Privacy Policy

Last updated: April 2025

1. Who We Are

Sokhey Media ("we", "us", "our") operates the platform available at sokheymedia.in — an influencer marketplace connecting brands with content creators across India.

2. Information We Collect

  • Account data: Name, email address, phone number (WhatsApp), and password.
  • Profile data: Social media handles, follower counts, engagement rates, niche, city, and language (for influencers).
  • Payment data: Transaction IDs and Razorpay order IDs. We do not store card numbers — all card payments are processed directly by Razorpay.
  • KYC / financial data (influencers only) — required to withdraw payments: The following documents are compulsory before any payout can be processed:
    • Legal name — full name as it appears on your bank account or PAN card.
    • UPI ID — a valid UPI ID linked to a bank account in your legal name.
    • PAN number — required for tax compliance and TDS deductions under the Income Tax Act 1961.
    • Bank account number & IFSC code — required for direct bank transfer payouts.
    This data is classified as Sensitive Personal Data or Information (SPDI) under the IT Rules 2011 and is encrypted at rest using AES-256-GCM encryption before storage. Only authorised Sokhey Media administrators can decrypt this data, solely for the purpose of processing withdrawals.
  • Social account verification (influencers, optional): If you choose to connect your Instagram or YouTube account, we store a securely encrypted OAuth access token and your verified follower count. This is used solely to display a verified badge on your profile. You can disconnect at any time by contacting support.
  • Brand verification data (brands, optional): If you submit a PAN or GSTIN for brand verification, we store an encrypted copy of that number and any uploaded document. PAN is reviewed manually by admin. GSTIN is validated against standard format rules. This data is classified as SPDI under IT Rules 2011 and is AES-256-GCM encrypted at rest.
  • Usage data: Pages visited, actions taken, and device/browser information for analytics.
  • Push notification tokens: If you enable notifications, we store your device subscription to send order alerts.

3. How We Use Your Information

  • To create and manage your account.
  • To process orders, payments, and payouts.
  • To collect PAN and financial KYC for statutory compliance purposes.
  • To send order-related notifications (email, WhatsApp, push).
  • To verify deliveries and resolve disputes.
  • To improve our platform and prevent fraud.
  • To comply with legal obligations under Indian law (IT Rules 2011, DPDP Act 2023, Income Tax Act, Companies Act 2013).

4. Data Sharing

We do not sell your personal data. We share data only with:

  • Razorpay: For payment processing (subject to Razorpay's privacy policy).
  • Supabase: Our database and authentication provider.
  • Cloudflare R2: For file/media storage.
  • Law enforcement / tax authorities: If legally required, including sharing PAN details for TDS compliance.

5. Data Retention

We retain your account data for as long as your account is active. Order and payment records — including TDS records — are retained for 7 years as required by the Companies Act 2013 and Income Tax Act, even if you delete your account. Personal profile data (name, phone, social handles) is deleted when you request account deletion.

6. Security

All data is transmitted over HTTPS (TLS). Passwords are hashed and never stored in plain text. Sensitive financial data — including PAN, bank account numbers, IFSC codes, and UPI IDs — is encrypted at rest using AES-256-GCM encryption, compliant with the IT Rules 2011 (SPDI Rules) and RBI Master Direction on Digital Payment Security Controls (2021). Access to decrypted KYC data is restricted to authorised administrators only and is not accessible from the browser or client-side code.

7. Your Rights

  • Right to access: You may request a copy of the personal data we hold about you.
  • Right to correction: You may update your profile data directly from your dashboard.
  • Right to erasure (DPDP Act 2023, Section 12):You have the right to delete your account and all personal data at any time. You can do this directly from your Profile page using the "Delete My Account" option — no need to contact us. Deletion is blocked only if you have active campaigns in progress, a pending withdrawal request, or an outstanding wallet balance, as these involve financial obligations. Order and payment records are retained for 7 years as required by law.
  • Right to withdraw consent: You may disable push notifications at any time from your browser settings.

For other privacy requests, email us at sokheymedia@gmail.com.

8. Cookies

We use session cookies for authentication. We do not use tracking or advertising cookies. You can disable cookies in your browser settings, but this may affect platform functionality.

9. Applicable Laws

This policy is governed by Indian law, including the Information Technology Act 2000, IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011, Digital Personal Data Protection Act 2023, and the Income Tax Act 1961.

10. Contact

For any privacy-related concerns, contact us at: sokheymedia@gmail.com