Terms & Privacy Policy

§1.1 — Agreement & Acceptance

Welcome to GI28 — India's trusted Social Media Marketing Panel at gi28.in. By registering an account, browsing the platform, depositing funds, or placing even a single order, you irrevocably agree to be bound by this entire Terms of Service & Privacy Policy document in its most recent version.

This agreement constitutes a legally binding contract between you (the "User," "Reseller," or "Customer") and GI28 Digital Services. If you do not agree with any provision, your only lawful remedy is to immediately cease using the platform and close your account.

• §1.1a — Implicit Consent: Continued use of the platform after any policy update constitutes implicit acceptance of the revised terms.
• §1.1b — Scope: These terms apply to all GI28 properties including gi28.in, any subdomains, mobile interfaces, and official API endpoints.
• §1.1c — Language of Binding: The English version of this document is the primary, authoritative version in all disputes. Translated versions are for convenience only.
• §1.1d — Entire Agreement: This document supersedes all prior understandings between you and GI28.
• §1.1e — No Waiver: GI28's failure to enforce any provision shall not constitute a waiver of that provision.

§1.2 — Age Restrictions & Eligibility

• §1.2a — Minimum Age to Browse: You must be at least 13 years old to create a free account. Users under 13 are strictly prohibited from registering.
• §1.2b — Minimum Age for Transactions: To add funds, initiate UPI/bank transfers, or participate in the Affiliate Payout Programme, you must be at least 18 years old.
• §1.2c — Parental Responsibility: Users aged 13–17 may only explore the platform under direct parental supervision. Any financial activity by a minor is a violation and will result in immediate account suspension.
• §1.2d — Age Verification Right: GI28 reserves the right to request government-issued age proof (Aadhaar, PAN) at any time. Failure to provide verification within 72 hours may result in account suspension.
• §1.2e — False Age Declaration: Providing a false date of birth constitutes fraud and will result in a permanent ban and forfeiture of all wallet balances.

§1.3 — Policy Modifications

GI28 may update this policy at any time to reflect changes in law, new features, or improved transparency. Here is exactly how we handle updates:

• §1.3a — Notification: All material changes will be announced via our Official Announcement Channel. A dashboard banner will also appear for 7 days post-update.
• §1.3b — Effective Date: Unless stated otherwise, updates take effect 48 hours after the "Last Updated" date shown at the top of this document.
• §1.3c — Version Archive: Previous versions are archived and available on request at support.gi28@proton.me.
• §1.3d — Your Right to Reject: If you disagree with a modification, you have the right to close your account before the update takes effect.
• §1.3e — Minor vs. Material Changes: Typographical corrections are minor changes. Structural changes to financial, data, or liability clauses are material changes and will always be announced.
• §1.3f — No Retroactive Harm: No modification will retroactively penalize any legitimate transaction made under a previous version of this policy.

§2.1 — Data Minimalism Philosophy

At GI28, we are fiercely loyal to one philosophy: "Collect only what is necessary, protect it like it is our own, and delete it the moment you ask." Your personal data is not a product for us — it is a responsibility.

• §2.1a — Purpose Limitation: Every data point we collect has a specific, documented reason. We do not collect "just in case" data.
• §2.1b — Data Inventory: We collect Name, Email, Phone/WhatsApp, UTR transaction IDs, order history, wallet balance, and session tokens. Nothing more.
• §2.1c — No Shadow Profiling: We do not build behavioural profiles, interest graphs, or psychographic data on users for advertising.
• §2.1d — No Third-Party Data Sales: GI28 has never, and will never, sell your personal data to any advertiser, data broker, or marketing company.
• §2.1e — Data Residency: All primary user data is stored on Google Firebase/Firestore servers via Google Cloud's Asia-South infrastructure.
• §2.1f — Regulatory Compliance: Our data practices are aligned with India's Digital Personal Data Protection Act, 2023 (DPDPA) and applicable GDPR provisions for international users.
• §2.1g — Data Export: You may request a full export of all data GI28 holds on you by emailing support.gi28@proton.me with subject "Data Export Request." We respond within 5 business days.

§2.2 — Your Name — Why We Need It

• §2.2a — Personalization: Your name appears on your dashboard header, giving the platform a personal, non-robotic feel.
• §2.2b — Support Interaction: When you open a support ticket, your name allows our agents to address you respectfully and identify your account quickly.
• §2.2c — Billing Records: For UPI/bank transactions above ₹10,000, your name may appear on payment gateway receipts as required by financial regulations.
• §2.2d — Affiliate Identity: Your first name may be referenced in payout confirmation emails sent to you.
• §2.2e — Public Display: Your full name is displayed publicly on this platform. It is not shown to other users or indexed by search engines.
• §2.2f — Review Consent Exception: If you voluntarily submit a "Verified Reseller Review" with explicit checkbox consent, only your first name and panel tier are shown.
• §2.2g — Name Update Right: You can update your display name at any time from your Profile Settings.

