Privacy Policy (FIGEIT e-Marketplace)

Last Updated: October 13, 2025
Applies to: FIGEIT mobile application (“App”) and www.figeit.com (“Website”), together the “Platform”).
Entity: Figeit e-Marketplace Private Limited, H.No.12-2-563, JYR Apartments, Flat No.502, Gudimalkapur, Mehdipatnam, Hyderabad-500028, Telangana, India (“Company”, “we”, “us”, “our”).
Contact: support@figeit.com

By using the Platform, you agree to this Privacy Policy and our Terms of Use. If you do not agree, please do not use the Platform.

1) Who this policy covers

This Policy applies to Users, Merchants/Sellers, and Delivery Partners (collectively, “you”).

The Platform is intended for general audience use. We do not knowingly allow or target children under 13. If you are under 13, do not use the Platform or provide personal data. If we learn we have collected personal data from a child under 13, we will delete it.

2) What we collect

A. Personal Information you provide

• Identity & Contact: name, gender, date of birth, email, phone, addresses (billing, shipping, service), profile photo.
• Account & Order: items viewed/ordered, cart and wish-list, search queries, reviews/ratings, support tickets, chat history with us/sellers/delivery partners.
• KYC & Compliance (Merchants/Delivery Partners): government IDs, photos/selfies (for verification), GST/registration numbers, bank/UPI details (tokenized by payment partners), signatures where needed by law.
• Health Declarations (Delivery Partners, if applicable): limited self-declared fitness/temperature/symptoms when required for safety compliance.
• Referrals: names and contact details of people you refer.

Payments: We use PCI-DSS–compliant processors (payment gateways/aggregators). We do not store full card or UPI credentials on our servers.

B. Information collected automatically

• Device & Technical: device model, OS/version, app version, unique device identifiers, mobile network, language, time zone, crash logs.
• Usage & Analytics: screens viewed, actions (taps, scrolls), session time, campaign attribution.
• Log Data: IP address, browser type, date/time, pages visited on the Website.
• Cookies/SDKs: cookies/web beacons on the Website; mobile SDKs in the App for analytics, crash reporting, push notifications, and fraud prevention (e.g., Google/Firebase services and similar).

C. Location & permissions (App)

• Location (Approx/Precise): to show nearby stores, estimate delivery fees/time, assign Delivery Partners, and fraud/risk controls.
• Camera & Photos/Media/Files: for profile images, product images (Sellers), delivery proof (Delivery Partners), and scan/upload of documents.
• Storage: to cache images/files for faster performance and to upload documents/photos you choose.
• Contacts (optional): to facilitate referrals or share-with-a-friend (only if you allow).
• Phone/SMS (Delivery Partners, optional): to enable in-app calling/masking or OTP auto-read (where supported).

You can deny or later revoke permissions in your device settings. Some features may not work without the relevant permission.

3) How we use your information (purposes)

We process your data to:

1. Provide the service: account creation, login, show nearby shops, product discovery, order placement, payments, delivery assignment and tracking, communication with sellers/delivery partners.
2. Customer support: resolve complaints, provide updates (order status, refunds, service disruptions).
3. Safety, security, and fraud prevention: prevent spam/abuse, verify identities, detect suspicious activity, protect our users and Platform.
4. Improve and personalize: app performance, recommendations, A/B testing, analytics, crash diagnostics.
5. Legal & compliance: tax/accounting, responding to lawful requests, enforcing terms, dispute resolution.
6. Marketing (optional): send offers, surveys, and newsletters; you can opt out anytime (see Section 10).

Legal bases (DPDPA/GDPR-style principles): consent, performance of a contract (to fulfill your orders), compliance with law, and legitimate uses such as fraud prevention and Platform security as permitted by applicable law.

4) Data retention

We keep data only as long as necessary for the purposes above:

• Account & order records: kept for the life of your account and for statutory periods (e.g., tax, accounting, limitation periods).
• KYC & Delivery artifacts: retained for legally required durations or to defend legal claims.
• Analytics & logs: typically up to 24 months (or shorter where feasible), after which we delete or irreversibly anonymize.
• If you withdraw consent or delete your account, we will delete or anonymize personal data not required for legal/regulatory reasons, generally within 30 days (see Section 9).

5) How we share information

We may share the minimum necessary data with:

• Merchants/Sellers & Delivery Partners to fulfill your orders and deliveries.
• Payment processors and banks for payments, refunds, fraud checks.
• Cloud/IT, analytics, messaging, and customer-support providers (e.g., hosting, push notifications, crash analytics, email/SMS/WhatsApp services).
• Verification/KYC vendors (for Sellers/Delivery Partners).
• Government/law enforcement when legally required or to protect rights, safety, or enforce our Terms.
• Corporate transactions: merger, acquisition, financing, or sale of assets; the recipient will be bound by this Policy.
• Advertisers/attribution partners: only aggregated or de-identified insights unless you give explicit consent for personal data sharing.

