Privacy Policy

1. Scope and legal compliance

This Policy is written to comply with applicable Indian law relating to digital personal data, including the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000 and the rules made thereunder (including the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011), and to meet the expectations of the Apple App Store and Google Play policies for apps distributed through their platforms.

Application-Specific Privacy Policies

This Privacy Policy describes the general privacy practices of Gor Technologies Private Limited across its websites, products, and services.

Certain mobile applications, platforms, or services offered by the Company may be governed by app-specific or service-specific privacy policies that describe data collection, use, disclosure, and retention practices unique to those applications or services.

In the event of any conflict or inconsistency between this Privacy Policy and an app-specific or service-specific privacy policy, the app-specific or service-specific privacy policy shall prevail solely with respect to that application or service.

Users are encouraged to review the applicable app-specific or service-specific privacy policy before installing or using any mobile application or service.

2. Definitions

• Personal data / personal information: Any data about an individual who is identifiable by or in relation to such data, whether directly or indirectly, in accordance with applicable law.
• Sensitive personal data / information (SPDI): Personal data that is classified as sensitive under applicable Indian law and subject to enhanced protection requirements.
• Data fiduciary: The entity that determines the purpose and means of processing personal data (the Company).

3. Categories of personal data we collect

We collect the following categories of personal data as required and in proportion to the purpose:

• a. Identifiers & contact data — name, email address, postal address, phone number, profile photo.
• b. Account & authentication data — username, hashed password, authentication tokens, device identifiers.
• c. Transactional data — payment, billing, purchase history (only when you make purchases).
• d. Usage and diagnostics — app usage logs, crash reports, performance metrics, IP address, device and OS information, analytics IDs.
• e. Location data — approximate or precise location only if you grant permission.
• f. Sensitive categories — we only collect sensitive personal data where strictly necessary (e.g., health details for a health feature) and after explicit consent; such data is handled under higher protection controls.

4. How we collect personal data

We collect personal data through the following methods:

• Information you provide to us directly, such as when you create an account, contact us, subscribe to services, or make a purchase.
• Information collected automatically when you use our website or applications, including through cookies, analytics tools, and similar technologies, to ensure functionality, security, and performance.
• Information received from trusted third parties, such as payment processors and identity providers (for example, OAuth-based sign-in services), when you choose to use those services to authenticate or complete transactions.

5. Purposes of processing and legal basis

We process personal data for the following purposes (legal basis shown where applicable under Indian law):

1. Provision of services & account management — to create/operate your account, authenticate users, fulfill orders, and provide customer support. (Contractual / Consent).
2. Product improvements & analytics — to analyze usage, improve features and performance. (Legitimate business interest / Consent).
3. Communications — to send transactional notices, updates, marketing (only with consent where required). (Consent / Contractual).
4. Security & fraud prevention — to detect and prevent abuse, secure accounts and services. (Legitimate interest).
5. Legal & regulatory compliance — to comply with legal obligations or respond to lawful requests. (Legal obligation).
6. Personalization & advertising — only with explicit consent where required by platform rules (see section on tracking & advertising). (Consent).

We will collect and process only the minimum personal data necessary for the stated purpose and will not process data for unrelated purposes without notice and legal basis.

6. Use of third parties, SDKs and processors

We may share personal data with third-party service providers (data processors) engaged to perform specific services on our behalf, including payment processing, cloud infrastructure and hosting, analytics and measurement, push notifications, crash reporting, customer support, and security monitoring.

Such service providers are contractually required to process personal data only on our documented instructions and to implement appropriate technical and organizational measures to protect personal data.

If you choose to sign in or authenticate using third-party identity providers (for example, Google or Apple), we may receive certain account or profile information from those providers as permitted by your privacy settings with them. We encourage you to review their respective privacy policies to understand what information they share.

7. International data transfers

We may process and store personal data on servers located in India or in other jurisdictions where we or our authorized service providers operate, solely to operate and support our services.

Where personal data is transferred outside India, we ensure that such transfers are carried out in accordance with applicable Indian law and are subject to appropriate contractual and technical safeguards.

