Legal Document

This privacy policy applies to the website taskryne.com and the brand ‘Taskry NE’, which are fully owned, operated, and managed by WENSLink Private Limited (CIN: U80900AS2019PTC019435), a company registered under the laws of India.

Taskry NE is deeply committed to the responsible handling of personal data. This Privacy Policy is written in plain language to ensure every user — whether a homeowner booking an electrician in Mangaldoi or a technician registering from a remote block in Assam — fully understands how their data is collected, used, protected, and shared. We believe privacy is a fundamental right, not an afterthought. This document reflects that belief in every operational decision we make.

This Privacy Policy ("Policy") is published by Taskry NE, a home service marketplace platform and a product of WENSLink Private Limited (CIN: U80900AS2019PTC019435), incorporated on 13 August 2019 under the Companies Act, 2013, having its registered address at MAA COMMERCIAL COMPLEX, Third Floor, NH-15, Bechimari, Dist: Darrang, Assam - 784514, India, and operational address at L24 A South Ex, Delhi - 110049 ("Taskry NE", "WENSLink", "we", "our", or "us"). WENSLink Private Limited is directed by Ataur Rahman and Kalpana Begum. Taskry NE is one of WENSLink's proprietary platforms, operating exclusively in the home service marketplace domain across Assam and Northeast India. This Policy governs the collection, use, storage, sharing, and protection of personal data of all individuals who interact with Taskry NE through any channel, including but not limited to WhatsApp messaging, the web dashboard at app.taskryne.com, the corporate website at taskryne.com, and any future mobile applications or integrations developed by Taskry NE. This Policy applies to the following categories of individuals (collectively referred to as "Data Principals" under the Digital Personal Data Protection Act, 2023): Customers: Individuals who use Taskry NE's WhatsApp-first platform to book home services including electricians, plumbers, AC technicians, carpenters, salon professionals, and all other service categories offered on the platform. Technicians / Service Providers: Independent contractors who register on Taskry NE to offer home services, undergo KYC verification, and receive booking assignments through the platform. Partners: Block Partners, District Partners, and State Partners who form Taskry NE's B2B2C distribution network and earn commissions for customer and technician acquisition within their designated territories. Visitors: Individuals who visit taskryne.com or app.taskryne.com without completing a transaction. By using Taskry NE's services in any capacity, you acknowledge that you have read, understood, and consent to the data practices described in this Policy. If you do not agree to this Policy, please discontinue use of all Taskry NE platforms and services immediately.

Taskry NE collects personal data only to the extent necessary to provide safe, reliable, AI-powered home service booking. The following is a comprehensive inventory of all data categories collected: 2.1 Identity and Contact Information - Full legal name as provided during registration or booking - Primary mobile phone number, which serves as the unique identifier across all Taskry NE systems. The phone number is verified via OTP (One-Time Password) authentication before any account is activated. - Residential address, locality, PIN code, and landmark details provided during the booking process - Email address (optional, for partners and technicians requiring invoice copies) 2.2 Location and Geographic Data - GPS coordinates obtained through the WhatsApp "Share Location" feature, used exclusively for technician-to-customer distance matching. Customers may alternatively share a pinned location or type their address manually. - Block, district, and state-level geographic tagging based on the service address. This data is used for partner commission attribution and demand forecasting analytics. - Current GPS coordinates of technicians when they share their live WhatsApp location while traveling to a booking. This live location data is accessible only to the customer of that specific booking and is not stored beyond the booking lifecycle. 2.3 Service and Transaction History - Complete booking records including booking reference number, service category, service description, scheduled date and time, assigned technician, service address, and booking status. - Payment records including transaction ID, Razorpay order ID, payment method (UPI/card/cash), payment status, and GST invoice reference. Taskry NE explicitly does NOT store card numbers, CVV codes, UPI PINs, or any sensitive payment credentials. - Post-service ratings submitted by customers (1 to 5 stars) and optional written reviews. - Warranty claims submitted, including claim date, booking reference, nature of recurrence, and resolution outcome. - TaskryCoin balance, coin earning history, and redemption history for the loyalty program. 2.4 KYC and Identity Verification Documents (Technicians Only) - Aadhaar card number (12-digit), collected for identity verification as permitted under the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016. - Voter ID number, collected as a secondary identity document for additional verification. - Photographs of the above documents, stored in an encrypted, access-controlled storage volume. - Bank account details (account number, IFSC code, and account holder name) provided voluntarily by technicians for wallet withdrawal processing via NEFT/IMPS. 2.5 Communication and Interaction Data - WhatsApp message metadata including message timestamps, message types (text, image, location, voice note), and session identifiers. Raw message content is retained for 90 days for quality assurance and dispute resolution purposes. - Voice note transcriptions processed through Groq Whisper API for voice booking functionality. Transcriptions are used to extract service type and location information and are stored as part of the booking record. - AI diagnosis outputs generated when customers submit photographs of their service issue to Gemini Vision API. The output (identified problem, service category, tool checklist, complexity estimate) is stored as part of the booking record. 2.6 Device and Technical Data - Device type and operating system (obtained from WhatsApp API metadata) - IP address and approximate geographic location inferred from IP (used for fraud detection) - WhatsApp account identifier (phone number hash used for session management) - Browser type and version for users accessing the web dashboard 2.7 Partner and Business Data - For registered partners: territory information, referral QR code identifier, commission history, wallet balance, payout history, and franchise certificate reference number. - For partners who have onboarded technicians: the technician roster associated with their block/district/state territory.

