Privacy Policy

1. Introduction

This Policy is published in compliance with the provisions of: (i) the Information Technology Act, 2000; (ii) the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”); (iii) the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021; and (iv) the Digital Personal Data Protection Act, 2023, to the extent applicable. By accessing or using the Platform, you signify your consent to the collection, processing, storage, and disclosure of your information in accordance with this Policy.

2. Scope & applicability

This Policy applies to all Users of the Platform, including end customers placing orders, partner café owners and their authorised representatives (“Café Partners”), employees of Café Partners with access to operational dashboards, and visitors browsing the Platform without registering an account.

This Policy does not apply to data collected by any third party, including third-party websites that may be linked to or accessed from the Platform. We are not responsible for the privacy practices of such third parties, and Users are advised to review the privacy policies of such third parties independently.

3. Information we collect

We collect the following categories of information from Users:

3.1 Personal information voluntarily provided

• Full name, email address, mobile number, and password (during account registration).
• Delivery and pickup address details, including city, locality, and pincode.
• For Café Partners: business name, owner name, FSSAI licence number and document, Aadhaar number and document, GST registration number (where applicable), bank account details, and business address.
• Any feedback, ratings, reviews, complaints, support tickets, or correspondence submitted by you.

3.2 Information collected automatically

• Device information including device type, operating system, browser type and version, and unique device identifiers.
• Internet Protocol (IP) address, general geographic location derived from IP address, and approximate location.
• Precise geo-location coordinates, only when you expressly grant permission via your device settings.
• Log data, including pages visited, features used, search queries entered, time stamps, and referral URLs.
• Cookies, web beacons, and similar tracking technologies as described in Clause 7.

3.3 Information from third parties

We may receive information from third parties, including payment processors (such as transaction status), social-login providers (where you choose to register or log in using a third-party account), and analytics providers.

4. How we use your information

We use the information collected for one or more of the following purposes:

• To create, maintain, and authenticate your User account.
• To process, fulfil, track, and deliver food pre-orders placed through the Platform.
• To facilitate communication between you and the relevant Café Partner.
• To process payments and refunds, and to detect and prevent fraudulent transactions.
• To send transactional communications, including order confirmations, status updates, and receipts via email, SMS, WhatsApp, or push notification.
• To send promotional communications, subject to your consent and your right to opt out at any time.
• To improve the Platform, develop new features, conduct research, and perform statistical analysis.
• To enforce our Terms of Service, this Policy, and applicable law, and to protect the rights, safety, and property of QueZap, our Users, and the public.
• To comply with applicable legal obligations, court orders, regulatory directions, and law-enforcement requests.

5. Disclosure of information

We do not sell, rent, or trade your personal information to third parties for their independent marketing purposes. We may disclose your information in the following limited circumstances:

• To Café Partners: Order details, including your name, contact number, order items, pickup time, and delivery address (where applicable), are shared with the relevant Café Partner solely for order fulfilment.
• To service providers: Trusted third-party vendors who assist us in operating the Platform, including hosting, payment processing, analytics, customer support, and communication services. Such vendors are contractually bound to confidentiality and data-protection obligations.
• For legal compliance: Where required by law, regulation, court order, or governmental request, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• In corporate transactions: In connection with a merger, acquisition, sale of assets, or insolvency proceeding, in which case your information may be transferred to the successor entity, subject to this Policy.
• With your consent: In any other circumstance where you have provided express consent.

6. Payments & financial data

All payments processed through the Platform are handled by Razorpay Software Private Limited or such other PCI-DSS compliant payment gateway as we may engage from time to time. We do not store your full payment-card details on our servers. Tokenised payment information may be retained solely for the purpose of processing recurring transactions or refunds, in accordance with applicable Reserve Bank of India guidelines.

7. Cookies & tracking technologies

We use cookies and similar technologies (such as local storage, session storage, and pixels) to authenticate Users, remember preferences, analyse usage patterns, and improve the Platform. You may control or disable cookies through your browser settings; however, disabling cookies may impair certain functionalities of the Platform.

8. Location data

The Platform may request access to your precise location to display nearby Café Partners and provide accurate pickup or delivery options. Location access is requested only with your express consent and may be withdrawn at any time through your device settings. Where you have not granted location permission, the Platform falls back to city-level data manually selected by you.

9. Data retention

We retain your personal information for as long as your account is active, or as necessary to provide the services, comply with our legal obligations, resolve disputes, and enforce our agreements. Order history and transaction records may be retained for a minimum period of seven (7) years to comply with tax, accounting, and statutory recordkeeping requirements. Upon account deletion, we will delete or anonymise your personal information, except where retention is required by law.

10. Data security

We implement reasonable security practices and procedures, in line with the SPDI Rules and industry standards, to protect personal information from unauthorised access, alteration, disclosure, or destruction. These measures include encryption of data in transit using Transport Layer Security (TLS), hashed password storage, role-based access controls, audit logging, and regular security reviews. Notwithstanding the foregoing, no method of electronic transmission or storage is entirely secure, and we cannot guarantee absolute security.

11. Your rights

Subject to applicable law, you have the following rights with respect to your personal information:

• Right to access: Request a copy of the personal information we hold about you.
• Right to correction: Request correction of inaccurate or incomplete information.
• Right to erasure: Request deletion of your personal information, subject to legal-retention requirements.
• Right to withdraw consent: Withdraw consent previously granted for processing of your information, where processing is based on consent.
• Right to grievance redressal: Lodge a complaint with our Grievance Officer (Clause 16) regarding any data-protection concern.

To exercise any of these rights, please write to us at the contact address set out in Clause 17. We may require you to verify your identity before acting on any request.

12. Children's privacy

The Platform is not intended for use by individuals below the age of eighteen (18) years. We do not knowingly collect personal information from children. If we become aware that personal information of a child has been collected without verifiable parental consent, we will take reasonable steps to delete such information promptly.

13. Third-party services & links

The Platform may integrate with or link to third-party services, including Google Maps, Razorpay, and analytics providers. Such third parties operate under their own privacy policies. We encourage you to review the privacy practices of such third parties before submitting any personal information.

14. International data transfers

Your personal information is primarily stored on servers located within India. Where information is transferred outside India for processing by service providers, we ensure that such transfers are subject to appropriate safeguards in accordance with applicable Indian law.

15. Changes to this policy

We reserve the right to amend this Policy from time to time. The revised Policy will be posted on the Platform with an updated “Last updated” date. Material changes will be communicated to registered Users via email or in-app notification. Your continued use of the Platform after the effective date of any revision constitutes your acceptance of the revised Policy.

16. Grievance officer

In accordance with the Information Technology Act, 2000 and the rules made thereunder, the contact details of the Grievance Officer are as follows:

The Grievance Officer shall acknowledge receipt of complaints within forty-eight (48) hours and endeavour to resolve them within fifteen (15) days from the date of receipt.

17. Contact

For any questions regarding this Privacy Policy or our data-handling practices, please contact us at: