Compliant with India's DPDP Act, 2023

Privacy Policy

Effective Date: February 10, 2026
Last Updated: February 10, 2026
Operated by: Xfstech Solutions LLP

1. Introduction

Welcome to meelay, a free matrimonial application designed to help individuals find suitable life partners based on their preferences, community, and personal compatibility ("Service", "App", "meelay").

This Privacy Policy describes how Xfstech Solutions LLP, a limited liability partnership incorporated in India having its registered office at Kolkata, with LLPIN AAZ-2961 ("Xfstech", "we", "us", or "our"), collects, uses, shares, retains, and protects personal data when you access or use the meelay mobile application or our website at www.meelay.app (collectively, the "Service").

This Privacy Policy is published in accordance with:

  • The Information Technology Act, 2000 and the rules thereunder, including the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules").
  • The Digital Personal Data Protection Act, 2023 ("DPDP Act") and the rules and regulations notified thereunder.
  • The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.
  • Applicable Google Play Developer Programme Policies, Google AdMob Programme Policies, and Firebase Terms of Service.

By creating an account, accessing, or using the Service, you confirm that you have read, understood, and agreed to this Privacy Policy. If you do not agree with this Privacy Policy, you must not use the Service.

Important:meelay is intended only for individuals who are 21 years of age or older and who are legally competent to enter into a marriage under the laws of India. We do not knowingly collect data from minors. See Section 12 (Children's Privacy) for details.

2. Key Definitions

For the purposes of this Privacy Policy, the following terms have the meanings set out below:

  • "Personal Data" means any data about an individual who is identifiable by or in relation to such data, as defined under the DPDP Act.
  • "Sensitive Personal Data" includes data such as religious or caste information, biometric data, sexual orientation, health information, and other categories specified under applicable Indian law.
  • "Data Principal" means the individual to whom Personal Data relates — that is, you, the user.
  • "Data Fiduciary" means the entity that determines the purpose and means of processing Personal Data — in this case, Xfstech Solutions LLP.
  • "Data Processor" means any entity that processes Personal Data on behalf of a Data Fiduciary, including our service providers like Google, Firebase, and cloud hosting partners.
  • "Processing" means any operation performed on Personal Data, including collection, storage, use, sharing, deletion, or anonymization.
  • "Consent" means free, specific, informed, unconditional, and unambiguous agreement signified by clear affirmative action.

3. Information We Collect

We collect different categories of data depending on how you interact with the Service. The data we collect falls into three broad groups:

3.1 Information You Provide Directly

You provide certain Personal Data when you create an account, complete your profile, or interact with the Service. This includes:

Account Registration Data

  • Full name
  • Email address
  • Date of birth (used to verify you are 21 or older)
  • Gender

Matrimonial Profile Data

Because meelay is a matrimonial service, you may voluntarily provide profile information that, by its nature, includes Sensitive Personal Data. This is necessary for the core function of the Service. Data you may provide includes:

  • Religion, caste, sub-caste, and community
  • Mother tongue and languages spoken
  • Marital status (never married, divorced, widowed, etc.)
  • Height, weight, body type, complexion
  • Education and professional qualifications
  • Occupation, employer, and annual income
  • City, state, and country of residence
  • Family details (parents' occupation, number of siblings, family type)
  • Lifestyle preferences (diet, smoking, drinking habits)
  • Horoscope details (date, time, and place of birth, manglik status, gotra) — only if you choose to provide them
  • Photographs of yourself
  • Hobbies and partner preferences

We collect this Sensitive Personal Data only with your explicit consent. You may decline to provide any field, but doing so may limit your ability to find suitable matches. You can edit or remove this data at any time from your profile settings.

Communication Data

  • Messages, interests, and connection requests you send or receive through the Service
  • Content of customer support communications you send to us
  • Survey responses, reviews, and feedback you submit

User-Generated Content

  • Profile photos and other images you upload
  • Reports or complaints you submit about other users

3.2 Information We Collect Automatically

When you use the Service, certain information is collected automatically through the use of cookies, SDKs, and similar technologies.

