Back to Hustl

Privacy Policy

Last updated: May 2026

1. Who we are

Hustl ("Hustl", "we", "us") operates a gig marketplace connecting independent workers ("Hustlers") with businesses ("Partners") for short-term work in India. We are the Data Fiduciary for personal data processed through our website, progressive web apps (PWA), and future native iOS and Android applications.

Registered entity: Hustl (operating at hustl.today). Grievance / privacy contact: privacy@hustl.today. General support: support@hustl.today.

This policy applies only to users who are 18 years or older and who reside in India. Our services are not offered outside India.

2. Personal data we collect (itemised)

Under the Digital Personal Data Protection Act, 2023 (DPDPA) and the Digital Personal Data Protection Rules, 2025 (Rule 3), we provide this itemised description of personal data we collect and why.

2.1 Identity and account

  • Mobile phone number (Firebase Authentication OTP sign-in)
  • Email address (optional, where provided)
  • Display name, profile photo, cover photo, bio
  • Role (Hustler or Partner), language preference (English, Tamil, Hindi)
  • Referral code and referrer reference

Purpose: account creation, authentication, profile display, referrals, customer support, and fraud prevention.

2.2 KYC and verification

  • Aadhaar verification status and masked identifiers via eKYC (we do not store full Aadhaar numbers in app databases after verification where avoidable)
  • PAN verification status
  • Selfie and liveness images for identity match
  • Government ID document images uploaded to secure storage
  • Partner business GSTIN, FSSAI or trade licence references, and verification documents

Purpose: legal identity verification, platform trust, payout eligibility, and regulatory compliance. Our primary KYC integration is Digio. Business GST lookup may use MasterGST.

2.3 Financial and payouts

  • Wallet balances, ledger entries, earnings, withdrawals, fees, and penalties
  • UPI ID and/or bank account number and IFSC for payouts
  • Partner payment method metadata and Razorpay payment references
  • TDS-related transaction records where applicable

Purpose: job funding, hustler payouts, reconciliation, tax reporting support, and dispute resolution.

2.4 Location data

  • GPS coordinates at check-in and check-out
  • Live GPS (latitude, longitude, accuracy, heading, speed) during active checked-in shifts, updated approximately every 10 seconds
  • Job and business addresses
  • SOS alert location when a Hustler triggers emergency assistance
  • Approximate city, region, and country derived from IP address (hashed IP stored separately)

Purpose: attendance verification, partner visibility during active jobs, safety, routing/ETA assistance, and dispute evidence. Live location is shared only with authorised parties for the active booking (Partner, support, admin) and only for limited periods.

2.5 Device, session, and technical data

  • Browser or app user agent, screen resolution, timezone, locale
  • Push notification permission state and FCM device tokens
  • Location permission state (not continuous location until you grant OS permission)
  • PWA install indicator
  • Hashed IP address and hashed user agent in session records
  • App version and platform (web, iOS, Android when launched)

Purpose: security, session management, push delivery, debugging, and fraud detection.

2.6 Behavioural and communications

  • Job bookings, cancellations, check-in/out photos, reviews, strikes
  • In-app chat messages and support conversations
  • Dispute records and evidence
  • Activity events (e.g. login, booking, payment events) without raw IP in default activity payloads
  • Saved jobs and notification preferences (where enabled)

Purpose: operating the marketplace, safety, moderation, and customer support.

3. How we use your data

We process personal data only for lawful purposes connected to our platform, including:

  • Providing and improving the Hustl service
  • Matching Hustlers with Partner job postings
  • Processing payments and payouts
  • Sharing limited profile and live location data with the other party during an active job
  • Preventing fraud, GPS spoofing, duplicate accounts, and abuse
  • Resolving disputes using objective evidence (GPS, photos, chat, timestamps)
  • Complying with Indian law, tax, and lawful government requests
  • Sending transactional notifications (booking updates, payout status, security alerts)

4. What we do not do with your data

  • We do not sell your personal data to data brokers or advertisers.
  • We do not use Google Analytics, Meta Pixel, or other cross-site advertising trackers.
  • We do not track you across other companies' apps or websites for advertising.
  • We do not knowingly collect data from anyone under 18.

