Your data, handled with care.

Upcela is committed to protecting your privacy. This policy explains what data we collect, how we use it, and how we protect it. By using upcela.com you agree to the terms of this policy.

Upcela is a venture of TurfEngine, operated from Chennai, Tamil Nadu, India. This policy applies to upcela.com, the Upcela mobile web app, and any communications you receive from us over WhatsApp or email.

• •Email address for OTP login verification.
• •Phone number for transactional WhatsApp alerts (session check-in, enrollment confirmations, progress reports).
• •Child profile information for enrollment (name, age, school, grade, interests).
• •Parent and emergency contact details (name, relationship, alternate number).
• •Payment information processed via Razorpay (we do NOT store card or UPI credentials).
• •Session attendance, check-in/check-out timestamps, and usage data.
• •Device and browser information (IP, user agent) for security and abuse prevention.
• •CCTV video streams from partner venues — viewable live during your child’s session only.

• •To verify your identity via email OTP at login.
• •To manage your enrollment, bookings, and credit wallet.
• •To send WhatsApp session check-in / check-out alerts and monthly progress reports.
• •To notify you about schedule changes, cancellations, and refunds.
• •To enable Safety Shield features (live CCTV access, emergency contact retrieval).
• •To process payments and issue invoices through Razorpay.
• •To improve our platform, detect fraud, and comply with legal obligations.

We use email OTP for login verification. We also use the MSG91 WhatsApp API to send session alerts, enrollment confirmations, and progress reports to your registered phone number. Your phone number is shared with MSG91 solely to deliver these operational messages.

Email + WhatsApp are the only channels we use for transactional and operational messages — we do not send marketing SMS or robocalls. You can stop receiving operational messages by deleting your account; we cannot disable individual message types because they are required for the service (e.g. login codes, safety alerts during sessions).

All payments are processed by Razorpay, a PCI-DSS Level 1 compliant payment gateway. Upcela never sees or stores your full card number, CVV, UPI PIN, or net-banking credentials. We retain only:

• •Payment ID, order ID, amount, status (returned by Razorpay)
• •Masked card / UPI handle for receipt display
• •Wallet credit ledger entries linked to your account

Safety Shield gives parents live CCTV access to their child’s session, starting 10 minutes before class and ending at session close. Important details:

• •Streams are delivered by partner venues; Upcela does not store recordings on our servers.
• •Access is restricted to the enrolled child’s registered parent account, time-windowed per session.
• •Streams are not used for analytics, marketing, or AI training.
• •Venues operate CCTV under their own posted notices and applicable Indian law.

Your data lives in a managed Supabase (PostgreSQL) instance with:

• •Row-Level Security (RLS) — you can only read or modify rows that belong to your account.
• •Encryption at rest and TLS in transit for every request.
• •API keys and tokens stored as environment variables, never committed to code.
• •Daily automated backups retained for 7 days.

No system is 100% secure. If we ever experience a breach affecting your personal data, we will notify you within 72 hours of discovery via WhatsApp and email.

Upcela accounts are held by parents or legal guardians, not by children directly. Children under 18 do not have login credentials. We collect a minimum of information about a child (name, age, interests, emergency contact) solely to enable the parent to enroll them and to keep them safe during sessions.

A parent may request deletion of a child’s profile at any time by messaging us on WhatsApp. We will delete the profile within 7 days and confirm completion.

We share specific data only with the parties needed to deliver the service:

• •Resend — your email address, to deliver login OTPs.
• •MSG91 (WhatsApp Business API) — your phone number, to deliver session, enrollment and safety alerts.
• •Razorpay — payment metadata, to process transactions.
• •Supabase — encrypted storage of your account, enrollment, and ledger data.
• •Academies and coaches you enroll with — child name, age, parent contact, and emergency details, so they can deliver the session safely.
• •Law enforcement — only when required by a valid court order or legal request under Indian law.

We do not sell your data, share it with advertisers, or use it to train third-party AI models.

• •Active account data — retained while your account is active.
• •OTP tokens — auto-deleted within 10 minutes of issue or first use.
• •Payment records — retained for 7 years to comply with Indian tax and accounting law.
• •Session check-in / progress data — retained for 24 months after your last session, then anonymized.
• •CCTV streams — not stored by Upcela; venue retention varies and is governed by the venue’s own policy.
• •Deleted accounts — personal identifiers removed within 30 days of request; aggregate, anonymized records may remain in financial archives.

Under the Digital Personal Data Protection Act, 2023 (DPDP Act, India) you have the right to:

• •Access — get a copy of the personal data we hold about you.
• •Correction — fix anything inaccurate in your profile.
• •Erasure — delete your account and associated personal data.
• •Withdraw consent — for any specific use of your data, at any time.
• •Grievance redressal — file a complaint via the contact details below.

To exercise any of these rights, message us on WhatsApp at +91 89256 18918 or email ashok@turfengine.in. We respond within 7 business days.

We use only essential cookies and browser storage (localStorage) needed to keep you signed in, remember your theme preference (light/dark), and prevent abuse. We do not use third-party analytics, advertising, or tracking cookies on upcela.com.

You can clear cookies and localStorage via your browser settings at any time. Doing so will sign you out and reset your theme preference.

We may update this policy from time to time. Material changes will be announced on this page and, where required by law, via WhatsApp message to your registered number. The “Last updated” date at the top reflects the most recent revision. Continued use of Upcela after an update constitutes acceptance of the revised policy.