Privacy Policy

Effective Date: 2 April, 2026

Panpaliya Technologies Private Limited (Brand Name: Yog24x7)
Registered Address: 331, Gandhi Ward, Brahampuri Road, Desaiganj Wadsa, District Gadchiroli, Maharashtra, India
Contact Email: support@yog24x7.in

1. Introduction

This Privacy Policy ("Policy") explains how Panpaliya Technologies Private Limited ("Company", "we", "our", or "us"), operating under the brand name Yog24x7, collects, uses, stores, shares, and protects information obtained from users ("you", "your", or "User") who access or use our website, applications, WhatsApp channels, YouTube hosted content, or any related digital platform ("Services").

This Policy complies with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 ("DPDP Act").

By initiating a conversation with Yog24x7 via WhatsApp, or by providing your mobile number to receive our service links, you perform an 'Affirmative Action' constituting your free, specific, and informed consent to our collection of your name and phone number as per this Privacy Policy and our Terms of Use.

By accessing or using our Services, you consent to the terms set forth herein.

2. Definitions

Personal Data means any data about an individual who is identifiable by such data.

Processing means collection, recording, organization, storage, adaptation, use, disclosure, or deletion of Personal Data.

Data Fiduciary refers to Panpaliya Technologies Private Limited, which determines the purpose and means of processing Personal Data.

Data Principal means the individual to whom the Personal Data relates.

Third Party means any external entity other than the Data Principal and the Company.

3. Information Collected

The Company may collect and process the following categories of Personal Data:

  • Contact Information – such as name, phone number, email address, postal address.
  • Account Information – if applicable, limited identifiers and preferences required to provide the Services. End-users are not required to create a password to access class links delivered via WhatsApp.
  • Transactional Information – details of payments, invoices, or purchases; all financial data is processed through secure third-party payment gateways and not retained by the Company.
  • Technical Information – IP address, browser type, device identifiers, usage statistics, cookies, and analytics data.
  • Communications Data – messages, inquiries, or feedback sent through our website, app, or WhatsApp Business account.
  • YouTube Interaction Data – when you access our classes hosted on YouTube, your viewing behavior (watch time, likes, comments) is subject to YouTube/Google's data collection practices, over which we have no control.

No health, biometric, or sensitive personal data is collected or processed as of the date of this Policy.

4. Purpose of Collection and Use

We process Personal Data for the following lawful purposes:

  • To provide, operate, and maintain Yog24x7's Services.
  • To deliver access links to YouTube-hosted yoga and wellness classes.
  • To communicate transactional or service-related information.
  • To improve user experience and functionality.
  • To comply with legal and regulatory obligations.
  • To prevent fraud, unauthorized access, or misuse of Services.
  • To perform marketing and promotional activities with your explicit consent.
  • To analyze usage patterns and improve our services.

Processing is based on one or more lawful grounds: consent, contractual necessity, or legitimate business interest under the DPDP Act.

5. YouTube-Hosted Content and Third-Party Platforms

We process Personal Data for the following lawful purposes:

  • Our yoga and Zumba classes are hosted on YouTube and accessed via links provided to paid and free trial users.
  • When you view our content on YouTube, YouTube's Privacy Policy and Terms of Service apply.
  • We do not control YouTube's data collection practices, including watch history, device information, and cookies.
  • Your interactions with YouTube videos (views, likes, comments, subscriptions) are governed by Google/YouTube and not by Yog24x7.
  • We may use YouTube Analytics to understand aggregate viewership trends, but we do not access your personal YouTube account information.
  • Public Interaction Disclaimer: Please note that if you post comments or interact with our videos on YouTube, your profile name and comment content are visible to the public. This information is considered "publicly available data" and is not protected as private Personal Data under this policy. We recommend using a pseudonym if you wish to remain anonymous on YouTube.

6. WhatsApp Business Communications

When you interact with Yog24x7 through WhatsApp or similar platforms:

  • Your phone number, chat content, and interaction data may be processed through WhatsApp Business API or Meta Platforms.
  • Such processing is subject to Meta's privacy terms, and the Company ensures compliance with applicable DPDP Act obligations as a Data Fiduciary.
  • We use WhatsApp Business API and do not have access to your WhatsApp contact list or personal messages outside our business conversations.
  • Messages are not shared beyond the intended operational use and are retained only as long as necessary for customer support or compliance.

7. Consent and Withdrawal

By submitting your data or communicating with us through any medium (including WhatsApp, email, or website forms), you provide free, specific, informed, and unambiguous consent for processing.

For marketing communications (email/WhatsApp):

  • We will obtain explicit opt-in consent.

While you don't have a separate portal yet, you may withdraw consent at any time by contacting us at support@yog24x7.in. Withdrawal will not affect processing lawfully undertaken before such withdrawal.

8. Data Storage and Security

We store Personal Data on systems designed to protect confidentiality, integrity, and availability using reasonable security practices and procedures, including access controls and security safeguards.

We implement reasonable security practices as required under Rule 8 of the IT Rules 2011, including administrative, technical, and physical safeguards such as:

  • SSL/TLS encryption for data transmission
  • Restricted access controls
  • Credential protection measures (where applicable) and internal access management

Where credentials exist for internal administrative access, passwords are stored in a protected form and are not stored in plain text.

LIMITATION OF LIABILITY FOR CYBER ATTACKS:

Despite our best efforts to secure your data, we cannot guarantee absolute security against sophisticated cyber attacks, hacking attempts, or unauthorized third-party breaches beyond our control.

