Kiosk Me In Kiosk Me In by Floating Sage
Floating Sage  /  Kiosk Me In  /  Privacy

Privacy Policy

Last updated: 26 June 2026 · Effective date: 26 June 2026

1.Who we are

Kiosk Me In is a booking app that connects you with independent local businesses — salons, clinics, and similar service providers — so you can discover them, book appointments, and join in-person or live video sessions. The app and this website are operated by Neha Yadav, an individual proprietor trading as “Floating Sage”, based in Mumbai, Maharashtra, India (“we”, “us”, “our”).

Unlike our business app, Kiosk Me In does send some of your personal data off your device to a backend that we operate, so that we can create your account, find nearby businesses for you, run your bookings, and process your prepaid payments. This policy describes exactly what data we collect, where it is stored, who it is shared with, and your rights under India’s Digital Personal Data Protection Act, 2023 (the “DPDP Act”).

2.What data we collect

We collect only what we need to run the booking service. The following data is collected and sent off your device to our backend:

  • Phone number — used to create your account and to log you in. We send a one-time SMS code (OTP) to verify it.
  • Name — entered after sign-up and used to identify you to the business when you make a booking.
  • Email address (optional) — collected only if you choose to provide it, and used only for account recovery.
  • A device identifier — a random, per-install ID that the app generates on first launch and stores in your device’s secure keychain. It ties your session to this installation. It is not a hardware identifier and not an advertising identifier.
  • Approximate and precise location — foreground only. Captured only in the foreground, for two things: (1) when you ask the app to find nearby businesses, to show you businesses near you and the distance to them (converted to a city or area label by reverse geocoding); and (2) around the time of an appointment you booked, to confirm you reached the business (a “check-in”) so refunds can be handled fairly. We do not track your location continuously and we never access your location in the background.
  • Confirming your visit — around your appointment only. Around the time of an appointment you booked, we confirm you reached the business using your device location (a check-in). If you claim a full refund because the business was closed or absent, you also capture a time- and location-stamped photo (described below) as stronger evidence; for a partial refund where you simply chose not to proceed, the location check-in alone is enough. Where the business happens to have Wi-Fi, the app may also detect that network nearby as an optional extra check — without connecting to it or reading any traffic. This is done only for that booking, at that time, and never in the background or to track your movements.
  • Payment & transaction information. When you make a prepaid booking, you pay by UPI through our payment partner Razorpay. We store a record of the transaction — the amount, the booking fee, the booking it relates to, and a payment or order reference — to run your booking, process refunds, and keep our accounts. We do not collect or store your UPI PIN, card numbers, or bank credentials; those are handled directly by Razorpay.
  • Photos you capture as booking evidence. If a booking does not go ahead — in particular if the business was closed and you are claiming a full refund — you can take a photo inside the app (for example, of the business’s premises). We stamp it with the time and your location and attach it to that booking as evidence, and share it with the business as the reason a payment was or was not released. We use your camera for this only when you choose to capture such a photo; we never read your photo library.
  • Booking history — the appointments you book, including which business and service, the time, the appointment type (in-person or video), and the booking’s payment and refund status. We store this to run your bookings and show you your upcoming and past appointments.
  • Camera & microphone. Your microphone is accessed only during a video appointment you explicitly join, to carry your live audio. Your camera is accessed only when you join a video appointment (for your live video) or when you choose to capture a booking-evidence photo as described above. Neither is used at any other time.

We do not collect your contacts, your photo library, your browsing history, advertising identifiers, background location, or health data.

3.How it’s collected & where it’s stored

You provide most of this data directly — you enter your phone number, name, and optional email, and you grant location, camera, and microphone access when you use the relevant feature. Booking history is created as you make bookings in the app.

Your account data (phone number, name, recovery email, device identifier) and your booking history are stored off your device, on our backend, which runs on Cloudflare (Cloudflare Workers and a Cloudflare-hosted database, at addresses ending in workers.dev). All traffic between the app and the backend is sent encrypted in transit over HTTPS.

The live audio and video of a video appointment are not stored by us — they are carried in real time and then gone (see Section 4).

4.Data sharing with third parties

We do not sell your data, and we do not share it with anyone for advertising, analytics, or profiling. The app does not contain any advertising, analytics, or tracking SDKs, and it does not track you across other apps or websites. We share data only with the following processors, each strictly to run the service:

  • Cloudflare. Cloudflare hosts our backend (Workers and database) that stores your phone number, name, recovery email, device identifier, and booking history, and relays data between your app and that backend. This data is processed under Cloudflare’s terms.
  • LiveKit. When you join a video appointment, LiveKit provides the real-time transport for the live audio, video, and in-call chat. The call media is not recorded or stored on our servers.
  • Razorpay. Prepaid bookings and paid video appointments are processed by Razorpay, our payment partner, over UPI, under its own privacy policy. We share only the transaction amount and the booking reference needed to take the payment and issue any refund. We do not store your UPI PIN, card numbers, or bank credentials — those stay with Razorpay.
  • Your mobile carrier. The one-time login code is delivered to your phone by SMS through your carrier’s network.
  • The business you book with. When you make a booking, the business you choose receives your name and booking details so it can serve you. Around the appointment it also receives your attendance status (whether you checked in or were detected nearby), and, if you submit a booking-evidence photo in support of a refund, that photo — so it understands why a payment was or was not released.

