At Ostaagar (operated by Ostaagar Technologies Private Limited),
we value the trust you place in us and are committed
to protecting your privacy and business data.
This Privacy Policy describes how we collect,
use, and share information through our mobile application
and related services.
1. Information We Collect
We collect several types of information
from and about users of our App:
-
Business Information:
Registered business name,
GSTIN (Goods and Services Tax Identification Number),
business category,
and related documentation.
-
Personal Identifiers:
Full name,
primary email address,
mobile phone number,
and account credentials.
-
Delivery Data:
Detailed shipping addresses,
warehouse locations,
and proximity data to manufacturing partners.
-
Transactional Data:
Details of orders placed,
payment methods used,
purchase history,
and commercial invoices.
-
Device & Usage Data:
IP address,
device type,
operating system,
and App interaction logs
for performance monitoring and security.
2. How We Use Your Information
We use the collected data
for the following purposes:
-
Marketplace Operations:
Facilitating direct-from-factory
wholesale transactions.
-
Order Fulfillment:
Sharing necessary consignment details
with manufacturing and logistics partners.
-
Support Services:
Resolving inquiries via our help center
and managing return requests.
-
Account Management:
Verifying business eligibility
and maintaining secure access.
-
Communications:
Sending order status updates,
security alerts,
and optional business newsletters.
-
Analytics:
Improving App functionality,
optimizing supply chain routes,
and analyzing wholesale trends.
3. Data Sharing and Disclosure
We do not sell your data.
Information is shared only
under the following circumstances:
-
To Partners:
We share order details
with factories (Sellers)
and logistics providers
to fulfill your procurement requests.
-
Service Providers:
We use trusted cloud services
such as Firebase
and payment processors
who are contractually obligated
to protect your data.
-
Legal Requirements:
Information may be disclosed
when required by law,
regulation,
or legal process
to protect our rights
and the safety of users.
4. Data Security
We implement industry-standard security measures including HTTPS transport,
encryption of sensitive information in transit and at rest,
password hashing, access controls, secure backups, and audit logging.
Our systems are designed to protect customer data from unauthorized access,
alteration, disclosure, or destruction.
While we use best practices to safeguard your information,
no internet-based service can be guaranteed completely secure.
We continuously monitor, test, and update our systems to reduce risk.
5. Consent & Registration
By registering for the OSTAAGAR Buyer App,
you provide explicit consent to our Privacy Policy and Terms & Conditions.
We maintain records of consent timestamps and IP address metadata for all
registration, consent, and policy acknowledgment events.
Consent is required before access to the App is granted and before any
non-essential communications or processing begins.
6. Data Principal Rights
- Right to Access Data: You may request details of the personal and business information we hold about you.
- Right to Correction: You may ask us to correct any inaccurate or incomplete information.
- Right to Erasure: You may request deletion of your data in accordance with applicable law and platform obligations.
- Right to Withdraw Consent: You may withdraw consent for processing as permitted by law. Withdrawal will not affect processing already completed under consent.
- Right to Grievance Redressal: You may raise concerns with our Grievance Officer if you believe your rights have been violated.
7. Grievance Officer
Name: Surajit Mondal
Email: grievance@ostaagar.com
Response Time: We aim to respond within 7 business days.
Escalation Timeline: Complaints are escalated if not resolved within 30 calendar days.
8. Data Retention
We retain data only as long as necessary to fulfill the purpose for which it was collected
and to comply with legal obligations. The following retention schedule applies:
| Record Type |
Retention Period |
| Customer Account Data |
Until account deletion plus 3 years for regulatory recordkeeping |
| Seller Account Data |
Until account deletion plus 5 years for GST and audit requirements |
| KYC Documents |
5 years from the date of verification |
| GST Records |
8 years in line with Indian tax regulations |
| Order Records |
7 years for transaction and compliance purposes |
| Financial Records |
8 years to support payment settlement and audits |
| Account Deletion Requests |
3 years for compliance validation and dispute resolution |
9. Security & Data Protection
- HTTPS: All website pages and app communication use HTTPS encryption.
- Encryption at Rest: Sensitive information is encrypted in storage using industry-standard methods.
- Password Hashing: Passwords and authentication secrets are protected using secure hashing algorithms.
- Access Controls: We limit access to personal data to authorized team members and service providers.
- Secure Backups: Backups are encrypted and stored in secure cloud environments.
- Audit Logs: We maintain audit logs to detect unauthorized access and support incident response.
10. Cookies and Related Technologies
We use essential cookies to operate the site and manage user sessions.
Non-essential cookies are controlled through a consent banner,
and you may reject them without impacting essential service functionality.
11. Changes to This Policy
Ostaagar may update this Privacy Policy periodically.
Continued use of the App after policy updates constitutes acceptance of the revised policy.