Taskry NE processes personal data only when there is a valid legal basis to do so under the Digital Personal Data Protection Act, 2023 (DPDPA) and applicable Indian law. The following explains the legal basis for each processing activity: 3.1 Contractual Necessity (Section 7(b) of DPDPA, 2023) The following processing activities are strictly necessary to fulfill Taskry NE's service contract with users: - Processing booking requests, matching customers with technicians, and managing the end-to-end service delivery workflow including confirmation, dispatch, live tracking, and completion. - Processing payments via Razorpay, generating GST invoices, distributing commissions to partners and technicians, and managing wallet credits and withdrawals. - Sending booking confirmation messages, OTP authentication codes, technician contact details, warranty cards, and digital receipts via WhatsApp. - Verifying technician identities through KYC processing to ensure only legitimate, traceable service providers operate on the platform. - Resolving booking disputes, warranty claims, and customer complaints based on transaction records. 3.2 Legitimate Interests (Section 7(d) of DPDPA, 2023) The following processing activities serve Taskry NE's legitimate business interests, which have been balanced against and do not override users' fundamental data rights: - Real-time fraud detection and prevention: Automated scoring of booking patterns, payment behaviors, OTP failure rates, and location consistency to identify and prevent fraudulent activity. This protects all platform users. - Service quality improvement: Analysis of aggregated, anonymized booking data to identify high-demand service categories, poorly performing territories, and technician skill gaps. This data never identifies individual users. - Predictive demand forecasting: AI-based analysis of historical booking patterns, weather data, and local event calendars to predict demand spikes and ensure technician availability. Alerts are sent to block partners to maintain service levels. - Platform security: Monitoring for unauthorized access attempts, API abuse, and data breach indicators to protect all user data. - Disaster response: Integration with IMD weather data to automatically identify flood-prone districts and promote relevant services (pump repair, waterproofing) during emergencies. Technicians in affected areas receive mobilization alerts. 3.3 Explicit Consent (Section 7(a) of DPDPA, 2023) The following processing activities require and are conducted only upon obtaining explicit, informed, opt-in consent from the data principal: - Sending predictive maintenance reminders (e.g., "Your AC was serviced 11 months ago - time for annual maintenance?") based on service history. Users can opt out at any time by sending STOP. - Sending promotional offers, discount coupons, or marketing communications beyond those directly related to a specific booking. - Using anonymized customer data for case studies, marketing materials, or platform promotion. No identifiable data is used without express consent. - Third-party integrations beyond those strictly necessary for service delivery. 3.4 Legal Obligation (Section 7(f) of DPDPA, 2023) The following processing activities are mandatory under applicable Indian law: - Maintaining GST-compliant transaction records for 7 years as required under the Goods and Services Tax Act, 2017. - Complying with lawful orders from courts of competent jurisdiction, authorized government authorities, or law enforcement agencies as required under applicable Indian statutes. - Retaining KYC records as required under the Prevention of Money Laundering Act, 2002 and applicable RBI guidelines for payment intermediaries.

