Privacy Policy

Personal Information:

For the purposes of this Policy, Personal Information shall mean any data that pertains to an identified or identifiable natural person. Such information may include data voluntarily furnished by you, data generated or inferred through your engagement with the Services, or data procured from legitimate third-party sources, which—either independently or when combined with other information lawfully accessible to us—enables your direct or indirect identification.

Other Information:

Other Information shall encompass data concerning your access to, and utilisation of, the Services which, in isolation, may not directly establish your identity, but which is collected and processed in association with your account, device, or activities. Such information includes particulars relating to your internet connectivity, device(s) and equipment used to access our Services, and behavioural insights concerning your patterns of use, navigation, and interactions with the Services.

Modes of Collection:

• Directly from you at the time of registration, communication, or transaction;
• Automatically during your interaction with our Services through cookies, log files, and tracking technologies;
• Indirectly, through authorised third-party sources operating in compliance with applicable law.

Information Voluntarily Provided by the User:

• Identification and Contact Information: Full name, gender, date of birth, nationality, government-issued ID particulars, phone numbers, email addresses, residential/delivery addresses, and any other identification or contact details required for account creation, verification, or communication.
• Payment and Financial Information: Bank account details, debit/credit card details, UPI IDs, wallet credentials, and related financial data required for payments, billing, refunds, or other financial reconciliations.
• User-Generated Content and Communications: Feedback, reviews, survey responses, multimedia uploads, or any other information voluntarily submitted for service evaluation, promotions, or dispute resolution.
• Optional and Ancillary Information: Any additional details for service personalization, loyalty programs, promotions, or engagement initiatives (e.g., dietary preferences, health or allergy information).

All such information shall be retained and processed in accordance with applicable laws (including the Information Technology Act, 2000 and its rules) and secured using reasonable safeguards to protect confidentiality and integrity.

Information Collected Automatically:

• Technical and Device Information: IP address, device identifiers, browser type/version, operating system, device model, screen resolution, and system parameters.
• Geolocation and Usage Data: Location information, browsing patterns, frequency/duration of visits, pages viewed, transaction history, and service preferences.
• Tracking and Analytics Technologies: Data from cookies, beacons, local storage, or other tools for analytics, personalization, and service optimization, used in compliance with applicable law.

General Obligation of Security

The Company affirms its commitment to safeguarding the confidentiality, integrity, and availability of all Personal Information and Sensitive Personal Data or Information, and undertakes to implement and maintain reasonable security practices and procedures, as mandated under Section 43A of the Information Technology Act, 2000, Rule 8 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the Digital Personal Data Protection Act, 2023, and other laws for the time being in force.

Technical Safeguards

• Encryption of data at rest and in transit using industry-standard protocols;
• Secure socket layer (SSL)/transport layer security (TLS) for communication channels;
• Firewalls, intrusion detection and prevention systems, and anti-malware protections;
• Regular application of security patches, updates, and vulnerability management;
• Anonymisation, pseudonymisation, and tokenisation where feasible, particularly in respect of Sensitive Personal Data or Information.

Organisational and Access Controls

• Role-based access controls to ensure that only authorised personnel have access to Information on a "need-to-know" basis;
• Multi-factor authentication, password protection, and session management;
• Employee confidentiality agreements and periodic training on data protection obligations;
• Designation of a Grievance Officer/Data Protection Officer, as mandated under applicable law, to oversee security and compliance.

Monitoring and Audits

The Company undertakes periodic internal and external audits, penetration testing, and security risk assessments to evaluate, monitor, and strengthen its security framework, and maintains logs and records of such activities in accordance with statutory requirements.

Incident Management

In the event of any actual, suspected, or potential security breach, the Company shall follow its incident response plan, which includes prompt investigation, mitigation, documentation, and, where required under law, notification to the affected Users and competent authorities.

Limitation of Liability

Notwithstanding the implementation of the above measures, the User acknowledges and accepts that transmission of Information over the Internet, electronic networks, or digital systems is inherently susceptible to risks of interception, unauthorised access, or compromise. Accordingly, while the Company exercises all reasonable care and diligence, it disclaims liability for any unauthorised access, breach, or disclosure that occurs beyond its reasonable control or despite the adoption of industry-standard safeguards.

Applicability to Minors

The Company expressly clarifies that its Platform and Services are not directed towards, nor intended for, individuals below the age of eighteen (18) years ("Minors"), and that it does not knowingly solicit, collect, process, or store Personal Information or Sensitive Personal Data or Information of Minors for the purposes of account creation, registration, or general usage of the Platform.

Exceptional Circumstances

In limited cases, services on the Platform may be availed by or on behalf of Minors (e.g., booking tickets for family-oriented events, or delivery of food items intended for household consumption). In such cases, an adult User may need to provide limited information relating to a Minor solely for facilitating the requested service.

Parental or Guardian Consent

• The adult User providing information of a Minor represents and warrants being the parent or lawful guardian of the Minor;
• Such User grants explicit, informed, and verifiable consent for the collection, processing, storage, and use of the Minor's information strictly for the disclosed and limited purpose.

Restriction on Use of Minor's Data

• Not used to create a user account or profile for the Minor;
• Not processed for marketing, advertising, profiling, or promotions;
• Used only for the specific service expressly consented to by the parent or guardian.

Responsibility of the Adult User

The adult User furnishing information of a Minor assumes full responsibility for its accuracy and legitimacy, and undertakes to indemnify and hold harmless the Company against any claims or liabilities arising out of unauthorised provision of a Minor's data.

Right to Erasure

If the Company becomes aware that Minor's data has been collected without valid parental/guardian consent, it reserves the right to delete, anonymise, or expunge such information from its records immediately.

Third-Party Links and Services

The Platform may contain links, integrations, or references to third-party websites or services. The Company disclaims any responsibility for the authenticity, accuracy, content, or privacy practices of such services. The provision of information to such third parties is governed exclusively by their policies, and use of such services is at the User's sole risk.

Policy Amendments and Updates

The Company may update this Privacy Policy from time to time to reflect changes in law, technology, or business practices. The updated version shall be posted on the Platform with a "Last Updated" date. Continued use of the Platform after posting constitutes acceptance. Where legally required, fresh consent shall be obtained.

Governing Law and Jurisdiction

This Privacy Policy shall be governed by the laws of India. Any disputes shall fall under the exclusive jurisdiction of competent courts at Lucknow, Uttar Pradesh.

Severability

If any provision of this Policy is held unenforceable, the remaining provisions shall continue in full effect.

Waiver

Failure by the Company to enforce any provision of this Policy shall not be deemed a waiver of its rights.