Privacy Policy

Last Updated: December 10, 2025

1. Introduction & Scope

Welcome to ZuppiBuy, operated by Gpage Technologies Pvt Ltd. We are committed to protecting your privacy and handling your personal data with transparency and care.

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, how long we keep it, who we share it with, and how you can control your information.

This policy covers:

Our mobile application (Android/iOS)
Our website (zuppibuy.com)
All services we provide to buyers, sellers, and platform administrators

By using ZuppiBuy, you agree to the collection and use of information in accordance with this policy.

2. Definitions

For the purposes of this Privacy Policy:

Personal Data: Any information that relates to an identified or identifiable individual (e.g., name, email, phone number).
Sensitive Personal Data: Special categories of personal data including government ID numbers (Aadhaar, PAN), biometric data (selfie, liveness verification), and financial information.
Cookies: Small text files placed on your device to track usage and preferences.
Processing: Any operation performed on personal data, including collection, storage, use, disclosure, or deletion.
Controller: Gpage Technologies Pvt Ltd, which determines the purposes and means of processing personal data.
Processor: Third-party service providers who process data on our behalf.

3. What Data We Collect

3.1 Identity Data

Name, email address, phone number, date of birth (optional)

3.2 Account Data

Username, securely hashed password, profile photo

3.3 KYC & Verification Data (Sensitive)

Government ID type and number (Aadhaar, PAN, Driver's License), selfie photos, liveness capture results for identity verification

⚠️ This is classified as Sensitive Personal Data and is subject to enhanced security measures.

3.4 Listing Data

Photos, videos, item descriptions, pricing information, location details, condition assessment

3.5 Transaction Data

Payment metadata, transaction IDs, order history, digital receipts

3.6 Communication Data

In-app chat messages, support tickets, feedback submissions, user reviews

3.7 Device & Usage Data

IP address, device ID, operating system, app version, usage logs, crash reports, performance analytics

3.8 Location Data

Approximate geographic location (city/region level) if you grant permission

3.9 Coins & Rewards Data

History of coins earned, spent, and promotional activities

3.10 Admin & Moderation Data

Logs of content moderation actions, account suspension records, dispute resolution documentation

4. How We Collect Data

4.1 Data You Provide Directly

When you register, create listings, upload documents, fill forms, or contact support

4.2 Automatically Collected Data

Through cookies, log files, analytics tools, and app usage tracking

4.3 From Third Parties

From payment gateways, KYC verification vendors, warranty service providers, and other integrated services

5. Purpose of Processing

We use your personal data for the following purposes:

Account Management: Creating and maintaining your account
KYC Verification: Verifying seller identity to prevent fraud
Fraud Prevention & Security: Detecting suspicious activities and protecting the platform
Search & Personalization: Improving your browsing and search experience
Messaging: Enabling buyer-seller communication
Payment Processing: Facilitating secure transactions
Warranty & Claims: Processing warranty registrations and claim requests
Analytics: Understanding platform usage and improving services
Marketing: Sending promotional communications (only with your consent)
Legal Compliance: Meeting regulatory obligations and responding to legal requests
Dispute Resolution: Handling user complaints and conflicts

6. Legal Basis for Processing

Consent: For marketing communications and optional features (you can withdraw anytime)
Contract Performance: To fulfill our obligations in providing platform services, processing transactions, and facilitating deliveries
Legal Obligation: For KYC compliance, anti-fraud measures, and regulatory reporting
Legitimate Interests: For platform security, integrity, service improvement, and fraud prevention

7. Sharing & Third Parties

We may share your personal data with the following third parties:

KYC Verification Vendor

We share government ID documents and selfie photos for identity verification purposes

Payment Gateway (Razorpay/Cashfree)

Transaction data is shared to process payments securely

Warranty Service Provider

Item details and buyer information are shared to process warranty registrations and claims

Cloud Storage (AWS S3/Cloudinary)

Images, videos, and documents are stored on secure cloud infrastructure

Analytics Providers

Anonymized usage data for platform improvement (optional)

Law Enforcement & Legal Requests

We may disclose information when required by law, court order, or government investigation

All third-party service providers are contractually bound to protect your data and use it only for specified purposes.

