Privacy and Policies

1. Introduction and Scope

Kwikkit, a food delivery app by Aushadhiya Foods Private Limited (Referred alternatively as "App,"
"we," "us," or "our" here) operates primarily in Chandigarh, India. We operate a digital platform that
facilitates the ordering and delivery of food from various restaurants and food service providers
("Restaurants") to end-users ("Users" or "you"). Our Services include the mobile application, our
website located at kwikkit.in, and any related services, features, content, and applications offered by
us.

At Kwikkit, we are deeply committed to protecting your privacy and ensuring the security of your
personal information. This Privacy Policy ("Policy") outlines our practices regarding the collection,
use, processing, storage, disclosure, transfer, retention and protection of your Personal Information
and Sensitive Personal Data or Information (as defined under Indian law) when you access, register
for, or use our Services. This policy applies only to the information we collect through our Services, in
email, text and other electronic communications sent through or in connection with our Services and
does not apply to information that you provide to, or that is collected by, any third-party. We
encourage you to consult directly with such third-parties for information about their privacy
practices.

By using the Services, you represent and warrant that you are either at least 18 years of age or have
the express permission of a parent or legal guardian to use the Services. If you are a parent or legal
guardian of a minor who uses the Services, you are fully responsible for their use of the Services,
including any legal liability they may incur.

This Policy is designed to be fully compliant with applicable Indian laws, including but not limited to
the Information Technology Act, 2000, and the Information Technology (Reasonable Security
Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("IT Rules"). We
are also mindful of the principles of the proposed Digital Personal Data Protection Bill (DPDPB) and
strive to align our practices with its potential future requirements.

By accessing or using our Services and/or registering for an account with Kwikkit, you signify your
express consent to the collection, use, processing, storage, disclosure, transfer, retention and
protection of your information as described in this Privacy Policy. If you do not agree with the terms
outlined herein, we request that you not use or access our Services. Your continued use of the
Services after any changes to this Policy will constitute your acceptance of those changes. As detailed
elsewhere in this policy, we collect this information through various means, which include
information directly collected from you, automatically during your interaction with our Services
(utilizing technologies like cookies and tracking tools), and indirectly from third-party sources.

2. Definitions

To ensure clarity, the following terms used in this Policy shall have the meanings ascribed to them
below:

"Personal Information" (as defined under the IT Act, 2000) refers to any information that relates to a
natural person, which, either directly or indirectly, in combination with other information available or
likely to be available with a body corporate, is capable of identifying such person.

"Sensitive Personal Data or Information (SPDI)" (as defined under the IT Rules, 2011) refers to
Personal Information which consists of information relating to:

Password

Financial information such as Bank account or credit card or debit card or other payment instrument
details

Physical, physiological and mental health condition

Sexual orientation

Medical records and history

Biometric information

Any detail relating to the above as provided to body corporate for providing service; and

Any of the information received by body corporate for processing, stored or processed under lawful
contract or otherwise.

Provided that, any information that is freely available or accessible in public domain or furnished
under the Right to Information Act, 2005 or any other law for the time being in force shall not be
regarded as SPDI.

"User," "you," "your" refers to any individual accessing or using our Services.

"Restaurant" refers to the food service establishments listed on our App from which you can order
food.

"Delivery Partner" refers to independent contractors or third-party logistics providers who facilitate
the delivery of food orders.

"Services" refers to the food delivery application, website, and all related features, content, and
applications offered by [Your App Name].

"Processing" refers to any operation or set of operations which is performed on Personal Information
or on sets of Personal Information, whether or not by automated means, such as collection,
recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use,
disclosure by transmission, dissemination or otherwise making available, alignment or combination,
restriction, erasure or destruction.

3. Types of Information We Collect

We collect various types of information from and about you to provide, improve, and personalize our
Services. This information can be broadly categorized as follows:

3.1. Information You Voluntarily Provide to Us:

This includes information that you directly input into our App or provide to us through other forms of
communication.

Account Registration Information:

Full Name

Email Address

Mobile Phone Number (verified via OTP)

Password (encrypted)

Date of Birth (optional, for age verification or personalized offers)

Gender (optional, for personalization or analytics)

Profile Information:

Profile Picture (optional)

Dietary preferences, allergies, or restrictions (optional, for personalized recommendations and to
communicate with restaurants)

Preferred language

Order Information:

Delivery Address (including precise location, building number, street, landmark, city, state, pin-code)

Any specific delivery instructions (e.g., "leave at door," "ring bell")

Food items ordered, quantity, and specific customizations.

