Privacy Policy | Aikya Mart

1. Scope, Controller Roles and Legal Position

•This Privacy Policy applies to personal data processed through all Aikya Mart platforms including the AikyaMart customer app (Android and iOS), AM Rider app (Android and iOS), Aikyamart Vendor app (Android and iOS), AM Sales app (Android), and the AikyaMart website.
•Aikya Mart operates as a technology platform and marketplace intermediary that enables vendors to manage digital storefronts and customer transactions.
•Aikya Mart processes data for account management, platform security, service delivery, abuse prevention and compliance operations; participating vendors independently process customer data for product sale, fulfillment, delivery, after-sales support and statutory compliance.
•Delivery riders using the AM Rider app and sales staff using the AM Sales app are subject to this Privacy Policy for data processed through those applications.
•Where vendors collect additional personal data outside Aikya Mart systems, those activities are governed by vendor policies and applicable law.
•For operational clarity, Aikya Mart and vendors may act as independent data fiduciaries/controllers for their respective processing activities.
•This policy is intended to align with applicable Indian data-protection and cyber laws, including the Digital Personal Data Protection Act, 2023 (as notified/amended), the Information Technology Act, 2000 and related rules.

2. Categories of Personal Data We Collect

•Account and identity information: full name, email address, phone number, login metadata, profile details and authentication credentials (including Apple Sign-In for Vendor iOS and OTP-based verification).
•Vendor business information: business name, registered address, pincode, contact details, category information, onboarding/compliance documents and subscription records.
•Rider information: name, phone number, login credentials, vehicle details, delivery assignment history, photo proof of delivery and support ticket records.
•Sales staff information: name, phone number, employee credentials, assigned territory, location data and activity logs collected through the AM Sales application.
•Where users choose to use credit-line and KYC-linked features, data such as PAN/Aadhaar details and uploaded documents may be processed according to applicable law and platform controls.
•Technical and usage data: IP address, device and browser identifiers, operating system version, session logs, feature interaction events, analytics data and support communications.
•Location data: precise (GPS) and approximate location collected from the customer app, rider app and sales app to enable delivery tracking, order assignment, route optimization and sales territory management.
•Camera and media data: camera access is used in the customer app (scanning/image capture), rider app (delivery photo proof) and is processed solely for the stated feature purpose.
•Payment and transaction data: order details, payment mode selection, transaction references and billing information processed through authorized payment partners.

3. Purpose of Processing and Lawful Basis

•We process data to perform contractual services such as account management, order facilitation, delivery coordination, subscription management, service delivery, support and platform communications.
•We process data for legitimate interests including fraud prevention, abuse detection, security hardening, analytics, delivery performance monitoring, sales territory optimization and service quality improvements.
•We process data to comply with legal obligations, enforce terms/policies and respond to lawful governmental or regulatory requests.
•Where consent is required under applicable law, consent may be obtained through signup, settings controls, notices or in-product consent mechanisms.

4. Sharing, Disclosure and Cross-Border Processing

•We share required order and contact details between customer, vendor and assigned rider to enable transaction coordination and delivery fulfillment on the platform.
•Aikya Mart is not the seller of goods/services and does not assume merchant-of-record obligations for vendor transactions.
•Payment processing data may be exchanged with approved payment partners and vendors based on the selected payment mode and operational necessity.
•We may share data with infrastructure, analytics, communication and support service providers under contractual confidentiality and security controls. Third-party services integrated into our applications (including Firebase, Google Analytics and advertising attribution services) may process technical identifiers and usage data in accordance with their respective privacy policies.
•We may transfer data across jurisdictions where necessary for service operations, subject to reasonable safeguards and applicable law.
•We may disclose data where required by law, court order, regulatory direction, or to protect rights, safety and platform integrity, including fraud and prohibited-products investigations.
•Sensitive personal data handled under applicable legacy frameworks (including rules under the IT Act, where applicable) is managed with additional care controls.

5. Security, Retention and Incident Response

•We implement reasonable technical and organizational safeguards including access controls, logging, encrypted communications and security monitoring.
•Information is retained for operational, legal, audit and dispute-resolution needs, and deleted or anonymized when no longer necessary.
•No internet-based system is fully risk-free; users, vendors, riders and staff must protect credentials and report suspected account misuse immediately.
•Where legally required, material security incidents are handled through internal response protocols and notified through appropriate channels.

6. App Permissions by Application

•AikyaMart Customer App (Android and iOS): internet access, location (fine and coarse) for delivery address and store discovery, camera for product scanning and image capture, push notifications for order updates, in-app billing for subscriptions, WhatsApp deep-link for vendor/support communication.
•AM Rider App (Android and iOS): internet access, location (fine and coarse) for real-time delivery tracking and order assignment, camera for delivery photo proof, push notifications for order alerts, advertising ID for install attribution analytics.
•Aikyamart Vendor App (Android and iOS): internet access, push notifications for order and customer alerts, in-app billing for subscription management (Android), Apple Sign-In (iOS), advertising ID for attribution analytics (Android), WhatsApp deep-link for customer communication (iOS).
•AM Sales App (Android — Internal): internet access, location (fine and coarse) for sales territory tracking and vendor visit logging, push notifications for task assignments, advertising ID for internal attribution analytics.
•Users can manage permissions in device settings at any time; declining non-essential permissions may limit related features but will not prevent core account access.

7. User Rights and Contact

•Users may request access, correction or deletion of eligible personal data subject to applicable law and recordkeeping obligations.
•Users may withdraw optional marketing consent at any time; service-critical communications may still be sent for account, legal or security reasons.
•Where applicable, users may exercise consent-management and grievance rights available under Indian data-protection law through support channels.
•Users may contact support and raise reports for privacy concerns, fraud, abusive conduct, illegal listings, or grievance escalation.
•To protect users, vendors and platform integrity, Aikya Mart may restrict features, suspend transactions, or disable accounts where serious policy or legal risk is identified.
•On mobile devices, users can reset or limit advertising identifiers through device privacy settings (Android: Settings > Privacy > Ads; iOS: Settings > Privacy and Security > Tracking).
•Material privacy policy updates will be published on the platform with a revised last-updated date.