Privacy Policy

Effective Date: May 15, 2026

OSTAAGAR ("we", "us", or "our") values the privacy of our Partners. This Privacy Policy explains how we collect, use, and protect information provided through the OSTAAGAR Partner App.

1. Information We Collect

  • Business Details: Name, GSTIN, PAN, Aadhaar Number, and business address.
  • Personal Details: Representative name, email address, and phone number.
  • Financial Details: Bank account information for payout processing.
  • Device & Permissions: App version, OS type, device identifiers, and Camera access for document uploads.
  • Contacts Data: Used locally for the "Invite Partners" feature. Contacts are not stored unless invitations are sent.
  • Location Data: Used for order pickup coordination, logistics optimization, and order status tracking.

2. How We Use Your Data

  • Verify business authenticity and onboarding.
  • Enable order processing and fulfillment.
  • Process financial settlements and payouts.
  • Provide push notifications and service updates.
  • Improve app functionality and fix technical issues.
  • Comply with applicable laws and tax regulations.

3. Data Security and Storage

We implement industry-standard security measures, including encrypted communication and secure APIs, to safeguard business information.

Although we strive for maximum security, no internet transmission method is completely secure.

4. Sharing of Information

We do not sell business data to third parties. Information may be shared only with:

  • Logistics partners for deliveries and pickups.
  • Payment gateways for payout processing.
  • Government authorities when legally required.
  • Third-party services including Firebase Analytics, Crashlytics, and Play Integrity services.

5. Your Rights and Access

Partners may access and update business profiles from within the App settings. Requests related to account deletion or data portability may be submitted to our support team.

6. Consent & Registration

Registration for the OSTAAGAR Partner App requires explicit acceptance of our Privacy Policy and Terms & Conditions. We log consent timestamps and IP address metadata for all registration, consent, and policy acknowledgment events.

Consent is mandatory before onboarding is completed and before any non-essential processing begins.

7. Data Principal Rights

  • Right to Access Data: Request a copy of the personal and business data we hold about you.
  • Right to Correction: Ask us to update inaccurate or incomplete information.
  • Right to Erasure: Request deletion of personal data where processing is no longer necessary or consent has been withdrawn.
  • Right to Withdraw Consent: Withdraw consent for processing where applicable. Withdrawal does not affect lawful processing completed before withdrawal.
  • Right to Grievance Redressal: Raise privacy or compliance concerns with our Grievance Officer.

8. Grievance Officer

Name: Surajit Mondal

Email: grievance@ostaagar.com

Response Time: We aim to respond within 7 business days.

Escalation Timeline: Complaints are escalated if not resolved within 30 calendar days.

9. Data Retention

Data is retained only as long as necessary for service delivery, legal compliance, dispute resolution, and fraud prevention.

Record Type Retention Period
Customer Account Data Until account deletion plus 3 years for regulatory recordkeeping
Seller Account Data Until account deletion plus 5 years for GST and audit requirements
KYC Documents 5 years from the date of verification
GST Records 8 years in line with Indian tax regulations
Order Records 7 years for transaction and compliance purposes
Financial Records 8 years to support payment settlement and audits
Account Deletion Requests 3 years for compliance validation and dispute resolution

10. Security & Data Protection

  • HTTPS: App and website traffic is encrypted using HTTPS.
  • Encryption at Rest: Sensitive information is encrypted in storage using industry-standard methods.
  • Password Hashing: Access credentials are protected using strong hashing algorithms.
  • Access Controls: Data access is restricted to authorized personnel and service providers.
  • Secure Backups: Backups are encrypted and retained in secure cloud environments.
  • Audit Logs: We maintain logs to detect and respond to unauthorized access or suspicious activity.

11. Cookies and Related Technologies

Essential cookies are required for the platform to function. Non-essential cookies are managed through our consent banner and may be rejected without affecting essential features.

12. Changes to this Policy

OSTAAGAR reserves the right to update this Privacy Policy. Material changes will be communicated through email or in-app notifications, and continued use after updates indicates acceptance.

Get Ready for OSTAAGAR

Register your interest for your business role and receive launch updates from our team.