Privacy Policy – TiffinBlox Kitchen (Vendor App)

IncantoTechnologies LLP ("Company", "we", "our", or "us") operates the TiffinBlox Kitchen mobile application in India. This Privacy Policy describes how we collect, use, store and protect your personal and business data when you use the TiffinBlox Kitchen vendor app.

By registering or using the app, you consent to the practices described in this Privacy Policy.

1. Personal Data We Collect

We collect only the data necessary to onboard vendors and facilitate food order processing and payouts.

a) Mobile Phone Number

• Collected during registration.
• Used for OTP‑based login authentication.
• Used for account verification and communication.

b) Business / Address Information

• Apartment / Kitchen address.
• Flat / Unit number (if applicable).

Collected for operational coordination and order fulfilment purposes.

c) UPI Information (Financial Details)

• UPI ID linked to vendor account.

This information is:

• Collected solely for processing payouts and financial transactions.
• Stored in encrypted format in our secure database.
• Not shared with external parties except as required to complete payment transactions through authorized banking/payment systems.

d) FSSAI License Information

• FSSAI License Number.
• FSSAI Registration details (if applicable).

This information is collected:

• For regulatory compliance under Indian food safety laws.
• To verify that vendors are legally authorized to operate.
• For internal record‑keeping and compliance management.

FSSAI information:

• Is securely stored in our database.
• Is not sold, rented, or shared with external third parties.
• May be disclosed only if required by law, regulatory authority, or government order.

e) Geo Location Data (User‑Provided)

When a vendor adds a new apartment or delivery location, we may collect:

• Apartment geographic location (such as map‑selected location or coordinates, if provided).
• Location details necessary to identify the delivery area.

Important:

• Geo location is collected only when the user manually provides or selects the location.
• We do not track real‑time background location.
• We do not continuously monitor user movement.
• Location data is used solely for delivery accuracy and service availability checks.
• Currently adding new apartment functionality is disabled.

f) Limited Technical Data

We may automatically collect:

• Device type.
• App version.
• Operating system version.

This is used for performance monitoring and security.

2. Purpose of Data Collection

Vendor data is processed for:

• Account registration and OTP authentication.
• Vendor onboarding and verification.
• Order management and coordination.
• Processing payouts via UPI.
• Customer and vendor support.
• Legal and regulatory compliance.

We do not use vendor data for unrelated marketing or advertising purposes without consent.

3. Legal Basis for Processing (India)

Under applicable Indian laws, we process vendor data:

• Based on consent provided during registration.
• For performance of contractual obligations (vendor partnership).
• To comply with legal and financial regulations.

You may withdraw consent by requesting account closure (subject to settlement of pending obligations).

4. Data Sharing and Disclosure

We respect vendor confidentiality.

• We do not sell, rent, or trade vendor personal, geo location or financial data.
• UPI details are not publicly visible.
• Financial data is used only for payout processing.
• Data may be disclosed if required by law, court order, or regulatory authority.
• Images are stored securely using encrypted connections (HTTPS).
• We do not sell or share your images with third parties.
• Images are used only for app‑related functionality.

Where payment processing systems are involved, only the minimum necessary information is transmitted securely.

5. Data Security Measures

We implement reasonable security practices under Indian IT laws.

• UPI information is stored in encrypted format.
• Geo location data is stored in encrypted form in our secure database.
• Data transmission is secured via HTTPS encryption.
• Access to sensitive data is restricted to authorized personnel.
• Internal systems follow access control and data protection standards.

While we maintain high security standards, no digital system can guarantee absolute security.

6. Data Retention

Vendor data is retained:

• For the duration of the vendor relationship.
• As required for financial, tax, and legal compliance.
• For dispute resolution purposes.

Upon account termination, data will be deleted or anonymized within a reasonable time, unless retention is legally required.

7. Children’s Policy

The TiffinBlox Kitchen app is strictly intended for individuals 18 years and older.

• We do not knowingly allow minors to register as vendors.
• If we discover that a minor has registered, the account will be terminated and associated data deleted.

8. Vendor Rights

Subject to applicable law, vendors may:

• Request access to their stored data.
• Request correction of inaccurate information.
• Request account closure and data deletion.
• Withdraw consent for data processing.

Requests may be submitted via the contact information below.

9. Third‑Party Infrastructure

We do not use third‑party advertising networks in the TiffinBlox Kitchen app. If cloud hosting or secure infrastructure providers are used, they process data only for storage and security purposes under confidentiality obligations.

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Changes will be reflected by updating the “Last Updated” date. Continued use of the app after updates constitutes acceptance of the revised policy.

11. Contact Information

For any privacy‑related questions or requests:

Company Name: IncantoTechnologies LLP
Email: info@tiffinblox.com