This Privacy Policy outlines our commitment to protecting your privacy and personal information when you use our platform and services. We believe in transparent data practices and are dedicated to safeguarding the confidentiality of all information entrusted to us by our users. This policy explains in detail how we collect, use, disclose, and protect your personal information.

By accessing or using our platform, you acknowledge and agree to the practices described in this Privacy Policy. We encourage you to read this document carefully to understand our policies and practices regarding your personal information. If you do not agree with our policies and practices, you should not use our platform.

2.1. Personal Information Collection:

In the course of providing our services, we collect essential personal information necessary for account creation and platform functionality. This includes your full name, which is used for account identification and personalization of services. Your phone number serves as a primary means of communication and account security, enabling our authentication processes and important service communications. We also collect your PIN code (postal code) to provide location-relevant services and ensure compliance with regional regulations.

2.2. Device and Technical Information:

When you interact with our platform, we automatically collect certain technical information about your device and usage patterns. This includes your device type, operating system version, and browser specifications, which help us optimize your experience across different devices and platforms. We also gather information about your interaction with our platform, including access times, pages viewed, and features used, to improve our service functionality and user experience.

2.3. Authentication Information:

Our platform employs a secure One-Time Password (OTP) authentication system for user verification and account access. When you log in or perform sensitive actions, we generate and send an OTP to your registered phone number. We maintain records of these authentication attempts, including verification timestamps and session information, to ensure account security and prevent unauthorized access. These records are also used to investigate any reported security concerns and maintain the integrity of our authentication system.

2.4. Transaction and Payment Data:

Through our integration with <PG> payment gateway, we process and store information related to your financial transactions. This includes transaction identifiers, payment amounts, timestamps, and payment status updates. While the actual payment processing is handled securely by <PG>, we maintain transaction records for order fulfillment, customer support, and accounting purposes. We do not store complete payment card details on our servers; this sensitive information is handled directly by <PG> under their security protocols.

3.1. Core Service Functionality:

The information we collect is essential for providing our core services and ensuring a seamless user experience. Your personal information is used to create and maintain your account, authenticate your identity, process your transactions, and provide customer support. We analyze usage patterns and platform interactions to identify areas for improvement and optimize our service delivery. This data helps us understand user preferences and adapt our services to better meet your needs.

3.2. Communication and Notifications:

We utilize your contact information to facilitate essential communications about your account and our services. This includes sending authentication OTPs, transaction confirmations, and important service updates. Our notification system is designed to keep you informed about relevant platform activities while respecting your privacy preferences. Time-sensitive security alerts and transaction-related communications are considered essential and cannot be opted out of, as they are crucial for maintaining account security and service functionality.

3.3. Service Improvement and Analytics:

To enhance our platform and services, we analyze user behavior and interaction patterns in aggregate form. This analysis helps us identify usage trends, optimize feature functionality, and develop new services that better serve our user community. We may create anonymous, aggregated statistics about platform usage for internal improvement purposes and market analysis. This aggregated data does not identify individual users and is used solely for service enhancement and business planning purposes.

4.1. Payment Integration:

Our platform integrates with <PG>, a trusted payment gateway provider, to process all financial transactions securely. When you initiate a payment, you are connected to <PG>'s secure payment infrastructure. The payment process is conducted under <PG>'s security protocols and compliance standards, ensuring that your financial information is handled with the highest level of security. We maintain only the necessary transaction records required for business operations and customer support.

4.2. Transaction Records:

For each transaction processed through our platform, we maintain detailed records that include transaction identifiers, amounts, timestamps, and status updates. These records are essential for order fulfillment, dispute resolution, and accounting purposes. In cases of payment issues or customer inquiries, these records enable us to provide effective support and resolution. We also use this information to detect and prevent fraudulent activities and ensure the integrity of our payment systems.

4.3. Financial Data Security:

While we do not store complete payment card information, we implement robust security measures to protect all transaction-related data in our possession. This includes encryption of data in transit and at rest, secure server infrastructure, and regular security audits. Access to transaction records is strictly limited to authorized personnel and is granted on a need-to-know basis. We continuously monitor our systems for any suspicious activities and maintain detailed audit logs of all data access.

