manzil is a group-travel companion app for friend groups in India, operated by Forty Two Services ("we", "us"). This policy explains what we collect, what we don't, and how the few things we do collect get used. It's written to be readable in one sitting.
What We Collect
- Your phone number. manzil uses your Indian mobile number as your only sign-in credential. We don't ask for email, password, or social logins.
- A display name. Whatever you set so trip-mates can recognise you. Change it anytime.
- Trip data you put in. Trip names, expenses, settle-ups, and (later) photos and notes you create or share.
- Location, only when you turn it on. Location sharing is strictly opt-in and time-bounded, you pick a duration (e.g. 4 hours) and the share ends automatically. Pings are visible only to other members of the same trip.
What We Don't Collect
- No email address. No password. No social-network identity.
- No location data outside of explicit, time-bounded shares. We never track you in the background.
- No GPS coordinates in your photos. EXIF location metadata is stripped both on your device and on our servers before storage.
- No location data is ever sent to our analytics provider. Coordinates stay inside your trip, they never leave for any third-party tool.
How Your Data Is Used
- To run the app. Your phone authenticates you. Your trip data syncs to other members of trips you join.
- To send one-time codes. We send a six-digit OTP to your phone via MSG91 (an Indian SMS provider) when you sign in.
- To improve the product. We use PostHog to record anonymous usage events ("user opened a trip", "expense added"), never the contents of your expenses, messages, or location.
- To fix crashes. We use Sentry to capture crash stack traces. These do not include your trip contents.
How Long We Keep It
- Active trips: kept as long as the trip exists.
- Archived trips: location pings are purged within 24 hours of archival. Expenses and photos are kept indefinitely, they're the memory keepsake of the trip and trip-mates may still need them.
- Deleted accounts: see the next section.
Your Rights, Account Deletion (DPDP Act 2023)
Forty Two Services is the Data Fiduciary for your manzil account under India's Digital Personal Data Protection Act 2023. The Act gives you a right to delete your account, free of cost. Here's how:
- How to ask: for now, email support@saathmanzil.com from the phone number on your account with the subject line "Delete my manzil account". An in-app deletion button is on the way and will ship before the public launch.
- 7-day cooling window. Your account enters a "deletion-pending" state for 7 days. You can cancel anytime in that window by replying to the same email.
- What gets erased: your phone number, display name, avatar, and UPI VPA. After erasure, you cannot be looked up by phone again.
- What stays (anonymised): expenses you paid for or were split on, and photos you uploaded to shared trips. Your name on these is replaced with "(deleted user)" so that your trip-mates' settle-up math and shared memories stay intact. This is allowed under the DPDP Act's "legitimate purpose" carve-out for shared-context data.
- How fast: we'll confirm initiation within 48 hours and complete the erasure within 7 days of the cooling window ending.
Third Parties We Use
- MSG91, SMS OTP delivery in India.
- PostHog Cloud, anonymous product analytics (never location).
- Sentry, crash reporting.
- AWS, hosting (servers, database, photo storage in the Mumbai region).
We don't sell your data. We don't share it with advertisers. We don't have advertisers.
Children
manzil is for users aged 18 and over. We do not knowingly create accounts for minors. If you believe a minor has signed up, email support@saathmanzil.com and we'll remove the account.
Contact
Questions, requests, or anything that feels off, email support@saathmanzil.com. A real person at Forty Two Services reads every message.