Flex← Back to home

Privacy Policy

Effective June 12, 2026

Kinetic Blume India Pvt Ltd (“78Flex”, “we”, “us”, or “our”) respects your privacy. This Privacy Policy explains how we collect, use, share, and protect personal data when you use the 78Flex platform at https://www.78flex.ai, our mobile applications, or any related service (the “Platform”).

This Policy is published in accordance with the Digital Personal Data Protection Act, 2023 (“DPDP Act”), the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.

By using the Platform, you consent to our processing of your personal data as described in this Policy. If you do not agree, please discontinue use of the Platform.

1.Personal data we collect

We collect the following categories of personal data:

1.1 Information you provide directly

  • Identity details: name, date of birth, gender (if voluntarily shared), and photographs you upload.
  • Contact details: email address, phone number, billing address, and (for virtual office subscriptions) registered office address.
  • Account credentials: username, password (stored as a salted hash), and OTP-based phone verification records.
  • Booking details: workspace, dates, party size, any special requests, and notes you share with the Operator.
  • Payment information: limited card or UPI metadata necessary to display payment receipts. Full card numbers and bank credentials are processed and stored by Razorpay, our payment partner, and are not stored by 78Flex.
  • Business KYC (for operator onboarding and virtual office subscribers): PAN, GSTIN, CIN, MCA filings, proof of address, and other documents required under the Goods and Services Tax laws and the Companies Act, 2013.
  • Enquiries, reviews, and communications you submit through the Platform, including chat with our customer support.

1.2 Information collected automatically

  • Device and connection information: IP address, browser type, operating system, device identifiers, and approximate location derived from IP.
  • Precise location: only when you explicitly grant location permission in your browser or device, used to sort workspaces by distance from you. You can revoke this at any time in your browser or device settings.
  • Usage information: pages viewed, search queries, clicks, time on page, scroll depth, and similar behavioural signals collected via analytics.
  • Cookies and similar technologies: see Section 5 below.

1.3 Information from third parties

  • Operators and venue partners: information about your Booking and on-site activity (for example, badge swipes and check-in time).
  • Payment partners (Razorpay): payment success or failure status, settlement timing, and chargeback notices.
  • Identity verification services (for KYC): document validation results.
  • Public data sources (Google Places): venue details such as photos, opening hours, and reviews.

2.Sensitive personal data

We do not knowingly collect sensitive personal data or information (“SPDI”) within the meaning of the Information Technology Rules, 2011 — such as financial information beyond what is necessary to process payments, biometric data, or information relating to health or sexual orientation — except where strictly required to provide the Platform (for example, for KYC verification) or where you voluntarily share it. Where SPDI is collected, we apply additional access controls and encryption.

3.Purposes for which we use your data

We use your personal data for the following purposes:

  • To create and manage your account, including login, authentication, and OTP verification.
  • To deliver the services you request: discovery, Bookings, virtual office subscriptions, and customer support.
  • To facilitate communication between you and the Operator regarding your Booking.
  • To process payments and issue tax invoices (including GST invoices where applicable).
  • To improve the Platform: analytics, debugging, A/B testing, and product development.
  • To send transactional messages (booking confirmation, invoices, status updates) via email, SMS, or WhatsApp.
  • To send marketing communications, where you have opted in. You can unsubscribe at any time.
  • To detect, prevent, and respond to fraud, security incidents, or abuse of the Platform.
  • To comply with applicable law, regulation, court orders, and lawful requests from authorities.

4.Lawful basis

We process your personal data on one or more of the following bases under the DPDP Act and other applicable laws:

  • Consent — for purposes such as marketing communications, precise location, and use of optional cookies.
  • Performance of a contract — to fulfil Bookings and provide the services you have requested.
  • Legal obligation — to comply with tax, anti-money-laundering, and other statutory requirements.
  • Legitimate interests — for analytics, fraud prevention, and service improvement, where those interests are not overridden by your rights.

5.Cookies and similar technologies

We use cookies, local storage, and similar technologies to operate the Platform, remember your preferences, and analyse usage. Cookies fall into three categories:

  • Strictly necessary — required for the Platform to function (for example, session cookies and authentication tokens). You cannot disable these.
  • Functional — remember your settings such as preferred city, sort order, and dismissed prompts.
  • Analytics — help us understand how users find and use the Platform. We use first-party event tracking and may use third-party analytics in accordance with this Policy.

