CarSearch24 Logo
Sign In

Privacy Policy

Last updated: June 2026 • Version 1.0

Compliant with India's Digital Personal Data Protection Act (DPDPA), 2023

Notice Under DPDPA, 2023

CarSearch24 ("we", "us", "Platform") is a Data Fiduciaryas defined under India's Digital Personal Data Protection Act, 2023. You, the user, are a Data Principal. This notice describes the personal data we collect, the purposes for which we process it, and your rights under the Act. We process personal data only with your free, specific, informed, and unconditional consent, or where otherwise permitted by law.

1. Information We Collect

Personal Information (with consent)

When you create an account or use our services, we collect with your explicit consent:

  • Name and email address (during registration)
  • Phone number (when provided via contact form or lead submission)
  • City/location preference (for on-road price calculations)

Usage Data (with consent)

With your consent for analytics, we may collect:

  • Pages visited and features used
  • Vehicles compared, saved, or searched
  • Device type, browser, and IP address
  • Referral source and session duration

2. Purpose of Data Processing

We process your personal data for the following specified purposes:

PurposeData UsedLegal Basis
Account managementName, email, passwordConsent at registration
On-road price calculationCity preferenceFunctional consent
Dealer inquiryName, phone, city, vehicleExplicit consent per form
Email communicationsEmail addressTransactional (verification, reset)
Platform improvementUsage data, search historyAnalytics consent

We do NOT sell your personal information to third parties. We do NOT send unsolicited marketing emails.

3. Consent Management

In compliance with DPDPA, 2023:

  • Informed Consent — We clearly describe what data we collect and why before seeking your consent
  • Granular Consent — You can consent to specific purposes (e.g., functional cookies vs. analytics) independently
  • Withdrawal — You can withdraw consent at any time via your Privacy Dashboard. Withdrawal is as easy as granting consent
  • Audit Trail — All consent actions are timestamped and recorded with IP address and user agent for accountability

4. Data Storage & Security

  • All data is stored on secure, encrypted databases with SSL connections
  • Passwords are hashed using bcrypt with industry-standard salt rounds
  • Authentication tokens are generated using cryptographically secure methods
  • API endpoints are rate-limited to prevent abuse
  • Admin routes are protected with role-based access controls

While we implement commercially reasonable security measures, no system is 100% secure. We encourage you to use strong, unique passwords.

5. Cookies & Local Storage

We categorize cookies and local storage into three tiers:

  • Essential (always active) — Session cookies for authentication and security
  • Functional (consent required) — City preference, compare list, UI settings
  • Analytics (consent required) — Search history, usage patterns, performance data

You can manage your cookie preferences via the consent banner or your Privacy Dashboard.

6. Third-Party Data Sharing

Dealer Inquiries: When you submit a lead form, your name, phone, city, and vehicle interest may be shared with the specific dealer you contacted. This requires separate explicit consent at the point of submission.

Service Providers:

  • Database hosting — cloud provider with encrypted connections
  • Email delivery — SMTP service for transactional emails only
  • AI services — for the AI car expert feature (queries are processed but not stored by the provider)

We do NOT share data with unrelated third parties. Each third-party service processes data under contractual data processing obligations.

7. Data Retention

  • Active accounts — Data is retained as long as your account is active
  • Deleted accounts — Data is permanently erased within 30 days of deletion request
  • Lead data — Retained for 12 months, then anonymized
  • Consent records — Retained for 5 years for legal compliance and audit purposes

8. Your Rights as a Data Principal

Under DPDPA, 2023, you have the following rights:

  • Right to Access — Request and download a copy of all your personal data
  • Right to Correction — Update or correct inaccurate information
  • Right to Erasure — Request complete deletion of your account and data
  • Right to Withdraw Consent — Withdraw any non-essential consent at any time
  • Right to Grievance Redressal — File a complaint with our Grievance Officer
  • Right to Nominate — Nominate another person to exercise your rights in case of death or incapacity

Exercise these rights via your Privacy Dashboard or by contacting us at support@carsearch24.com.

9. Children's Privacy

CarSearch24 is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact our Grievance Officer and we will delete it promptly, as required under Section 9 of DPDPA, 2023.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When the policy version changes, existing consent records are invalidated and you will be prompted to review and re-consent via the consent banner. Material changes will be communicated via email to registered users. Continued use of the Platform after notification constitutes acceptance.

11. Grievance Officer / Data Protection Officer

As required under Section 8(10) of DPDPA, 2023, our Grievance Officer details are:

Data Protection Officer
CarSearch24
Email: support@carsearch24.com

We will acknowledge your complaint within 48 hours and resolve it within 30 days. If unsatisfied, you may approach the Data Protection Board of India.