Privacy Policy

1. Introduction
2. Information We Collect
3. How We Use Your Information
4. Sharing of Information
5. Data Storage & Security
6. Cookies & Tracking
7. Your Rights
8. Children's Privacy
9. Third-Party Links
10. Data Retention
11. Changes to This Policy
12. Grievance Officer

Your privacy matters. This policy describes what personal data EcomBuyer.in collects, why we collect it, and how you can exercise your rights. By using the platform, you agree to this policy and our Terms of Service. This policy is published in compliance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023.

01 Introduction

Ecom Buyer Network Private Limited (CIN: U47912TN2024PTC166832), trading as EcomBuyer.in ("we", "us", "our", "Company"), is committed to protecting the privacy and personal data of all individuals who interact with our platform — including buyers, sellers, visitors, and affiliate partners (collectively "you", "your", "User").

This Privacy Policy ("Policy") explains how we collect, use, store, share, and protect your personal information when you use the EcomBuyer.in website, mobile application, and related services (collectively the "Platform").

This Policy applies to all users of the Platform, regardless of their role. Sellers and affiliate partners are subject to additional data processing as described in their respective onboarding agreements.

02 Information We Collect

We collect personal data only to the extent necessary to provide and improve our services. The categories of information we collect include:

2.1 Information You Provide Directly

Account registration: Name, email address, mobile number, password (stored as a one-way hash)
Buyer profile: Delivery address, city, state, pin code
Seller onboarding: Business name, PAN number, Aadhaar number, bank account details, GSTIN, business registration documents
Orders: Shipping address, order contents, payment method selected
Reviews: Ratings and written review text submitted for products you have purchased
Communications: Messages or queries submitted to our support team

2.2 Information Collected Automatically

Usage data: Pages visited, search queries, product clicks, time spent on the Platform
Device data: Browser type, operating system, IP address, screen resolution
Session data: Login timestamps, session duration, last active time
Transaction data: Order numbers, payment status, refund history

2.3 Information from Third Parties

Google OAuth: If you sign in with Google, we receive your name, email address, and profile picture from Google. We do not receive your Google password.
Payment gateways: We receive transaction confirmation status and masked card details from our payment processor. We do not store full card numbers.
Logistics partners: Shipment status and delivery confirmation from courier APIs.

03 How We Use Your Information

We use the personal information we collect for the following purposes:

3.1 Providing Our Services

Creating and managing your account
Processing orders, payments, and refunds
Facilitating communication between buyers and sellers
Arranging shipping and delivery of orders
Verifying seller identity and business credentials (KYC)

3.2 Improving the Platform

Analysing usage patterns to improve product discovery and navigation
Diagnosing technical issues and maintaining platform security
Developing new features based on user behaviour

3.3 Communications

Sending transactional notifications — order confirmations, shipping updates, payment receipts — via email and SMS
Sending OTPs for account verification and login
Sending important account and policy updates
Responding to your support queries and complaints

3.4 Legal and Compliance

Complying with applicable laws and regulatory requirements
Preventing fraud, unauthorised access, and abuse
Maintaining audit logs for financial and operational accountability
Responding to lawful requests from government authorities

                        We do not sell your personal data to third parties for marketing purposes.
                        We do not use your data for automated decision-making or profiling that produces legal or
                        significant effects without your explicit consent.
                    

04 Sharing of Information

We share your personal data only in the circumstances described below and only to the extent necessary for the stated purpose.

4.1 With Sellers

When you place an order, we share your name, delivery address, and phone number with the relevant seller to fulfil the order. Sellers are contractually bound not to use this information for any other purpose.

4.2 With Service Providers

Payment processors: Your payment information is processed by PCI-DSS compliant gateways. We share only the data necessary to complete the transaction.
Logistics partners: Shipping name, address, and phone number are shared with our courier partners (e.g., Delhivery) to arrange delivery.
SMS and email providers: Mobile number and email are shared with MSG91 (SMS) and our email service to send transactional notifications.

4.3 With Authorities

We may disclose your personal data to law enforcement agencies, courts, or regulatory bodies if required to do so by applicable law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights or prevent harm.

4.4 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of assets, your personal data may be transferred to the acquiring entity. We will notify you of any such transfer and any changes to this Privacy Policy.

4.5 With Your Consent

We may share your information with third parties in other circumstances with your explicit prior consent.

05 Data Storage & Security

5.1 Storage Location

Your personal data is stored on servers located in India. We take reasonable steps to ensure that data transferred to or processed by third-party service providers is handled securely and in accordance with applicable data protection laws.

5.2 Security Measures

We implement industry-standard technical and organisational security measures, including:

Passwords stored using bcrypt one-way hashing — never in plain text
HTTPS encryption for all data in transit
CSRF token protection on all forms
Role-based access control — only authorised personnel access personal data
KYC documents stored in access-controlled directories, served only through authenticated proxy
Session management via Redis with a 2-hour session lifetime
Rate limiting on login and verification endpoints to prevent brute-force attacks

5.3 Limitation

No method of data transmission over the internet or electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant authority as required by law.

06 Cookies & Tracking

6.1 What Are Cookies

Cookies are small text files placed on your device by a website. We use session-based cookies to keep you logged in and maintain your shopping cart. We do not use third-party advertising or cross-site tracking cookies.

6.2 Types of Cookies We Use

Session cookies: Store your login session and cart contents. These are deleted when you close your browser or after 2 hours of inactivity.
CSRF cookies: Protect form submissions from cross-site request forgery attacks.
Preference cookies: Remember any display preferences you set on the Platform.

6.3 Managing Cookies

You can control cookies through your browser settings. Disabling session cookies will prevent you from logging in or using the shopping cart. We do not currently respond to "Do Not Track" browser signals, as no industry standard has been established.

07 Your Rights

Under the Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable Indian laws, you have the following rights regarding your personal data:

Right to access: You may request a copy of the personal data we hold about you.
Right to correction: You may update incorrect or incomplete personal data through your account profile or by contacting us.
Right to erasure: You may request deletion of your personal data, subject to legal and contractual obligations (e.g., order records required for tax compliance).
Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
Right to grievance redressal: You may raise a complaint with our Grievance Officer (see Section 12) or with the Data Protection Board of India once operational.
Right to nominate: You may nominate another individual to exercise your rights in the event of your death or incapacity.

To exercise any of these rights, email our Grievance Officer at privacy@ecombuyer.in. We will respond within 30 days of receiving a valid request.

08 Children's Privacy

EcomBuyer.in is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected personal data from a person under 18 without verifiable parental consent, we will take steps to delete that information promptly.

If you believe a minor has provided us with personal data, please contact our Grievance Officer immediately at privacy@ecombuyer.in.

09 Third-Party Links

The Platform may contain links to third-party websites, payment portals, or social media platforms. These links are provided for your convenience. EcomBuyer.in does not control and is not responsible for the privacy practices or content of those third-party sites.

We encourage you to review the privacy policies of any third-party sites you visit. Our policy applies solely to information collected on the EcomBuyer.in Platform.

10 Data Retention

We retain your personal data for as long as your account is active or as needed to provide you services. Specific retention periods:

Account data: Retained for the lifetime of your account, plus 3 years after account closure for dispute resolution
Order and transaction records: Retained for 7 years as required under the Income Tax Act, 1961 and GST regulations
KYC documents: Retained for 5 years post-onboarding as required by applicable anti-money laundering regulations
Communication logs: Retained for 1 year for customer support purposes
Audit logs: Retained for 3 years for security and compliance purposes

When data is no longer required for any lawful purpose, we delete it securely or anonymise it so that it can no longer be associated with you.

11 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. When we make material changes, we will:

Update the "Last Updated" date at the top of this page
Notify you via email or a prominent notice on the Platform
Where required by law, seek your renewed consent before the changes take effect

Your continued use of the Platform after a change is posted constitutes your acceptance of the revised Policy. We encourage you to review this page periodically.

12 Grievance Officer

In accordance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 and the Digital Personal Data Protection Act, 2023, the name and contact details of the Grievance Officer are provided below.

If you have any concerns, complaints, or queries regarding the processing of your personal data, you may contact our Grievance Officer. We will acknowledge your complaint within 48 hours and resolve it within 30 days.

Grievance Officer

Data Protection Team

Ecom Buyer Network Private Limited

privacy@ecombuyer.in

Response within 30 days

Registered Address

Ecom Buyer Network Private Limited
CIN: U47912TN2024PTC166832
3/38 Main Road, Om Sakthi Ganapathy Nagar,
Palur, Koothur, Manachanallur,
Tiruchirappalli - 621216, Tamil Nadu, India

View Terms of Service Back to Home

Table of Contents