Taskry NE employs artificial intelligence and automated decision-making systems to enhance service quality, safety, and efficiency. Users have the right to understand how these systems work and how they affect them. 4.1 AI-Powered Technician Matching Algorithm When a booking is confirmed, Taskry NE's proprietary matching algorithm automatically selects the most suitable available technician using the following weighted scoring model: - Proximity (40% weight): Straight-line distance from the technician's last known location to the customer's service address. The algorithm prefers technicians within the same block, then district. - Customer Rating (30% weight): The technician's rolling average rating based on all completed bookings. New technicians receive a neutral starting score. - Average Response Time (15% weight): Historical data on how quickly the technician accepts or declines booking requests. Consistently fast responders receive a score advantage. - Job Completion Rate (10% weight): The percentage of accepted bookings that the technician successfully completed without cancellation. High completion rates indicate reliability. - Badge Level (5% weight): Silver, Gold, or Platinum badge reflecting total completed jobs and sustained performance standards. The system automatically cascades through up to 5 available technicians if the first match does not accept the booking within 90 seconds. Customers can request a specific technician for repeat bookings, which overrides the automated selection. 4.2 AI Visual Diagnosis (Gemini Vision) When a customer submits a photograph of their service issue, Taskry NE's Gemini Vision integration analyzes the image to: - Identify the specific problem (e.g., "corroded pipe joint", "tripped MCB", "refrigerant leak") - Recommend the appropriate service category - Generate a tool checklist for the assigned technician to bring to the site - Estimate job complexity (simple/medium/complex) which may affect the final price The AI diagnosis is advisory and may be overridden by the technician's on-site assessment. Customers are always informed of pricing changes before service begins. 4.3 Dynamic Pricing Engine Taskry NE's dynamic pricing system automatically applies surcharges based on objective, transparent criteria. The system evaluates each booking request against real-time data on time of day, service demand in the relevant block, and emergency flags. All applicable surcharges are communicated to the customer and require explicit re-confirmation before taking effect. No surcharge is applied retroactively after booking confirmation. 4.4 Real-Time Fraud Detection Taskry NE's automated fraud detection system continuously monitors all platform activity and flags anomalies including duplicate booking patterns, suspicious wallet withdrawal requests, fake review clusters, impossible location claims (e.g., booking in Guwahati but GPS shows Mumbai), and repeated OTP authentication failures. Flagged accounts are auto-suspended within 30 seconds pending human review. The account holder is notified immediately and may appeal to grievance@taskryne.com within 48 hours.

