Privacy Policy

1. Your Privacy Matters

GooseDock Technologies Pvt. Ltd. ("GooseDock", "we", "us") respects your right to privacy. This Privacy Policy explains what personal data we collect when you use the GooseDock platform, why we collect it, how we use it, and what control you have over it.

By using the platform you consent to the practices described here. If you do not agree, please do not use the platform.

2. What We Collect

2.1 Account information

• Full name, email address, phone number
• Role (Client / Agency / Vendor)
• Business name, business address, city, state, pincode
• Password (always stored as a one-way bcrypt hash — never plaintext)

2.2 KYC & verification documents

• Agencies: PSARA license number, expiry date, scanned license document, GST number
• Clients: Aadhaar / PAN / electricity bill (address proof)
• Vendors: GST, business registration, optional logo

2.3 Transactional data

• Tenders posted, bids submitted, deals closed
• Commission and payment records
• Platform interaction logs (clicks, page views, status changes)

2.4 E-Sign & consent records

• Click-acceptance timestamp, IP address, user-agent string
• Typed digital signature (full legal name)
• Policy version accepted

3. How We Use Your Data

• Operate the platform — match clients with verified agencies, process bids, manage deals
• Verify identity & compliance — confirm PSARA licenses, GST numbers, address proofs
• Process payments — track commission & listing fees, generate receipts
• Email you — verification, deal updates, notifications, password resets
• Comply with law — respond to lawful requests from courts, regulators, and law enforcement
• Prevent fraud — detect suspicious activity, ban abusers, protect other users

We do not sell your personal data to anyone. Ever.

4. Identity Concealment

The core promise of GooseDock is that both Client and Agency identities remain hidden until both parties pay their commission and the deal is finalized. During the anonymous phase:

• Agencies see tender details but never the client's real name, company, or contact info
• Clients see bids tagged as Agency #ABCD (a hash) and never the agency's real name
• Email-based communication is brokered through GooseDock's relay

Reveal occurs only after admin verifies both commission payments. From that point, full contact details are exchanged via email and the platform.

5. Who We Share With

• Counterparties — your verified contact details are shared with the other party only after both commission payments are confirmed
• Service providers — Hostinger (hosting), payment gateways (UPI), email service (Hostinger SMTP)
• Legal authorities — when compelled by valid legal process
• Successor entities — in the event of a merger, acquisition, or sale of GooseDock

We never sell, rent, or trade personal data with marketing networks, data brokers, or unrelated third parties.

6. How We Protect Your Data

• Transport security — all data in transit is encrypted via TLS 1.2+
• Password storage — bcrypt hashing with cost factor 12 (industry standard)
• Database access — restricted to authorized administrators with audit logging
• Document storage — uploaded KYC documents are stored on access-controlled directories
• Session security — HttpOnly + Secure + SameSite=Strict cookies
• CSRF protection — all state-changing actions require a CSRF token
• Brute-force lockout — 5 failed login attempts triggers a 15-minute lockout

7. Your Data Rights

Under the Digital Personal Data Protection Act 2023, you have the right to:

• Access — request a copy of all personal data we hold about you
• Correction — fix inaccurate or outdated information
• Erasure — request deletion (subject to legal retention requirements)
• Withdraw consent — for non-essential processing
• Grievance redressal — escalate to our Grievance Officer (contact below)

To exercise any of these rights, email us at info@goosedock.com. We will respond within 7 business days.

8. Data Retention

• Active accounts — data retained for as long as your account exists
• Closed accounts — basic identity + transaction records retained for 7 years (Income Tax Act + Companies Act compliance)
• Click-acceptance logs — retained permanently (legal evidence per IT Act 2000)
• Marketing data — deleted within 30 days of account deletion

9. Cookies & Local Storage

We use minimal cookies — essential ones only:

• sb_session — session cookie, HttpOnly, expires after 8 hours of inactivity
• _csrf_token — CSRF protection

We do not use third-party tracking cookies, advertising cookies, or cross-site trackers.

10. Children's Privacy

GooseDock is intended for use by adults aged 18+ engaged in business operations. We do not knowingly collect data from anyone under 18. If we discover such data has been submitted, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy as the platform evolves or as the law changes. Material changes will be communicated via email and a notice on the platform. Continued use after the effective date of an update constitutes acceptance of the revised policy.

12. Grievance Officer

As required under the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, our designated Grievance Officer is:

• Email: info@goosedock.com
• Phone / WhatsApp: +91 92021 22430
• Response time: within 7 business days