Privacy Policy

This Privacy Policy describes how POKA ("POKA", "we", "us", "our") processes personal data when you use POKA Business, PokaChat, PokaDrop, and related websites, apps, APIs, and support channels (together, the "Services").

Data Fiduciary / Controller details: Colourscopic Media, Delhi, India. Contact: contact@poka.digital. India Grievance Officer: Grievance Officer, Colourscopic Media, Delhi, India (contact@poka.digital).

If you are located in a jurisdiction where a representative is required (for example under Article 27 GDPR), we will identify that representative in this Policy or in a supplementary regional notice.

This Policy applies when you create an account, use or administer a workspace, upload or transfer files, send or receive communications, make payments, contact support, or otherwise interact with the Services.

This Policy does not apply to third-party services you connect through POKA (for example payment gateways, cloud storage, or external communication tools). Their own privacy notices govern their processing.

Identity and account data: name, email address, phone number, username, profile photo, business profile fields, and authentication identifiers.

Transactional and billing data: invoice details, tax identifiers, subscription history, payment status, and related records (card data is handled by payment processors, not stored in full by us).

Content and collaboration data: files, messages, comments, delivery metadata, contacts, workspace configuration, and workflow records you create or share through the Services.

Technical and security data: IP address, device/browser information, log events, access timestamps, diagnostics, cookies, and fraud/security signals.

Support and communications data: messages, tickets, feedback, and communication preferences.

We process personal data to provide and maintain the Services, authenticate users, manage accounts, process transactions, deliver support, secure systems, prevent abuse, and comply with legal obligations.

Where applicable, we rely on one or more legal bases: consent, performance of contract, compliance with legal obligations, and legitimate interests (such as securing and improving the Services).

Under Indian law, we process digital personal data in accordance with the Digital Personal Data Protection Act, 2023 and applicable rules, and continue to follow applicable obligations under the Information Technology Act framework.

We use essential cookies and similar technologies to keep you signed in, maintain sessions, secure the Services, and remember core preferences.

Where non-essential analytics or similar tracking is used, we seek consent where required by applicable law and provide opt-out or preference controls.

We do not sell personal data. We may share personal data with trusted service providers (for example hosting, analytics, communication, customer support, and payment partners) under contractual safeguards and need-to-know controls.

We may share data within our corporate group, with your authorized workspace users, during a merger/acquisition or restructuring, or when required by law, court order, or lawful government request.

We may disclose limited data to protect rights, safety, platform integrity, and to investigate fraud, abuse, or security incidents.

Your data may be processed in countries other than your country of residence. For cross-border transfers, we implement safeguards required by applicable law, such as contractual protections and security controls.

Where Indian authorities prescribe restricted destinations for transfer of personal data, we will follow those restrictions.

We retain personal data only for as long as necessary for the purposes described in this Policy, including account administration, service delivery, security monitoring, legal compliance, and dispute resolution.

Retention periods depend on data type and business/legal requirements. When no longer needed, data is deleted or irreversibly anonymized in accordance with our retention and backup lifecycle.

We implement reasonable technical, organizational, and administrative safeguards designed to protect personal data against unauthorized access, disclosure, alteration, and destruction.

If we become aware of a personal data breach, we will take response measures and provide notifications to users and authorities as required by applicable law, including Indian cyber incident reporting obligations where applicable.

The Services are intended for users who are legally capable of entering binding contracts. If a child is permitted to use a specific feature, we process the child's data only in accordance with applicable law, including verifiable parental consent requirements where required.

If you believe a child has provided data in violation of applicable law, contact us so we can review and take appropriate action.

Depending on your location and applicable law, you may have rights to request access, correction, update, erasure, portability, objection/restriction, and withdrawal of consent, and to seek grievance redressal.

India: Data Principals may exercise rights available under the Digital Personal Data Protection Act, 2023, including grievance redressal and nomination rights, subject to legal conditions.

EEA/UK/Switzerland: You may have GDPR-equivalent rights, including rights to lodge a complaint with your supervisory authority.

California and certain U.S. states: You may have rights to know, delete, correct, and opt out of certain data sharing activities as provided by state law.

To protect account security, we may verify identity before processing rights requests.

We do not use solely automated decision-making that produces legal or similarly significant effects on individuals unless we provide legally required notice, safeguards, and rights.

We may update this Privacy Policy from time to time. If material changes are made, we will post the updated version with a revised effective date and, where required, provide additional notice.

Privacy requests and questions: contact@poka.digital. Grievance Officer (India): Grievance Officer, Colourscopic Media, Delhi, India, contact@poka.digital.

You may also contact your local data protection or consumer authority if you believe your rights were violated.