01 Who we are and what this covers
ChargeZippy Solutions Private Limited ("ChargeZippy", "we", "us", "our") is a private limited company incorporated in India on 3 April 2025 under the Companies Act, 2013, with its registered office at 1st Floor, 85/86/71, HS Tower, Hosur Road, Bommanahalli, Bengaluru, Karnataka 560068.
- CIN: U27104KA2025PTC200645
- GSTIN: 29AAMCC5863E1ZB
We operate electric-vehicle charging infrastructure as a Charge Point Operator. This Privacy Policy explains how we collect, use, disclose and protect your personal data when you:
- visit chargezippy.com or submit our partner enquiry form;
- create an account or use the ChargeZippy mobile application on Android or iOS;
- use, or attempt to use, a charging point operated by us;
- make a payment, top up your wallet, reserve a charge point, or request a refund;
- contact our support team.
For the purposes of the Digital Personal Data Protection Act, 2023 ("DPDP Act") we are the Data Fiduciary in respect of the personal data described here, and you are the Data Principal. Where the Information Technology Act, 2000 and the rules made under it apply, we act as the body corporate collecting and processing your information.
If you do not agree with this Policy, please do not use our website, app or charging network.
02 Information we collect
We collect only what we need to run the charging network, take payment and support you.
a. Information you give us
- Account data: name, mobile number, email address, password (stored only as a salted hash — never in readable form).
- Vehicle data: make, model, connector type and, if you choose to add it, registration number.
- Partner enquiry data: if you submit our "Partner With Us" form — your name, company name, email, phone, partner type, site address, city, state, PIN code, country and any message you write.
- Support data: the content of messages, emails and calls you send us, including any attachments.
- Business verification data: for business or fleet accounts, we may need to verify your organisation — for example its GSTIN or certificate of incorporation — where the law or our contract with you requires it.
b. Information we collect automatically
- Charging session data: charge point identifier and location, session start and end time, energy delivered (kWh), duration, tariff applied and amount charged.
- Device data: device model, operating system and version, app version, language, and diagnostic information about faults and crashes.
- Log data: IP address, browser type, pages viewed, referring URL, and the date and time of each request. Our partner-enquiry API additionally stores the submitting IP address and browser user-agent string as an anti-abuse measure.
- Location data: only while you are actively using the app — see section 3.
c. Information we receive from others
- Payment status from Razorpay — whether a transaction succeeded, failed or was refunded, plus the last four digits and card network of the instrument used. We never receive your full card number.
- Site host data from property partners who host our chargers, where relevant to a session.
We do not collect your full payment card number, CVV or UPI PIN. We do not track your location in the background. We do not sell your personal data to anyone, and we do not share it with third parties for their own advertising.
03 Mobile app permissions
The ChargeZippy app asks for the three permissions below, and no others. You may decline any of them — but declining one will disable the feature that depends on it. You can change any permission at any time in your device settings.
| Permission | Why we ask | If you decline |
|---|---|---|
| Location (only while using the app) |
To show charge points near you, give directions, and confirm you are at the charger you are trying to start. | You can still browse and search for chargers by entering a location manually. |
| Camera | To scan the QR code on a charge point so you can start a session without typing its ID. | You can start a session by entering the charge point ID manually. |
| Notifications | To tell you when your vehicle has finished charging, when a session fails, and about payment or refund status. | You will need to open the app to check session status. |
The app does not use background location, and does not request Bluetooth access. Location is read only while the app is open and in use. We never build advertising profiles from it, and we never share your location history with data brokers.
04 How we use your data, and on what basis
Under the DPDP Act we process your personal data on the basis of your consent, or for certain legitimate uses permitted by the Act.
| Purpose | Data used | Basis |
|---|---|---|
| Create and operate your account | Account data | Performance of our contract with you / consent |
| Start, run and end charging sessions | Session, location, vehicle data | Performance of our contract with you |
| Take payment, run your wallet, issue invoices and process refunds | Session data, payment status | Performance of contract; legal obligation (tax records) |
| Hold and honour your reservations | Account and session data | Performance of contract |
| Provide customer support | Account, session and support data | Performance of contract |
| Prevent fraud, abuse and spam | Device data, IP address, log data | Legitimate use — preventing fraud |
| Diagnose faults and improve reliability | Device data, diagnostics, session data | Legitimate use / consent |
| Respond to a partner enquiry | Partner enquiry data | Consent (given when you tick the box on the form) |
| Send you marketing about our services | Name, email, phone | Consent — and you may withdraw it at any time |
| Comply with law and respond to lawful requests | Any of the above, as required | Legal obligation |
We do not use your personal data to make solely automated decisions that produce legal effects for you.
05 Payments and card data
Payments for charging sessions, reservations and wallet top-ups are processed by Razorpay Software Private Limited, a payment aggregator authorised by the Reserve Bank of India.
We never see, store or process your full card number, CVV, UPI PIN, net-banking password or any other payment credential. Those are captured directly by Razorpay on a PCI-DSS compliant environment. We receive only:
- a transaction identifier;
- the amount and currency;
- whether the transaction succeeded, failed or was refunded;
- the last four digits and network of the card, or the masked UPI handle, so you can recognise which instrument you used.
Where you choose to save an instrument for future use, it is tokenised by Razorpay or the card network in accordance with RBI's card-on-file tokenisation requirements. We store only the token, which is useless to anyone outside Razorpay.
Razorpay processes your data as an independent controller under its own privacy policy, available at razorpay.com/privacy.
For how and when money is returned to you, see our Refund & Cancellation Policy.
