Privacy Policy | Aikya Mart

1. Scope and Data Roles

This Privacy Policy applies to personal data processed through Aikya Mart websites, apps and support channels.
Aikya Mart acts as a platform operator for account, security and service administration data; participating vendors act as independent data handlers for customer order/payment/delivery execution under their own obligations.
Where vendors collect additional personal data outside Aikya Mart systems, those activities are governed by vendor policies and applicable law.
This policy is intended to align with applicable Indian data-protection and cyber laws, including the Digital Personal Data Protection Act, 2023 (as notified/amended), the Information Technology Act, 2000 and related rules.

We collect account information such as full name, email address, phone number, login metadata and profile details.
For vendors, we collect business information such as business name, business address, pincode, contact details, category information and onboarding documents where required.
We collect technical and usage data such as IP address, device/browser identifiers, session logs, feature interaction events and support communications.

We process data to perform contractual services such as account management, service delivery, support and platform communications.
We process data for legitimate interests including fraud prevention, abuse detection, security hardening, analytics and service quality improvements.
We process data to comply with legal obligations, enforce terms/policies and respond to lawful governmental or regulatory requests.
Where consent is required under applicable law, consent may be obtained through signup, settings controls, notices or in-product consent mechanisms.

We share required order and contact details between customer and vendor to enable transaction coordination on the platform.
Aikya Mart does not process end-customer payments on behalf of vendors; payment data is exchanged directly between customer and vendor or their chosen channels.
We may share data with infrastructure, analytics, communication and support service providers under contractual confidentiality and security controls.
We may transfer data across jurisdictions where necessary for service operations, subject to reasonable safeguards and applicable law.
We may disclose data where required by law, court order, regulatory direction, or to protect rights, safety and platform integrity.
Sensitive personal data handled under applicable legacy frameworks (including rules under the IT Act, where applicable) is managed with additional care controls.

We implement reasonable technical and organizational safeguards including access controls, logging and security monitoring.
Information is retained for operational, legal, audit and dispute-resolution needs, and deleted or anonymized when no longer necessary.
No internet-based system is fully risk-free; users and vendors must protect credentials and report suspected account misuse immediately.
Where legally required, material security incidents are handled through internal response protocols and notified through appropriate channels.

Users may request access, correction or deletion of eligible personal data subject to applicable law and recordkeeping obligations.
Users may withdraw optional marketing consent at any time; service-critical communications may still be sent for account, legal or security reasons.
Where applicable, users may exercise consent-management and grievance rights available under Indian data-protection law through support channels.
Users may contact support for privacy concerns and grievance escalation.
Material privacy policy updates will be published on the platform with a revised last-updated date.