🛡️ Privacy Policy

Envoy Marketplace · Nextania Technologies Private Limited
Last Updated: May 29, 2026  ·  Effective: May 29, 2026  ·  Ages 18+  ·  India & International

01 Who We Are

Envoy Marketplace is a local buy-and-sell platform developed and operated by Nextania Technologies Private Limited, a company incorporated in India under the Companies Act 2013. Our app connects buyers and sellers in local communities through an AI-assisted conversational interface powered by Broky — our in-app AI assistant.

• Registered Office: India
• Website: www.nextania.in
• Support Email: pascalnextania@gmail.com
• Developer Account Email: nextaniatechnologies@gmail.com

Our commitment: This policy explains exactly what data we collect, why we collect it, who we share it with, and how you can control it — in plain, honest language. We will never surprise you.

02 Information We Collect

Information You Provide Directly

• Display Name: Used to personalise your experience. Shared with the other party only after explicit mutual consent through our in-app consent flow.
• Phone Number: Collected during registration. Used for account identification and, when you explicitly consent, shared with a buyer who expresses interest in your listing. Never shared automatically.
• Location Details: City, district, state, and pincode — provided during onboarding to show relevant local listings near you.
• Listing Content: Product titles, descriptions, prices, condition, category, and photos you upload when creating a listing.
• Chat Messages: Messages you type in the Broky chat interface, processed by our AI to facilitate your buying or selling flow.
• Wanted Ads: Product or service requests you post on the Wanted Board, including category and budget preferences.
• Ratings & Feedback: Scores and notes submitted after a completed transaction.
• Complaints: Details provided when filing a complaint against another user.

Information Collected Automatically

• Android Device ID: A unique identifier (Settings.Secure.ANDROID_ID) used solely to identify your account session. Not used for advertising.
• GPS Coordinates: Collected only when you grant location permission and the app is in use. Used to show nearby listings and calculate distances. Your precise GPS coordinates are never visible to other users — only your general area (city/district) is shown.
• FCM Token: A Firebase Cloud Messaging token used exclusively to deliver push notifications to your device.

Camera & Photos

• Camera Permission: Envoy requests access to your device camera (android.permission.CAMERA) so you can photograph items directly within the app when creating a listing. Camera access is optional — you may also upload photos from your gallery instead. The app never accesses the camera in the background or when you are not actively taking a listing photo.
• Photo Storage: Photos you upload are stored in Google Firebase Storage and publicly visible on your listing.
• AI Moderation: Every photo is reviewed by GPT Vision before publication to ensure it does not contain obscene, violent, or prohibited content. The photo is processed by OpenAI’s API for this purpose only.
• Photo Deletion: Photos are automatically deleted when their associated listing expires or is deleted by you.

03 How We Use Your Information

We never use your data for: advertising, profiling for third-party marketing, selling to data brokers, or any purpose not listed in this table.

04 AI Features — Broky & Lens Advisor

Broky — Marketplace Assistant

Broky is powered by OpenAI’s GPT-4o-mini model. When you send a message in the chat, it is transmitted to OpenAI’s API servers for processing.

• What is sent to OpenAI: Your chat messages, your general location (city/district only), and the product context — the minimum necessary to generate Broky’s response. OpenAI processes this under their Privacy Policy. OpenAI does not use API data to train their models by default.
• We never send to OpenAI: Your phone number, full name, Device ID, payment information, or any sensitive personal identifiers.

Lens — AI Advisor (Economic, Career & Business)

The Lens advisor feature uses Perplexity AI for real-time data retrieval and OpenAI GPT-4o-mini for structured analysis. When you use Lens, your questions and general conversation context are sent to Perplexity’s API and OpenAI’s API. Perplexity processes data under their Privacy Policy.

We never send to Perplexity or OpenAI: Your phone number, Device ID, payment details, or any personally identifying information beyond your question text.