8. Data retention

We retain personal data only as long as necessary to fulfill the purposes for which it was collected (including legal, tax, accounting and reporting obligations). When data is no longer required, we will securely delete or anonymize it, unless retention is required by law.

9. Security measures

We implement reasonable security practices and procedures appropriate to the sensitivity of the data (access controls, encryption in transit and at rest where feasible, vulnerability management, monitoring and logging) consistent with the Information Technology Rules (SPDI Rules, 2011) and obligations under the DPDP Act. However, no system is completely secure — if we become aware of a personal data breach that is likely to cause harm, we will take prompt steps to contain it and notify affected individuals and the relevant authorities as required by applicable law.

10. Children and minors

Some of our services may be available to the general public and are not specifically directed at children. Where a service is not intended for children, we do not knowingly collect personal data from children without verifiable parental or guardian consent, as required by applicable law.

Where a service is intended for or may be used by children, we process personal data in accordance with applicable legal requirements and platform policies, including implementing appropriate safeguards and consent mechanisms.

If we become aware that personal data of a child has been collected in a manner inconsistent with applicable law, we will take appropriate steps to delete or remediate such data.

11. Cookies, tracking technologies, and platform disclosures

We use cookies and similar technologies on our website to enable core functionality, enhance security, and understand how the site is used.

Our mobile applications may use analytics and other software development kits (SDKs) to measure performance, diagnose issues, and improve user experience. Such technologies are used in accordance with applicable platform requirements and user consent settings.

Where a mobile application includes advertising or tracking technologies that require consent (for example, personalized advertising or cross-app tracking), we will obtain user consent where required and provide a clear mechanism to manage or withdraw such consent.

For each mobile application, we provide accurate and complete disclosures regarding data collection and use in the Apple App Store “App Privacy” section and the Google Play Data Safety section, along with a link to the applicable privacy policy.

12. Your rights and how to exercise them

Under applicable Indian law (DPDP Act) you have certain rights as a data principal in relation to your personal data, including:

• Right to access information about personal data processed about you.
• Right to correction, completion or updating of inaccurate or incomplete data.
• Right to erasure of personal data, subject to lawful retention requirements.
• Right to withdraw consent where processing is based on consent.
• Right to grievance redressal and to lodge complaints.
• Right to portability where applicable.

To exercise any of these rights, contact our Grievance Officer using the contact details below. We will respond within the timelines required under applicable law.

13. Grievance officer / contact information

If you have questions, requests, or complaints about this Policy or our data practices, please contact:

(Please provide the full details of your request and a copy of an identity document if required to process access or correction requests.)

14. Third-party links and services

Our services may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. Please review their privacy policies before providing personal data.

15. Changes to this Policy

We may update this Policy to reflect changes in law, our services, or business practices. We will post the revised Policy with a new “Last updated” date and, where required, provide notice to users. Your continued use of the services after the Policy’s effective date constitutes acceptance of the updated Policy.

16. App Store & Google Play specific compliance

• Apple App Store: We commit to accurately declare our app’s data collection in App Store Connect’s App Privacy section, to respect Apple’s permission model (including not attempting to manipulate consent prompts), and to provide a privacy policy URL in our App Store listing.
• Google Play: We will publish a privacy policy URL in the Play Store listing and ensure our Play Console data declarations are complete and accurate. Where Google requires policies for specific app categories (e.g., apps that request sensitive permissions, security or anti-virus functionality), we will meet those additional requirements.

17. Representative / Data Protection Officer (if applicable)

Where required (for example, if we qualify as a Significant Data Fiduciary under applicable law), we will appoint a Data Protection Officer or an equivalent responsible person and publish contact details in this Policy.

18. Governing Law and Jurisdiction

This Policy shall be governed by and construed in accordance with the laws of India. Subject to applicable law, the courts at Ahmedabad, Gujarat, shall have exclusive jurisdiction over any disputes arising out of or relating to this Policy or the use of our services.

19. Acceptance

By using our services, you acknowledge that you have read and understood this Privacy Policy and consent to our collection, use and disclosure of personal data as described.