Device and Technical Data

  • Device model, manufacturer, operating system version
  • Mobile network information and carrier name
  • IP address and approximate geolocation derived from it
  • Unique device identifiers (Android Advertising ID, Firebase Installation ID)
  • App version, install source, and crash logs
  • Screen resolution and language settings

Usage and Behavioural Data

  • Screens viewed, features used, and time spent on each screen
  • Search queries and filters applied
  • Profiles viewed, interests sent, and matches made
  • Login times, frequency of use, and session duration
  • Interactions with advertisements (impressions and clicks)

Location Data

  • Approximate location based on IP address (always)
  • Precise location from device GPS (only if you grant the location permission, used for location-based matching)

You can revoke location permission at any time through your device settings.

3.3 Information We Receive From Third Parties

We may receive Personal Data about you from third-party sources, including:

  • Social login providers (e.g., Google Sign-In) when you choose to register or log in using these services. We receive your name, email address, and profile photo.
  • Payment processors when you make any in-app payment (we do not store your full card details).
  • Analytics and advertising partners (see Section 7 and Section 8).
  • Identity verification services if we offer enhanced profile verification (e.g., Aadhaar-based verification, where used and explicitly consented to).

4. How We Use Your Information

We process your Personal Data only for the specific, lawful purposes set out below. Each purpose is paired with the legal basis under the DPDP Act.

PurposeData UsedLegal Basis
Create and manage your accountName, Email, DOBConsent / Performance of contract
Show your profile to other users for matchmakingProfile data, photos, preferencesConsent (explicit, for sensitive data)
Match-suggestion algorithmsProfile data, preferences, behaviorConsent / Legitimate use
Verify your identity and prevent fraudMobile, DOB, device data, IPLegitimate use / Legal obligation
Enable communication between usersAccount data, messagesPerformance of contract
Send service-related notificationsEmail, mobile, push tokensPerformance of contract
Send marketing communicationsEmail, mobile, behaviorConsent (separate, withdrawable)
Show advertisements (Google AdMob)Advertising ID, approximate location, app activityConsent
Analytics and product improvementUsage data, device dataConsent / Legitimate use
Customer supportContact data, support messagesPerformance of contract
Comply with legal obligationsAny data legally requiredLegal obligation
Detect and prevent abuse / scamsAccount, device, behavior dataLegitimate use

We will never use your Personal Data for purposes that are materially different from those listed above without obtaining your fresh consent. If we propose to use your data for a new purpose, we will notify you and ask you to consent to that new use.

5. How We Share Your Information

We do not sell your Personal Data. We share data only in the limited circumstances described below.

5.1 With Other Users

meelay is a matrimonial service. The fundamental purpose of the Service requires that certain Personal Data be visible to other users. Specifically:

  • Your profile (including photos, age, location, education, occupation, community, and other matrimonial details you have entered) is visible to other registered users who match the visibility criteria you set.
  • You control the visibility of your profile through privacy settings, including the option to hide photos until you accept a connection.
  • Your email address and exact location are NEVER shown to other users.
  • When you send an interest or message, the recipient sees your profile and the content of your message.
Important: Once you have voluntarily shared information with another user (for example, by sending your phone number in a chat), we cannot recall it from that user. Exercise caution when sharing personal contact details with other users.

5.2 With Service Providers (Data Processors)

We share data with trusted third-party service providers who process data on our behalf, under contractual obligations to protect your data and use it only for the purposes we specify. Categories include:

Service Provider CategoryExamplesPurposeData Shared
Cloud hostingGoogle Cloud PlatformHost servers and databasesAll app data
AuthenticationFirebase AuthenticationLogin and account securityAccount credentials
AnalyticsFirebase Analytics, Google AnalyticsUnderstand usage patternsUsage data, device data
Crash reportingFirebase CrashlyticsDiagnose and fix bugsCrash logs, device data
Push notificationsFirebase Cloud MessagingSend push notificationsPush tokens
AdvertisingGoogle AdMobShow in-app advertisementsAdvertising ID, approx. location
Email deliverySendGridSend transactional emailsEmail address, content
Customer supportFreshdeskHandle support ticketsSupport correspondence
Payment processingRazorpayProcess payments (if any)Payment details, name

These providers are contractually required to use your data only to provide the agreed services and to apply appropriate security safeguards.

