Privacy Policy

This document describes how AviaMania collects, processes, and protects personal information.

Last Updated: 14 March 2025  |  Effective Date: 14 March 2025  |  Version: 2.3

This Privacy Policy ("Policy") is published by AviaMania Technologies Private Limited ("AviaMania", "we", "us", or "our"), a company incorporated under the Companies Act 2013, with its registered office at Dr. Annie Besant Road 144, Worli, Mumbai 400018, Maharashtra, India (CIN: U72900MH2018PTC312547).

This Policy governs the collection, use, storage, disclosure, and protection of personal data of: (a) visitors to our website at pozzazz.com ("Website"); (b) prospective and existing B2B clients and their authorised representatives; and (c) end users of AviaMania's white-label game deployments operated by our licensed clients, to the extent AviaMania acts as a data processor on behalf of such clients.

This Policy is published in compliance with Rule 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 under the Information Technology Act, 2000 ("IT Act"), and applicable provisions of the Digital Personal Data Protection Act, 2023 ("DPDPA") as notified by the Government of India.

1. Data Controller and Data Processor Roles

AviaMania acts in dual capacities depending on the context of data processing:

As Data Controller: AviaMania acts as the data controller for personal data collected directly through the Website, including inquiry form submissions, newsletter subscriptions, and contact requests. We determine the purposes and means of processing such data independently.

As Data Processor: Where AviaMania provides the white-label gaming platform infrastructure on behalf of a licensed B2B client (the data controller), we process end-user personal data strictly according to the instructions set out in our Data Processing Agreement ("DPA") with that client. In such cases, the B2B client's privacy notice governs the end user's rights, and AviaMania's processing obligations are defined by the DPA.

2. Personal Data We Collect

2.1 Data You Provide Directly

  • Contact and Inquiry Data: When you submit an inquiry form on our Website, we collect your first and last name, business email address, telephone number, company or organisation name, country, and the content of your inquiry. This data is required to respond to your request.
  • Business Relationship Data: When you enter into a commercial engagement with AviaMania, we collect the names, email addresses, telephone numbers, and job titles of authorised representatives, as well as billing information, company registration details, and contract correspondence.
  • Account Data (Operator Dashboard): Operators who access the AviaMania operator dashboard are required to create an account. We collect username, hashed password, email address, and activity logs associated with operator accounts.

2.2 Data Collected Automatically

  • Log and Device Data: Our web servers automatically record the IP address of each visitor, browser type and version, operating system, referring URL, pages viewed, and time and date of access. This data is retained for a maximum of 90 days and is used exclusively for security monitoring and aggregate traffic analysis.
  • Cookies and Tracking Technologies: We use session cookies essential to the operation of the Website, as well as optional analytics cookies where you have provided consent. See our Cookie Policy for full details.
  • Communication Metadata: When you contact us by email or telephone, metadata including timestamps, message headers, and call duration may be retained for quality assurance and dispute resolution purposes.

2.3 Sensitive Personal Data

We do not collect sensitive personal data (as defined under the IT Rules 2011 — including financial passwords, medical records, biometric data, or sexual orientation) through the Website or our standard B2B onboarding process. B2B clients who configure KYC/AML features within their licensed deployment are solely responsible for the collection and lawful processing of any sensitive personal data from their end users, under their own privacy notice and data processing agreements.

3. Legal Bases for Processing

We process personal data on the following legal bases under applicable Indian law and, where GDPR applies to EEA-based data subjects, under corresponding GDPR provisions:

  • Contractual necessity: Processing required to fulfil our contractual obligations to B2B clients, including platform delivery, support, and account management.
  • Legitimate interests: Processing for security monitoring, fraud prevention, website analytics, and improving the quality of our services, where such interests are not overridden by your rights.
  • Consent: Processing based on your freely given, specific, and informed consent — including optional analytics cookies and marketing communications. You may withdraw consent at any time.
  • Legal obligation: Processing required to comply with applicable law, including tax legislation, court orders, and regulatory requirements.

