Legal & Admin Policies

Privacy Policy

How Hulp collects, uses, and protects your information — written in plain language, under India's Digital Personal Data Protection Act, 2023.

1. About this Policy

This Privacy Policy describes how Secret Terry Private Limited (operating under the brand "Hulp"; referred to as "we", "our", or "us") collects, uses, stores, and protects your information when you use the Hulp mobile applications (iOS and Android), the Hulp website at hulp.in, and related services (collectively, the "Service").

By using the Service, you agree to the practices described in this Policy. If you do not agree, please do not use the Service.

Legal basis. This Policy is published in compliance with applicable Indian law, including: (i) the Digital Personal Data Protection Act, 2023 ("DPDP Act") and the rules notified thereunder; (ii) Section 43A of the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"); and (iii) any other applicable sectoral regulations.

Capacity to contract. By using the Service you confirm that you are at least 18 years of age and are competent to enter into a binding contract under the Indian Contract Act, 1872.

Defined terms. "Personal data" carries the meaning given to it under the DPDP Act. The SPDI Rules use the related expression "Sensitive Personal Data or Information" (SPDI) for categories such as passwords, financial credentials, health information, biometric data, and medical records; where any such category is involved in the Service, we apply both the DPDP Act and the SPDI Rules.

2. Who we are

Legal entity: Secret Terry Private Limited
Brand: Hulp
Website: https://hulp.in
Privacy contact: privacy@hulp.in
Registered office: 33rd Floor, PH02, Tower-A, Pioneer Araya, Sector-62, Gurugram, Haryana – 122098, India
Corporate office: Plot No. 89, Sector 44, Gurugram, Haryana – 122003, India

For any privacy-related questions, requests, or complaints — including requests to access, correct, or delete your data — please write to us at privacy@hulp.in, or use our Delete Account or Delete Data pages.

3. Information we collect

We collect only the information needed to operate the Service.

3.1 Information you provide directly

• Account information: mobile phone number (used for OTP-based login), full name, email address, and residential address.
• Family and household information: names, contact details, and addresses of family members or household contacts you authorise your dedicated Personal Assistant ("PA") to coordinate with — for example, your spouse, children, parents, or household staff.
• Task content: instructions, requests, text messages, and any other content you share with your PA through the Service.
• Photos and images: photographs or images you choose to upload through the in-app chat to help your PA understand or carry out a task. We access your camera and photo library only when you explicitly choose to attach an image.
• Voice messages: audio recordings you choose to send to your PA through the in-app chat. We access your device microphone only while you are actively recording a voice message.
• Support communications: information you provide when you contact our support team or your PA, including the content of those messages.
• Calls and call recordings. Some interactions with your PA occur by voice call. We record these calls for service quality assurance, PA training, dispute resolution, and service improvement. Before any call is recorded, you will be informed by an automated message at the start of the call and asked to confirm your consent by staying on the line or pressing a designated key. If you do not consent, the call will continue unrecorded and your access to the Service will not be affected. Call recordings are retained for 90 days and are accessible only to authorised Hulp personnel on a need-to-know basis. You may request deletion of a specific call recording by writing to privacy@hulp.in.

3.2 Information collected automatically

• Device and app information: device model, operating system version, app version, time zone, and language preference. Used for diagnostics, reliability, and compatibility.
• Push notification tokens: when you enable push notifications, your device's push token (APNs on iOS, FCM on Android) is sent to our servers solely to deliver task updates to you.
• Usage information: non-identifying information about how you interact with the Service to help us improve the product.
• Server log information. Our servers maintain logs that may include your IP address, browser type, internet service provider, time stamps, crash reports, and clickstream data. We use these logs for diagnostics, security monitoring, and service-quality investigations.
• Cookies and web tracking (hulp.in website only). Our website uses essential cookies required for the site to function, and may use analytics cookies to understand aggregate usage. You may manage cookie preferences via the cookie banner on the website. We do not use tracking cookies for advertising purposes. See our Cookie Notice for more detail.

3.3 Information we do NOT collect through the app

• Payment card or banking credentials. When you make a payment through Hulp, you do so via a third-party payment gateway. We do not store credit card, debit card, UPI, or other banking credentials on our systems; we only receive a transaction reference for our records.
• Precise device location. The app does not request or collect your GPS or device location. Any address relevant to service delivery is entered manually by you.
• Your phone contacts. We do not read or upload your device contact list.
• Background photos, audio, or camera footage. We access your camera, photo library, and microphone only when you explicitly choose to attach a photo or record a voice message in chat. We do not access these in the background.
• Biometric data such as Face ID, Touch ID, or fingerprint identifiers.

3.4 Sensitive personal data we may process

In the course of delivering the Service, we may handle the following categories of sensitive personal data on your behalf:

• Health information — medical appointment details, prescription reorders, insurance claim references, allergy and dietary information.
• Financial information — bill payment references, salary records for household staff, insurance premium details.