Taskry NE shares personal data only with parties and for purposes strictly necessary for service delivery, legal compliance, or platform security. We maintain written data processing agreements with all third-party processors. 5.1 Sharing Within the Platform Ecosystem - Customer to Technician: The assigned technician receives the customer's first name, service address, service type, and WhatsApp contact number. The technician does NOT receive the customer's full legal name, KYC details, or payment information. - Technician to Customer: The customer receives the technician's full name, profile photograph, badge level, WhatsApp number, and live location link when en route. Customers do not receive technician's KYC documents or bank details. - Partner Commission Data: Block, District, and State Partners receive real-time alerts for completed bookings in their territory including booking reference, commission amount, and updated wallet balance. Partners do not receive customer names, addresses, or contact information. 5.2 Third-Party Service Processors Razorpay Payments India Private Limited: Payment processing, order creation, commission routing, and payout management. Razorpay is an RBI-authorized payment aggregator. Data shared includes transaction amount, order reference, customer phone number (for payment link delivery), and commission split instructions. Razorpay's privacy policy governs their data use. Meta Platforms Inc. (WhatsApp Business Cloud API): All customer-facing communications including booking confirmations, OTPs, notifications, warranty cards, and receipts are delivered via Meta's WhatsApp Business Cloud API. Message metadata (timestamps, delivery status, read receipts) is processed by Meta's infrastructure. Taskry NE's use of the API is governed by Meta's Business Terms of Service. Google LLC (Gemini Vision API): Customer-submitted photographs for AI diagnosis are sent to Google's Gemini Vision API. Google processes the image only for the duration of the API call and does not retain the image or output beyond the response. Taskry NE stores the diagnosis output as part of the booking record. Groq Inc. (Whisper ASR API): Voice notes submitted by customers for voice booking are transcribed by Groq's Whisper ASR model. Groq processes audio data for the duration of the API call only. Transcription output is stored as part of the booking record. Hetzner Online GmbH: Taskry NE's infrastructure provider. All data is physically stored on Hetzner servers. Hetzner provides ISO 27001-certified data center facilities in Germany and operates under strict EU data protection frameworks. Backblaze Inc.: Encrypted database backup storage. Weekly encrypted database snapshots are stored on Backblaze B2 cloud storage. Data is encrypted before transmission to Backblaze. 5.3 Legal Disclosures Taskry NE will disclose personal data to law enforcement, judicial, regulatory, or governmental authorities only in the following circumstances: - In response to a valid court order from a court of competent jurisdiction - As required under specific provisions of applicable Indian statutes (IT Act, PMLA, DPDPA, etc.) - To prevent imminent physical harm, fraud, or criminal activity - In connection with the enforcement of our Terms and Conditions In all cases, Taskry NE will disclose only the minimum data necessary to comply with the legal obligation and will notify the affected user where legally permissible to do so. 5.4 Business Transfers In the event of a merger, acquisition, restructuring, or sale of Taskry NE's business, user data may be transferred to the successor entity. Users will be notified via WhatsApp at least 30 days before any such transfer occurs and will have the option to request data deletion if they do not wish their data to be transferred. 5.5 Prohibited Sharing Taskry NE strictly prohibits the following data sharing activities, regardless of any commercial consideration: - Selling personal data to data brokers, credit bureaus, or advertising networks - Sharing data with insurance companies for risk profiling without user consent - Providing data to employers, government agencies, or law enforcement beyond what is legally required - Cross-platform data sharing with other companies in any owner's portfolio

6.1 Storage Infrastructure All Taskry NE production data is stored on dedicated Hetzner VPS servers. The server environment is configured as follows: The primary database (PostgreSQL 16) stores all structured data including bookings, users, commissions, and wallet transactions with ACID compliance guarantees. The database is configured with scram-sha-256 authentication, role-based access control with principle of least privilege, connection pooling via asyncpg, query audit logging for security monitoring, and automatic failover configuration. KYC documents and service photographs are stored in an encrypted volume mounted only on the backend application server. Access to this volume requires authentication at both the OS and application layer. Files are organized by technician phone number with timestamp-based naming for immutability. Session data, OTP codes, and real-time booking state are stored in Redis 7 with password authentication, maxmemory limits with LRU eviction, append-only persistence for recovery, and automatic OTP expiry after 5 minutes. 6.2 Encryption Standards Data in Transit: All communications between clients (WhatsApp, browsers) and Taskry NE servers are encrypted using TLS 1.3 with forward secrecy. HTTP connections are automatically redirected to HTTPS. SSL certificates are issued by Let's Encrypt and renewed automatically every 90 days. Data at Rest: PostgreSQL data files are stored on encrypted volumes. Backup archives are encrypted using AES-256 before transmission to Backblaze B2. KYC documents are stored in encrypted folders with application-layer encryption as an additional security layer. 6.3 Access Controls Production database access is restricted to the backend application service account and authorized admin users only. All admin access is logged with timestamps, IP addresses, and queries executed. There are no shared credentials. Multi-factor authentication is required for all admin dashboard access. 6.4 Backup and Disaster Recovery Automated PostgreSQL database dumps run every 6 hours and are stored on a separate Hetzner volume physically isolated from the primary VPS. Weekly encrypted full-database backups are uploaded to Backblaze B2. Redis RDB snapshots are taken every 15 minutes. Monthly restore tests are conducted to verify backup integrity. Recovery Time Objective (RTO): 4 hours. Recovery Point Objective (RPO): 6 hours. 6.5 Data Retention Schedule The following retention periods apply to all data categories: Customer booking records and transaction history: 7 years from the transaction date (GST and legal compliance requirement) Customer profile data (name, phone): Retained until account deletion request plus 90 days for dispute resolution WhatsApp conversation metadata: 90 days from message date KYC documents (technicians): Until technician account permanent deletion plus 2 years Payment records and GST invoices: 7 years from invoice date (GST Act requirement) AI diagnosis outputs: Retained as part of booking record (7 years) Fraud detection and audit logs: 1 year from log creation OTP and session data: Deleted upon expiry (5 minutes for OTP, 7 days for JWT) Anonymized analytics data: Retained indefinitely (cannot be linked to individuals)