§2.3 — Your Email — Core Account Security

• §2.3a — Primary Authentication: Email + Password (or Google OAuth) is the foundation of your login.
• §2.3b — Account Recovery: A time-limited, single-use password reset link is sent exclusively to your registered email. We never reset passwords via WhatsApp or phone calls.
• §2.3c — Order Confirmations: When you add funds above ₹500 or place a bulk order, an automatic confirmation email is dispatched as your digital receipt.
• §2.3d — Security Alerts: If our system detects a login from a new device or suspicious IP, you receive an automatic "New Login Detected" security alert email.
• §2.3e — Critical Account Notices: Suspension warnings, policy violation notices, or mandatory verification requests are delivered exclusively to your registered email.
• §2.3f — Anti-Spam Pledge: We will NEVER send promotional newsletters or third-party marketing to your email. Every email from GI28 is transactional or security-critical.
• §2.3g — Email Sharing: Your email is never shared with any third party except Google Firebase (authentication) and our payment gateway (transaction verification only).
• §2.3h — Email Change Policy: Changing your email requires a verification link clicked on both the old AND new address as a dual-confirmation security measure.

§2.4 — Your Phone Number — Emergency Contact

• §2.4a — Fund Issue Resolution: If there is a UTR discrepancy, our support team will WhatsApp you directly for the fastest possible resolution.
• §2.4b — Order Emergency Alerts: For high-value orders (above ₹2,000) that fail or get stuck, we may send a single WhatsApp notification to inform you and offer an immediate fix.
• §2.4c — Future 2FA: Your phone number may be used for optional Two-Factor Authentication via SMS OTP in future platform updates.
• §2.4d — No Marketing Messages: GI28 will NEVER send promotional messages or unsolicited content to your WhatsApp number. Period.
• §2.4e — No Sharing: Your phone number is never shared with other users, resellers, or third parties under any circumstances.
• §2.4f — Mandatory Requirement: Providing a valid WhatsApp number is MANDATORY (see §9.1). Accounts without a phone number have limited liability coverage from GI28.
• §2.4g — Storage: Phone numbers are stored as encrypted strings in Firebase Firestore. Never in plain text.

§2.5 — Cookies & Session Storage

• §2.5a — Session Cookies: A secure, HttpOnly, SameSite=Strict session cookie is set on login. It expires when you close the browser or after 7 days of inactivity.
• §2.5b — Firebase Auth Tokens: Google Firebase stores a cryptographically signed JWT in your browser's local storage to maintain your authenticated state across page refreshes.
• §2.5c — Preference Storage: Your UI preferences (dark/light mode) are stored in localStorage as non-personal key-value pairs.
• §2.5d — No Third-Party Tracking Cookies: We do not use Google Analytics cookies, Facebook Pixel, Hotjar, or any other third-party behavioral tracking scripts on the GI28 platform.
• §2.5e — Cookie Deletion: You may clear all GI28 cookies at any time via your browser settings. This will log you out of your session; your account on our servers is unaffected.
• §2.5f — Essential Only: All cookies used by GI28 are strictly "essential." They are necessary for the platform to function.

§2.6 — No Data Selling Policy

Let us be unambiguous: GI28 does not, has not, and will never sell your personal data to any advertiser, data broker, or third party for commercial profit.

• §2.6a — Business Model Clarity: GI28's revenue comes exclusively from the margin on SMM services sold on the platform. We have zero financial incentive to monetize user data.
• §2.6b — Permitted Data Processors: We share limited data with: Google Firebase (authentication & database), our UPI payment gateway (payment processing only), and backend SMM API providers (order data only — never personal data).
• §2.6c — Order Data & Providers: When you place an order, only your order details (service ID, target URL, quantity) are sent to providers. Your name, email, phone, and wallet balance are NEVER transmitted.
• §2.6d — Legal Disclosure Exception: GI28 may disclose user data to law enforcement if legally compelled by a valid court order under Indian law. We will always attempt to notify affected users unless legally prohibited.
• §2.6e — Processor Agreements: All third-party services we use are bound by confidentiality clauses that prohibit them from using GI28 user data for their own purposes.

§3.1 — The GI28 Token Wallet System

• §3.1a — Token Exchange Rate: 1 GI28 Token = ₹1 Indian Rupee. The rate is fixed at 1:1.
• §3.1b — Minimum Add Funds: The minimum top-up is ₹10. Large deposits above ₹50,000 may trigger a mandatory UTR verification review.
• §3.1c — Wallet Expiry: GI28 Tokens do not expire as long as your account remains active. Tokens in banned accounts may be subject to forfeiture.
• §3.1d — Non-Transferability: Tokens cannot be transferred to another user's wallet. They are exclusively bound to your account.
• §3.1e — Wallet Cap: There is currently no maximum cap. GI28 may introduce a ₹5,00,000 cap in future to comply with RBI prepaid payment instrument regulations, with prior notice.
• §3.1f — Tax Implications: Users are solely responsible for any GST or income tax liabilities arising from their use of GI28 services and affiliate earnings.
• §3.1g — Wallet Statement: Your complete transaction history is available in real-time on your dashboard's "Wallet" section and available for CSV export.

