Privacy Policy

Sathi (“we,” “us,” or “our”) operates the website getsathi.comand related services (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Service. We are committed to protecting your privacy and complying with applicable data protection laws including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

2.1 Information You Provide

• Account registration data (name, email address, profile photo via OAuth providers such as Google or Facebook)
• Profile information you choose to add (bio, preferences, travel interests)
• Messages sent through our platform between travelers and service providers
• Reviews, ratings, and feedback you submit
• Support requests and correspondence

2.2 Information Collected Automatically

• Device information (browser type, operating system, device identifier)
• Usage data (pages visited, time on site, click patterns)
• IP address and approximate geolocation
• Cookies and similar tracking technologies (see our Cookie Policy)

2.3 Information from Third Parties

• OAuth profile data from Google or Facebook when you sign in
• Payment processors (we do not store full payment card details)

• To create and manage your account
• To connect you with verified guides, drivers, and restaurants in Nepal
• To facilitate communication between travelers and service providers
• To process bookings and transactions
• To improve our Service, including analytics and troubleshooting
• To send you service-related communications (booking confirmations, safety alerts)
• To send marketing communications (only with your consent; you can opt out at any time)
• To comply with legal obligations and enforce our Terms of Service

If you are in the European Economic Area (EEA) or UK, we process your data based on:

• Contractual necessity: to provide the Service you signed up for
• Consent: for marketing emails and non-essential cookies
• Legitimate interests: to improve our Service, prevent fraud, and ensure security
• Legal obligation: to comply with applicable laws

We do not sell your personal information. We may share data with:

• Service providers: guides, drivers, and restaurants you choose to connect with
• Technology partners: hosting (Vercel), analytics, and authentication providers under strict data processing agreements
• Legal authorities: when required by law, regulation, or legal process
• Business transfers: in connection with a merger, acquisition, or sale of assets (you will be notified)

6.1 GDPR Rights (EEA/UK residents)

• Access: request a copy of your personal data
• Rectification: correct inaccurate data
• Erasure: request deletion of your data (“right to be forgotten”)
• Restriction: limit processing of your data
• Portability: receive your data in a machine-readable format
• Objection: object to processing based on legitimate interests
• Withdraw consent: at any time, without affecting prior lawful processing

6.2 CCPA Rights (California residents)

• Right to Know: what personal information we collect, use, and disclose
• Right to Delete: request deletion of your personal information
• Right to Opt-Out: of the sale of your personal information (we do not sell your data)
• Right to Non-Discrimination: we will not discriminate against you for exercising your rights

To exercise any of these rights, visit your account settings or contact us at privacy@getsathi.com.

We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your data within 30 days, except where retention is required by law (e.g., financial records, fraud prevention).

We implement industry-standard security measures including encryption in transit (TLS), secure authentication (OAuth 2.0), and regular security reviews. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

Your data may be processed in countries outside your own. When we transfer data outside the EEA/UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

Our Service is not directed to individuals under 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. Continued use of the Service after changes constitutes acceptance of the revised policy.

For privacy-related inquiries:

• Email: privacy@getsathi.com
• Address: Sathi, Thamel, Kathmandu, Nepal

If you are in the EEA/UK and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.