5.3 For Legal Reasons

We may disclose your Personal Data if required to do so by law or in response to valid legal process, including:

  • To comply with a subpoena, court order, or other lawful request from government authorities.
  • To enforce our Terms of Service or other agreements.
  • To protect the rights, property, or safety of Xfstech, our users, or the public.
  • To investigate or prevent fraud, security breaches, or illegal activity.

5.4 Business Transfers

If Xfstech Solutions LLP undergoes a merger, acquisition, sale of assets, restructuring, or insolvency proceeding, your Personal Data may be transferred to the successor entity. We will notify you of any such transfer and any change in privacy practices.

6. Google AdMob and Advertising

The meelay app is monetized in part through advertisements served by Google AdMob, a service operated by Google LLC and its affiliates ("Google"). This section explains how AdMob processes your data.

6.1 What AdMob Does

Google AdMob shows advertisements within the meelay app. When AdMob serves an ad, it may collect and process:

  • Your Android Advertising ID (AAID), which is a resettable identifier assigned by your device.
  • Your IP address and approximate location derived from it.
  • Information about your device (model, OS version, language).
  • Information about your interactions with the ad (impressions, clicks, viewability).
  • Information about the app version and ad placement.

6.2 Personalized Ads

AdMob may serve you personalized advertisements based on your interests, inferred from your activity across apps and websites in Google's advertising network. Personalized advertising is enabled by default on most Android devices but is subject to your consent and device settings.

Your right to control ads: You can opt out of personalized advertising or reset your Advertising ID at any time through your device settings:

  • On Android: Settings → Google → Ads → "Delete advertising ID" or "Opt out of Ads Personalization".
  • Within Google Account: Visit myadcenter.google.com to manage ad preferences.

6.3 Google's Privacy Policy

Google's processing of your data through AdMob is governed by Google's own privacy policy, which is independent of this Privacy Policy. You can review it at:

  • Google Privacy Policy: https://policies.google.com/privacy
  • How Google uses information from sites or apps that use Google services: https://policies.google.com/technologies/partner-sites
  • AdMob and AdSense Cookies: https://policies.google.com/technologies/ads

6.4 Withdrawal of Consent for Advertising

Because the Service is offered free of charge and is monetized through advertising, withdrawing consent for advertising will not stop ads from appearing in the app. However, you can:

  • Reset your Advertising ID to break the link between your past activity and future ads.
  • Opt out of personalized advertising (ads will still appear, but they will be non-personalized).
  • Stop using the Service if you do not consent to the advertising model.

7. Firebase Services

We use several services from Firebase, a Google product, to operate and improve the meelay app. Each Firebase service we use is listed below.

  • 7.1 Firebase Authentication
    Purpose: Manage user signup, login, and password reset securely.
    Data processed: Email address, account creation timestamp, login timestamps.
    Retention: For the lifetime of your account; deleted when you delete your account.
  • 7.2 Firebase Analytics / Google Analytics for Firebase
    Purpose: Understand how users interact with the app to improve features and user experience.
    Data processed: App events (screen views, feature usage, in-app actions), Advertising ID, device data, approximate location.
    Retention: User-level data retained for 14 months by default; aggregated data retained indefinitely.
  • 7.3 Firebase Crashlytics
    Purpose: Detect and diagnose app crashes and errors.
    Data processed: Crash logs, device state at time of crash, OS version, app version, anonymized installation UUID.
    Retention: 90 days.
  • 7.4 Firebase Cloud Messaging (FCM)
    Purpose: Send push notifications about new matches, messages, and account activity.
    Data processed: Push notification token, basic device data.
    Retention: While the app is installed and you have notifications enabled.
  • 7.5 Firebase Cloud Firestore / Realtime Database
    Purpose: Store and sync user profile data, messages, and app state.
    Data processed: All profile and account data, messages, app state.
    Retention: For the lifetime of your account; see Section 10 for deletion.
  • 7.6 Firebase Hosting / Cloud Storage
    Purpose: Host user-uploaded photos and other media.
    Data processed: Photos and other files you upload.
    Retention: Until you delete the media or delete your account.

Firebase services are governed by Firebase Terms of Service (firebase.google.com/terms) and Firebase Data Processing and Security Terms. Data may be stored on Google servers in India, the United States, or other jurisdictions where Google operates.

