Applicability and Scope
This Privacy Policy applies to information collected through:
- The Annapurana Kitchen App (mobile and web, if applicable)
- Our backend APIs that power the App
- Our customer support and in-app support ticketing features
This Privacy Policy does not apply to information collected by third parties you interact with through the Services (for example, platform providers, app stores, mapping providers, and payment or messaging services). Please review their policies separately.
Who this applies to: Kitchen/merchant partners using the App ("Kitchen Partners", "you").
Permissible age: The Services are intended for users who are at least 18 years old. If you are under 18, please do not use the Services.
The Information We Collect and How We Collect It
We collect information in three main ways:
- Information you provide directly to us
- Information generated or collected automatically when you use the Services
- Information we receive from third-party providers that enable the Services
A) Information you provide to us
Depending on what features you use, you may provide:
1. Account and profile information
- Phone number (used for login and account identification)
- Email address
- Name (e.g., "Full Name (as per Aadhaar)" as entered in onboarding)
- Date of birth
- Kitchen profile information (e.g., kitchen name, owner name)
2. Address and location-related information
- Residential address details (street, city, state, pincode)
- Kitchen address details (street, city, state, pincode)
- In some deployments, latitude/longitude for addresses or kitchens may be stored to support serviceability and delivery operations.
3. Identity, compliance, and verification information (sensitive)
During onboarding and verification, the Services may collect and process:
- Aadhaar number
- PAN number
- FSSAI license number
- Verification status flags and timestamps
4. Payout / settlement information (sensitive)
To enable payouts to Kitchen Partners, we may collect:
- Bank account number
- IFSC code
- Bank name
- Account holder name
- Bank verification status and timestamps
5. Content and communications
- Support tickets and messages you submit (subject, description, conversation messages)
- Attachments you upload when supported (for example, documents or images)
- Feedback or responses you provide within the App
B) Information we collect automatically
When you use the Services, we may collect:
1. Device and technical information
- Device platform (iOS/Android/web), device model/brand (where available), OS name/version
- App runtime diagnostics and error information (to help us fix bugs)
2. Network and security information
- IP address (captured by backend services)
- Login timestamps and basic authentication logs
3. Usage and activity information
- Interactions with key App features (e.g., creating/updating menus, processing orders, support ticket actions)
- Offline usage signals (e.g., queued actions awaiting sync)
C) Information we receive from third parties
We rely on third parties to run parts of the Services. Depending on your configuration and deployment, these may include:
- Supabase (authentication, database, real-time): Session and account identifiers; basic profile metadata associated with your account.
- Push notification services: Device push notification tokens; notification preferences (order, review, system alerts).
- Hosting and infrastructure providers: Logs and operational telemetry necessary to run and secure the Services.
How We Use the Information We Collect
A) Core service delivery
- Create and manage your account
- Run onboarding, verification, and compliance workflows
- Enable menu management (including images), daily specials, and scheduling
- Enable order lifecycle management (accept/reject/prepare/ready/complete)
- Provide earnings and operational dashboards
- Provide support, ticketing, and communication features
- Enable notifications and alerts based on your preferences
B) Safety, security, and compliance
- Detect, investigate, and prevent fraud, abuse, and unauthorized access
- Maintain audit trails for key actions (e.g., status updates, verification steps)
- Comply with applicable laws, regulations, and lawful requests
C) Service improvement
- Debug, monitor reliability, and improve performance
- Analyze aggregate trends (e.g., operational metrics) to improve features
D) Communications
- Send service and operational communications (e.g., order alerts, system notifications)
- Respond to support requests and resolve disputes
How We Share the Information We Collect
We share information only as needed to provide the Services, and in the following situations:
A) With service providers (processors)
We may share information with vendors who help us run the Services, such as:
- Authentication/database providers (e.g., Supabase)
- Cloud hosting and storage providers (including file storage used for menu images and attachments)
- Push notification providers
B) With customers and operational participants
To fulfill and manage orders, some customer-related information may be visible to Kitchen Partners in the App, including:
- Customer name and phone number
- Delivery address (for delivery orders)
- Order notes and item details
C) For legal and safety reasons
We may disclose information if we believe it is reasonably necessary to:
- Comply with law, regulation, legal process, or governmental request
- Enforce our terms and agreements
- Protect the rights, property, or safety of users, Kitchen Partners, and the public
- Detect and prevent fraud and security incidents
D) With your consent
We may share information in other ways if you consent or direct us to do so.
Data Storage, Retention, and Deletion
A) Where data is stored
Your data may be stored on:
- Servers and databases used by our service providers (for example, Supabase and hosting/storage providers)
- Your device (for example, cached data and offline sync queue items)
B) How long we retain data
We retain information only for as long as reasonably necessary for:
- Providing the Services
- Meeting legal, tax, accounting, and compliance obligations
- Resolving disputes and enforcing agreements
- Security and fraud prevention
Retention periods can vary depending on the data type (e.g., orders and payout records may be retained longer for legal and accounting reasons).
C) Deletion and account closure
You may request deletion of your account and associated data by contacting us (see "Contact Us").
Important notes:
- Some data may be retained where required by law or for legitimate business needs (e.g., records required for compliance, fraud prevention, audit logs).
- Backups may persist for a limited period as part of disaster recovery and business continuity practices.
D) Data retention upon account deletion
If you choose to leave the Platform and request deletion of your account, we will permanently and irreversibly delete all associated data, including but not limited to identity documents (such as Aadhaar and PAN details), uploaded licenses (such as FSSAI), financial and payout information (such as bank account details), operational records, uploaded content, and any other sensitive information linked to your account.
However, in order to maintain an internal record of your participation on the Platform and to ensure a smoother onboarding experience should you wish to return in the future, we will retain the following basic information:
- Full name
- Email address
- Phone number
This limited information is stored solely for internal record-keeping purposes and will not be shared with any third party for marketing or other external purposes. We believe this approach strikes a fair balance between respecting your privacy and ensuring continuity of service. If you have any questions or concerns about this practice, please do not hesitate to reach out to us at the contact details provided below.
Security: How We Protect Your Information
We implement reasonable administrative, technical, and physical safeguards designed to protect information against unauthorized access, loss, misuse, alteration, or disclosure. These safeguards may include:
- Encryption in transit (e.g., HTTPS/TLS) for network communications
- Access controls and least-privilege principles for internal systems
- Segregation of production systems and audit logging of important events
No system is 100% secure. You are responsible for safeguarding your device, keeping your login credentials private, and promptly reporting suspicious activity.
Your Choices and Rights
Depending on your jurisdiction, you may have rights such as:
- Access: request a copy of the personal data we hold about you
- Correction: request correction of inaccurate or incomplete data
- Deletion: request deletion of your data (subject to legal exceptions)
- Restriction/objection: limit certain processing in some cases
You can also:
- Control notification preferences in the App (where available)
- Clear local app data by signing out or uninstalling the App (this may remove locally stored cache/offline queue data on your device)
Third-Party Services and Links
The Services may rely on third-party platforms and providers. Their practices are governed by their own privacy policies. Examples can include app stores, operating system services, push notification services, mapping services, and analytics/hosting providers (if enabled).
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in the Services, legal requirements, or security practices. We will post the updated version with a new "Last updated" date. Your continued use of the Services after changes become effective constitutes acceptance of the updated policy.
Contact Us
If you have questions or requests related to privacy, data protection, or this Privacy Policy, contact us at:
If you have a designated Data Protection Officer (DPO) or grievance officer, you may include their contact details here as required by applicable law.