5. Third parties who process data on our behalf

We use service providers (Data Processors) under contracts requiring reasonable security safeguards:

  • Google Cloud / Firebase — authentication, database, file storage, realtime location channel, push messaging, App Check (reCAPTCHA Enterprise), Maps APIs (India region infrastructure)
  • Digio — Aadhaar eKYC and identity verification workflows
  • MasterGST — GSTIN verification for Partner businesses
  • Razorpay — Partner payment collection and bank account validation
  • Cashfree — Hustler payout transfers to UPI or bank accounts
  • Sentry — error monitoring (user ID and role only; email and IP stripped before transmission)
  • Vercel — hosting and privacy-friendly page analytics (Web Vitals; no ad profiling)
  • Slack (optional) — internal operational alerts without marketing use of your data

SMS/OTP for login is delivered through Firebase Phone Authentication (Google). We may add transactional SMS providers (e.g. MSG91) in the future with updated notice.

6. Cookies and similar technologies

  • Firebase Auth session — required to keep you signed in.
  • reCAPTCHA / App Check — bot and abuse protection.
  • Vercel Analytics — aggregated performance metrics on our web apps; not used for cross-site advertising.
  • Local browser storage — preferences and session navigation on PWA (not sold or shared).

See our Data Compliance and Cookies page for more detail.

7. Data retention

  • KYC documents: up to 5 years after account closure (legal/compliance)
  • Financial and transaction records: up to 8 years (Income Tax Act requirements)
  • Activity logs: up to 3 years
  • Chat messages: up to 1 year
  • GPS dispute evidence: up to 6 months; general GPS logs up to 1 month where not needed for disputes
  • Raw Aadhaar document images: deleted within 30 days after successful verification where technically feasible
  • Session and device metadata: up to 90 days unless needed for security investigations

We delete or anonymise data when the purpose is fulfilled, unless law requires longer retention.

8. Data storage and security

Personal data is stored in India (Google Cloud Platform, primary region asia-south1 Mumbai; Firebase Realtime Database for live location in asia-southeast1 Singapore). We do not intentionally transfer personal data outside India for processing.

  • Encryption in transit (TLS 1.2+)
  • Encryption at rest on cloud infrastructure
  • Role-based access controls and Firestore security rules
  • Server-side-only money and KYC status mutations
  • Rate limiting, App Check, admin MFA for internal tools
  • PII minimisation in logs and error reports

9. Your rights under the DPDPA

As a Data Principal, you may:

  • Access a summary of personal data we hold about you
  • Correct inaccurate data
  • Erase data when no longer required (subject to legal retention)
  • Withdraw consent for consent-based processing (with comparable ease to giving consent)
  • Nominate another individual to exercise rights on your behalf in case of death or incapacity
  • Grievance redressal through our Grievance Officer
  • Complaint to the Data Protection Board of India if not satisfied with our response

To exercise rights, email privacy@hustl.today from your registered phone or email. We will verify your identity before fulfilling requests. We aim to respond within 30 days.

10. Planned features (transparent disclosure)

We may introduce the following with updated notice in-app and on this page:

  • Periodic face re-verification before high-value shifts (liveness check via KYC provider)
  • Device integrity signals for fraud prevention (not used for advertising)
  • Biometric unlock on your device only (stored locally on your phone; not uploaded to Hustl servers)
  • Marketing SMS, WhatsApp, or email only with separate opt-in consent
  • Partner subscription plans with billing disclosures per Consumer Protection (E-Commerce) Rules

11. App Store and Google Play privacy disclosures

For native app submissions, we disclose the following categories to Apple and Google:

  • Contact info: phone, email — linked to identity — not used for tracking
  • Financial info: payment and payout metadata — linked to identity — not used for tracking
  • Location: precise location during active jobs — linked to identity — not used for tracking across apps
  • Photos/Videos: profile, KYC, check-in evidence — linked to identity
  • Identifiers: user ID, device tokens for push — linked to identity — not used for third-party advertising
  • Usage/Diagnostics: crash and performance data via Sentry and Vercel Analytics — not sold

Hustl does not use your data to track you across other companies' apps or websites.

12. Data breach notification

If a personal data breach is likely to affect your rights, we will notify the Data Protection Board of India and affected users as required under the DPDPA, including steps taken to mitigate harm.

13. Changes to this policy

We may update this policy. Material changes will be communicated via the app, email, or website. Continued use after the effective date constitutes acceptance. Previous versions are available on request.

14. Related policies

Terms of Service · Data Compliance · Intellectual Property and Takedown · Safety Policy