§3.2 — UTR Verification & Anti-Fraud Protocol

• §3.2a — What is a UTR? A UTR is a 12-character unique code generated by the NPCI/banking system for every UPI and IMPS transaction in India. It is your proof of payment.
• §3.2b — Submission: After transferring funds to GI28's official UPI ID, submit your UTR number via the "Add Funds" page within 24 hours of making the transfer.
• §3.2c — Verification Timeline: Standard verification is completed within 15 minutes to 4 hours during business hours (9 AM – 10 PM IST).
• §3.2d — Automated vs. Manual: Our system cross-references submitted UTRs against our payment gateway records. If the automated check passes, funds are credited instantly. If flagged, a manual review is triggered.
• §3.2e — Anti-Fraud Checks: Every UTR is checked against: (i) previously used UTR numbers — reusing a UTR is fraud, (ii) transaction amounts that must match, (iii) sender bank account details, (iv) timestamp validation.
• §3.2f — Fake UTR Submission: Submitting a fake, fabricated, or stolen UTR number is a serious criminal offence under the IT Act, 2000 and will result in an immediate permanent ban and potential legal action.
• §3.2g — UTR Disputes: If your legitimate UTR is pending for more than 6 hours, contact us immediately at support.gi28@proton.me or WhatsApp support.
• §3.2h — UTR Record Retention: All verified UTR records are retained for a minimum of 5 years for tax and legal compliance, even after account deletion.

§3.3 — Refund Policy — Added Funds (Non-Refundable)

• §3.3a — Why No Bank Refunds? GI28 is a prepaid digital services panel. Our backend API providers require upfront payment. We cannot reverse committed API resources once funds enter our ecosystem. This is industry-standard across all SMM panels globally.
• §3.3b — Accidental Deposits: If you accidentally deposited more than intended, the excess remains safely in your wallet for future orders. We are unable to reverse it to your bank.
• §3.3c — Wrong UPI Transfer: If you sent money to the wrong UPI ID (not GI28's official ID), GI28 cannot take responsibility. Contact your bank immediately. Always double-check the UPI ID before transferring.
• §3.3d — Exceptional Circumstances: In rare, documented cases of platform-side technical error, GI28 will initiate a wallet credit adjustment. Bank refunds are only considered for amounts above ₹5,000 after a formal written request and internal audit, at GI28's sole discretion.
• §3.3e — Account Closure Balance: Any remaining wallet balance at the time of account deletion is permanently forfeited. Spend your balance before submitting a deletion request.

§3.4 — Order Refunds — Automatic Wallet Credit

• §3.4a — Automatic Refund Trigger: If an order fails to start, is rejected by our API provider, or is cancelled by our system, the exact token amount is automatically refunded to your GI28 Wallet within 1–24 hours.
• §3.4b — Partial Delivery Refunds: If an order is partially delivered, the cost of the undelivered portion will be automatically refunded to your wallet.
• §3.4c — Refund Verification: All refunds are logged in your wallet transaction history with the original Order ID as reference.
• §3.4d — Refund to Wallet Only: All order refunds go to your GI28 Wallet. They cannot be redirected to your bank account per §3.3.
• §3.4e — Timeframe: Refunds for failed orders are processed within 24 hours. Partial refund calculations may take up to 48 hours.
• §3.4f — No Manual Intervention Needed: Our automated system handles most refunds without you needing to contact support. If your wallet is not credited within 24 hours, open a ticket immediately.

§3.5 — Chargebacks, Disputes & Fraudulent Claims

• §3.5a — Chargeback Definition: A "chargeback" occurs when a user initiates a payment reversal with their bank after successfully receiving services from GI28, effectively attempting to receive services for free.
• §3.5b — Consequence — Immediate Permanent Ban: Any user who initiates a chargeback or fraudulent payment dispute against GI28 will be permanently banned from the platform immediately upon detection.
• §3.5c — Forfeiture: Upon a chargeback-related ban, all remaining wallet balance, active orders, and affiliate commissions are immediately frozen and forfeited without recourse.
• §3.5d — Legal Action: GI28 reserves the right to pursue legal action against users who engage in chargeback fraud. All transaction logs, IP addresses, UTR records, and usage history will be submitted as evidence.
• §3.5e — Legitimate Resolution: If you have a genuine grievance (e.g., funds deducted but not credited), the correct process is to open a support ticket at support.gi28@proton.me — NOT to file a bank dispute. We resolve legitimate issues within 24 hours.
• §3.5f — False Reports: Filing a false complaint with NPCI, RBI, or any consumer forum with fabricated evidence against GI28 is a criminal act under the IPC. GI28 will defend itself vigorously in all such cases.

§4.1 — Private Accounts — No Refund Policy

• §4.1a — Why Private Accounts Fail: Our API providers send real accounts to engage with your profile/post. A private account blocks these accounts before they can interact, causing the order to register as "attempted and complete" while delivering nothing.
• §4.1b — Your Responsibility: Before placing any order, ensure your target account or post is PUBLIC. For followers: your profile must be public. For likes/views: the individual post must be publicly accessible.
• §4.1c — Keep it Public During Delivery: Do NOT switch your account to private after placing an order. If your account becomes private mid-delivery, the order may be partially delivered and non-refundable for the undelivered portion.
• §4.1d — Platform Responsibility: GI28 is not responsible for users' account privacy settings. We provide clear warnings at the order placement stage. Proceeding past these warnings constitutes acceptance of this policy.

§4.2 — Delivery Time — Estimates vs. Actual

• §4.2a — Estimate Accuracy: Start Time and Speed information is sourced from our API providers. Real-world delivery may vary by ±20–40% depending on global demand, social media algorithm changes, and provider queue loads.
• §4.2b — High-Demand Periods: During peak hours or major social media events, delivery times may be significantly slower. GI28 is not liable for delays during these periods.
• §4.2c — Order Status: Track your order status in real-time on your dashboard: Pending → Processing → In Progress → Completed / Partial / Cancelled.
• §4.2d — When to Raise a Concern: If your order has been in "Pending" status for more than 3× the stated start time, contact support. We will investigate and either provide an ETA or cancel and refund.
• §4.2e — No SLA Guarantee: GI28 does not guarantee a Service Level Agreement on delivery times for social media engagement services.

§4.3 — Drops & Refill Policy

• §4.3a — Drop Definition: A "drop" occurs when the quantity delivered by GI28 decreases after successful completion due to platform algorithm cleanups or fake account purges.
• §4.3b — Refill-Eligible Services: Services marked with the "Refill" badge come with a complimentary refill guarantee for the specified period (typically 30–90 days).
• §4.3c — Non-Refill Services: Services NOT marked with the Refill badge are delivered on a "best effort" basis. Drops on these services do not qualify for refills or refunds.
• §4.3d — Refill Request Process: Navigate to Dashboard → My Orders → find the order → click "Request Refill." Processing takes 24–72 hours.
• §4.3e — Refill Limits: Each order is eligible for a maximum of one (1) refill during the guarantee period, unless explicitly stated otherwise.
• §4.3f — After Guarantee Period: After the stated refill period expires, GI28 cannot be held responsible for natural drops. Social media attrition is outside our control.
• §4.3g — Platform Algorithm Changes: Major platform updates causing mass drops are considered "force majeure" events. GI28 will communicate such events via our announcement channel and handle refills case-by-case.

§4.4 — Fair Use Policy

• §4.4a — API Flooding: Sending more than 200 order API requests per minute is prohibited and will trigger automatic rate limiting and potential API key suspension.
• §4.4b — Bot-Driven Activity: Using automated scripts, bots, or headless browsers to place orders, check balances, or scrape service data without explicit written permission is prohibited.
• §4.4c — Bug Exploitation: If you discover a bug allowing free or discounted services, you are legally obligated to report it to support.gi28@proton.me. Exploiting any bug is fraud and will result in a permanent ban and legal action.
• §4.4d — Responsible Disclosure Reward: Users who responsibly disclose genuine security vulnerabilities may receive wallet credits or public acknowledgment at GI28's discretion.
• §4.4e — System Overloading: Placing thousands of small orders simultaneously to test system limits is prohibited and will result in immediate account suspension.
• §4.4f — Reverse Engineering: Attempting to reverse engineer, decompile, or extract source code from the GI28 platform is a violation of intellectual property law and these terms.

§5.1 — Affiliate Programme — How Referral Codes Work

• §5.1a — Referral Code Generation: Every GI28 user automatically receives a unique referral code upon account creation, visible in Dashboard → Affiliate section.
• §5.1b — How to Share: Share your unique referral link (e.g., gi28.in/register?ref=YOURCODE). When referrals register and add funds, you earn commissions automatically.
• §5.1c — Attribution Window: The referral cookie persists for 30 days. If a user clicks your link but registers within 30 days, the referral is still credited to you.
• §5.1d — Commission Trigger: Commissions are earned on every successful fund addition by your referrals — not just their first deposit. You earn repeatedly as long as your referrals remain active.
• §5.1e — Structure: GI28 currently operates a 1-level affiliate structure (direct referrals only). Multi-level commissions may be introduced in future upgrades.
• §5.1f — Referral Dashboard: Your affiliate dashboard displays real-time data: total referrals, total earnings, pending vs. cleared commissions, and referral link performance analytics.

§5.2 — Commission Rates & Bonus Tiers

• §5.2a — Base Rate: All affiliates start at a 3% commission on every fund addition made by their referrals.
• §5.2b — Silver Tier (₹5,000+ monthly referral funds): Elevated to 5% commission rate for that month.
• §5.2c — Gold Tier (₹25,000+ monthly referral funds): 7% commission + a one-time ₹500 bonus credit to your wallet.
• §5.2d — Platinum Tier (₹1,00,000+ monthly referral funds): 10% commission + a dedicated Relationship Manager + priority order processing.
• §5.2e — Withdrawal Bonus: When you withdraw ₹5,000 or more in a single payout request, GI28 adds a 5% bonus on top of the payout as a loyalty incentive.
• §5.2f — Commission Clawback: If a referral's fund addition is reversed due to a chargeback or fraud, the corresponding commission is deducted from your affiliate wallet.