5.1. Types and Purposes:

Our notification system is designed to keep you informed about important account activities and platform updates. Essential notifications include security alerts, such as OTP verification codes and login attempt notifications, which are crucial for maintaining account security. Transaction-related notifications provide real-time updates about payment processing, order status, and other service-related activities. We also send system notifications about platform maintenance, service updates, and policy changes that may affect your use of our services.

5.2. Marketing Communications:

Separate from essential notifications, we may send promotional communications about new features, special offers, and platform updates. These marketing communications are designed to enhance your platform experience and keep you informed about relevant opportunities. We respect your communication preferences and provide clear options to manage your marketing notification settings. You can adjust these preferences at any time through your account settings while maintaining receipt of essential security and transaction notifications.

5.3. Delivery Methods:

Notifications are primarily delivered through SMS to your registered phone number, ensuring timely receipt of important information. The delivery method is chosen based on the urgency and nature of the information being communicated. Security-related notifications, such as OTPs, are always sent via SMS for immediate delivery and enhanced security. We carefully monitor notification delivery patterns and timing to prevent notification fatigue while ensuring you receive all necessary information.

6.1. Technical Security:

We implement comprehensive technical security measures to protect your personal information from unauthorized access, alteration, or disclosure. This includes industry-standard encryption protocols for data transmission, secure server infrastructure with regular security updates, and robust access control systems. Our databases are protected by multiple layers of security, including firewalls and intrusion detection systems. We regularly conduct security assessments and penetration testing to identify and address potential vulnerabilities.

6.2. Authentication Security:

Our OTP-based authentication system provides a secure method of verifying user identity and protecting account access. Each OTP is uniquely generated, time-sensitive, and delivered securely to your registered phone number. We maintain detailed logs of authentication attempts and implement automatic lockout mechanisms to prevent brute force attacks. Failed authentication attempts are monitored and analyzed to detect and prevent unauthorized access attempts.

6.3. Operational Security:

We maintain strict operational security procedures, including employee access controls, regular security training, and detailed security policies. Access to user data is granted on a need-to-know basis and is logged for audit purposes. We conduct regular security awareness training for our staff and maintain incident response procedures to address any potential security events promptly. Our security measures are regularly reviewed and updated to address emerging threats and security challenges.

7.1. Data Retention Policy:

We retain your personal information for the duration necessary to fulfill the purposes outlined in this Privacy Policy and to comply with legal obligations. Account information is maintained as long as you maintain an active account with our platform. Transaction records are retained in accordance with financial regulations and tax requirements. After account closure, we may retain certain information for a defined period to comply with legal obligations, resolve disputes, or prevent fraud.

7.2. User Rights:

As a user of our platform, you have significant rights regarding your personal information. You may access and review your personal information, request corrections to inaccurate data, and request deletion of your account and associated data, subject to legal retention requirements. You can manage your notification preferences and opt out of marketing communications while maintaining essential service notifications. We provide tools and processes to help you exercise these rights effectively through your account settings.

7.3. Data Access and Control:

You can access and update most of your personal information directly through your account settings. For information that cannot be modified directly, we provide procedures to submit correction requests. If you wish to delete your account, we offer a process to initiate account deletion, with clear information about what data will be removed and what may be retained for legal purposes. We respond to all data-related requests in a timely manner, typically within 30 days.

8.1. Policy Modifications:

We may update this Privacy Policy periodically to reflect changes in our practices, technological advancements, or regulatory requirements. When we make material changes to this policy, we will notify you through appropriate channels, such as SMS notifications to your registered phone number or prominent notices on our platform. The notification will include information about the nature of the changes and their effective date.

8.2. User Notification:

Significant changes to our Privacy Policy will be communicated to you at least 30 days before their effective date, allowing you time to review the changes and make informed decisions about your continued use of our platform. We encourage you to review our Privacy Policy periodically to stay informed about our data practices and your privacy rights. Your continued use of our platform after such modifications constitutes your acceptance of the updated Privacy Policy.

If you have questions, concerns, or requests related to your privacy, your personal information, or this Privacy Policy, we encourage you to contact our dedicated privacy team. We are committed to addressing your privacy concerns and providing clear, timely responses to your inquiries.

You can reach our privacy team through the following channels:

Email: privacy@oazy.in

Phone: +91 (XXX) XXX-XXXX

Address: [Company Address]