Privacy Policy – Ozi Technologies Private Limited

Introduction

Welcome to Ozi ("we", "our", or "us"), operated by Ozi Technologies Private Limited. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Ozi mobile application ("App") or website ("Platform").

By using the Ozi Platform, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Platform.

This policy is designed to comply with:

• Google Play Store User Data Policy
• Information Technology Act, 2000 (India)
• Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
• Digital Personal Data Protection Act, 2023 (DPDPA), India

1. Information We Collect

1.1 Personal Information (Provided by You)

1.2 Precise Location Data ⚠️ (Sensitive)

We collect your precise device location (GPS) when you use the Ozi app.

• When: Only while you are actively using the app (foreground only). We do not collect location in the background when the app is closed or not in use.

Why we collect it:

• To identify the nearest Ozi store or warehouse to you
• To confirm delivery availability in your area
• To calculate accurate delivery time and fees
• To auto-fill your delivery address for faster checkout

Who we share it with:

• Ozi servers: Your location (latitude/longitude) is sent with every app request to determine your delivery zone and availability
• Assigned delivery partner: Your real-time location is shared during an active order solely for fulfillment
• Google Maps SDK: Location is processed to display maps and resolve addresses within the app

Ads & Personalization: Your location is never used for advertising or personalization of any kind.

How to withdraw: You can revoke location permission at any time via your device Settings > App Permissions. Note that this may limit delivery features within the app.

1.3 Authentication Data

• Phone number used for OTP-based login via SMS
• OTPs are one-time use only and are never stored after verification

1.4 Payment Information

• Payment transactions are processed by Razorpay, a PCI-DSS compliant third-party payment gateway
• We do not store your full card number, CVV, UPI PIN, or net banking credentials
• We only receive a transaction confirmation and masked payment details (e.g., last 4 digits of card) for order records

1.5 Attribution & Install Data (via AppsFlyer)

We use AppsFlyer, a third-party mobile attribution platform, to understand how users discover and install the Ozi app.

AppsFlyer collects on our behalf:

• App install source (e.g., which ad campaign or channel led to the install)
• In-app events (e.g., first purchase, add to cart, app open)
• Device identifiers (e.g., Google Advertising ID / GAID)
• IP address (used for approximate location at country/region level only)
• Device information (OS version, device model, language, screen size)
• User ID and phone number (on login events)
• Location coordinates (latitude/longitude) on login events

Important disclosures about AppsFlyer:

• Used solely for marketing attribution
• Does not sell your personal data to any third party
• Does not engage in targeted advertising, behavioral profiling, or data brokering
• Retains End User data for a maximum of 24 months
• GDPR, CCPA, SOC 2 Type II, and ISO 27001 compliant
• AppsFlyer's privacy policy: https://www.appsflyer.com/legal/services-privacy-policy/

1.6 Behavioural & Analytics Data (via CleverTap)

We use CleverTap, a third-party customer engagement platform, to improve our app experience and send relevant communications.

CleverTap collects on our behalf:

• App usage events (e.g., product viewed, item added to cart, order placed)
• Push notification interaction data (opened, dismissed)
• Device information (OS version, device type, screen size, language)
• Session duration and frequency of app use
• User ID, phone number, and name (provided on login)
• Location coordinates (latitude/longitude) included in login and address-related events

Important disclosures about CleverTap:

• Data is used solely for push notifications, improving app UX, and understanding feature usage
• Does not sell your data to third parties
• GDPR, CCPA, SOC 2 Type II, and ISO 27001 compliant
• You can opt out of CleverTap-based communications at any time (see Section 10)
• CleverTap's privacy policy: https://clevertap.com/privacy-policy/

1.7 Conversion Tracking (via Meta / Facebook SDK)

We use the Meta SDK (Facebook) for conversion tracking and campaign measurement.

