Privacy Policy — Veggies Cart

👋 Introduction

Welcome to Veggies Cart ("we," "our," or "us"). We operate the Veggie Cart mobile application and the website vegiesmart.com (collectively, the "Platform").

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Platform. Please read this policy carefully. If you disagree with its terms, please discontinue use of our Platform.

🔒 We are committed to protecting your privacy. We never sell your personal data to third parties for advertising purposes.

This policy applies to all users of the Veggie Cart app and the vegiesmart.com website, operating in Tirupati, Andhra Pradesh, India.

📊 Information We Collect

1. Information You Provide Directly

Account Information: Full name, email address, mobile phone number, and password when you register.
Delivery Address: Street address, area/locality, city (Tirupati), state, and PIN code.
Payment Information: We do not store full card numbers. Payment is processed securely through our payment gateway (Razorpay). We may retain the last 4 digits of cards for your reference.
Order Information: Products ordered, quantities, order history, and delivery preferences.
Profile Data: Profile photo (optional), preferred delivery time slots, saved addresses.
Communications: Messages you send us via email or in-app support chat.
Reviews and Ratings: Product reviews, ratings, and feedback you submit.

2. Information Collected Automatically

Device Information: Device type, operating system version, unique device identifiers (Android ID / IDFA), and app version.
Location Data: GPS location (with your permission) to show relevant products and enable delivery tracking. We collect location data only while the app is in use.
Usage Data: Pages visited, products viewed, search queries, features used, time spent, and click patterns.
Log Data: IP address, browser type, date/time of access, pages viewed, and crash reports.
App Performance: Crash logs and performance diagnostics collected via Firebase Crashlytics.

3. Information from Third Parties

If you sign in with Google, we receive your name, email address, and profile photo from Google.
Payment verification data from Razorpay (transaction ID, payment status).
Delivery location mapping data from Google Maps Platform.

🎯 How We Use Your Information

We use the information we collect for the following purposes:

Core Services

Creating and managing your account
Processing orders, payments, and delivery logistics
Sending order confirmations, delivery updates, and receipts
Providing customer support and resolving disputes
Enabling real-time order tracking

Improving Our Platform

Analyzing usage patterns to improve app features
Personalizing product recommendations based on your purchase history
Conducting research and analytics to enhance user experience
Debugging technical issues using crash and performance data

Communication

Sending transactional notifications (order placed, dispatched, delivered)
Informing you about offers, discounts, and new product launches (with your consent)
Responding to your queries and complaints

Legal and Safety

Complying with applicable Indian laws and regulations
Preventing fraud, abuse, and unauthorized access
Enforcing our Terms of Service

🤝 Third-Party Services

We use the following trusted third-party services. Each has its own privacy policy governing how they handle data:

Firebase (Google LLC)

Firebase Authentication: Manages user login and session tokens.
Firebase Firestore / Realtime Database: Stores user profiles, orders, and app data.
Firebase Crashlytics: Collects crash reports and diagnostic information.
Firebase Analytics: Tracks in-app events and user behavior anonymously.
Firebase Cloud Messaging (FCM): Sends push notifications to your device.

Privacy Policy: policies.google.com/privacy

Razorpay

Processes all online payments (UPI, cards, net banking, wallets). Razorpay is PCI-DSS compliant and handles all sensitive payment data. We never store raw card or bank account details on our servers.

Privacy Policy: razorpay.com/privacy

Cloudinary

Used for storing and optimizing product images. No personal user data is stored on Cloudinary.

Privacy Policy: cloudinary.com/privacy

Google Maps Platform

Used for address lookup, delivery area mapping, and real-time order tracking.

Privacy Policy: policies.google.com/privacy

⚠️ We do not sell, trade, or rent your personal information to third parties for marketing purposes.

🍪 Cookies and Tracking Technologies

Our website (vegiesmart.com) uses cookies and similar tracking technologies:

Essential Cookies: Required for the website to function (session management, security). Cannot be disabled.
Analytics Cookies: Help us understand how visitors use our site (Google Analytics). You may opt out via browser settings.
Preference Cookies: Remember your settings like language and region.

You can control cookies through your browser settings. Note that disabling certain cookies may affect website functionality.

📍 Location Data

Our app requests access to your device's location for the following purposes:

Showing your delivery address on a map during checkout
Enabling delivery personnel to navigate to your location
Real-time order tracking features
Verifying that you are within our delivery area (Tirupati)

We request location access only while the app is in use ("While Using App" permission). We do not access location in the background.

You can revoke location permission at any time in your device settings. Revoking this permission will limit certain features like real-time tracking but will not prevent you from using the app.

🔐 Data Security

We implement industry-standard technical and organizational security measures to protect your data:

All data is transmitted over HTTPS/TLS encryption
Firebase Security Rules restrict unauthorized data access
Passwords are hashed using bcrypt — never stored in plain text
Payment data is handled exclusively by PCI-DSS compliant Razorpay
Regular security audits and vulnerability assessments
Access to user data is restricted to authorized personnel only
Two-factor authentication for admin panel access

⚠️ While we take every reasonable precaution, no data transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

📅 Data Retention

We retain your data for as long as necessary to provide our services and comply with legal obligations:

Account Data: Retained for the duration of your account and for 3 years after account deletion (for legal compliance).
Order History: Retained for 7 years as required under Indian financial and tax regulations (GST Act).
Payment Records: Retained for 7 years as required by Indian financial regulations.
Usage/Analytics Data: Aggregated and anonymized after 24 months.
Support Communications: Retained for 2 years from resolution date.
Crash Logs: Automatically deleted after 90 days by Firebase Crashlytics.

⚖️ Your Rights Under Indian Law

As a user in India, you have the following rights under the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023 (DPDPA):

Right to Access

You can request a copy of all personal data we hold about you. We will provide this within 30 days of a verified request.

Right to Correction

You can update or correct inaccurate personal data directly in the app under "My Profile" or by contacting us.

Right to Deletion (Right to be Forgotten)

You can request deletion of your account and associated personal data. We will process deletion requests within 30 days, subject to legal retention obligations.

Right to Withdraw Consent

You can withdraw consent for marketing communications at any time by unsubscribing from emails or turning off notifications in app settings.

Right to Grievance Redressal

If you believe your data rights have been violated, you can lodge a complaint with us. We will acknowledge within 72 hours and resolve within 30 days.

How to Exercise Your Rights

Email us at veggiecartapp@gmail.com with the subject "Privacy Rights Request" and your registered email address. We will verify your identity before processing the request.

👶 Children's Privacy

Our Platform is not intended for children under the age of 18. We do not knowingly collect personal information from minors.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at veggiecartapp@gmail.com. We will promptly delete such data upon verification.

🔄 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make significant changes, we will:

Update the "Last Updated" date at the top of this page
Send a push notification to app users (for material changes)
Display a prominent notice in the app for 7 days after changes take effect

Your continued use of our Platform after any changes constitutes your acceptance of the updated Privacy Policy.

📬 Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy Officer:

Email: veggiecartapp@gmail.com
Subject Line: Privacy Policy Inquiry
Business Name: Veggies Cart
Address: Tirupati, Andhra Pradesh, India — 517501
Response Time: Within 72 hours on business days

For general support, you can also use the in-app Help & Support section or visit vegiesmart.com.