4. How We Use Personal Data

  • To respond to inquiries, provide proposals, and manage the commercial relationship with prospective and existing B2B clients
  • To provision, maintain, and support the AviaMania platform for licensed operators
  • To send transactional communications related to your engagement with AviaMania (e.g., contract execution, invoice delivery, support ticket updates)
  • To monitor and improve the security and performance of our Website and platform infrastructure
  • To comply with our legal and regulatory obligations, including responding to valid legal process
  • To send marketing communications about new product features, events, or insights — only where you have explicitly opted in

5. Disclosure of Personal Data

We do not sell, rent, or trade personal data. We may disclose personal data in the following limited circumstances:

  • Service providers: We engage vetted third-party service providers (e.g., cloud hosting, email delivery, CRM, payment processing) who process data on our behalf under contractual obligations consistent with this Policy. A list of current sub-processors is available upon written request.
  • Professional advisers: Legal, accounting, and audit firms, subject to professional confidentiality obligations.
  • Legal and regulatory authorities: Where we are legally required to do so by court order, regulatory direction, or law enforcement request with valid jurisdiction.
  • Business transfers: In the event of a merger, acquisition, or sale of all or substantially all of AviaMania's assets, personal data held by us may be transferred to the successor entity, subject to the same protections as described in this Policy.

6. International Data Transfers

Our primary infrastructure is hosted on Amazon Web Services in the Mumbai region (ap-south-1), ensuring that data of Indian residents remains within India's jurisdiction by default. Where personal data of EEA or UK residents is processed in connection with our services, we implement appropriate safeguards including Standard Contractual Clauses as approved by the European Commission. B2B clients deploying AviaMania in specific jurisdictions are responsible for ensuring their own compliance with local data transfer restrictions.

7. Data Retention

Data CategoryRetention PeriodBasis
Website inquiry form submissions3 years from last interactionLegitimate interest / contractual
Active client contract dataDuration of contract + 7 yearsLegal obligation (tax / audit)
Operator dashboard account dataDuration of licence + 2 yearsContractual necessity
Web server access logs90 daysLegitimate interest (security)
Marketing communications consentUntil withdrawal of consentConsent
Financial and invoicing records8 yearsLegal obligation (Income Tax Act)

8. Security Measures

AviaMania implements technical and organisational security measures proportionate to the risk associated with the personal data we process, including:

  • TLS 1.2+ encryption for all data in transit between users, our servers, and third-party services
  • AES-256 encryption for personal data at rest on our production databases
  • Role-based access controls limiting internal access to personal data on a strict need-to-know basis
  • Quarterly third-party penetration testing of production infrastructure
  • Mandatory security training for all AviaMania employees with access to personal data
  • An incident response plan with a defined process for notifying affected parties and regulators in the event of a personal data breach

No method of transmission over the internet is completely secure. While we maintain robust security practices, we cannot guarantee absolute security of data transmitted to or from our Website.

9. Your Rights

Under applicable Indian data protection law and, where relevant, the GDPR, you have the following rights with respect to your personal data:

  • Right of access: To obtain confirmation of whether we hold personal data about you and to receive a copy of that data.
  • Right to correction: To request correction of inaccurate or incomplete personal data we hold about you.
  • Right to erasure: To request deletion of your personal data where it is no longer necessary for the purpose for which it was collected, subject to our legal retention obligations.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
  • Right to object: To object to processing based on legitimate interests, including direct marketing.
  • Right to data portability: To receive your personal data in a structured, commonly used, machine-readable format (where technically feasible and legally required).

To exercise any of these rights, submit a written request to privacy@pozzazz.com. We will acknowledge your request within 72 hours and provide a substantive response within 30 calendar days. We may require identity verification before processing certain requests.

10. Children's Privacy

Our Website and B2B services are directed exclusively at business professionals and are not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. B2B clients operating consumer-facing deployments are solely responsible for implementing appropriate age verification mechanisms and obtaining required parental consents where applicable under the law of their operating jurisdiction.

11. Changes to This Policy

We review and update this Policy periodically to reflect changes in our practices, technology, legal requirements, or regulatory guidance. When we make material changes, we will update the "Last Updated" date at the top of this page and, where we hold your contact details, we will send a notification email at least 14 days before the revised Policy takes effect. Continued use of our Website or services after the effective date of an updated Policy constitutes acceptance of the revised terms.

12. Contact and Grievance Redressal

For privacy-related inquiries, requests, or complaints, you may contact our designated Grievance Officer:

  • Name: Ananya Krishnan
  • Designation: Grievance Officer & Head of Product
  • Email: privacy@pozzazz.com
  • Address: AviaMania Technologies Private Limited, Dr. Annie Besant Road 144, Worli, Mumbai 400018, Maharashtra, India
  • Phone: +91 22 3782 6495 (Mon–Fri, 9:30 AM – 6:30 PM IST)

We will acknowledge all privacy complaints within 24 hours of receipt and resolve them within 30 calendar days. If you remain dissatisfied with our response, you may escalate your complaint to the appropriate regulatory authority under applicable law.