You can control cookies through your browser settings. Disabling cookies may affect the functionality of the Platform.

6.How we share your data

We share personal data only as described below. We do not sell your personal data.

  • With Operators / Venue Partners — we share the data necessary to fulfil your Booking, including your name, contact details, and Booking details.
  • With service providers and processors — hosting (Railway, Vercel), payments (Razorpay), email and SMS delivery (Resend, MSG91), WhatsApp Business (Meta), authentication (Firebase), analytics, and customer support tools. Each processor is bound by confidentiality and data protection obligations.
  • With professional advisers — our accountants, auditors, and legal advisers as reasonably required.
  • In response to lawful requests — we may disclose data if required by law, court order, or to protect 78Flex’s rights, your safety, or that of others.
  • In connection with a corporate transaction — if 78Flex is involved in a merger, acquisition, or sale of assets, your data may be transferred. We will notify you of any change in control or use of your data.

7.Cross-border transfer of data

Some of our service providers operate or store data outside India. Where personal data is transferred outside India, we ensure that an appropriate safeguard is in place — such as a data processing addendum with the recipient — and we only transfer personal data to jurisdictions permitted under the DPDP Act and applicable rules.

8.Data retention

We retain personal data only for as long as is necessary for the purposes described in this Policy, including to satisfy any legal, tax, accounting, or reporting requirement. Indicative retention periods are:

  • Account data: for as long as your account is active, plus one year after closure.
  • Booking and payment records: at least 8 years, in line with tax record-keeping requirements.
  • KYC records (for operators and virtual office subscribers): at least 5 years after the relationship ends, in line with applicable laws.
  • Marketing preferences: until you unsubscribe or withdraw consent.
  • Server logs and analytics: typically 12–18 months.

Once the retention period expires, we either delete or de-identify the data.

9.Security

We implement reasonable technical and organisational measures to protect your personal data, including encryption in transit (TLS), encryption at rest for sensitive fields, role-based access controls, audit logs of administrative actions, and periodic security reviews. We also require our processors to maintain comparable safeguards.

No method of transmission or storage is fully secure, and we cannot guarantee absolute security. If a security incident affects your personal data, we will notify you and the Data Protection Board of India in accordance with the DPDP Act.

10.Your rights as a data principal

Subject to applicable law, you have the following rights:

  • Right to information — to obtain a summary of the personal data we process about you.
  • Right to access and correction — to access your personal data and request correction of any inaccuracy.
  • Right to erasure — to request deletion of your personal data, subject to retention requirements above.
  • Right to withdraw consent — to withdraw consent you previously gave, at any time, without affecting the lawfulness of processing before the withdrawal.
  • Right to grievance redressal — to lodge a grievance with our Grievance Officer (see Section 13).
  • Right to nominate — to nominate another individual to exercise your rights in the event of death or incapacity, in accordance with the DPDP Act.

To exercise any of these rights, please contact us using the details below. We will respond within the timelines prescribed under applicable law.

11.Children

The Platform is not intended for children under the age of 18. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us and we will take steps to delete it.

12.Marketing communications

We may send you product updates, offers, and recommendations by email, SMS, or WhatsApp, where you have opted in. Every marketing message includes an unsubscribe link or instructions. You can also update your preferences in your account profile.

13.Grievance officer

In accordance with the Information Technology Act, 2000, and the rules made thereunder, the contact details of the Grievance Officer are:

Grievance Officer
Kinetic Blume India Pvt Ltd
Delhi, India
Email: support@78flex.ai
Phone: +91 98187 99144

The Grievance Officer will acknowledge your complaint within 24 hours and resolve it within 15 days of receipt.

14.Changes to this policy

We may update this Policy from time to time. The current version is always available on the Platform with the effective date at the top. Material changes will be communicated to registered users by email or in-app notice at least 7 days before they take effect.

15.Contact

For any question about this Policy or to exercise your rights, please contact:

Kinetic Blume India Pvt Ltd
Email: support@78flex.ai
Phone: +91 98187 99144
Registered office: Delhi, India