We do not sell your personal information.

6) International data transfers

We may process/store data on servers or cloud providers located outside India. Where we transfer data internationally, we use safeguards such as contractual commitments and industry-standard security to protect your information, subject to applicable law.

7) Security

We implement administrative, technical, and organizational measures to protect personal data (encryption in transit, access controls, least-privilege access, monitoring, and audits). No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

8) Your rights & choices

Subject to applicable law, you may:

• Access/Review your data.
• Correct/Update inaccurate or incomplete data.
• Withdraw consent for processing that relies on consent.
• Object/Restrict certain processing where permitted.
• Portability (where applicable).
• Delete/Erase your account and associated personal data (see next section).

To exercise rights, email support@figeit.com from your registered email/phone and include proof of identity if requested. We will respond within the time required by law.

9) Account & data deletion (Google Play requirement)

You can request deletion of your account and associated personal data as follows:

• In-App (when available): Profile/Settings → Account → Delete Account.
• Or via Email: write to support@figeit.com with subject “Account Deletion Request” from your registered email/phone.

What happens after deletion:

• We will delete or anonymize your personal data not required for legal, accounting, fraud-prevention, or dispute-resolution purposes, generally within 30 days.
• Some records (e.g., invoices, tax records, fraud logs) may be retained as required by law and then deleted/anonymized after the retention period.

10) Marketing communications & opt-out

You may receive service messages (order updates, security alerts) and optional marketing messages (offers, surveys).

• Opt-out of marketing at any time using the in-message unsubscribe link or by emailing support@figeit.com.
• You will still receive essential non-marketing communications.

11) Cookies, SDKs, and tracking

• Website cookies: used for authentication, preferences, analytics, and fraud prevention. You can control cookies via your browser settings; disabling may affect functionality.
• Mobile SDKs: analytics, crash reporting, push notifications, and attribution (e.g., Firebase/Google services and similar).
• Do Not Track: our systems may not respond to DNT signals; you can use in-app settings and OS-level controls.

12) Third-party links & content

Our Platform may link to third-party sites/apps. Their privacy practices are governed by their own policies. We are not responsible for third-party content or data handling.

13) Special notes for roles

• Merchants/Sellers: we process your KYC, bank/UPI (tokenized), store details, product catalog, pricing, inventory, and order/settlement data for onboarding, compliance, payouts, analytics, and fraud prevention.
• Delivery Partners: we process identity/KYC, live/approximate location during duty, route and proof-of-delivery artifacts, device/telemetry, and optional call/SMS logs (via telephony integration) for allocation, navigation, safety, and compliance.

We do not rely on solely automated decision-making that produces legal effects about you without human review.

14) Grievance & contact

For questions, requests, or complaints (including DPDPA grievance):

Email: support@figeit.com
Postal: Figeit e-Marketplace Private Limited,
H.No.12-2-563, JYR Apartments, Flat No.502, Gudimalkapur,
Mehdipatnam, Hyderabad-500028, Telangana, India.

We aim to acknowledge grievances promptly and resolve them within timelines required by applicable law.

15) Changes to this Policy

We may update this Policy from time to time. Material changes will be notified in-app and/or on the Website (and by email where required). Your continued use after the effective date constitutes acceptance of the updated Policy.

16) Google Play “Data safety” mapping (summary)

Below is a high-level mapping to help ensure your Play Console form matches this Policy. Your actual selections in Play Console must reflect the SDKs/features you enable.

Data collected (may be linked to you):

• Personal info: name, email, phone, address, profile photo.
• Financial info: payment tokens/transaction IDs (via processors).
• App activity: pages viewed, in-app actions, search terms.
• App info & performance: crash logs, diagnostics.
• Device or other IDs.
• Location: approx/precise (for nearby stores & delivery).
• Photos/Media/Files: images you choose to upload; proof of delivery.
• Contacts (optional): for referrals/share (only with permission).

Purposes: app functionality, account management, payments, delivery, analytics, fraud prevention, communications, and (optional) marketing.
Data sharing: with service providers and partners as described; no sale of personal data.
Data deletion: supported (Section 9).
Encryption: data is encrypted in transit; additional safeguards applied.
User choice: permission controls and marketing opt-out available.

Developer note (keep internal)

• Ensure your Play Console Data Safety form selections and SDK declarations match this Policy.
• Implement/verify in-app account deletion flow (Section 9) before the next release.
• Maintain an internal list of third-party SDKs (Firebase/GA4, push provider, crashlytics, attribution, chat, maps) and update this Policy if you add/remove vendors.