Privacy Policy
The Short Version
- 📍 We use your location only to show nearby vendors — never tracked in background
- 📵 We do not sell your data to anyone
- 🔐 Your phone number is used for OTP sign-in via Firebase only
- 🗑️ You can delete your account and data at any time
- 📋 Governed by the Digital Personal Data Protection Act, 2023
1. Who We Are (Data Fiduciary)
Pradeshik is operated by Neotech, incorporated under the laws of India, with its registered office at 21, Rishabh Vihar, Modinagar, Uttar Pradesh, India (the "Company").
Under the Digital Personal Data Protection Act, 2023, Pradeshik is the Data Fiduciary — the entity that determines the purpose and means of processing your personal data.
Name: Aayush Bhardwaj
Email: admin@pradeshik.in
Address: 21, Rishabh Vihar, Modinagar, Uttar Pradesh, India
Response Time: Within 48 hours
2. What Data We Collect
Data You Provide Directly
| Data | Who | Purpose |
|---|---|---|
| Mobile phone number | Users & Vendors | Account creation, OTP authentication |
| Full name | Users & Vendors | Profile display |
| Email address | Users (optional) | Account recovery, communications |
| Saved addresses | Users | Location pre-fill, preferred delivery |
| Business name | Vendors | Listing on the platform |
| Business phone | Vendors | Customer contact and verification |
| GSTIN | Vendors | Business identity verification (Sensitive Data) |
| PAN | Vendors | Business identity verification (Sensitive Data) |
| Shop address & GPS | Vendors | Map listing, distance calculations |
| Product inventory | Vendors | Product listings visible to users |
Data Collected Automatically
| Data | How Collected | Purpose |
|---|---|---|
| Precise GPS (ACCESS_FINE_LOCATION) | Android permission | Show vendors near your location |
| Approximate GPS (ACCESS_COARSE_LOCATION) | Android permission | Fallback when precise GPS unavailable |
| Search queries | In-app activity | Product & vendor search results |
| Order history | Order placement API | Order tracking, history display |
| Favorites | In-app toggle | Personalised experience |
| App usage logs | Server-side monitoring | Performance monitoring, debugging |
| Device info (OS, model) | Firebase SDK | Crash reporting, compatibility |
| FCM token | Firebase SDK | Push notification delivery |
Data from Third Parties
| Source | Data Received | Purpose |
|---|---|---|
| Google Places API | Vendor name, rating, photos, place ID, business hours | Enrich vendor profiles with public data |
| Firebase Authentication | OTP verification result, phone auth token | Secure sign-in without passwords |
3. Why We Process Your Data
| Purpose | Legal Basis |
|---|---|
| Account creation and authentication | Your consent (given at sign-up) |
| Showing nearby vendors and products | Legitimate interest + location consent |
| Processing order history | Contract performance |
| Sending push notifications | Your consent (when you allow notifications) |
| Vendor verification (GSTIN, PAN) | Legitimate interest (platform integrity) |
| Improving the app and fixing bugs | Legitimate interest |
| Complying with legal obligations | Legal obligation |
We do not use your data for automated decision-making that produces legal effects without human review.
4. Location Data — Special Disclosure
The App requests the following Android permissions:
- ACCESS_FINE_LOCATION — Precise GPS (used to show vendors in your exact proximity)
- ACCESS_COARSE_LOCATION — Network-based approximate location (fallback)
- Home Screen — load vendors near you
- Vendor registration — pin shop location
- Search — calculate distance to vendor
- Not tracked in background
- Not shared in real-time with vendors
- Not stored persistently after session
You may deny location permission (default city view will be shown) and change it anytime via Android Settings → Apps → Pradeshik → Permissions.
5. How We Share Your Data
With Vendors (Limited)
When you place an order, the vendor receives your name, delivery address, and items ordered. The vendor does not receive your mobile number unless you call them directly from the app.
With Service Providers
| Provider | Service | Data Shared |
|---|---|---|
| Google Firebase | Authentication, push notifications, crash analytics | Phone number (auth), FCM device token |
| Google Places API | Vendor location enrichment | Vendor GPS coordinates, place IDs |
| Neo4j Aura | Cloud graph database | User & vendor profile data (encrypted at rest) |
Legal Disclosure
We may disclose data if required by a court order, lawful request by Indian law enforcement, or compliance with the DPDPA 2023.
6. Premium Vendor Disclosure
7. Data Retention
| Data Type | Retention Period |
|---|---|
| User account data | Until account deletion, or 3 years of inactivity |
| Order history | 7 years (GST/tax compliance) |
| Saved locations | Until removed or account deleted |
| Location data | Session-based — not stored persistently |
| Vendor GSTIN / PAN | Active account duration + 7 years (statutory) |
| Crash logs & server logs | 90 days |
| Deleted account data | Purged within 30 days, except where legally required |
8. Data Security
- Encryption in transit: All app-to-backend communication uses HTTPS/TLS
- Authentication: All API endpoints require a valid Firebase JWT token
- Database security: Neo4j Aura provides encryption at rest and role-based access
- GSTIN/PAN: Restricted access, accessible only to authorised Pradeshik team members
- No passwords stored: Phone-based OTP via Firebase — we never store passwords
9. Your Rights as a Data Principal
Under the DPDPA 2023, you have the following rights:
| Right | What It Means | How to Exercise |
|---|---|---|
| Right to Access | Request a copy of your personal data | Email our Grievance Officer |
| Right to Correction | Request correction of inaccurate data | Email or update in-app |
| Right to Erasure | Request deletion of your personal data | Email our Grievance Officer |
| Right to Withdraw Consent | Withdraw previously given consent | Email our Grievance Officer |
| Right to Grievance Redressal | Lodge a complaint about data processing | Grievance Officer responds within 48 hours |
| Right to Nominate | Nominate someone to exercise rights on your behalf | Contact our Grievance Officer |
To exercise any right, email us at: admin@pradeshik.in. We will respond within 30 days.
10. Children's Privacy
Pradeshik is intended for users aged 18 years and above. We do not knowingly collect personal data from children under 18. If you believe your child has provided us personal data, contact us at admin@pradeshik.in and we will delete such data promptly.
11. Push Notifications
The App may request the POST_NOTIFICATIONS Android permission to send push notifications via Firebase Cloud Messaging (FCM). You can withdraw consent at any time via Android Settings → Apps → Pradeshik → Notifications.
12. Changes to This Privacy Policy
When we make material changes, we will update the "Last Updated" date, notify you through a prominent in-app notice, and where required by law, seek fresh consent. Continued use of the App after changes constitutes acceptance of the updated policy.
13. Governing Law
This Privacy Policy is governed by the laws of India, including the Information Technology Act, 2000, SPDI Rules, 2011, and the Digital Personal Data Protection Act, 2023. Disputes shall be subject to the exclusive jurisdiction of the courts of Ghaziabad, India.
14. Contact Us
Aayush Bhardwaj
Pradeshik — Neotech
21, Rishabh Vihar, Modinagar, Ghaziabad, Uttar Pradesh, India - 201204
Email: admin@pradeshik.in
Phone: +91 98215 00220
Response time: 48 hours