Recipient name and contact number (if different from your own, e.g., for gift orders).

Payment Information:

For online payments: We do not store full credit card numbers, debit card numbers, CVVs, or bank
account details on our servers. This Sensitive Personal Data is securely collected and processed
directly by our PCI-DSS compliant third-party payment gateway partners (e.g., Cashfree, Razorpay,
etc). We only receive a tokenized version of your payment instrument or a confirmation of payment
success/failure.

Communications and Customer Support:

Content of your messages to customer support (via chat, email, or phone calls, which may be
recorded for quality and training purposes).

Feedback, reviews, ratings, and testimonials you provide about Restaurants, Delivery Partners, or our
Services.

Responses to surveys, questionnaires, or participation in contests and promotions.

Referral Information:

If you invite others to use our Services, we may collect their name and contact information to send
an invitation, and track the success of our referral programs.

3.2. Information We Collect Automatically:

When you access and use our Services, certain information is automatically collected through
technology.

Location Information:

Precise Location: If you enable location services on your device, we collect precise real-time location
data (e.g., GPS, Wi-Fi, cellular network triangulation) to identify your current location for order
delivery, display nearby restaurants, and enhance delivery efficiency. You can disable precise location
collection through your device settings, but this may impact the functionality of the App (e.g., you
might need to manually enter your delivery address).

Approximate Location: Even if precise location is disabled, we may infer your approximate location
from your IP address or mobile network information.

Device Information:

Hardware model, operating system version, unique device identifiers (e.g., IMEI, MAC address,
Advertising ID), device settings, mobile network information, and crash data.

Browser type, language, and other browser-related information.

Usage and Log Data:

Details of how you use our Services, including search queries, pages viewed, features accessed, time
spent on the App/website, click stream data, access dates and times.

Server log files, which may include your IP address, browser type, referring/exit pages, and
timestamps.

Cookies and Similar Technologies:

We use cookies, web beacons, pixels, and other tracking technologies to collect information about
your browsing activities, preferences, and interactions with our Services.

These technologies help us remember your preferences, keep you logged in, analyze trends, track
user movements, and gather demographic information about our user base.

You can control the use of cookies at the individual browser level, but if you choose to disable
cookies, it may limit your use of certain features or functions on our Services.

3.3. Information We Collect from Third Parties:

We may receive information about you from other sources, including:

Social Media Platforms: If you link, connect, or log in to our App with a third-party service (e.g.,
Google, Facebook), the social media platform may send us information such as your registration and
profile information from that service (e.g., name, email, profile picture). The information we receive
depends on your privacy settings with that platform.

Payment Gateway Partners: As mentioned, they provide us with payment confirmation and
transaction details (excluding SPDI like full card numbers).

Marketing and Analytics Partners: We may receive aggregated or anonymized demographic and
interest data from third-party marketing and analytics providers to better understand our user base.

Publicly Available Sources: In some cases, we may collect information from publicly accessible
databases to verify or enhance the information we hold about you.

4. How We Use Your Information (Purposes of Processing)

We collect and process your information for a variety of legitimate business purposes, including:

4.1. Core Service Provision:

Account Management: To create and maintain your user account, verify your identity, and manage
your preferences.

Order Fulfillment: To process your food orders, communicate your order details to the chosen
Restaurant, and facilitate delivery by assigning a Delivery Partner.

Payment Processing: To facilitate secure online payment transactions with our payment gateway
partners.

Customer Support: To provide assistance, respond to your inquiries, resolve issues, and manage
complaints related to orders, deliveries, or the App's functionality.

Personalization: To customize your experience on the App, including displaying relevant restaurant
recommendations, promotions, and content based on your past orders, preferences, and location.

4.2. Service Improvement and Development:

Analytics and Research: To analyze usage patterns, monitor user engagement, identify popular
features, understand market trends, and conduct internal research to improve our Services, user
interface, and overall user experience.

Product Development: To develop new features, services, and functionalities based on user feedback
and market demands.

Troubleshooting: To diagnose and fix technical issues, maintain the security and operational stability
of our App and systems.