§5.3 — Payouts — Withdrawal & Timeframes

• §5.3a — Minimum Withdrawal: The minimum affiliate payout is ₹500. Requests below this threshold will not be processed.
• §5.3b — Withdrawal Method: Payouts are processed exclusively via UPI to your registered UPI ID. Bank transfers (NEFT/IMPS) may be accommodated for amounts above ₹10,000 at our discretion.
• §5.3c — Withdrawal Request Window: Withdrawal requests can be submitted on Mondays and Thursdays. Requests submitted on other days are queued for the next processing window.
• §5.3d — Processing Timeframe: Once approved, UPI payouts are credited within 24–72 hours. Delays may occur during banking holidays.
• §5.3e — KYC for Large Payouts: Requests above ₹25,000 may require PAN card details for TDS compliance under Indian income tax rules.
• §5.3f — Cooling Period: Newly earned commissions have a 7-day cooling period before they become withdrawable. This protects against commission fraud via returned orders.

§5.4 — Affiliate Fraud — Zero Tolerance

• §5.4a — Self-Referrals: Creating multiple accounts to refer yourself — your own secondary, family member, or associate accounts — to earn commission on your own fund additions is strictly prohibited.
• §5.4b — Fake Account Farming: Creating fake user accounts solely to generate referral commissions is fraud. GI28's detection system flags accounts with identical device fingerprints, IP addresses, or payment sources.
• §5.4c — Coordinated Fraud Rings: Organizing groups of people to create accounts with the sole intent of generating affiliate commissions constitutes coordinated fraud and will be reported to relevant authorities.
• §5.4d — Punishment: Confirmed affiliate fraud results in: (i) immediate permanent ban for all associated accounts, (ii) forfeiture of all affiliate earnings and wallet balance, (iii) potential criminal complaint under the IT Act, 2000 (IPC §420).
• §5.4e — Reporting Fraud: If you suspect another user is committing affiliate fraud, report it confidentially to support.gi28@proton.me. Verified fraud reports may earn you a goodwill wallet credit.

§6.1 — Right to be Forgotten — Complete Data Deletion

Your data belongs to you. GI28 is unequivocally committed to every user's absolute right to have their personal information permanently erased from our systems — no questions asked, no penalties applied.

• §6.1a — How to Request Deletion:
  1. Open a Support Ticket from your Dashboard with subject: "Data Deletion Request – [Your Registered Email]"
  2. Alternatively, email support.gi28@proton.me from your registered email address with the same subject line.
• §6.1b — What Gets Deleted: Within 48 business hours: your full name, email, phone number, profile photo, account preferences, complete order history, affiliate referral data, commission history, active session tokens, login history, and your Firebase Authentication account.
• §6.1c — Wallet Balance Notice: Any remaining wallet balance at the time of deletion is permanently forfeited. Spend your full balance before requesting deletion.
• §6.1d — Deletion Confirmation: You will receive an email confirmation once your data has been fully wiped from our active systems.
• §6.1e — Irreversibility: Data deletion is permanent and irreversible. GI28 cannot restore a deleted account under any circumstances.
• §6.1f — Financial Log Exception: See §6.2 for limited financial data retained for legal compliance even after a deletion request.

§6.2 — Data Retention — Financial Logs & Legal Compliance

• §6.2a — Retained Data:
  • UTR Records: Retained for 7 years per the Income Tax Act, 1961.
  • Payment Gateway Records: Retained for 5 years per RBI guidelines.
  • Fraud Investigation Logs: Retained for 3 years.
• §6.2b — Anonymization: Where legally permissible, retained financial logs are anonymized — your name and email are replaced with a hash ID.
• §6.2c — No Active Use: Retained compliance data is archived in a separate, restricted-access database. It is never used for marketing, profiling, or platform operations.
• §6.2d — Access to Retained Data: You may request a copy of financial records retained about you even after account deletion by emailing support.gi28@proton.me.
• §6.2e — Deletion After Retention Period: Once the mandatory retention period expires, all retained data is permanently deleted through our scheduled data purging process.

§7.1 — Our Multi-Provider Architecture

GI28 is not a single-source SMM panel. We operate a sophisticated multi-provider aggregation engine that connects to dozens of premium global SMM API providers simultaneously.

• §7.1a — Provider Diversity: GI28 maintains active API integrations with SMM providers across multiple countries and specializations. We leverage each for what they do best.
• §7.1b — User-Facing Abstraction: You interact with one unified catalogue. The complexity of selecting, routing, and managing multiple providers happens entirely in our backend.
• §7.1c — Provider Vetting: New providers are subjected to a 72-hour test period with small internal test orders before being made available to real users. We check delivery speed, drop rates, and support responsiveness.
• §7.1d — Provider Confidentiality: GI28 does not publicly disclose the names of its API providers. This confidentiality protects our competitive advantage.
• §7.1e — Provider Failures: If a provider experiences downtime, GI28's routing system automatically detects this and either routes to a backup provider or cancels and refunds the order to your wallet.

§7.2 — Continuous Quality Monitoring

• §7.2a — Real-Time Monitoring: GI28's operations team monitors provider performance metrics in real-time. Tracked metrics include: average start time, delivery completion rate, drop rate (30-day), and support response time.
• §7.2b — Quality Threshold System: Providers must maintain a minimum 90% completion rate and a sub-5% 30-day drop rate to remain active in our catalogue. Providers falling below these thresholds are automatically quarantined and reviewed.
• §7.2c — User-Reported Quality Issues: If multiple users report consistent quality issues with a specific service, our quality team launches an investigation within 24 hours. Services may be temporarily suspended during investigations.
• §7.2d — Proactive Switching: We proactively switch providers when we identify a better alternative, even if the current provider has not explicitly failed.
• §7.2e — Service Updates: When a service's provider is switched, the listing is updated with new speed, quality, and description information. Major changes are announced on our announcement channel.