05 Phone Number Sharing — Our Consent Flow

We take phone number privacy extremely seriously. Here is exactly how our bilateral consent system works:

In summary: Phone numbers flow in one direction only — from seller to buyer — and only with the seller’s explicit, active consent. Never automatic. Never without your knowledge.

06 Third-Party Services We Use

No advertising partners. We do not share your data with any advertising networks, data brokers, or marketing platforms. None of the above services receive your data for advertising purposes.

07 Location Data

Envoy requests precise location permission (ACCESS_FINE_LOCATION) to show listings near you and calculate distances.

• Location is collected only while the app is in use and only after you grant permission.
• Your precise GPS coordinates are used solely for distance calculations — they are never displayed to other users.
• Only your general area (city or district) is visible on your public profile and listings.
• Revoke location permission at any time via Android Settings → Apps → Envoy → Permissions → Location.
• Denying location permission does not prevent app use — you simply will not see distance information on listings.

08 Payments & Subscriptions

Envoy offers optional paid subscription plans (Starter, Basic, Pro, Elite) that increase your monthly listing allowance. Payments are processed by:

• Cashfree Payments — for users with Indian phone numbers (UPI, debit/credit card, net banking).
• PayPal — for international users.

We never store your payment credentials. Card numbers, UPI IDs, bank account details, and payment credentials are never stored on our servers. All payment processing is handled entirely by Cashfree or PayPal on their PCI-DSS compliant, secure infrastructure.

We store only: your subscription plan, billing cycle, payment status, and a transaction reference ID — solely for subscription management and legal compliance.

09 Data Retention

10 Your Rights

🗑️ Account & Data Deletion

You have the right to request complete deletion of your account and all associated personal data at any time. To submit a deletion request:

• Email pascalnextania@gmail.com with the subject line “Account Deletion Request” and your registered phone number.
• We will permanently delete your account, profile, listings, and all personal data within 30 days.
• Anonymised ratings and payment records required by law may be retained after deletion.
• You may also visit our Account Deletion page to submit your request directly.

To exercise any of your rights, contact pascalnextania@gmail.com. We will respond within 30 days.

11 Age Requirement

Envoy Marketplace is intended exclusively for users aged 18 years and above. The app involves financial transactions, peer-to-peer contact sharing, and commercial activity — all of which require adult consent and legal capacity.

We do not knowingly collect personal information from anyone under the age of 18. If you believe a minor has created an account, please contact us immediately at pascalnextania@gmail.com and we will promptly delete the account and all associated data.

12 Data Security

• Encryption in transit: All data is transmitted over HTTPS/TLS encryption — no unencrypted connections are permitted.
• Secure infrastructure: Our backend runs on Google Cloud Run in the asia-south1 (Mumbai) region with Google’s enterprise-grade security controls.
• Database access control: Firestore access is restricted via Firebase security rules and service account credentials with least-privilege permissions.
• Secret management: All API keys and credentials are stored in Google Cloud Secret Manager — never hardcoded in the app or server code.
• Payment security: Payment credentials are managed entirely by Cashfree (PCI-DSS certified) and PayPal — they never touch our servers.
• Photo moderation: All uploaded photos are reviewed by GPT Vision before publication to prevent harmful content from appearing on the platform.

While we implement robust security measures, no system is 100% immune to breaches. In the event of a data breach affecting your personal data, we will notify affected users promptly and take immediate remediation steps.

13 Children’s Privacy

Envoy Marketplace is not directed at children under the age of 18. We do not knowingly collect, maintain, or use personal information from children under 18 years of age. If we learn that we have inadvertently collected such information, we will take prompt steps to delete it. Parents or guardians who believe their child has provided us with personal information should contact us at pascalnextania@gmail.com.

14 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our app, applicable law, or industry standards. When we make significant changes, we will:

• Update the “Last Updated” date at the top of this page.
• Notify you via a push notification or in-app message before the changes take effect.

Continued use of Envoy after the effective date of any changes constitutes your acceptance of the updated policy. We encourage you to review this page periodically.

Questions or Concerns?