Privacy Policy

1. Information We Collect

Personal Information

We collect personal information that you provide directly to us, including:

• For Customers: Name, email address, phone number, delivery address, payment information
• For Vendors: Business name, owner details, contact information, bank account details, menu information
• Support Communications: Messages, feedback, and support requests

Automatically Collected Information

• Device Information: Device type, operating system, unique device identifiers
• Location Data: GPS location for delivery services (with your permission)
• Usage Data: App usage patterns, features accessed, order history
• Log Data: IP addresses, browser type, pages visited, time spent

2. How We Use Your Information

We use collected information for the following purposes:

• Providing and maintaining our food delivery services
• Processing orders and payments securely
• Connecting customers with nearby food vendors
• Improving our services and developing new features
• Communicating with you about orders, updates, and promotions
• Ensuring platform security and preventing fraud
• Complying with legal obligations
• Analyzing usage patterns to improve user experience

3. Information Sharing and Disclosure

We do not sell your personal information. We may share information in the following circumstances:

• With Vendors: Customer delivery details necessary for order fulfillment
• With Customers: Vendor business information for order placement
• Service Providers: Payment processors, delivery partners, cloud services
• Legal Requirements: When required by law or to protect rights
• Business Transfers: In case of merger, acquisition, or asset sale

4. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security audits and vulnerability assessments
• Access controls and employee training
• Secure data centers and cloud infrastructure
• Incident response procedures

5. Your Rights Under DPDP Act

Under the Digital Personal Data Protection Act, 2023, you have the following rights:

• Right to Access: Request information about what personal data we hold about you
• Right to Correction: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data in certain circumstances
• Right to Portability: Request transfer of your data to another service provider
• Right to Withdraw Consent: Withdraw consent for data processing where applicable
• Right to Grievance Redressal: File complaints with the Data Protection Board

To exercise these rights, please contact us using the information provided in the Contact Us section.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience and analyze usage patterns. Our use of Google Analytics 4 (GA4) helps us understand how users interact with our service.

You can control cookie preferences through your browser settings. However, disabling certain cookies may affect the functionality of our service.

7. Third-Party Services

Firebase

We use Google Firebase for authentication, database storage, and analytics. Firebase processes data in accordance with Google's privacy policy and our data processing agreement.

Google Analytics 4

GA4 helps us understand user behavior and improve our services. We have implemented appropriate safeguards and only collect anonymized data where possible.

Payment Processors

Payment information is processed by certified payment gateways that comply with PCI DSS standards. We do not store payment card details on our servers.

8. Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this policy, unless a longer retention period is required by law. Specific retention periods include:

• Account Data: Retained while your account is active and for 3 years after deactivation
• Order History: Retained for 7 years for tax and legal compliance
• Communication Records: Retained for 3 years for customer service purposes
• Analytics Data: Anonymized and retained for up to 26 months

9. International Data Transfers

Your data may be transferred to and processed in countries other than India. We ensure that such transfers comply with DPDP Act requirements and implement appropriate safeguards, including standard contractual clauses and adequacy decisions where applicable.

10. Children's Privacy

Our service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

For complaints to the Data Protection Board of India, please visit: dpdpb.gov.in