§7.3 — Intelligent API Order Routing

• §7.3a — Routing Algorithm: When you place an order, GI28's routing engine evaluates all available providers based on: current queue load, historical completion rate, real-time provider status, and cost efficiency.
• §7.3b — Fallback System: If the primary provider fails to acknowledge the order within 60 seconds, the system automatically attempts the next best provider. This cascading fallback continues up to 3 providers before triggering a wallet refund.
• §7.3c — Load Balancing: During high-demand periods, our engine distributes orders across multiple providers simultaneously to maintain consistent delivery speeds.
• §7.3d — Provider API Health Checks: Our system pings provider APIs every 5 minutes. Providers showing response times above 10 seconds are temporarily removed from the routing pool.
• §7.3e — Order Status Transparency: Your order dashboard shows the current status from the provider's API in real-time. "In Progress" means the provider has accepted and is actively delivering your order.

§8.1 — WhatsApp Support — Availability & Response Times

• §8.1a — Availability Hours: WhatsApp support is available Monday to Saturday, 9:00 AM – 10:00 PM IST. Sunday support is available for critical issues from 11 AM – 6 PM IST.
• §8.1b — Response Time SLA: Our target response time is under 30 minutes during business hours. Complex issues involving order investigations may require 2–4 hours of additional analysis time.
• §8.1c — WhatsApp Support Number: The official GI28 WhatsApp support number is listed on the "Contact Us" page of your dashboard. Do not trust any other number claiming to be GI28 support.
• §8.1d — Supported Issues: UTR verification delays, order status queries, account access issues, and affiliate payout inquiries are all handled via WhatsApp.
• §8.1e — Formal Complaints: Complex disputes, data deletion requests, and formal complaints should be submitted via email at support.gi28@proton.me for a documented paper trail.
• §8.1f — Language: Support is primarily provided in English and Hindi.
• §8.1g — No Impersonation: GI28 support agents will never ask for your password, OTP, or request payment to any personal UPI ID. Such requests are scams — report and block immediately.

§8.2 — Official WhatsApp Reseller Community Group

GI28's Official WhatsApp Reseller Community is one of the most vibrant, active, and inclusive SMM networking spaces in India — designed to be a genuine business networking community, not just an announcement group.

• §8.2a — Community Purpose: A dynamic space for resellers and panel users to network, share marketing strategies, discuss social media trends, and support each other's growth.
• §8.2b — Open Communication Rights: Every member has full, equal rights to communicate, ask questions, share insights, and network with any other member in the group — regardless of gender, background, city, or business size.
• §8.2c — Networking Freedom: Members are free to connect with each other for legitimate business collaborations, including reseller partnerships, agency tie-ups, and knowledge sharing.
• §8.2d — Weekly Community Meetings: GI28 hosts a weekly community voice chat session (typically Sundays at 8 PM IST) where members discuss platform updates, new service launches, industry news, and share success stories.
• §8.2e — Fun Culture: The group maintains a healthy, fun culture. Memes, congratulations on wins, and casual conversations are welcomed — as long as they remain respectful and within our community rules (§8.5).
• §8.2f — Eligibility: Open to all registered GI28 users with a verified account. The group invite link is available on your dashboard after email verification.
• §8.2g — Admin Presence: GI28 admins are active participants — not silent moderators. They are available within the group for quick queries during business hours.

§8.3 — Telegram Group — Privacy-First Alternative

• §8.3a — Privacy Advantage: On Telegram, you can participate fully using only your chosen username. Your real phone number is never visible to other group members.
• §8.3b — Same Benefits: The GI28 Telegram group provides all the same community benefits as the WhatsApp group: networking, announcements, admin support, weekly discussion threads, and resource sharing.
• §8.3c — Telegram-Exclusive Features: Searchable message history, pinned resource libraries (rate cards, order guides, tutorial videos), and bot-powered order status checks.
• §8.3d — Joining Instructions: The official GI28 Telegram group link is available on your dashboard's "Community" section. Only join via the official link to avoid fake groups.
• §8.3e — Dual Membership: You are welcome to be a member of both the WhatsApp and Telegram communities simultaneously.

§8.4 — Official Announcement Channel — Mandatory

• §8.4a — Why Mandatory? Critical communications — including service downtime, pricing changes, policy updates, payment gateway maintenance, and security alerts — are announced exclusively via this channel.
• §8.4b — Phone Number Privacy: The Official Announcement Channel is a broadcast-only channel. Members cannot see each other's phone numbers, names, or any personal information. Your privacy is completely protected.
• §8.4c — Content Frequency: Announcements are sent only when there is something genuinely important to communicate. We target no more than 1–2 messages per day — never spam.
• §8.4d — No Replies: The announcement channel does not allow member replies. For questions, use the Community Group (§8.2) or WhatsApp Support (§8.1).
• §8.4e — Liability for Not Joining: If you miss a critical announcement because you have not joined the channel, GI28 cannot be held liable for any resulting issues with your orders or funds.