4.3. Communication and Marketing:

Transactional Communications: To send you essential updates related to your orders (e.g., order
confirmation, status updates, delivery notifications), account-related information (e.g., password
reset, policy updates), and customer service responses.

Promotional and Marketing Communications: To send you promotional offers, discounts,
newsletters, and information about new Restaurants or features that we believe may be of interest
to you. You can opt-out of these communications at any time (see Section 6).

Surveys and Feedback: To solicit your feedback on our Services, Restaurants, and Delivery Partners to
further improve our offerings.

4.4. Safety, Security, and Legal Compliance:

Fraud Prevention: To detect and prevent fraudulent activities, unauthorised access, and misuse of
our Services.

Security Measures: To ensure the security and integrity of our systems and data, including
monitoring for suspicious activities and implementing access controls.

Legal Compliance: To comply with applicable laws, regulations, legal processes, and governmental
requests, including responding to court orders or subpoenas.

Enforcement of Terms: To enforce our Terms of Service and other agreements with you.

Protection of Rights: To protect the rights, property, or safety of Kwikkit, our Users, Restaurants,
Delivery Partners, or the public, as required or permitted by law.

5. Disclosure and Sharing of Your Information

We may share your Personal Information and SPDI with third parties in the following circumstances
and for the purposes outlined below. We only share information necessary for the specific purpose
and ensure that adequate data protection safeguards are in place.

5.1. With Service Providers and Business Partners:

Restaurants: Your order details (food items, special instructions), your name, and delivery address
are shared with the Restaurant to prepare and fulfil your order. Your phone number may also be
shared to facilitate communication regarding your order.

Delivery Partners: Your name, delivery address, phone number, and order details are shared with the
Delivery Partner to facilitate the delivery of your order. They may also be able to see your
approximate location while en route.

Payment Gateway Providers: As stated, your payment SPDI is shared directly with PCI-DSS compliant
payment gateways for secure transaction processing. We do not retain full SPDI on our servers.

Cloud Hosting Providers: We use third-party cloud service providers (e.g., AWS, Google Cloud, Azure)
to host our application, website, and store data securely.

Customer Support Providers: Third-party services that assist us in managing customer inquiries,
chats, and calls.

Analytics Providers: Services that help us analyse user behaviour and app performance (e.g., Google
Analytics, Mixpanel, Firebase). This data is often anonymised or aggregated.

Marketing and Advertising Partners: We may share aggregated or anonymised data with advertising
networks to target relevant advertisements to you on other platforms.

Security Partners: Providers that help us with fraud detection and security monitoring.

5.2. For Legal and Regulatory Reasons:

Law Enforcement and Government Authorities: We may disclose your information when we believe
in good faith that such sharing is reasonably necessary or if required to do so by law or in response to
valid requests by public authorities, including but not limited to court orders, subpoenas, or requests
from government agencies investigating illegal activities.

Compliance with Laws: To comply with applicable Indian laws and regulations (e.g., IT Act, 2000, and
IT Rules, 2011), and to cooperate with regulatory bodies.

Protection of Rights: To protect and defend the rights, property, or safety of Kwikkit, our Users,
employees, or the public, including enforcing our Terms of Service.

5.3. Business Transfers:

In the event of a merger, acquisition, sale of assets, reorganisation, bankruptcy, or similar corporate
transaction, your Personal Information may be transferred to a successor entity or acquirer, subject
to appropriate confidentiality and data protection obligations. We will notify you via email and/or a
prominent notice on our App of any such change in ownership or control of your Personal
Information.

5.4. With Your Consent:

We may share your information with third parties for any other purpose where you have provided
your explicit consent.

5.5. Aggregated and Anonymised Data:

We may share aggregated or anonymised data that cannot be reasonably used to identify you with
third parties for various purposes, including research, analytics, marketing, and business
development. For instance but not limited to, we might share statistics on the most popular dishes in
a city.

6. Your Rights and Choices Regarding Your Information

We respect your privacy rights and provide you with mechanisms to control your Personal
Information. Under Indian law (specifically the IT Rules, 2011), you have certain rights, and we are
committed to facilitating their exercise.

6.1. Right to Access and Review:

You have the right to request access to the Personal Information we hold about you. Upon request,
we will provide you with a copy of your Personal Information in a commonly used electronic format,
subject to verification of your identity.

6.2. Right to Correction/Rectification:

You have the right to request that we correct or update any inaccurate or incomplete Personal
Information we hold about you. You can typically update much of your profile information directly
through your App settings. For other corrections, please contact our Grievance Officer.

6.3. Right to Withdrawal of Consent (Opt-Out):

You have the right to withdraw your consent for the collection and processing of your Personal
Information, including SPDI, at any time. However, please note that withdrawing consent may limit or
prevent your access to certain features or the full functionality of our Services. For example,
withdrawing consent for location data may require manual address entry, and withdrawing consent
for essential information like your phone number may lead to account deactivation.

Marketing Communications: You can opt-out of receiving promotional emails by clicking the
"unsubscribe" link at the bottom of such emails. You can also manage notification preferences within
the App settings.

Location Services: You can disable location services through your device settings.

Cookies: You can manage cookie preferences through your browser settings.

6.4. Right to Deletion (Erasure):

You have the right to request the deletion of your Personal Information that we hold, subject to
certain legal obligations or legitimate business interests that require us to retain some information

(e.g., for transaction records, fraud prevention, or legal compliance). Upon receiving a valid deletion
request, we will take reasonable steps to delete your Personal Information from our active
databases.

6.5. Account Deactivation/Deletion:

You may deactivate or delete your account at any time through the App settings or by contacting our
customer support. Upon deactivation, your profile will no longer be visible. Upon deletion, we will
initiate the process of deleting your Personal Information, subject to the retention policies
mentioned in Section 8.

6.6. Grievance Redressal:

For any concerns or complaints regarding your privacy rights or the handling of your Personal
Information, please contact our designated Grievance Officer (details in Section 13).

To exercise any of these rights, please contact us at contact@kwikkit.in or use the in-app features
where available. We will respond to your request within a reasonable time-frame, typically within 30
days, as mandated by Indian law. We may need to verify your identity before processing your
request.

7. Data Security Measures (Reasonable Security Practices and Procedures)

We are committed to implementing robust security measures to protect your Personal Information
and SPDI from unauthorized access, loss, misuse, alteration, disclosure, or destruction. We adhere to
"reasonable security practices and procedures" as mandated by the IT Rules, 2011. Our security
measures include:

Encryption:

Data in Transit: All data transmitted between your device and our servers (including registration
details, order information, and payment tokens) is encrypted using industry-standard Transport Layer
Security (TLS/SSL) protocols.

Data at Rest: Critical Personal Information and SPDI are stored with appropriate encryption measures
where feasible.

Access Control:

Strict access controls are implemented to limit access to your Personal Information only to
authorised employees, contractors, and agents who have a legitimate need to know this information
to perform their job functions.

Regular reviews of access privileges are conducted.

Firewalls and Intrusion Detection Systems:

Our networks are protected by firewalls and intrusion detection/prevention systems to monitor and
block unauthorised access attempts.

Authentication Mechanisms:

Strong password policies are enforced for user accounts and internal systems.

Multi-factor authentication (MFA) is implemented where appropriate for internal access to sensitive
systems.

Data Minimization:

We only collect Personal Information that is necessary for the purposes outlined in this Policy.

Regular Security Audits and Penetration Testing:

We conduct periodic security audits and penetration tests by independent third-party experts to
identify and address vulnerabilities.

Employee Training:

Our employees are regularly trained on data privacy, security best practices, and our internal policies.

Third-Party Due Diligence:

We carefully vet our third-party service providers (e.g., cloud hosts, payment gateways) to ensure
they maintain adequate security standards and are contractually bound to protect your data.

Anonymization and Pseudonymization:

Where possible and appropriate, we anonymize or pseudonymize data for analytical and research
purposes to further reduce privacy risks.

Physical Security:

Data centers used by our cloud providers are equipped with robust physical security measures.

Despite our best efforts, no method of transmission over the Internet or method of electronic
storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect
your Personal Information, we cannot guarantee its absolute security. In the event of a data breach,
we will comply with all applicable notification requirements under Indian law.

8. Data Retention Policy

We retain your Personal Information only for as long as is necessary to fulfil the purposes for which it
was collected, including for the purposes of satisfying any legal, accounting, or reporting
requirements.

The specific retention periods depend on the type of data and the context of its use:

Account Information: We retain your account information for as long as your account is active. If you
deactivate your account, we may retain certain information for a limited period (e.g., 90-180 days) to
facilitate re-activation or address any post-deactivation queries.