In the unlikely event of a data breach caused by external malicious actors (hackers, cybercriminals, etc.), the Company shall not be held liable for any direct or indirect damages, provided that:

  • We have implemented reasonable security measures as per industry standards
  • We take immediate remedial action upon discovery
  • We comply with statutory notification requirements

However, we commit to:

  • Promptly investigating any suspected breach
  • Taking all reasonable steps to contain and mitigate the breach
  • Notifying affected users within the statutory timeframe as required by law
  • Cooperating with law enforcement authorities

Users acknowledge that no digital system is 100% secure and accept this inherent risk when using online services.

9. Data Sharing and Disclosure

Personal Data may be shared with:

  • Service Providers and Vendors engaged to assist in operations (e.g., cloud hosting, payment processing, analytics, WhatsApp Business API, CRM, email services). Such parties act under confidentiality and data-processing agreements.
  • YouTube/Google when you access our video content on their platform.
  • Government Authorities or law-enforcement agencies when disclosure is required under law or judicial order.
  • Successors or Assignees in the event of merger, acquisition, or reorganization, provided confidentiality is maintained.

No Personal Data is sold, rented, or leased to any third party.

10. Cross-Border Data Transfer

If data is transferred outside India (for example, to cloud servers, YouTube infrastructure, or WhatsApp servers located abroad), such transfer shall comply with the DPDP Act and shall ensure equivalent data-protection standards through:

  • Standard contractual clauses
  • Adequacy decisions
  • Appropriate safeguards as required by law

11. Retention and Deletion

Personal Data shall be retained only for as long as necessary to fulfill the purposes stated in this Policy or as required by applicable law (typically 3-7 years for financial records).

12. User Rights

Under the DPDP Act, you have the following rights:

  • Right to Access – to obtain confirmation of processing and a copy of your data.
  • Right to Correction – to correct inaccurate or incomplete data.
  • Right to Deletion – to request deletion of your data where processing is no longer necessary.
  • Right to Grievance Redressal – to raise concerns regarding the processing of data.
  • Right to Withdraw Consent – for marketing communications and optional data processing.
  • Right to Nominate: – You have the right to nominate any other individual who shall, in the event of your death or incapacity, exercise your rights as a Data Principal in accordance with the DPDP Act, 2023.

13. Cookies and Tracking Technologies

Our website and app may use cookies or similar technologies for analytics and personalization. You may disable cookies through your browser settings; however, certain features may be unavailable as a result.

We may use:

  • Session cookies (temporary)
  • Analytics cookies (Google Analytics, Facebook Pixel)
  • Preference cookies (to remember your settings)

14. Recording of Sessions

The Company may record live yoga, Zumba, or wellness sessions for the following purposes:

  • Internal quality control and instructor training
  • Technical troubleshooting
  • Providing recorded sessions to paid members who missed live classes

Important Clarifications:

  • Recordings are for internal and member use only and will NOT be publicly shared, sold, or distributed to third parties.
  • By participating in live sessions, you consent to being recorded.
  • If you do not wish to be recorded, please notify us at support@yog24x7.in before joining the session, and we will make reasonable accommodations.
  • Recordings may capture your name, voice, or image if you interact during live sessions.

15. Data Breach and Notification

In the event of a data breach resulting in unauthorized access or disclosure of Personal Data, the Company shall:

  • Take immediate steps to contain and mitigate the breach;
  • Maintain internal documentation;
  • Notify the concerned data principals and authorities, where legally required, within the statutory timeframe (typically within 72 hours of discovery).

As stated in Section 8, the Company shall not be liable for breaches caused by sophisticated external cyber attacks beyond reasonable security controls, but will fulfill all statutory obligations.

16. CHILDREN’S PRIVACY & GUARDIAN CONSENT

16.1 Our Services are intended for users 18 and older. If a user is under 18, registration must be completed using a Parent or Legal Guardian’s mobile number and email address.

16.2 By subscribing to a plan for a minor, the Guardian acknowledges they are providing 'Verifiable Parental Consent' as required under the DPDP Act, 2023. We reserve the right to terminate any account if we discover it is operated by a minor without documented guardian supervision.

For users under 18: Parental or guardian consent is mandatory, and we may request verification.

17. Geographic Scope

Our services are primarily intended for users within India. If you access our services from outside India, you acknowledge that your data may be transferred to and processed in India in accordance with Indian data protection laws.

18. Updates to this Policy

The Company reserves the right to amend this Policy at any time. Updates will be posted on our website (www.yog24x7.in) with the revised effective date.

Continued use of our Services following any update constitutes acceptance of the revised Policy.

We encourage users to review this Policy periodically.

19. GRIEVANCE REDRESSAL & DATA PROTECTION OFFICER

All communications, notices, or complaints regarding this Policy shall be sent to:

Panpaliya Technologies Private Limited (Yog24x7)
331, Gandhi Ward, Brahampuri Road, Desaiganj Wadsa, Dist. Gadchiroli, Maharashtra, India
📧 support@yog24x7.in

20. Governing Law and Jurisdiction

This Policy shall be governed by and construed in accordance with the laws of India. Any disputes arising hereunder shall be subject to the exclusive jurisdiction of the competent courts at Wadsa, District Gadchiroli, Maharashtra, India.

21. Acceptance

By continuing to use Yog24x7's Services, you acknowledge that you have read, understood, and agreed to this Privacy Policy and that you consent to the collection and processing of your Personal Data in accordance with its terms.