media Private Limited, operating brand BIMABOX, Jodhpur, Rajasthan, India.

Email: info@xyptmedia.com