Wingman Pro logo
Wingman ProPlatform

PRIVACY POLICY: RALLYUP SOLUTIONS PRIVATE LIMITED (For Wingman Pro)

Effective Date: March 15, 2026

This Privacy Policy explains how RallyUp Solutions Private Limited ("RallyUp Solutions," "we," "us," or "our," the parent company) collects, uses, protects, and discloses personal data related to your use of our web application platform, Wingman Pro (the "Service" or "Wingman Pro"). We are committed to protecting your privacy and handling your data in a transparent manner, consistent with applicable global and local laws.

1. SCOPE AND APPLICATION

This Policy applies to all members, administrators, and users ("Users") of Wingman Pro. Given the international nature of supporter groups, we detail specific privacy rights based on location in Section 6.

2. DATA COLLECTED

We collect information required for account authentication and service operation.

  • Identity and Contact Data: Name, email address, and phone number (collected via Twilio SendGrid for OTP authentication).
  • Authentication Data: OTP (transmitted via Email/SMS), Encrypted Password, User Session IDs, Access Logs.
  • Engagement Data (Non-Sensitive): Leaderboard performance, Purchase Reports, Event Attendance records, Poll responses.
  • Technical Data: IP Address, Device type, Operating System, Browser type, and usage data (collected via Google Analytics for non-identifiable, aggregated reporting to improve functionality).
  • Financial Data: Transaction records for merchandise and tickets, Payment reference numbers, and non-sensitive masked payment details (e.g., last four digits of the card). (Note: We do not store full payment card details; these are handled by our Payment Partner – RazorPay – payment gateway and processed securely as per their Privacy and Compliance guidelines.)
  • Location Data: Approximate location (to show nearby clubs) and precise location (only when you check-in to a matchday venue).
  • App Activity: Crash logs and performance metrics (via Firebase/Google Analytics) to improve the Service.

3. PURPOSE AND LEGAL BASIS FOR PROCESSING

We process data only for defined, legitimate purposes.

How We Share Your Data

We do not sell your data. We share it only with trusted service providers essential to our operations:

  • Authentication: Phone numbers/emails are shared with Twilio SendGrid to deliver secure 6-digit OTP codes.
  • Payments: Transaction details are shared with Razorpay to process tickets and membership dues.
  • Club Admins: Your name and membership status are shared with the specific sports club you join on the platform.
  • Cross-Border Transfers: Data may be transferred outside your country of residence (e.g., for cloud hosting). We ensure that any country receiving the data maintains a comparable standard of protection or that appropriate safeguards (e.g., standard contractual clauses) are in place, as required by applicable law. Our primary cloud service providers and servers are located in India and on cloud.

4. DATA SECURITY

4.1 Data Security & Encryption

We implement industry-standard security measures to protect your data. All data transmitted between the Wingman Pro app and our servers is encrypted in transit using Secure Socket Layer (SSL/HTTPS) technology.

  • Security: We implement technical safeguards, including encryption, access controls, and vulnerability assessments, to protect against unauthorized access or loss.
  • Retention: We retain personal data only for as long as is necessary to serve the purpose for which it was collected, or as required by law. Data is securely deleted or anonymized when no longer required.

4.2 Your Rights & Account Deletion

You have the right to access, correct, or delete your data at any time.

  • In-App Deletion: You can delete your account by navigating to Settings > Account > Delete Account.
  • Web Request: If you cannot access the app, you may request account and data deletion via our Data Deletion Request Form or by emailing support@wingmanpro.tech
  • Retention: Upon deletion, all personal identifiers are purged from our active databases within 30 days, except where retention is required for legal or financial auditing (e.g., past payment records).

5. CHILDREN'S PRIVACY

Wingman Pro is not intended for individuals under the age of 13. We do not knowingly collect personal data from children. If we become aware of such collection, we will take immediate steps to delete the data.

6. COUNTRY-SPECIFIC PRIVACY RIGHTS

This section outlines additional rights and legal requirements applicable to Users residing in the following jurisdictions, overriding any conflicting terms in Sections 1–5.

6.1. 🇮🇳 India (Digital Personal Data Protection Act, 2023 - DPDPA)

You are a "Data Principal" under the DPDPA.

  • Consent and Notice: Consent must be free, specific, informed, unconditional, and unambiguous with a clear affirmative action. When collecting data, you will be informed of the purpose, how to exercise your rights, and the complaint mechanism.
  • Right to Nominate: You have the right to nominate another individual to exercise your rights in the event of your death or incapacity.
  • Right to Erasure: You may request the deletion of your data when the purpose for which it was collected is no longer being served, and you may withdraw consent at any time.
  • Complaint: You may file a complaint with the Data Protection Board of India.

6.2. 🇬🇧 United Kingdom (UK GDPR) & 🇩🇪 Germany (GDPR)

As residents of the UK and an EU member state (Germany), you are "Data Subjects."

