1. Information We Collect

A. Information You Provide Directly

When you register, shop, apply as a seller, or interact with our platform, you voluntarily share information with us. This includes:

• Account Details: Full name, email address, phone number, date of birth, profile photo, and password (stored as a one-way cryptographic hash).
• Address Information: Shipping and billing addresses, including street, city, state, PIN code, and country.
• Payment Information: Payment method details processed securely through PCI-DSS compliant gateways (Razorpay, Stripe). We never store full card numbers on our servers.
• Communication Records: Messages sent to our support team, reviews, ratings, or any content you post on the Platform.
• Business Information (Sellers): GSTIN, business registration documents, bank account details for payouts, store name, and product listings.
• Influencer Profile (Creators): Social media handles, audience reach data (with your consent), tax forms, and payout banking details.

B. Information Collected Automatically

When you use our Platform, we automatically collect technical and behavioral data:

• Device & Browser Data: Device model, operating system version, browser type, screen resolution, and unique device identifiers (e.g., advertising IDs on mobile).
• Usage Data: Pages visited, features used, time spent, click patterns, search queries, and cart activity.
• Log Data: IP address, HTTP request logs, error reports, and timestamps of all interactions with our servers.
• Location Data: Approximate location derived from your IP address. Precise GPS location is accessed only with your explicit permission via device settings.

C. Information from Third Parties

• Social Sign-In: If you log in using Google or Apple, we receive your name, email, and profile photo from those providers, based on your consent to those platforms.
• Fraud Prevention Partners: We receive risk signals and device reputation data from security services to detect and prevent fraudulent activity on our platform.
• Analytics Providers: Aggregated behavioral metrics are enhanced with data from analytics integrations like Firebase.

2. How We Use Your Information

We use your personal information only for legitimate purposes tied to delivering, improving, and protecting our Platform:

3. Legal Bases for Processing

Where applicable under GDPR and similar regulations, we process your personal data under the following legal bases:

• Contractual Necessity: Processing required to fulfill your order, manage your account, or perform any service you have requested from us.
• Legitimate Interests: Fraud detection, platform security, product improvement, and internal business analytics, where these interests are not overridden by your rights.
• Legal Obligation: Compliance with tax laws, financial regulations (KYC/AML), court orders, and statutory requirements.
• Consent: Marketing communications, optional personalization features, and any processing you have explicitly opted into. You may withdraw consent at any time without affecting the lawfulness of prior processing.

4. Information Sharing and Disclosure

We do not sell your personal data. We share your information only in the circumstances described below:

• Sellers and Delivery Partners: When you place an order, your name, shipping address, and contact number are shared with the relevant seller and logistics partner to fulfill delivery.
• Payment Processors: Billing information is transmitted to our PCI-DSS compliant payment gateways (Razorpay, Stripe) to process transactions. These processors handle payment data under their own privacy policies.
• Cloud & Infrastructure Providers: Our Platform infrastructure is hosted on AWS and Google Cloud Platform. All data stored on these services is subject to strict contractual data processing agreements.
• Analytics & Marketing Services: Aggregated or pseudonymized data may be shared with analytics tools (Firebase, Mixpanel) and advertising platforms to measure campaign performance and improve targeting.
• Legal Authorities: We may disclose your information to government agencies, courts, or law enforcement if required by a valid legal order, subpoena, or applicable law.
• Business Transfers: In the event of a merger, acquisition, or sale of company assets, user data may be transferred as part of the transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.

5. Cookies and Tracking Technologies

We use cookies and similar technologies to provide a seamless experience and gather analytics. The types of cookies we use:

You can manage cookie preferences via your browser settings or our cookie consent banner. Disabling non-essential cookies does not affect core shopping functionality.

6. Data Security

We implement industry-standard technical and organizational security measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction:

• Encryption in Transit: All data exchanged between your device and our servers is encrypted using TLS 1.3.
• Encryption at Rest: Sensitive database fields (including payment tokens and personal identifiers) are encrypted at rest using AES-256.
• Access Control: Internal access to production data is governed by role-based access control (RBAC), and all access is logged and monitored.
• Vulnerability Management: We conduct regular security audits, dependency vulnerability scans, and periodic penetration testing by accredited third-party firms.
• Incident Response: In the event of a data breach affecting your rights, we will notify you and relevant authorities within 72 hours as required by applicable law.

7. Data Retention

We retain your personal data only as long as necessary to fulfil the purposes outlined in this policy:

• Active Accounts: Profile data, preferences, and order history are retained for the duration your account is active.
• Deleted Accounts: Upon deletion, personal profile data is removed from live systems within 30 days. Encrypted backups are purged within 60 days.
• Financial Records: Transaction records, GST invoices, and tax-related data are retained for a minimum of 7 years as required under the Income Tax Act and GST laws of India.
• Support Records: Customer support conversation logs may be retained for up to 2 years to resolve disputes and improve service quality.
• Anonymized Analytics: Behavioral analytics data, once anonymized, may be retained indefinitely for research and product improvement purposes.

8. International Data Transfers

Our servers are primarily located in India. However, some of our third-party service providers (e.g., AWS, Google Cloud, Stripe) may store or process your data internationally. When such transfers occur:

• We ensure that data processors outside India provide an equivalent level of data protection through formal Data Processing Agreements (DPAs).
• For transfers to recipients in the EU/EEA, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission.
• All transfer mechanisms comply with applicable cross-border data transfer regulations, including the IT Act 2000, GDPR, and the Digital Personal Data Protection Act (DPDPA) 2023 of India.

9. Your Privacy Rights

Depending on your location, you have the following rights regarding your personal data. To exercise any of these rights, contact us at privacy@localforvocalstartup.com.

We will respond to all verifiable requests within 30 days. In complex cases, this may be extended by an additional 30 days with notice.

10. Children's Privacy

Our Platform is intended for users aged 18 and above. We do not knowingly collect personal data from individuals under the age of 13. If we become aware that a child under 13 has provided us with personal information without verifiable parental consent, we will take immediate steps to delete such data. Parents who believe their child has submitted data to our Platform should contact us at privacy@localforvocalstartup.com.

11. Third-Party Links

Our Platform may contain links to third-party websites, social media platforms, or partner services. We are not responsible for the privacy practices of those entities. This Privacy Policy applies solely to data collected through our own Platform. We encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our data practices, business operations, or legal requirements. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page.
• Display a prominent notice on the website or app for at least 14 days.
• Send an email notification to your registered email address for significant changes affecting your rights.

Your continued use of the Platform after such notifications constitutes acceptance of the revised policy.

13. Contact & Grievance Redressal

For any privacy-related questions, data subject requests, or complaints, please contact our Grievance Officer:

If you are unsatisfied with our response, you may lodge a complaint with the relevant data protection authority in your jurisdiction.