8. Sensitive Data & Extra Safeguards

Government ID Documents and Biometric Data (such as Aadhaar numbers, PAN cards, selfies, and liveness verification) are classified as Sensitive Personal Data.

Special Protections:

Encrypted storage and transmission
Access limited to authorized personnel only
Purpose-limited use (verification only)
Secure deletion protocols when no longer needed
Retention period as per legal requirements (typically 7 years for KYC documents)

We never sell or use your KYC data for marketing purposes.

9. Cookies & Tracking Technologies

We use cookies and similar technologies to enhance your experience on our platform.

Types of Cookies:

Essential Cookies: Required for basic platform functionality (login, security)
Analytics Cookies: Help us understand how users interact with the platform
Preference Cookies: Remember your settings and choices

How to Opt-Out: You can disable cookies in your browser settings. Note that disabling essential cookies may affect platform functionality.

10. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy or as required by law.

Account Data: Until account deletion + 90 days for backup purposes

KYC Documents: 7 years from verification date (as per regulatory requirements)

Transaction Records: 6-8 years (for tax and audit purposes)

Chat Messages: Configurable retention (default 2 years or until deletion request)

Analytics & Logs: 12-24 months

Marketing Consent: Until consent is withdrawn

Note: Exact retention periods comply with applicable Indian laws and may be adjusted based on legal requirements.

11. Security Measures

We implement industry-standard security measures to protect your personal data:

Encryption in Transit: All data transmitted to/from our servers uses TLS/SSL encryption
Encryption at Rest: Sensitive data fields are encrypted in our databases
Access Controls: Role-based access with multi-factor authentication for admin access
Regular Security Audits: Periodic vulnerability assessments and penetration testing
Limited Personnel Access: Only authorized employees have access to personal data on a need-to-know basis
Secure Password Storage: Passwords are hashed using industry-standard algorithms
Data Backup: Regular encrypted backups with secure storage

Despite our best efforts, no system is 100% secure. Please notify us immediately if you suspect any unauthorized access to your account.

12. Your Rights & Controls

You have the following rights regarding your personal data:

Right to Access: Request a copy of the personal data we hold about you
Right to Correction: Update or correct inaccurate information
Right to Deletion (Right to be Forgotten): Request deletion of your personal data (subject to legal retention requirements)
Right to Data Portability: Receive your data in a structured, machine-readable format
Right to Withdraw Consent: Withdraw consent for marketing or optional data processing at any time
Right to Object: Object to processing based on legitimate interests
Right to Complain: Lodge a complaint with our grievance officer or relevant data protection authority

To exercise your rights, contact us at:

Email: privacy@zuppibuy.com

Response Time: We will respond to your request within 30 days

13. Data Transfers & International Hosting

Our primary data storage is located in India. However, some third-party service providers may store or process data outside India (e.g., cloud storage providers).

Transfer Safeguards:

We ensure all international data transfers comply with applicable data protection laws
Third parties are contractually bound to maintain equivalent security standards
Sensitive personal data (KYC documents) is preferentially stored in India

14. Children & Minors

Minimum Age: ZuppiBuy is intended for users aged 18 years and above. We do not knowingly collect personal data from minors under 18.

If we become aware that a user is under 18, we will:

Suspend the account immediately
Delete all associated personal data
Notify the registered email/phone number

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

15. Grievance Officer & Contact Details

For any privacy concerns, complaints, or inquiries, please contact our designated Grievance Officer:

Name: [Grievance Officer Name]

Company: Gpage Technologies Pvt Ltd

Email: grievance@zuppibuy.com

Phone: +91 [Phone Number]

Address: [Registered Office Address]

Response Time: Within 30 days of receiving your complaint

For general support inquiries, email: support@zuppibuy.com

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How we notify you:

Updated date at the top of this page
In-app notification for material changes
Email notification to registered users (for significant changes)

We encourage you to review this policy periodically. Continued use of ZuppiBuy after changes constitutes acceptance of the updated policy.

By using ZuppiBuy, you acknowledge that you have read, understood, and agree to this Privacy Policy.