8. Data Retention

We retain your Personal Data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Specific retention periods are:

Data CategoryRetention PeriodReason
Active account dataUntil account deletionService provision
Deleted account dataUp to 90 days after deletion requestRecovery window, fraud prevention
Anonymized usage analyticsIndefinitely (no longer linked to you)Product improvement
Crash logs (Crashlytics)90 daysBug diagnosis
Customer support ticketsUp to 3 years after closureReference, dispute resolution
Transaction / payment recordsUp to 8 yearsTax and accounting law (Income Tax Act, GST law)
Records of legal requests / abuse reportsUp to 7 yearsLegal compliance
Marketing data (after consent withdrawal)Deleted within 30 daysHonour withdrawal of consent

After the applicable retention period, your data is either permanently deleted or anonymized so that it can no longer be linked to you.

9. Data Security

We implement reasonable security practices and procedures consistent with the SPDI Rules and accepted industry standards. Our security measures include:

  • Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
  • Encryption at rest: Data stored in our databases is encrypted at rest using industry-standard encryption (AES-256 where applicable).
  • Password hashing: User passwords are stored using strong cryptographic hashing (e.g., bcrypt). We never store plaintext passwords.
  • Access controls: Access to user data by Xfstech personnel is restricted to authorized employees on a need-to-know basis, with all access logged.
  • Security testing: We conduct regular security reviews and address vulnerabilities promptly.
  • Breach response: In the event of a personal data breach, we will notify the Data Protection Board of India and affected users in accordance with the DPDP Act and applicable rules.

Despite our efforts, no method of transmission or storage is completely secure. We cannot guarantee absolute security. You are responsible for safeguarding your account password and for limiting access to your device. If you suspect unauthorized access to your account, please notify us immediately at support@meelay.app.

10. Your Rights as a Data Principal

Under the DPDP Act, you have the following rights with respect to your Personal Data. We make it easy to exercise each of these rights from within the meelay app or by contacting our Grievance Officer.

10.1 Right to Access

You have the right to obtain confirmation of whether we are processing your Personal Data, and to receive a summary of that data. You can access most of your data directly in the app under Settings → My Profile / My Account. For a complete export, contact us at grievance@meelay.app.

10.2 Right to Correction

You have the right to correct any Personal Data that is inaccurate or incomplete. You can update most fields directly in the app under Settings → Edit Profile. For corrections that cannot be made in-app, contact us.

10.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your Personal Data when it is no longer necessary for the purpose for which it was collected, subject to legal exceptions. To delete your account and associated data:

  • In-app: Settings → Account → Delete My Account.
  • By email: Send a deletion request to grievance@meelay.app from the email address registered with your account.

Upon receiving a valid deletion request, we will delete your account within 30 days, subject to limited retention for legal, accounting, fraud-prevention, or dispute-resolution purposes (see Section 8).

10.4 Right to Withdraw Consent

Where we process your data based on consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal. You can withdraw consent for:

  • Marketing communications: Settings → Notifications → Marketing.
  • Push notifications: Settings → Notifications, or via your device's notification settings.
  • Location permission: Via your device's app permissions.
  • Personalized advertising: Via your device's Google Ads settings.

Withdrawing consent for processing essential to providing the Service (such as profile data) may require account deletion, as the Service cannot function without it.

10.5 Right to Grievance Redressal

You have the right to a readily available means of grievance redressal. We have appointed a Grievance Officer (see Section 14) who will respond to your concerns within the timelines prescribed by law.

10.6 Right to Nominate

You have the right to nominate another individual who will exercise these rights on your behalf in the event of your death or incapacity. To register a nominee, contact our Grievance Officer.

10.7 How to Exercise Your Rights

To exercise any of these rights, contact our Grievance Officer using the details in Section 14. We will:

  • Verify your identity before acting on the request (to prevent fraudulent requests).
  • Respond to your request within 30 days, or notify you if more time is required (up to 90 days for complex requests).
  • Provide the response free of charge for the first request in any 12-month period; subsequent requests may incur a reasonable administrative fee.
  • Inform you if we decline a request, with reasons.