We process this data solely to carry out tasks you have explicitly instructed your PA to perform. We do not use it for profiling, advertising, or any secondary purpose. Explicit consent for processing sensitive personal data is obtained at the point of instruction or, where applicable, at account setup. This data is handled in accordance with Rule 5 of the IT (SPDI) Rules, 2011, in addition to the DPDP Act, 2023.

4. How we use your information

We use your information to:

• Authenticate your account using OTP-based phone login.
• Enable your dedicated PA to deliver tasks on your behalf.
• Coordinate tasks involving family members and household contacts you have authorised.
• Send service-related push notifications about task updates and status changes.
• Improve, troubleshoot, and secure the Service.
• Communicate with you about service changes, support requests, and account matters.
• Comply with applicable legal obligations, including the Digital Personal Data Protection Act, 2023 ("DPDP Act") and related Rules.

We do not sell your personal data. We do not share your data with advertisers. We do not use your data for targeted advertising.

AI and Automated Processing Disclosure: Automated processing. The Service uses AI and automated systems to understand your task instructions, route them to the appropriate PA or system, and generate suggestions (for example, meal plans, vendor shortlists). These automated processes assist our PAs but do not make final decisions about you autonomously. No legal or similarly significant decision is made about you solely by automated means without human review.

4.1 Communications you can opt out of, and those you cannot

When you sign up for the Service, you may receive product updates, tips, and occasional promotional emails from us. You can unsubscribe at any time by using the link in those emails or by writing to privacy@hulp.in. You cannot opt out of service notices, administrative notices, billing notices, security alerts, or notices we are legally required to send — these are necessary to operate your account.

4.2 Aggregated and anonymised data

We may aggregate or anonymise data in a manner that no longer identifies you or your family. Anonymisation is carried out using industry-standard techniques (such as aggregation, generalisation, or suppression) such that re-identification of any individual from the resulting dataset is not reasonably possible. Once aggregated or anonymised, such data is no longer "personal data" under the DPDP Act and may be used by Hulp for analytics, research, product improvement, and similar purposes without the restrictions of this Policy.

5. How we share your information

We share your information only with:

• Your assigned PA and Hulp's operations team, who need access to deliver the Service to you.
• Service providers who help us operate our infrastructure — for example, cloud hosting (Microsoft Azure, Amazon Web Services), secure messaging, payment gateways, and push notification delivery — under written contractual obligations of confidentiality and data protection.
• Law enforcement, courts, or regulators, where disclosure is required by applicable law, court order, or to protect our legal rights, the safety of our users, or the integrity of the Service.
• Without prior notice in limited situations. Where we are required to disclose information for the investigation of cyber incidents, the prosecution of offences, or in response to a lawful demand from a government authority, we may not be able to seek your prior consent before doing so. In each such case, we will disclose only what is strictly necessary.

We do not share family-member information or task content with any third party for marketing or advertising purposes.

Explicit User Responsibility: User is responsible for ensuring that he/she has the authority and consent necessary to share information relating to family members, household staff, or third parties through the Service.

6. Third-party services

The Service relies on the following categories of third-party processors. Each is bound by a written agreement requiring confidentiality and DPDP-compliant data handling:

• Cloud hosting: Microsoft Azure (India regions) and Amazon Web Services (Asia Pacific — Mumbai).
• Payment gateway: A regulated & Licensed Indian Payment aggregator governed by Reserve Bank of India [Razorpay]. Payments are processed directly on their platform; Hulp does not store any card, UPI, or banking credentials. Their privacy policy is available at [https://razorpay.com/privacy-policy/]. If the payment provider changes in future, this section will be updated and you will be notified in-app or by email before the change takes effect.
• Push notification delivery: Apple Push Notification service (APNs) for iOS, Firebase Cloud Messaging (FCM) for Android.
• Email and communications: trusted transactional email and SMS providers.

In future releases, if we integrate additional tools (for example, analytics or crash reporting), we will update this Policy and, where required, seek your consent before activating them. Material changes will be communicated to you in-app or by email.

External links. The Service may direct you to third-party websites or apps — for example, a hotel's booking confirmation page, a payment gateway, a doctor's appointment portal, or a courier's tracking page. This Policy does not govern your interaction with those third parties. Each of them maintains its own privacy policy, which we encourage you to read before sharing information with them.

7. Data retention

We retain your account and task information only for as long as necessary for the purpose for which it was collected. The following retention periods apply:

Certain records may be retained after deletion of your account where required for fraud prevention, taxation, accounting, dispute resolution, or legal compliance.

You may request deletion of your account and associated data at any time. See Delete Account or Delete Data. We will action verified deletion requests within the timeframes required by applicable law (typically within 30 days).

