As smartphone resale becomes mainstream in India, a new survey by Cashify, the country’s leading recommerce platform, reveals that data privacy concerns are growing. Surveying 8,000 respondents, the study finds that 74 per cent worry about potential misuse of personal data after selling their device, even as 56.6 per cent admit to having already sold or exchanged a smartphone themselves.
Strikingly, data privacy now outranks price as the top factor in choosing where to sell, with 45.3 per cent prioritising security over the 29.5 per cent who prioritise value. Yet practice hasn’t caught up with concern: while 83.3 per cent perform a factory reset before resale, over 41 per cent know this doesn’t guarantee complete data removal, and nearly a third have personally recovered “deleted” data from a phone.
To discuss what this means for consumers and the wider recommerce industry, we spoke to Siddhant Dhingra, co-founder and CBO of Cashify, about the gap between awareness and action, and what it will take to close it.
Your survey shows that 74 per cent of respondents fear misuse of personal data after resale. What specific incidents or consumer feedback prompted Cashify to study this issue now?
The survey was driven by a simple observation: smartphone resale has become mainstream, but concerns around data security have not faded with adoption.
A few years ago, the conversation around resale was largely about price and device value. Today, smartphones hold far more than contacts and photos. They contain financial information, personal conversations, identities, and so much more personal data. At the same time, rising incidents of digital scams and data breaches have made consumers more aware of the risks associated with handing over an old device. We wanted to understand whether trust in data protection has kept pace with the rapid growth of India’s recommerce ecosystem.
Looking at the findings, while 56.6 per cent of respondents said they had sold or exchanged a smartphone, nearly half had also heard of cases where data from resold devices was recovered or misused. Also, 74 per cent expressed concerns about potential misuse of their data after resale.
As the recommerce sector continues to mature, trust is becoming just as important as value, and data security is essential in shaping that trust.
Siddhant Dhingra, co-founder and CBO of Cashify
A factory reset is still the dominant behaviour, yet 31 per cent say they have retrieved deleted data from phones. Why do you think awareness around secure deletion remains low despite years of smartphone adoption?
A factory reset has long been positioned as the standard step before selling or disposing of a smartphone, which has led many consumers to assume that it permanently removes all personal data. However, the distinction between deleting data, performing a factory reset, and securely erasing data remains poorly understood.
While a factory reset is an important first step, it does not always guarantee that data cannot be recovered using specialised tools. True data sanitisation involves certified data erasure processes that securely overwrite stored information, making recovery virtually impossible.
The fact that 31 per cent of respondents report having retrieved deleted data highlights this awareness gap. As smartphones increasingly store sensitive personal, financial, and identity-related information, there is a growing need for consumer education around secure data deletion. Building awareness of certified erasure practices, particularly through organised recommerce platforms, will be critical to strengthening trust in the resale ecosystem and encouraging more consumers to participate in the circular economy.
Can you explain how Cashify ensures data is irrecoverable from devices that enter its recommerce ecosystem?
Data protection is fundamental to our recommerce process. The moment a device enters the Cashify ecosystem, it undergoes a deep data cleaning process where all existing data is securely overwritten in accordance with NIST data sanitisation standards before it moves to refurbishment or resale. Our philosophy is simple: every device gets a second life without compromising the previous owner’s data.
Data security doesn’t end with data erasure. Protecting customer data becomes our responsibility. Every device goes through the same standardised sanitisation process before changing hands, ensuring no personal information is carried forward into its next life.
This process is reinforced by our ISO 27001-certified information security management system, NIST-compliant data erasure practices, and GDPR-aligned privacy controls, reflecting our commitment to handling every device and every customer’s data with the same level of care.
Smartphone resale volumes are growing quickly. Is India’s recommerce ecosystem mature enough to handle data security at scale, or are there significant gaps?
India’s organised recommerce ecosystem has matured significantly. Standardised refurbishment processes and certified data sanitisation have made organised smartphone resale far more secure and trustworthy than it was a few years ago.
However, mature markets such as the US and Europe have stronger consumer awareness, more widely adopted data sanitisation standards, and tighter compliance frameworks. India is moving in the same direction, but a large share of resale still happens through unorganised channels where such safeguards are not always consistent.
The next phase of growth will be driven by trust. As resale becomes mainstream, industry-wide adoption of secure data sanitisation standards and greater transparency will be key to making data security a universal expectation.
Mathures Paul