11. International Data Transfers

Your Personal Data is primarily processed and stored on servers located in India. However, some of our service providers — including Google (Firebase, AdMob, Cloud) — operate global infrastructure and may process or store data on servers located outside India, including in the United States, Singapore, and the European Union.

When we transfer your Personal Data outside India, we ensure that:

  • The transfer is to a country, or to a person or entity, that is not specifically restricted by the Central Government under the DPDP Act.
  • The receiving party is contractually bound to provide protections substantially equivalent to those required under Indian law.
  • Industry-standard safeguards (encryption, access controls, audit logs) apply to data in transit and at rest.

If the Central Government issues any new restriction on cross-border data transfer that affects our processing, we will update this Policy and obtain your fresh consent if legally required.

12. Children's Privacy

The meelay service is intended exclusively for individuals who are 21 years of age or older. Marriage of minors is illegal in India under the Prohibition of Child Marriage Act, 2006.

We do not knowingly collect Personal Data from any individual under the age of 21. To enforce this:

  • We require all users to confirm their date of birth at registration and decline registrations indicating age below 21.
  • We may use additional verification (such as ID-based verification) for users whose age is in question.

If we discover that we have collected Personal Data from an individual under 21, we will delete that data immediately and terminate the associated account. If you are a parent or guardian and believe that a minor has registered on meelay, please contact us immediately at grievance@meelay.app so we can take prompt corrective action.

Note:Under the DPDP Act, processing of children's data (defined as individuals below 21 in India) requires verifiable parental consent and is subject to additional restrictions, including a prohibition on tracking, behavioural monitoring, and targeted advertising. Because meelay is a matrimonial app, we do not process children's data at all.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other reasons. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this Policy.
  • Notify you in-app and via email or push notification before the changes take effect.
  • If the changes require fresh consent under applicable law, we will obtain that consent before processing your data under the updated terms.

Continued use of the Service after the effective date of any update constitutes your acknowledgment of the updated Policy. If you do not agree with the changes, you must stop using the Service and delete your account.

14. Grievance Officer & Contact

In accordance with the DPDP Act and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, we have appointed a Grievance Officer to address your concerns about Personal Data and content on the Service.

NameNISHA PANNA
DesignationGrievance Officer
EntityXfstech Solutions LLP
Emailgrievance@meelay.app
Postal Address574, Paner Ara, Jagir Ghat Road, Thakurpukur LP-90/30, Kolkata,West Bengal 700063
Working HoursMonday to Friday, 12:PM to 4:00 PM IST (excluding public holidays)

The Grievance Officer will:

  • Acknowledge your complaint within 24 hours of receipt.
  • Resolve your complaint within 15 days, or sooner where mandated by law.
  • Provide a written response detailing the action taken or, where appropriate, the reasons for any decision not to act.

14.1 Escalation to the Data Protection Board of India

If you are not satisfied with the response of our Grievance Officer, you may escalate your complaint to the Data Protection Board of India established under the DPDP Act. Details of the Board, its procedures, and the manner of filing complaints will be available on the official portal of the Board once notified by the Government of India.

14.2 General Contact

For non-grievance matters (general support, partnership, press), please contact us at:

  • Support: support@meelay.app
  • Business inquiries: business@meelay.app
  • Website: https://www.meelay.app

15. Governing Law and Jurisdiction

This Privacy Policy is governed by and construed in accordance with the laws of India. Any dispute arising out of or in connection with this Policy is subject to the exclusive jurisdiction of the competent courts at Kolkata, West Bengal, India.

16. Acknowledgment

By creating an account and using the meelay service, you acknowledge that:

  • You have read this Privacy Policy in full.
  • You understand how your Personal Data, including Sensitive Personal Data, will be processed.
  • You provide your free, specific, informed, unconditional, and unambiguous consent to the processing of your Personal Data for the purposes described in this Policy.
  • You are 21 years of age or older.
  • You confirm the accuracy of the information you provide and undertake to keep it updated.

Xfstech Solutions LLP

574, Paner Ara, Jagir Ghat Road

Thakurpukur LP-90/30, Kolkata

West Bengal 700063

LLPIN: AAZ-2961

www.meelay.app

— End of Privacy Policy —