OSTAAGAR Customer Privacy Policy

Effective From: May 2026

At Ostaagar (operated by Ostaagar Technologies Private Limited), we value the trust you place in us and are committed to protecting your privacy and business data. This Privacy Policy describes how we collect, use, and share information through our mobile application and related services.

1. Information We Collect

We collect several types of information from and about users of our App:

  • Business Information: Registered business name, GSTIN (Goods and Services Tax Identification Number), business category, and related documentation.
  • Personal Identifiers: Full name, primary email address, mobile phone number, and account credentials.
  • Delivery Data: Detailed shipping addresses, warehouse locations, and proximity data to manufacturing partners.
  • Transactional Data: Details of orders placed, payment methods used, purchase history, and commercial invoices.
  • Device & Usage Data: IP address, device type, operating system, and App interaction logs for performance monitoring and security.

2. How We Use Your Information

We use the collected data for the following purposes:

  • Marketplace Operations: Facilitating direct-from-factory wholesale transactions.
  • Order Fulfillment: Sharing necessary consignment details with manufacturing and logistics partners.
  • Support Services: Resolving inquiries via our help center and managing return requests.
  • Account Management: Verifying business eligibility and maintaining secure access.
  • Communications: Sending order status updates, security alerts, and optional business newsletters.
  • Analytics: Improving App functionality, optimizing supply chain routes, and analyzing wholesale trends.

3. Data Sharing and Disclosure

We do not sell your data. Information is shared only under the following circumstances:

  • To Partners: We share order details with factories (Sellers) and logistics providers to fulfill your procurement requests.
  • Service Providers: We use trusted cloud services such as Firebase and payment processors who are contractually obligated to protect your data.
  • Legal Requirements: Information may be disclosed when required by law, regulation, or legal process to protect our rights and the safety of users.

4. Data Security

We implement industry-standard security measures including HTTPS transport, encryption of sensitive information in transit and at rest, password hashing, access controls, secure backups, and audit logging. Our systems are designed to protect customer data from unauthorized access, alteration, disclosure, or destruction.

While we use best practices to safeguard your information, no internet-based service can be guaranteed completely secure. We continuously monitor, test, and update our systems to reduce risk.

5. Consent & Registration

By registering for the OSTAAGAR Buyer App, you provide explicit consent to our Privacy Policy and Terms & Conditions. We maintain records of consent timestamps and IP address metadata for all registration, consent, and policy acknowledgment events.

Consent is required before access to the App is granted and before any non-essential communications or processing begins.

6. Data Principal Rights

  • Right to Access Data: You may request details of the personal and business information we hold about you.
  • Right to Correction: You may ask us to correct any inaccurate or incomplete information.
  • Right to Erasure: You may request deletion of your data in accordance with applicable law and platform obligations.
  • Right to Withdraw Consent: You may withdraw consent for processing as permitted by law. Withdrawal will not affect processing already completed under consent.
  • Right to Grievance Redressal: You may raise concerns with our Grievance Officer if you believe your rights have been violated.

7. Grievance Officer

Name: Surajit Mondal

Email: grievance@ostaagar.com

Response Time: We aim to respond within 7 business days.

Escalation Timeline: Complaints are escalated if not resolved within 30 calendar days.

8. Data Retention

We retain data only as long as necessary to fulfill the purpose for which it was collected and to comply with legal obligations. The following retention schedule applies:

Record Type Retention Period
Customer Account Data Until account deletion plus 3 years for regulatory recordkeeping
Seller Account Data Until account deletion plus 5 years for GST and audit requirements
KYC Documents 5 years from the date of verification
GST Records 8 years in line with Indian tax regulations
Order Records 7 years for transaction and compliance purposes
Financial Records 8 years to support payment settlement and audits
Account Deletion Requests 3 years for compliance validation and dispute resolution

9. Security & Data Protection

  • HTTPS: All website pages and app communication use HTTPS encryption.
  • Encryption at Rest: Sensitive information is encrypted in storage using industry-standard methods.
  • Password Hashing: Passwords and authentication secrets are protected using secure hashing algorithms.
  • Access Controls: We limit access to personal data to authorized team members and service providers.
  • Secure Backups: Backups are encrypted and stored in secure cloud environments.
  • Audit Logs: We maintain audit logs to detect unauthorized access and support incident response.

10. Cookies and Related Technologies

We use essential cookies to operate the site and manage user sessions. Non-essential cookies are controlled through a consent banner, and you may reject them without impacting essential service functionality.

11. Changes to This Policy

Ostaagar may update this Privacy Policy periodically. Continued use of the App after policy updates constitutes acceptance of the revised policy.

Get Ready for OSTAAGAR

Register your interest for your business role and receive launch updates from our team.