Privacy Policy
How we collect, use, and protect your personal information.
Last updated: May 11, 2026
1. Who We Are
Vemate is a creator monetization platform, operated by AD Enterprises (hereinafter referred to as "Vemate", "we", "us", or "our"). Our Grievance Officer is Aditya Kumar.
For the purposes of this Policy, "you", "your" refers to any visitor, creator, or buyer using the Vemate platform at vemate.in.
2. Information We Collect
a) Information You Provide Directly
- Account Information: Full name, email address, password (hashed), phone number
- Profile Information: Display name, profile photo, bio
- KYC Identity Documents:
- Aadhaar Card number and front/back document images
- PAN Card number and front document image
- Selfie / photograph for liveness and identity verification
- Bank / Payment Details: Bank account number, IFSC code, account holder name, account type, and proof document — collected for payout processing
- Product Content: Digital files, course materials, descriptions you upload as a creator
- Communications: Messages you send to our support team
b) Information Collected Automatically
- Device & Log Data: IP address, browser type, operating system, referring URLs, pages visited, timestamps
- Usage Data: Features used, clicks, session duration, purchase history
- Cookies & Tracking: Session cookies, preference cookies (see Section 8)
c) Information from Third Parties
- Google OAuth: Name, email, and profile picture if you sign in with Google
- Payment Gateways: Transaction status, masked card/UPI details (we do not store full payment credentials)
d) Seller / Creator Compliance Data
For Creators specifically, we collect the following additional data as part of our marketplace compliance and due diligence obligations:
- Aadhaar Card number and document images (front and back) — for government-mandated identity verification
- PAN Card number and document image — for tax compliance and identity cross-referencing
- Selfie / photograph — for liveness verification to confirm the submitting person matches the identity documents
- Bank account number, IFSC code, bank name, account type, account holder name, and supporting proof — for payout processing
- Seller ID: A unique, system-generated platform identifier assigned to your Creator account (your Firebase UID). This is not your Aadhaar or PAN number.
- Platform Agreement acceptance timestamp — recorded when you register and accept these Terms
- KYC review status (NOT_SUBMITTED / PENDING / VERIFIED / REJECTED) and rejection reason if applicable
3. How We Use Your Information
- To create and manage your account and provide platform services
- To verify your identity (KYC) and enable payouts
- To process payments and deliver purchased digital products
- To communicate important updates, transaction receipts, and support responses
- To detect and prevent fraud, abuse, and policy violations
- To improve platform features and user experience through analytics
- To comply with applicable laws, regulations, and legal processes
- To send promotional communications (only with your consent; you can opt out anytime)
4. Legal Basis for Processing
We process your personal data on the following legal grounds:
- Contract Performance: To fulfil our obligations when you register or transact on the platform
- Legal Obligation: To comply with KYC norms, GST filings, and IT regulations
- Legitimate Interests: To maintain platform security and improve our services
- Consent: For optional communications and cookies (you can withdraw consent at any time)
5. Data Sharing & Disclosure
We do not sell your personal data. We share your data only in the following circumstances:
- Easebuzz (Payment Gateway): We use Easebuzz to process all buyer payments. We share your Seller ID (a unique system-generated platform identifier — not your Aadhaar or PAN) as a User Defined Field (udf1) in every payment transaction to enable per-seller traceability. We do not share your Aadhaar number or PAN number with Easebuzz.
- Cloud & Infrastructure: Supabase (database and file storage), Firebase (authentication) — operating under strict data processing agreements
- KYC Verification: KYC documents are reviewed by our admin team. We may share data with government databases or authorised verification partners for identity checks as required by law
- Legal Requirements: Law enforcement agencies, courts, or regulators if mandated by Indian law (including PMLA, IT Act, RBI guidelines)
- Business Transfer: In the event of a merger, acquisition, or sale of assets (you will be notified)
6. Data Retention
- Account Data: Retained for the duration of your account, plus 5 years after closure (for legal compliance)
- KYC Documents: Retained for 5 years as required by RBI and PMLA guidelines
- Transaction Records: Retained for 7 years for GST and income tax compliance
- Log Data: Retained for 90 days
- Deleted Accounts: Data is anonymised or deleted within 30 days of account deletion request, except where legally required to retain
7. Your Rights
Under the DPDP Act, 2023 and applicable Indian law, you have the right to:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Erasure: Request deletion of your personal data (subject to legal obligations)
- Withdrawal of Consent: Withdraw consent for data processing at any time
- Grievance Redressal: Lodge a complaint with our Grievance Officer
- Nominee: Designate a nominee to exercise your rights in case of death or incapacity
To exercise any of these rights, contact us at support@vemate.in or call +91 7398095884.
8. Cookies
We use essential cookies to keep you logged in and remember your preferences. We do not use third-party advertising cookies. You can clear cookies from your browser settings at any time, though this may affect your experience on the platform.
9. Data Security
We implement industry-standard security measures including:
- TLS/HTTPS encryption for all data in transit
- AES-256 encryption for sensitive data at rest
- Row-Level Security (RLS) in our database to isolate user data
- Multi-factor authentication for administrative access
- Regular security audits and vulnerability assessments
10. Children's Privacy
Vemate is not intended for users under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has registered, contact us immediately at support@vemate.in.
11. Third-Party Links
Our platform may contain links to third-party websites (e.g., payment pages, creator external sites). We are not responsible for the privacy practices of those sites. We encourage you to read their privacy policies.
12. Changes to This Policy
We may update this Privacy Policy periodically. If material changes are made, we will notify you by email or an in-app notification at least 7 days before the changes take effect. Continued use of the platform after the effective date constitutes your acceptance.
13. Grievance Officer
Organisation: Vemate
Email: support@vemate.in
Phone: +91 7398095884
Response Time: Acknowledgement within 24 hours, Resolution within 30 days