Your data, handled with care.

Last updated · 19 June 2026

1. Who this policy applies to

This policy applies to any individual who creates a Primus account, signs in to the kiosk app, or completes a payment through the platform operated by HYDRAS SPORTS NETWORK PRIVATE LIMITED (CIN U92490TG2021PTC150427), under the brand Primus Infotech. The legal entity is the data fiduciary under the DPDP Act, 2023; its registered office is at 10-3-782, 253/3RT, Vijay Nagar Colony, Hyderabad, Telangana, India - 500057.

2. Information we collect

Account information

• Name, email, phone number.
• Password, stored as a one-way bcrypt hash. We never store your plaintext password.

Usage data

• Sessions started and ended, including durations.
• Time packages purchased, wallet top-ups, coupon redemptions.
• Games or apps launched on the operating café’s PCs (used to enforce platform-account assignment).

Payment metadata

• Order references, payment status, payment amounts in INR.
• The payment method category (UPI / card / netbanking / wallet) and a masked identifier where Cashfree provides one (e.g., last 4 digits of a card).
• We never see, store, or transmit your full card number, CVV, UPI PIN, or net-banking credentials. Those are handled exclusively by Cashfree, our PCI-DSS-certified payment partner.

Device data

• The registered kiosk PC’s hardware fingerprint and license key, used to bind a kiosk to its café.
• Operating-system version and IP address, used for fraud detection and rate limiting.

3. How we use your information

• Service operation: applying time you have purchased, resuming sessions, displaying receipts.
• Payment processing: reconciliation with Cashfree and the operating café.
• Security & fraud prevention: detecting unauthorised access, replay attacks, or abuse.
• Customer support: responding to your tickets and refund requests.
• Legal & tax compliance: retaining transaction records as required by Indian law.

We do not sell your data, do not serve third-party advertising on the kiosk, and do not use your data to train AI models.

4. Legal basis (DPDP Act, 2023)

We process your personal data on the following lawful bases:

• Contract: processing required to deliver the services you have purchased.
• Consent: for any optional features (e.g., promotional emails) that you can opt in to or out of at any time.
• Legal obligation: retention of financial and tax records.
• Legitimate interest: security, fraud prevention, and platform analytics in aggregate form.

5. Sharing

We share data only with:

• Cashfree Payments India Pvt Ltd, our payment processor, for the limited purpose of completing transactions.
• The operating café, restricted to data needed to serve you on-site (account name, current package, current session).
• Cloud infrastructure providers who host our backend, under strict data-processing agreements.
• Government or judicial authorities when legally compelled.

We do not transfer data outside India except where it is processed by cloud-infrastructure providers using region-equivalent safeguards.

6. Data retention

Account and transaction records are retained for 7 years to comply with Indian tax and audit requirements. Marketing-consent records are retained for as long as the consent remains active. Backup copies expire on rolling schedules of up to 90 days.

7. Your rights

Subject to the DPDP Act and applicable law, you have the right to:

• Access a copy of the personal data we hold about you.
• Correct any inaccurate personal data.
• Request deletion of your account (subject to financial-record retention obligations).
• Withdraw consent for any optional processing.
• Lodge a complaint with the Data Protection Board of India.

To exercise any of these rights, email support@primusadmin.in from the email address registered to your account. We respond within 30 days.

8. Security measures

• All API traffic is served over HTTPS with HSTS enforced.
• Passwords are stored as bcrypt hashes; refresh tokens are rotated on every use.
• Device-level secrets on the kiosk are sealed with Windows DPAPI (LocalMachine scope).
• Webhooks are HMAC-SHA256 signed and replay-protected with a ±5-minute timestamp window.
• Backend access is gated by SSO + 2FA for engineers, with full audit trails.
• Payment-card data is fully out of scope — handled by Cashfree under PCI-DSS.

9. Cookies

The kiosk app does not use third-party tracking cookies. The admin web portal stores authentication tokens in browser localStorage (not cookies); session cookies are httpOnly and same-site.

10. Children’s privacy

The platform is not directed at children under 13. Users between 13 and 18 must have parental consent for paid transactions. If you believe a child has registered without consent, contact us and we will remove the account.

11. Grievance officer

Per Rule 5(9) of the IT Rules, 2011 (and the DPDP Act, 2023), we have designated a grievance officer:

• Grievance Officer
• Email: support@primusadmin.in
• Response time: within 15 days of receipt

12. Changes to this policy

We may update this policy as the platform evolves. The “last updated” date reflects the latest revision. We notify users of material changes via email and on the kiosk before they take effect.

13. Contact

Privacy questions or requests? Email support@primusadmin.in.