The Digital Personal Data Protection Act, 2023 grants you the following rights with respect to your personal data held by Taskry NE. To exercise any right, contact our Grievance Officer at grievance@taskryne.com with your registered phone number for identity verification. 7.1 Right to Access (Section 11 of DPDPA, 2023) You have the right to obtain confirmation of whether Taskry NE processes your personal data and to receive a copy of the data we hold about you. We will provide: - A summary of all personal data categories we hold - The purposes for which each category is processed - The third parties with whom your data has been shared - The retention period for each data category We will respond to access requests within 15 business days of receiving a verified request. 7.2 Right to Correction and Erasure (Section 12 of DPDPA, 2023) You have the right to request correction of inaccurate or incomplete personal data and to request erasure of personal data that is no longer necessary for the purposes for which it was collected. Erasure requests are subject to legal retention obligations. For example, transaction records required for GST compliance cannot be deleted within the 7-year retention period. We will confirm erasure or explain applicable retention obligations within 15 business days. 7.3 Right to Withdraw Consent Where processing is based on your consent, you may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal. To withdraw consent for marketing communications, send STOP to our WhatsApp number. To withdraw consent for all optional processing, email grievance@taskryne.com. 7.4 Right to Grievance Redressal (Section 13 of DPDPA, 2023) You have the right to file a grievance with Taskry NE's Grievance Officer regarding any alleged violation of DPDPA provisions. The Grievance Officer will: - Acknowledge receipt of your complaint within 48 hours - Investigate and communicate findings within 15 business days - Implement remedial measures where a violation is confirmed - Maintain records of all grievance proceedings If you are not satisfied with the Grievance Officer's resolution, you have the right to escalate your complaint to the Data Protection Board of India once it is operationally established under DPDPA, 2023. 7.5 Right to Nominate You may nominate another individual to exercise your data rights on your behalf in the event of your death or incapacity. Nomination instructions can be registered by contacting grievance@taskryne.com. 7.6 Children's Data Taskry NE's services are intended for individuals 18 years of age or older. We do not knowingly collect personal data from minors. If a parent or guardian believes their child's data has been collected without appropriate consent, they should contact grievance@taskryne.com immediately for prompt deletion within 72 hours.

8.1 Web Dashboard Cookies (app.taskryne.com) Taskry NE's web dashboard uses strictly necessary cookies only: Authentication Token Cookie: An HttpOnly, Secure, SameSite=Strict cookie containing the user's JWT authentication token. This cookie is essential for maintaining the logged-in session across dashboard page navigations. It expires after 7 days of inactivity or immediately upon logout. This cookie cannot be disabled without losing access to the dashboard. CSRF Protection Cookie: A SameSite=Strict cookie containing a CSRF token to prevent cross-site request forgery attacks. This is a security-essential cookie. Language Preference Cookie: A lightweight, non-tracking cookie storing the user's selected interface language preference for the dashboard. Contains no personal data. 8.2 What Taskry NE Does NOT Use Taskry NE explicitly does NOT deploy the following tracking technologies on any of its platforms: - Google Analytics, Adobe Analytics, or any behavioral analytics platform - Facebook Pixel, Google Tag Manager, or any advertising tracking scripts - Third-party session recording tools (Hotjar, FullStory, etc.) - Cross-site tracking cookies or supercookies - Browser fingerprinting technologies - Retargeting or lookalike audience building tools 8.3 WhatsApp Platform Tracking When customers interact with Taskry NE via WhatsApp, Meta may collect interaction metadata as part of the WhatsApp Business Platform. Taskry NE has no control over Meta's data collection within WhatsApp. Users should review Meta's Privacy Policy for information about WhatsApp's data practices. 8.4 Managing Cookies Users can delete all dashboard cookies at any time through their browser settings without permanent loss of account access. Clearing cookies will log you out of the dashboard, requiring re-authentication via OTP.

Taskry NE's primary data storage is on Hetzner servers. However, certain data processing activities involve transfers to service providers outside India: Google LLC (USA) - Gemini Vision API processing Groq Inc. (USA) - Whisper ASR processing Meta Platforms Inc. (USA) - WhatsApp API infrastructure Backblaze Inc. (USA) - Encrypted backup storage All international data transfers are conducted under appropriate safeguards including: - Binding contractual obligations requiring the data recipient to implement data protection standards equivalent to DPDPA requirements - Minimum data transfer principle - only the data strictly necessary for the specific service is transferred - Encryption of all data before international transmission - No transfer of sensitive personal data (KYC documents, Aadhaar numbers) to international processors As the DPDPA, 2023's cross-border data transfer provisions are operationalized by the Data Protection Board of India, Taskry NE will update its transfer mechanisms to comply with any additional requirements specified by the Board.

10.1 Grievance Officer Taskry NE has appointed the following individual as the designated Grievance Officer under the Digital Personal Data Protection Act, 2023: Grievance Officer: Ataur Rahman Designation: Founder & CEO, WENSLink Private Limited Email: grievance@taskryne.com Support Email: support@taskryne.com Company: WENSLink Private Limited (CIN: U80900AS2019PTC019435) Registered Address: MAA COMMERCIAL COMPLEX, Third Floor, NH-15, Bechimari, Dist: Darrang, Assam - 784514 Operational Address: L24 A South Ex, Delhi - 110049 Legal Jurisdiction: Mangaldoi Court, Darrang, Assam - 784125 The Grievance Officer is responsible for acknowledging all data-related complaints within 48 hours and resolving them within 15 business days. Escalations that are not resolved to the complainant's satisfaction may be referred to the Data Protection Board of India. 10.2 How to Submit a Grievance To submit a formal privacy grievance or data rights request: Step 1: Email grievance@taskryne.com with the subject line: PRIVACY GRIEVANCE - [Your Registered Phone Number] Step 2: Include a clear description of the issue, the specific right you wish to exercise, and any relevant booking or account reference numbers. Step 3: Our team will verify your identity using your registered phone number via OTP within 24 hours of receiving your email. Step 4: A formal acknowledgment with a reference number will be issued within 48 hours. Step 5: Resolution or a detailed update will be provided within 15 business days. 10.3 Updates to This Privacy Policy Taskry NE will update this Privacy Policy when required due to changes in our data practices, the introduction of new features or third-party integrations, amendments to applicable law, or regulatory guidance from the Data Protection Board of India. For material changes, registered users will receive advance notice via WhatsApp at least 7 days before the changes take effect. Non-material changes (formatting, clarifications that do not alter rights or obligations) may be made without advance notice. The effective date at the top of this Policy will always reflect when the most recent revision was made. Users who do not agree with updated terms may request account deletion by contacting grievance@taskryne.com before the effective date.

Questions about your privacy?

Contact our Grievance Officer: Ataur Rahman
WENSLink Private Limited (CIN: U80900AS2019PTC019435) · grievance@taskryne.com · L24 A South Ex, Delhi - 110049 · Registered: MAA COMMERCIAL COMPLEX, NH-15, Bechimari, Darrang, Assam - 784514