5.Permissions the app uses

Location (when in use)
Requested in the foreground only: to find nearby businesses, and to confirm you reached a business around your appointment time. We do not access location in the background.
Camera
Used when you join a video appointment (for your live video), and when you choose to capture a booking-evidence photo for a refund. Not used at any other time.
Microphone
Used only during a video appointment you explicitly join, to send your live audio.
Nearby Wi-Fi (optional)
Where the business has Wi-Fi, the app may detect that network around your appointment time as an optional extra way to confirm you are at the business — without connecting to it or reading any traffic. If it is unavailable, your location check-in and photo are used instead.
Notifications
To send you booking reminders and updates about your appointments. You can turn these off in your device settings.
Internet
To create your account, find nearby businesses, make bookings, take payments, and run video calls over encrypted HTTPS connections.

6.Data security

We take reasonable, industry-standard steps to protect your data:

  • All traffic between the app and our backend is sent over encrypted HTTPS connections.
  • Your account data and booking history are stored on our Cloudflare backend with access controls limiting who and what can read them.
  • The per-install device identifier is held in your device’s secure keychain.
  • Login is verified with a one-time SMS code; we never store a password for you.
  • Video-call media is carried in real time and is not recorded or stored on our servers.
  • Payments are processed by Razorpay over UPI; we never receive or store your UPI PIN, card numbers, or bank credentials, and the transaction records on our backend are access-controlled.

No system is perfectly secure. If you discover a security issue, please email privacy@kioskitin.com and we will respond.

7.Your rights under the DPDP Act 2023

Under India’s Digital Personal Data Protection Act, 2023, you have the right to:

  • Access a summary of the personal data we process about you.
  • Request correction or completion of inaccurate or incomplete personal data.
  • Request erasure of your personal data, subject to legal retention obligations.
  • Withdraw any consent you have given, at any time.
  • Nominate another person to exercise these rights in case of your death or incapacity.
  • Make a grievance — see Section 10.

You can edit your name and email in the app at any time, and you can delete your account and all the data we hold about you directly from the app (see Section 11). For requests that need our assistance, contact the Grievance Officer below.

8.Account & data deletion

You can delete your account and the personal data we hold about you at any time, from within the app:

  • Open the app → ProfileDelete account → confirm.
  • This erases your phone number, name, email, device identifier, booking history, any booking-evidence photos, and session from our backend.

Full step-by-step instructions, and an email fallback for when you cannot access the app, are on our data deletion page and in Section 11 below.

9.Data retention

We retain your account data and booking history for as long as your account is active, so the service works for you. When you delete your account, we erase your phone number, name, email, device identifier, booking history, and session from our backend.

We retain a minimal record where the law requires it — in particular, records of prepaid transactions, which Indian tax and financial law requires us to keep (generally up to eight years) even after you delete your account. Such records are kept only for that legal period and purpose, after which they are deleted. We do not keep your data longer than needed for the purposes described in this policy.

10.Grievance Officer (DPDP Act §8(10))

For grievances regarding the processing of your personal data under this policy or the DPDP Act 2023, you may contact the Grievance Officer:

Grievance Officer
Neha Yadav (Founder, Floating Sage)
Email
privacy@kioskitin.com
Postal address
Mumbai, Maharashtra, India — full postal address available on request.
Response time
Acknowledgement within 7 working days; substantive response within 30 days, as required by the DPDP Act.

If you are not satisfied with the resolution, you may escalate to the Data Protection Board of India under §27 of the DPDP Act.

11.Data deletion

This section explains how to delete your account and the personal data we hold about you.

Delete your account in the app

  • Open the app and go to the Profile tab.
  • Tap Delete account.
  • Confirm. We immediately erase your phone number, name, email, device identifier, booking history, any booking-evidence photos, and session from our backend.
  • The app signs you out and returns to its first-launch state.

If you cannot access the app

If you have lost access to your phone or the app, email privacy@kioskitin.com from any address, telling us the phone number on the account so we can locate it. We will verify your request and delete your data on your behalf.

What is deleted

Deletion removes your phone number, name, recovery email, device identifier, booking history, any booking-evidence photos, and session from our backend. Records of prepaid transactions are retained only where Indian tax and financial law requires it (generally up to eight years), for that legal period and purpose, after which they too are deleted.

A standalone version of these instructions is available on our data deletion page.

12.Children’s privacy

Kiosk Me In is intended for adults aged 18 and over. The app is not directed at children, and we do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us personal data, contact the Grievance Officer above and we will delete it.

13.Changes to this policy

We may update this policy as the app evolves or as the law changes. Material changes will be reflected in the “Last updated” date at the top of this page and announced inside the app on the next launch following the change.

14.Contact

For privacy questions, data deletion requests, or grievances:

Email (privacy)
privacy@kioskitin.com
Email (general support)
support@kioskitin.com
Hosted policy URL
https://kioskitin.com/customer/privacy
Data deletion URL
https://kioskitin.com/customer/data-deletion