  • Legal Basis: We must identify one of six lawful bases for processing your data (e.g., Consent, Contractual Necessity, Legitimate Interests).
  • Core Rights: You have the Right of Access (to confirm if data is processed and obtain a copy), the Right to Rectification, the Right to Erasure ("Right to be Forgotten"), the Right to Restriction of Processing, and the Right to Data Portability.
  • Right to Object: You have the right to object to processing based on legitimate interests or for direct marketing purposes.
  • Complaint: You have the right to lodge a complaint with a supervisory authority (e.g., the Information Commissioner's Office (ICO) in the UK or the relevant State supervisory authority in Germany).

6.3. 🇸🇬 Singapore (Personal Data Protection Act 2012 - PDPA)

Your rights are governed by the PDPA.

  • Consent Obligation: We must obtain your consent before collecting, using, or disclosing your personal data, unless legally exempted or where consent is deemed. Consent can be withdrawn at any time.
  • Access and Correction: You have the right to request access to your personal data and information on its use/disclosure in the prior year. You also have the right to request correction of errors or omissions.
  • Protection and Retention: We must make reasonable efforts to ensure data accuracy and protect data with reasonable security arrangements. Data must be retained only as long as necessary for business or legal purposes.
  • Transfer Limitation: We must ensure a comparable standard of protection is maintained for any data transferred outside Singapore.

6.4. 🇺🇸 USA (California Consumer Privacy Act/CPRA)

If you are a California resident, the CCPA/CPRA grants you specific rights (assuming RallyUp Solutions meets the required revenue/data thresholds).

  • Right to Know/Access: You have the right to know what personal information is being collected about you, for what purpose, and whether it is sold or shared.
  • Right to Delete: You can request the deletion of your personal information, subject to exceptions.
  • Right to Opt-Out: You have the right to opt out of the sale or sharing of your personal information.
  • Sensitive Personal Information: You have the right to limit the use and disclosure of sensitive personal information.

6.5. 🇲🇾 Malaysia (Personal Data Protection Act 2010 - PDPA) & 🇮🇩 Indonesia (PDP Law 2022)

Both countries rely heavily on consent and have laws mirroring GDPR principles.

  • Indonesia PDP Law: Grants rights to access, rectify, terminate processing (including deletion), and data portability.
  • Malaysia PDPA: Requires consent for processing (especially sensitive data) and has recently introduced mandatory breach reporting and rules regarding Data Protection Officers (DPOs). You have rights to access and correction.

6.6. 🇹🇭 Thailand (PDPA) & 🇻🇳 Vietnam (PDPL - pending)

These jurisdictions rely on consent and have detailed obligations.

  • Thailand PDPA: Your consent is required for processing. You have the Right to be Informed, Right to Access, Right to Correction, and Right to Data Portability.
  • Vietnam (pending): Consent remains the primary basis for processing. The framework is currently transitioning towards incorporating clearer legal bases for processing other than consent.

6.7. 🇦🇺 Australia (Privacy Act 1988 - APPs)

Your data is governed by the Australian Privacy Principles (APPs). We must give you Notice regarding collection, use, and disclosure. You have rights to Access and Correction.

6.8. 🇱🇰 Sri Lanka (PDPA) & 🇵🇰 Pakistan (PDPB - Draft)

  • Sri Lanka PDPA: You have rights to Access, Rectification, and the right to respond to your request within 3 months. The law applies to both controllers and processors.
  • Pakistan (Draft PDPB): Grants rights including Access, Correction, Data Portability, and the Right to Erasure. Data can only be transferred outside Pakistan with equivalent protection or explicit consent.

6.9. 🇳🇵 Nepal (Individual Privacy Act & Data Act)

Nepal's framework is based on the constitutional right to privacy. We must obtain consent before collecting your personal information.

6.10. 🇦🇪 UAE (Federal PDPL) & 🇲🇽 Mexico (LFPD)

  • UAE Federal PDPL: Your rights include Access, Rectification, Erasure (Right to be Forgotten), and Data Portability. Consent is the default legal basis and must be clear, specific, and unambiguous.
  • Mexico (LFPD): Grants ARCO rights (Access, Rectification, Cancellation, and Opposition) to the processing of personal data.

6.11. 🇧🇩 Bangladesh

Bangladesh has a draft Data Protection Act, but the framework is still emerging. We operate based on the general principles of Notice and Consent.

7. CONTACT US

For questions or concerns regarding this Privacy Policy or to exercise your privacy rights, please contact our Data Protection Officer/Grievance Officer:

Grievance Officer/Data Protection Officer (DPO):

Dr. Sunil Acharya
RallyUp Solutions Private Limited
Email: support@wingmanpro.tech
Phone: +91 9819 889 882
Address: DLH Orchid, Apna, Ghar Unit No. 13 CHS L, Andheri, Mumbai, Maharashtra, India, 400053

View our Terms of Service