1. Scope and Data Roles
- This Privacy Policy applies to personal data processed through Aikya Mart websites, apps and support channels.
- Aikya Mart acts as a platform operator for account, security and service administration data; participating vendors act as independent data handlers for customer order/payment/delivery execution under their own obligations.
- Where vendors collect additional personal data outside Aikya Mart systems, those activities are governed by vendor policies and applicable law.
- This policy is intended to align with applicable Indian data-protection and cyber laws, including the Digital Personal Data Protection Act, 2023 (as notified/amended), the Information Technology Act, 2000 and related rules.
2. Categories of Data We Collect
- We collect account information such as full name, email address, phone number, login metadata and profile details.
- For vendors, we collect business information such as business name, business address, pincode, contact details, category information and onboarding documents where required.
- We collect technical and usage data such as IP address, device/browser identifiers, session logs, feature interaction events and support communications.
3. Legal Basis and Purpose of Processing
- We process data to perform contractual services such as account management, service delivery, support and platform communications.
- We process data for legitimate interests including fraud prevention, abuse detection, security hardening, analytics and service quality improvements.
- We process data to comply with legal obligations, enforce terms/policies and respond to lawful governmental or regulatory requests.
- Where consent is required under applicable law, consent may be obtained through signup, settings controls, notices or in-product consent mechanisms.
4. Sharing, Disclosure and International Transfers
- We share required order and contact details between customer and vendor to enable transaction coordination on the platform.
- Aikya Mart does not process end-customer payments on behalf of vendors; payment data is exchanged directly between customer and vendor or their chosen channels.
- We may share data with infrastructure, analytics, communication and support service providers under contractual confidentiality and security controls.
- We may transfer data across jurisdictions where necessary for service operations, subject to reasonable safeguards and applicable law.
- We may disclose data where required by law, court order, regulatory direction, or to protect rights, safety and platform integrity.
- Sensitive personal data handled under applicable legacy frameworks (including rules under the IT Act, where applicable) is managed with additional care controls.
5. Retention, Security and Incident Handling
- We implement reasonable technical and organizational safeguards including access controls, logging and security monitoring.
- Information is retained for operational, legal, audit and dispute-resolution needs, and deleted or anonymized when no longer necessary.
- No internet-based system is fully risk-free; users and vendors must protect credentials and report suspected account misuse immediately.
- Where legally required, material security incidents are handled through internal response protocols and notified through appropriate channels.
6. User Rights, Consent and Communications
- Users may request access, correction or deletion of eligible personal data subject to applicable law and recordkeeping obligations.
- Users may withdraw optional marketing consent at any time; service-critical communications may still be sent for account, legal or security reasons.
- Where applicable, users may exercise consent-management and grievance rights available under Indian data-protection law through support channels.
- Users may contact support for privacy concerns and grievance escalation.
- Material privacy policy updates will be published on the platform with a revised last-updated date.