Privacy Policy
Version: privacy-v2.2
1. Scope
This policy explains how personal data is collected, used, shared, stored, and deleted for platform operation, in compliance with the Digital Personal Data Protection Act, 2023 and other applicable Indian laws.
2. Data We Collect
We may collect name, email, phone, address, location, account activity, and device metadata needed to provide services. Sensitive data (such as financial, health, or biometric information) will only be collected with explicit consent and processed in accordance with applicable law.
3. Purpose of Processing
Data is used for account setup, service fulfillment, support, fraud prevention, and system improvement. Data will not be processed beyond these stated purposes without fresh consent.
4. Consent and Withdrawal
By registering, you provide specific, informed, and revocable consent for the processing described here. You can withdraw consent by contacting support@domain.com. Withdrawal may limit service usage but does not affect the legality of prior processing.
5. Data Sharing
We may share required data with businesses, service providers, and retailers participating on the platform to fulfill requests, provide services, and enable transactions. These parties are contractually bound to comply with this Privacy Policy and applicable law, and may not repurpose or onward share data beyond the permitted purposes.
5A. Additional Terms for Registered Businesses
If you register a business or add your business to the platform in the future, you agree that:
- Your business will receive customer data only for fulfilling orders, providing services, or enabling transactions through the platform.
- Your business must comply with this Privacy Policy, the DPDP Act, 2023, and other applicable Indian laws when handling customer data.
- Your business may not repurpose, onward share, or exploit customer data outside the permitted purposes.
- Your business indemnifies and holds the company harmless against any claims, penalties, or damages arising from misuse of customer data.
By registering a business, you acknowledge that the platform remains the Data Fiduciary under Indian law, and your business acts as a Data Processor bound by contractual and statutory obligations.
6. Retention and Deletion
Data is retained as needed for service operation and legal obligations, then deleted or anonymized. For example, billing records may be retained for seven years in compliance with Indian tax law.
7. Security
We apply reasonable technical and organizational controls to protect personal data, including encryption, access restrictions, and monitoring. Security practices comply with the Information Technology (Reasonable Security Practices and Procedures) Rules, 2011. Breach notifications will be issued in accordance with applicable law.
8. Rights and Grievance
You may request access, correction, deletion, portability, or raise grievances by contacting support@domain.com. A designated Grievance Officer will respond within 30 days as required under Indian law.
9. Policy Updates
This policy may change. Significant updates will be communicated in-app or by email. Continued use of services after notification constitutes acceptance of updated policy terms.