§8.5 — Community Rules — Zero Tolerance

• §8.5a — Zero Tolerance for Harassment: Any form of personal harassment, bullying, body shaming, gender-based discrimination, caste-based slurs, or targeted verbal abuse against any member will result in immediate and permanent removal from all GI28 communities — and potentially from the platform itself.
• §8.5b — No Spam: Promotional messages for non-GI28 services, competitor panel advertisements, cryptocurrency schemes, loan services, or any irrelevant commercial content are strictly prohibited.
• §8.5c — No Fake News: Spreading misinformation about GI28's services, pricing, or policies within the community groups is prohibited.
• §8.5d — No Explicit Content: Sharing sexually explicit, violent, politically inflammatory, or religiously offensive content will result in immediate expulsion and potential account review.
• §8.5e — Inclusive Environment: GI28's community is welcoming to users of all genders, religions, backgrounds, and experience levels. Newcomers are especially welcome.
• §8.5f — Admin Authority: GI28 admins have final authority on community moderation decisions. Private appeals can be submitted to support.gi28@proton.me.
• §8.5g — Reporting: If you witness a community rule violation, report it directly to an admin or email support.gi28@proton.me. Reports are handled confidentially.

§9.1 — Mandatory Phone Number Requirement

Adding a valid WhatsApp-enabled phone number to your GI28 profile is strictly mandatory for all users.

• §9.1a — Why Mandatory? In critical situations — UTR disputes, high-value order failures, security alerts — email response cycles (24–48 hours) are too slow. WhatsApp enables our team to resolve your issue in minutes.
• §9.1b — Where to Add It: Dashboard → Profile Settings → "Phone / WhatsApp Number" field → Enter your active 10-digit Indian mobile number → Save.
• §9.1c — Format Requirement: Enter your number in format: +91XXXXXXXXXX (with country code). WhatsApp must be active on this number.
• §9.1d — Verification: GI28 may send a WhatsApp verification message to confirm the number is active and reachable.
• §9.1e — Update Responsibility: If you change your phone number, update it on your GI28 profile immediately. An outdated number is treated the same as having no number on file.

§9.2 — Google Login Users — Phone Number Gap

If you registered on GI28 using Google Sign-In ("Sign in with Google"), your phone number is NOT automatically captured from your Google account — even if your Google account has a phone number associated with it.

• §9.2a — Why the Gap Exists: Google's OAuth protocol, by design, only shares your name and email address with third-party apps during sign-in. Your phone number stays private within Google's system and is never passed to us.
• §9.2b — Your Mandatory Action: If you signed up via Google, you MUST manually add your phone number to your GI28 profile. Go to: Dashboard → Profile → Phone/WhatsApp → Enter number → Save.
• §9.2c — How to Know If You Are Affected: Check your Profile Settings. If the "Phone Number" field is blank, fill it in — regardless of how you registered.
• §9.2d — Dashboard Reminder: GI28's dashboard displays a persistent "Action Required: Add Phone Number" banner for accounts with missing phone numbers. This banner cannot be permanently dismissed until the phone number is added.
• §9.2e — Data Privacy Note: The phone number you add is stored separately from your Google account data, on GI28's Firebase Firestore, and is governed by the same strict privacy rules outlined in §2.4.

§9.3 — Unreachable User Liability Policy

• §9.3a — Primary Contact Attempt: If an urgent issue arises, our team's first contact attempt will always be via WhatsApp to your registered phone number.
• §9.3b — Email Fallback: If the WhatsApp message is unanswered for 6 hours during business hours, we will send a follow-up email to your registered email address.
• §9.3c — 48-Hour Resolution Window: If we receive no response via WhatsApp OR email within 48 hours of our first outreach, our team will attempt to resolve the issue using the best available information and close the case.
• §9.3d — Zero Liability for No Phone Number: If your profile has no phone number on file and an urgent issue occurs that requires immediate clarification, GI28 will attempt to contact you by email only. If the issue cannot be resolved due to lack of a reachable phone number, GI28 holds zero liability for any resulting financial loss or unresolved order.
• §9.3e — Your Risk Acceptance: By continuing to use GI28 without a valid phone number in your profile, you explicitly acknowledge and accept the risk of reduced support capability and limited liability coverage.

§10.1 — Firebase Authentication — Enterprise-Grade Security

GI28's authentication infrastructure is powered by Google Firebase Authentication — the same enterprise-grade identity platform trusted by millions of apps globally, including major Fortune 500 products.

• §10.1a — What Firebase Auth Provides: Firebase Authentication is a Google Cloud service that handles identity verification, session management, and token generation. It holds SOC 2, ISO 27001, and PCI DSS certifications.
• §10.1b — Google OAuth Integration: The "Sign in with Google" feature uses Firebase's OAuth 2.0 integration. Your Google credentials are verified directly by Google — GI28 never sees your Google password.
• §10.1c — Email/Password Authentication: Firebase handles the full authentication pipeline, including email verification, rate limiting on failed attempts, and automated lockout after repeated failures.
• §10.1d — Uptime: Firebase Authentication operates on Google's global infrastructure with a 99.95% uptime SLA, ensuring GI28 login is available virtually 24/7.
• §10.1e — Future Authentication Features: GI28 plans to enable SMS OTP (two-factor authentication), biometric login, and phone number auth in future platform updates.

