KHub Technologies (“KHub", "StoreZone,” “we,” “our,” or “us”) is committed to protecting the privacy of individuals who visit our websites, install or use our mobile applications, register on vendor panels, or access any other services we provide (collectively, the “Platform”). This Privacy Policy explains how we collect, use, disclose, and safeguard personal information in accordance with applicable laws, including India’s Digital Personal Data Protection Act 2023 (“DPDP Act”), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011, and, where relevant, the EU General Data Protection Regulation (“GDPR”).
By accessing or using the Platform, you (“User,” “you,” or “your”) acknowledge that you have read and understood this Privacy Policy and agree to its terms. If you do not agree, please do not access or use the Platform.
| Term | Meaning |
|---|---|
| Personal Data | Any data that relates to an identified or identifiable natural person (“Data Principal” under the DPDP Act). |
| Processing | Any operation performed on Personal Data, such as collection, storage, use, disclosure, or deletion. |
| Controller / Data Fiduciary | The entity that determines the purposes and means of Processing Personal Data. StoreZone acts as the Data Fiduciary for data it collects directly. |
| Processor / Data Processor | An entity that Processes Personal Data on behalf of the Controller/Fiduciary. Logistics partners or cloud-hosting providers may act as Processors. |
| Category | Examples | Source |
|---|---|---|
| Identity Data | Full name, user name, gender, date of birth, government ID (only where mandated by law) | Provided by User |
| Contact Data | Postal address, e-mail address, telephone number, emergency contact | Provided by User |
| Account Credentials | Encrypted password, authentication tokens, role/permission level | Provided by User |
| Transaction Data | Order IDs, products purchased, quantities, billing totals, refund records | Generated during Platform use |
| Payment Data | UPI virtual payment address, masked card details, wallet identifiers (StoreZone does not store full card numbers or CVV) | Provided by User; captured by payment gateway |
| Device & Technical Data | IP address, browser type, operating system, device identifiers, crash logs | Collected automatically |
| Location Data | GPS coordinates for delivery tracking, pin-code serviceability checks | With explicit consent via mobile OS or provided by User |
| Usage Data | Clickstream, time spent on screens, feature adoption metrics, search queries | Collected automatically |
| Marketing Preferences | Opt-in status for e-mail, SMS, push notifications; language preference | Provided by User |
| Grievance & Support Data | Chat transcripts, tickets, attachments, phone recordings (where permitted) | Generated during support interactions |
We do not intentionally collect information about children under 18 years of age. If you believe we have inadvertently collected such data, please contact us so that we may delete it.
| Purpose | Legal Basis* |
|---|---|
| Account registration and authentication | Consent; performance of contract |
| Order fulfilment, delivery, and returns | Performance of contract |
| Payment processing and fraud prevention | Performance of contract; legitimate interest; legal obligation |
| Customer support and grievance redressal | Performance of contract; legitimate interest |
| Personalised recommendations and in-app promotions | Legitimate interest; consent (where required) |
| Analytics, service improvement, and security monitoring | Legitimate interest |
| Regulatory compliance (tax, audit, KYC) | Legal obligation |
| Direct marketing (e-mail, SMS, push) | Consent; legitimate interest (opt-out always honoured) |
*Under the DPDP Act, consent must be “free, specific, informed, unconditional, and unambiguous.” Where we rely on legitimate interest, we conduct balancing tests to ensure your fundamental rights are not overridden.
We use first-party and third-party cookies, SDKs, pixels, and device identifiers to:
maintain session state and authentication;
remember user preferences (e.g., language, cart contents);
measure traffic patterns and improve performance;
deliver contextual or interest-based advertisements.
You may disable non-essential cookies through our “Manage Cookies” settings or via your browser. Essential cookies required for core functionality cannot be disabled.
We only share Personal Data as outlined below and with appropriate safeguards:
| Recipient | Purpose | Safeguards |
|---|---|---|
| Merchants | Order processing, fulfilment, invoicing | Limited to order-relevant data; contractual NDA |
| Delivery Partners | Pick-up and delivery coordination, real-time navigation | Limited to contact and address; one-time links |
| Payment Gateways & Banks | Transaction processing, refunds, fraud checks | PCI-DSS compliance; tokenisation |
| Service Providers | Cloud hosting, analytics, customer-support platforms, SMS/email gateways | Data Processing Agreements; ISO 27001 SOC 2 audits |
| Government & Law Enforcement | Compliance with legal requests, court orders, or statutory reporting | Verified request, minimum necessary disclosure |
| Corporate Transactions | Merger, acquisition, restructuring | Data ethics review; user notification where required |
We do not sell or rent your Personal Data to third parties for profit.
StoreZone stores primary data on servers located in India. Where service providers process data abroad (e.g., backup or analytics services in the EEA or Singapore), we employ contractual clauses and technical measures required under the DPDP Act and GDPR to ensure equivalent protection.
Multi-factor authentication for privileged accounts
TLS 1.2/1.3 encryption for data in transit
AES-256 encryption for sensitive data at rest
Role-based access control (RBAC) and audit logging
Quarterly vulnerability scans and annual penetration testing
ISO 27001-aligned information-security management system
| Data Category | Retention Period |
|---|---|
| Transaction & tax records | 3 years (statutory) |
| Support tickets & call recordings | 1 year from closure |
| Marketing contact lists | Until withdrawal of consent or 3 years after last interaction |
| Account information | Throughout active account life; 1 year after account deletion for dispute resolution |
| Anonymised analytics data | Indefinite (non-identifiable) |
Upon expiry, data is securely deleted or irreversibly anonymised.
Subject to applicable law, you may:
Access your Personal Data we hold.
Correct inaccurate or incomplete data.
Delete data no longer required (right to erasure).
Withdraw consent at any time for processing based on consent.
Data portability for data you provided to us.
Object to processing based on legitimate interest or direct marketing.
Lodge a complaint with the Data Protection Board of India or your local supervisory authority (for GDPR residents).
To exercise these rights, e-mail privacy@storezone.in or use in-app privacy settings. We will respond within 15 calendar days (DPDP Act).
We may use rule-based engines or machine-learning models to detect fraudulent transactions or recommend products. These processes do not produce legal or similarly significant effects without human oversight. You may request human review of any decision that you believe adversely affects you.
The Platform may contain links to external websites, SDKs, or services not operated by StoreZone. We are not responsible for their privacy practices. We encourage you to review the privacy notices of such third parties before interacting.
We may update this Privacy Policy to reflect legal, operational, or technological developments. Material changes will be notified via e-mail or prominent in-app banners. Continued use of the Platform after the effective date constitutes acceptance of the revised policy.
Thank you for trusting StoreZone.