Transaction Data: We are legally required to retain transaction records (including order details,
payment confirmations) for a period mandated by tax and financial regulations (typically 7-8 years in
India).

Customer Service Communications: Records of your interactions with our customer support may be
retained for a period to address ongoing issues, improve service quality, and for internal training
purposes.

Marketing Preferences: We retain your marketing preferences for as long as you are subscribed to
our communications.

Location Data: Precise location data may be retained for a limited period (e.g., 30-90 days) for
improving delivery efficiency, fraud detection, and troubleshooting, after which it is typically
anonymized or aggregated.

Aggregated/Anonymized Data: Information that has been permanently anonymized or aggregated, so
that it can no longer identify you, may be retained indefinitely for analytical and research purposes.

When your Personal Information is no longer required for these purposes, we will securely delete or
anonymize it in accordance with our data retention schedule and applicable laws.

9. Children's Privacy

Our Services are generally not directed to or intended for use by individuals under the age of 18, and
we do not knowingly collect Personal Information from individuals under the age of 18 ("Children").
However, we recognise that certain services offered through our platform may be open to use by
Minors. By providing personal information of a Minor, you, the adult user, represent and warrant that
you are the parent or legal guardian of the Minor and you give your explicit consent to us to collect
and process the Minor's information for the specific purpose. We understand the importance of
protecting children's privacy. If you are under 18, please do not use or provide any information on or
through our Services.

If we become aware that we have inadvertently collected Personal Information from a child without
verifiable parental consent, we will take immediate steps to delete that information from our
records. If you believe that we might have any information from or about a child, please contact our
Grievance Officer (details in Section 13) .

10. Third-Party Websites and Services

Our Services may contain links to third-party websites, applications, or services (e.g., links to
restaurant websites, payment gateway pages, advertising partners) that are not owned or controlled
by Kwikkit.

This Privacy Policy applies solely to information collected by our Services. We are not responsible for
the privacy practices, content, or security of any third-party websites or services. We strongly
encourage you to review the privacy policies of any third-party websites or services you interact
with, as their data collection and processing practices may differ from ours.

11. International Data Transfers

As an Indian food delivery app, our primary data processing and storage facilities are located within
India. However, some of our third-party service providers (e.g., cloud computing providers, analytics
tools) may have servers or operations located outside of India. In such cases, your Personal
Information may be transferred to, stored, and processed in countries outside of India.

When your data is transferred internationally, we ensure that:

Such transfers are necessary for the performance of our contract with you (e.g., hosting data on
global cloud servers).

We implement appropriate safeguards, such as entering into standard contractual clauses or
ensuring the third party adheres to robust data protection frameworks equivalent to those in India.

We comply with all applicable legal requirements for cross-border data transfers under Indian law.

By using our Services, you consent to the international transfer of your Personal Information as
described in this section.

12. Changes to This Privacy Policy

We may update or modify this Privacy Policy periodically to reflect changes in our data practices,
applicable laws, or service offerings. When we make significant changes, we will notify you by:

Posting the updated Privacy Policy on our App and website with a revised "Last Updated" date.

Sending you an email notification (if you have provided us with your email address).

Displaying a prominent notice within the App before the changes become effective.

We encourage you to review this Privacy Policy regularly to stay informed about our information
practices. Your continued use of our Services after the effective date of the revised Privacy Policy
constitutes your acceptance of the updated terms.

13. Grievance Redressal and Contact Information

In accordance with the Information Technology Act, 2000, and the rules thereunder, we have
appointed a Grievance Officer to address any concerns or complaints you may have regarding the
processing of your Personal Information or this Privacy Policy.

If you have any questions, concerns, or grievances about this Privacy Policy or our data practices,
please contact our Grievance Officer:

Grievance Officer Name: Diwan Saifullah Khan

Email Address: diwansaifullah@kwikkit.in

Postal Address:

Kwikkit, a food delivery app by Aushadhiya Foods Private Limited

CIN number - U15490HR2022PTC108779

9th floor, Badshahpur Sohna Road Highway, Sohna - Gurgaon Rd, Gurugram, Haryana 122018

We will strive to address your concerns and resolve any grievances in a timely and effective manner,
typically within one month from the date of receipt of the complaint.