§10.2 — Password Security

• §10.2a — No Plaintext Storage: GI28 never stores your password in plaintext. Not our developers, not our admins, not anyone can see it.
• §10.2b — Cryptographic Hashing: Passwords are processed using bcrypt hashing with high cost factors — an irreversible cryptographic function. Even if our database were compromised, password reversal is computationally infeasible.
• §10.2c — Salting: Each password hash is generated with a unique cryptographic salt, preventing "rainbow table" attacks.
• §10.2d — Password Reset: Firebase generates a single-use, time-limited (1 hour) secure reset link sent exclusively to your registered email. Old passwords are invalidated immediately upon reset.
• §10.2e — Strong Password Requirements: Minimum 8 characters, including uppercase, lowercase, and a number or special character.
• §10.2f — Breach Monitoring: GI28 monitors Firebase security advisories and Google's Known Breached Credentials database. If your credentials appear in a known breach from another service, you will be notified and prompted to change your GI28 password.

§10.3 — Firestore Database Encryption

• §10.3a — Encryption at Rest: All data stored in Firestore is automatically encrypted at rest using AES-256 encryption — the same standard used by banks and government agencies. This encryption is always on and managed by Google.
• §10.3b — Encryption in Transit: All data transmitted between your browser and our Firestore database is encrypted using TLS 1.3 — the latest and most secure transport layer encryption standard.
• §10.3c — Database Access Control: GI28's Firestore is secured with strict Firebase Security Rules. A user can only read/write their own data. Admin functions require elevated authentication tokens. All writes are validated against schema rules before being accepted.
• §10.3d — Wallet Balance Security: Wallet balance fields are protected by server-side Firestore Security Rules that prevent any client-side manipulation. All balance changes are processed through authenticated server functions — never directly from the browser.
• §10.3e — UTR Log Integrity: UTR records are stored with write-once semantics in a restricted subcollection. Once a UTR is logged, it cannot be modified or deleted by client code, creating a tamper-evident financial audit trail.
• §10.3f — Backup & Recovery: Firestore data is automatically backed up daily. GI28 maintains a 30-day point-in-time recovery capability for critical data.

§10.4 — Session Management & Account Protection

• §10.4a — Session Tokens: Upon login, Firebase generates a cryptographically signed JWT (JSON Web Token) with a defined expiry that authorizes your session.
• §10.4b — Token Refresh: Firebase ID tokens expire after 1 hour by default. Our platform automatically refreshes these tokens silently in the background as long as you remain active.
• §10.4c — Inactivity Auto-Logout: If your GI28 session is idle for 7 consecutive days, your session is automatically terminated. This prevents unauthorized access on shared devices.
• §10.4d — Remote Session Revocation: If you believe your account has been compromised, changing your password immediately invalidates all active sessions globally within minutes.
• §10.4e — Concurrent Session Policy: GI28 currently allows multiple concurrent sessions (mobile and desktop simultaneously). Single-session enforcement may be introduced as an optional security setting in future updates.
• §10.4f — Login Anomaly Detection: Firebase's built-in abuse protection detects and flags unusual login patterns — such as logins from new geographies, unrecognized devices, or rapid credential cycling — and triggers automatic security alerts.
• §10.4g — Your Security Checklist:
  • Always log out from GI28 on shared or public computers.
  • Do not save your GI28 password in unencrypted plain text files.
  • If you receive a "New Login Detected" alert from an unrecognized device, change your password immediately.
  • Enable 2FA when it becomes available on the platform.

§11.1 — Governing Law, Jurisdiction & Final Clauses

• §11.1a — Governing Law: This Terms of Service & Privacy Policy and all disputes arising from it shall be governed by and construed in accordance with the laws of the Republic of India.
• §11.1b — Jurisdiction: Any dispute, controversy, or claim arising from or related to these terms shall be subject to the exclusive jurisdiction of the competent courts located in India.
• §11.1c — Arbitration: Before initiating any legal proceedings, both parties agree to attempt good-faith resolution through GI28's formal dispute process (email to support.gi28@proton.me) for a minimum of 30 days.
• §11.1d — Limitation of Liability: GI28's maximum aggregate liability to any user for any claim arising from these terms shall not exceed the total amount deposited by that user in the 90 days preceding the claim.
• §11.1e — Force Majeure: GI28 shall not be liable for delays or failures resulting from causes beyond our reasonable control, including acts of God, government actions, internet infrastructure failures, social media platform outages, or third-party API provider failures.
• §11.1f — Severability: If any provision of these terms is held invalid or unenforceable, the remaining provisions shall continue in full force and effect.
• §11.1g — Contact for Legal Matters: All formal legal correspondence should be directed to support.gi28@proton.me with the subject "Legal Notice – Constant Abrar (Abrar Alli Khan)."