Privacy Policy
Effective 16 July 2026 · Tapsora Technologies
Who is responsible for your data
The data fiduciary is Tapsora Technologies (sole proprietorship, Udyam Reg. No. UDYAM-UP-50-0287166), B-3, Capital Market, Kursi Road, Dasauli, Bakshi Ka Talab, Lucknow, Uttar Pradesh 226026. For anything in this policy, write to aftabahmed116@gmail.com or call +91 72773 47303.
What we collect
- Restaurant accounts: owner and staff names, email, phone, business name and address, and licence numbers the restaurant chooses to display (FSSAI, GSTIN).
- Diner accounts: phone number (verified by OTP), name, delivery addresses, and order history per restaurant.
- Orders & billing: items, amounts, payment method and gateway payment references (never card or UPI credentials), invoices, and subscription history.
- Rider location: while a rider is on an active delivery, their live location — only to show the diner where their order is.
- Usage & device basics: aggregate, cookieless visit counts (page, rough city, device type, hour). No cross-site tracking profile is built.
What we deliberately don't do
- We don’t store card numbers, UPI PINs or banking credentials — payments are processed by RBI-authorised gateways (e.g. PhonePe, Razorpay) on their own secure pages.
- We don’t sell or rent personal data to anyone, ever.
- We don’t run third-party advertising trackers on the platform.
- We don’t collect precise device location from diners; delivery addresses are what you type.
How we use data
- Running the service: accounts, menus, orders, billing, delivery tracking, receipts and KOTs.
- Transactional notifications — order updates by SMS, WhatsApp, push or in-app. Marketing messages only with consent, always with opt-out.
- Support, fraud prevention, abuse detection and rate-limiting.
- Aggregate analytics (counts and totals — never individual profiles) to improve the product and show restaurants how their storefront performs.
- Meeting legal obligations — tax records, responding to lawful requests.
Storage & security
- Data lives in Google Firebase (Firestore) with strict server-side access rules — client apps can only reach what they’re authorised for.
- Everything travels over HTTPS/TLS. Secrets such as OTP codes and activation codes are stored only as salted cryptographic hashes, never in plain text.
- Staff access follows least-privilege roles; sensitive actions are audit-logged.
- No system is unbreakable. If a breach affecting you occurs, we’ll notify you and the authorities as the DPDP Act requires.
How long we keep data
- Account data: for the life of the account, then deleted or anonymised within 90 days of closure (after the 30-day export window).
- Order and payment records: retained as required for tax, accounting and dispute obligations (typically 8 years under Indian law), then deleted.
- Rider live-location: only for the duration of the delivery plus a short operational window.
- Aggregate analytics contain no personal identifiers and may be kept indefinitely.
Your rights (DPDP Act 2023)
You can, at any time, ask us to:
- Access — a summary of the personal data we hold about you and how it’s used.
- Correct — fix inaccurate or incomplete data (much of it you can edit directly in the app).
- Erase — delete your personal data, subject to records we must legally retain.
- Withdraw consent — e.g. opt out of marketing messages, without affecting the service itself.
- Nominate — name someone to exercise these rights for you if you’re unable to.
Email aftabahmed116@gmail.com from your registered email or phone. We verify, then act — normally within 30 days. If you’re unsatisfied, escalate via our grievance process, and beyond that to the Data Protection Board of India.
Children
Tapsora accounts are for people 18 and over. We don’t knowingly collect children’s data; if you believe a child’s data has reached us, write to aftabahmed116@gmail.com and we’ll delete it.
Grievance officer & changes
Aftab Ahmed, Proprietor & Grievance Officer — B-3, Capital Market, Kursi Road, Dasauli, Bakshi Ka Talab, Lucknow, Uttar Pradesh 226026 · aftabahmed116@gmail.com · +91 72773 47303. We acknowledge grievances within 48 hours and resolve them within 30 days.
If we materially change this policy, we’ll notify you by email or in-app notice before the change takes effect. The “effective” date above always reflects the current version.
Questions about this policy?
Write to us and a human replies — usually the founder. We acknowledge within 48 hours.