07 Third-party services we use
These are the only third parties that receive personal data when you use our app or website.
| Service | Purpose | Data it receives |
|---|---|---|
| Razorpay Razorpay Software Pvt Ltd |
Payments, wallet top-ups and refunds | Name, contact details, payment instrument, amount |
| Google Maps Google LLC |
Showing charge points on a map and giving directions | Your location while the app is in use |
| Our SMS / OTP partner | Sending one-time passwords and transactional messages | Your mobile number |
We do not use advertising SDKs, behavioural-tracking SDKs, or data brokers. Our website itself loads no third-party trackers, advertising pixels or external fonts — every asset is served from chargezippy.com.
08 How long we keep your data
We keep personal data only for as long as we need it for the purpose we collected it, or for as long as the law requires — whichever is longer.
| Data | Retention period |
|---|---|
| Account data | While your account is active, then deleted or anonymised within 90 days of closure |
| Charging session & invoice records | Up to 8 years, as required by Indian tax and companies legislation |
| Payment transaction records | Up to 8 years (statutory financial-records requirement) |
| Partner enquiry submissions | 24 months from submission, unless a partnership begins |
| Support correspondence | 24 months from case closure |
| Web server access logs | 90 days |
When a retention period ends we delete the data, or irreversibly anonymise it so it can no longer identify you. Note that we may be obliged to retain invoice and transaction records even after you close your account — this is a legal duty and we cannot waive it.
09 How we protect your data
- All traffic to our website, app and APIs is encrypted in transit with TLS. Plain HTTP requests are redirected to HTTPS.
- Passwords are stored only as salted hashes. Nobody at ChargeZippy can read your password.
- Our application databases are not reachable from the public internet and are accessed by our services over the local network only, using least-privilege credentials.
- Access to production systems and personal data is restricted to staff who need it, and is logged.
- Form submissions are rate-limited and validated on the server to resist abuse and injection.
- Payment credentials never touch our servers — see section 5.
No system is perfectly secure, and we cannot guarantee absolute security. If we become aware of a personal data breach we will notify the Data Protection Board of India and affected users as required under the DPDP Act.
10 Your rights
As a Data Principal under the DPDP Act you have the right to:
- Access — obtain a summary of the personal data we hold about you and how we process it.
- Correction and completion — have inaccurate or incomplete data corrected or completed.
- Erasure — have your personal data deleted, unless we are required to retain it by law.
- Withdraw consent — at any time, as easily as you gave it. Withdrawing consent does not affect processing already carried out, and may mean we can no longer provide a service.
- Grievance redressal — complain to our Grievance Officer (section 16) and receive a response.
- Nominate — nominate another individual to exercise your rights in the event of your death or incapacity.
To exercise any right, email hello@chargezippy.com. We will respond within 30 days. We may ask you to verify your identity first, so that we do not disclose your data to someone else.
If you are not satisfied with our response, you may complain to the Data Protection Board of India.
11 Deleting your account and data
You can ask us to delete your ChargeZippy account and the personal data associated with it at any time.
To request deletion: email hello@chargezippy.com from your registered email address, with the subject line "Delete my account".
You do not need to install the app, or have it installed, to make this request.
We may ask you to verify your identity before we act, so that we do not delete someone else's account on their behalf.
What gets deleted: your name, email address, mobile number, password, vehicle details, saved payment tokens, and your support history.
What we must keep, and why: invoices and transaction records associated with completed charging sessions, for up to 8 years, because Indian tax and companies law requires us to retain them. These are held in a restricted financial-records system and are not used to contact you or to profile you.
Deletion requests are actioned within 30 days. Any unused wallet balance should be withdrawn before you ask us to delete your account — see the Refund Policy.
12 Children
Our services are not directed at children. You must be at least 18 years old to create a ChargeZippy account, and we do not knowingly collect the personal data of anyone under 18.
Under the DPDP Act, processing a child's personal data requires verifiable parental consent, and behavioural advertising to children is prohibited. We do not target advertising at children. If we learn that we have collected data from a child without the required consent, we will delete it promptly. If you believe a child has given us personal data, contact hello@chargezippy.com.
14 International transfers
We are based in India and our primary infrastructure is located in India. Some of our service providers — notably Google, which provides our mapping — may process your data on servers outside India.
Where that happens, we transfer data only to countries not restricted by the Central Government under the DPDP Act, and only under contractual terms requiring a standard of protection comparable to our own.
15 Changes to this Policy
We may update this Policy from time to time. When we do, we will change the "Last updated" date at the top of this page.
If the change is significant — for example, if we begin collecting a new category of data or use your data for a new purpose — we will notify you in the app, by email, or by a prominent notice on this website before it takes effect, and where the law requires it we will ask for your consent again.
16 Grievance Officer and contact
In accordance with the Information Technology Act, 2000, the rules made under it, and the DPDP Act, the contact details of our Grievance Officer are set out below. You may contact them with any complaint about how we handle your personal data.
Grievance Officer
- Name
- Mr Sivaprasad Damodaran
- Designation
- Director, ChargeZippy Solutions Private Limited
- hello@chargezippy.com
- Phone
- +91 86060 66606
- Post
- ChargeZippy Solutions Private Limited,
1st Floor, 85/86/71, HS Tower, Hosur Road,
Bommanahalli, Bengaluru, Karnataka 560068, India - Response time
- We acknowledge complaints within 24 hours and resolve them within 15 days, as required by the IT Rules.
For anything else, write to us at hello@chargezippy.com or call +91 86060 66606.