8. Your rights under the DPDP Act

Under the Digital Personal Data Protection Act, 2023 and other applicable laws, you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Request deletion of your data, subject to legal retention obligations.
• Withdraw consent for processing where consent is the basis for processing.
• Nominate another individual to exercise your rights in the event of your death or incapacity.
• Grievance redressal — write to our Grievance Officer (see section 9) before approaching any external authority.
• Lodge a complaint with the Data Protection Board of India if your grievance is not resolved to your satisfaction.

8.1 How to withdraw consent

You may withdraw consent for any or all processing activities at any time by:

• Going to Settings → Privacy → Manage Consent within the Hulp app; or
• Writing to privacy@hulp.in from your registered email.

We will action your withdrawal within 7 business days. Please note:

(a) Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

(b) Withdrawing consent for core processing activities (e.g., account authentication) will result in termination of your Hulp subscription, as the Service cannot function without that data.

(c) Withdrawal of consent for optional activities (e.g., promotional emails) will not affect your access to the Service.

To exercise any of these rights, write to privacy@hulp.in with your registered phone number and a description of your request. We may need to verify your identity before fulfilling the request.

9. Grievance redressal

10. Data security

We use commercially reasonable technical and organisational measures to protect your data, including:

• Encryption of data in transit using HTTPS / TLS.
• Encryption of sensitive data at rest where supported by our cloud providers.
• Access controls limiting employee and PA access to a need-to-know basis.
• Secure cloud hosting on Microsoft Azure (India regions) and AWS (Mumbai), with periodic reviews.
• Routine security reviews of our systems and processes.

10.1 Data breach notification procedure

In the event of a personal data breach that is likely to result in harm to you, we will:

• Notify the Data Protection Board of India as required under Section 8(6) of the DPDP Act, 2023 and Rule 7 of the DPDP Rules, 2025, within the prescribed timeline.
• Notify you promptly at your registered email or phone number, with details of: the nature of the breach, the data affected, the likely consequences, and the steps we have taken or propose to take.
• Maintain a record of all breaches, including those not requiring external notification, for internal review and regulatory inspection.

If you believe your account has been compromised, please write immediately to privacy@hulp.in or contact our support team.

No system is completely secure, however, and we cannot guarantee absolute security. You are responsible for keeping your phone and OTP credentials secure.

We are not responsible for security incidents that arise from factors outside our reasonable control — for example, a breach of our cloud or payment-gateway providers' systems, internet-routing or telecom failures, force-majeure events, or your own disclosure of your account credentials. In each such case, we will act in good faith to mitigate the impact and inform you and the relevant regulator as required by law.

11. Children's data

Hulp is intended for use by adults aged 18 and over. We do not knowingly collect personal data directly from individuals under 18.

The Service may involve coordination of tasks related to minors in your household — for example, scheduling medical appointments or pickups for a child. Where the Service involves data of a minor in your household, you confirm that you are the minor's parent or lawful guardian and that you consent on the minor's behalf, as required by Section 9 of the DPDP Act, 2023.

By providing such an instruction relating to a minor, you are providing verifiable parental consent as required under Section 9 of the DPDP Act, 2023. We continue to evaluate additional technical mechanisms for verifiable parental consent as the DPDP Rules evolve, and will update this section accordingly. If we become aware that personal data of a minor has been provided without valid parental consent, we will delete it within 72 hours of becoming aware and notify you at your registered contact.

12. Data location and transfers

All personal data we process is stored on cloud infrastructure located entirely within India. We use two trusted cloud providers for redundancy and performance:

• Microsoft Azure (India regions)
• Amazon Web Services (Asia Pacific — Mumbai)

We do not transfer personal data outside India.

Certain technical metadata or limited processing by approved service providers may involve cross-border access, subject to applicable laws and appropriate contractual safeguards.

If, in future, we need to transfer personal data outside India for any reason, we will (a) update this Policy, (b) notify you in-app or by email before the transfer becomes effective, and (c) ensure appropriate safeguards consistent with Section 16 of the DPDP Act, 2023 and any country-restriction notifications issued by the Government of India.

13. Changes to this Policy

We may update this Policy from time to time. When we do, we will revise the "Last updated" date at the top. We will notify you of material changes in-app or by email before they take effect. Continued use of the Service after a change indicates your acceptance of the updated Policy.

14. Contact us

For any questions, concerns, or requests regarding this Policy or our data practices, contact:

Secret Terry Private Limited
Email: privacy@hulp.in
Grievance Officer: grievance@hulp.in
Registered office: 33rd Floor, PH02, Tower-A, Pioneer Araya, Sector-62, Gurugram, Haryana – 122098, India
Corporate office: Plot No. 89, Sector 44, Gurugram, Haryana – 122003, India

Annex A — Consent Notice (shown at onboarding)

Standalone consent notice — mandatory; shown before account creation in the Hulp mobile app.

Before you create your Hulp account, we collect the following personal data for the purposes listed below. You may withdraw consent at any time from Settings → Privacy → Manage Consent.

By tapping "Agree, Create Account", you consent to the above collection and processing. You may withdraw consent at any time without affecting the lawfulness of prior processing.