Meta collects on our behalf:

• App events: add to cart, begin checkout, purchase/order confirmed, app launch, content views
• For each event: product IDs, product names, prices, quantities, currency
• Login event: User ID and login method
• Order event: Order ID, total value, transaction ID

Important disclosures about Meta:

• Used solely to measure the effectiveness of our advertising campaigns on Meta platforms
• Meta SDK only runs in release (production) mode — not in development or testing builds
• Meta's privacy policy: https://www.facebook.com/privacy/policy/

1.8 Crash & Error Reporting (via Sentry and Firebase Crashlytics)

We use Sentry and Firebase Crashlytics to monitor app stability and fix errors quickly.

Sentry collects:

• App crashes and unhandled errors
• Stack traces and error context
• App version, build number, and environment
• Device information (OS, model)
• User context that may be present in memory at the time of the error (personally identifiable information may be included in error reports if present in the affected code path)

Firebase Crashlytics collects:

• Crash logs and error reports
• App performance metrics
• Device state at time of crash (OS, memory, battery level)
• This data is anonymous and not directly linked to your identity

Both services are used solely to identify and fix bugs. Data is not used for advertising or profiling.

• Sentry's privacy policy: https://sentry.io/privacy/
• Firebase Privacy Policy: https://firebase.google.com/support/privacy

1.9 App Performance Data (via Firebase Performance)

We use Firebase Performance Monitoring to measure app startup times, screen load speed, and network request performance. This data is anonymous and used solely to improve the app experience.

1.10 Push Notification Token (via Firebase FCM)

• We collect your device's FCM push token to send you order updates, delivery status, and promotional notifications (only if opted in)
• You can disable push notifications at any time via your device settings

1.11 Customer Support Data (via Freshchat)

We use Freshchat (by Freshworks) to power our in-app customer support chat. Freshchat collects on our behalf:

• Chat messages and support conversations
• Name and phone number (from your Ozi profile, used to identify you in support)
• Photos or files you share during a support conversation
• Device and session information

This data is used solely to resolve your support queries and is not used for advertising. Freshworks Privacy Policy: https://www.freshworks.com/privacy/

1.12 Files and Photos Uploaded

The following user-generated files are uploaded to Ozi's servers:

• Prescription documents (images or PDFs): Required for medicines marked as prescription-only (Rx)
• Product review images: Optionally uploaded when submitting a product review
• Support chat attachments: Photos or files shared in Freshchat support conversations (stored by Freshworks)

1.13 Non-Personal / Technical Information

• Browser type, pages visited, session duration (website)
• IP address (for fraud detection and security)
• Device model, OS version, and unique device identifier (sent with every API request for service delivery and fraud prevention)

2. How We Use Your Information

We do not use your data for:

• Selling to third parties
• Targeted advertising based on browsing behaviour outside Ozi
• Background location monitoring
• Profiling beyond what is needed to fulfil your order

3. Third-Party SDKs and Services

4. Location Data – Prominent Disclosure

5. Data Sharing and Disclosure

We treat your data with strict confidentiality. We do not sell your personal data. We share data only in these limited circumstances:

6. Live Order Tracking

During an active delivery, we share your real-time GPS location with your assigned Ozi delivery partner to allow them to navigate to your location and provide you with accurate live delivery status.

This sharing stops automatically once your order is delivered or cancelled. Your location is not retained by delivery partners after the order is complete.

7. Account Deletion

You have the right to request deletion of your Ozi account and associated personal data.

To delete your account:

• Use the "Delete Account" option within the app, or
• Email us at contact@ozi.in with the subject line "Account Deletion Request"

Upon receiving your request, we will:

• Delete your account and personal data within 30 days
• Retain only data required for legal compliance (e.g., transaction records as mandated by Indian financial regulations)
• Notify you once deletion is complete

8. Data Retention

9. Your Rights

As a user of the Ozi Platform, you have the following rights:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Correction: Request correction of inaccurate or incomplete data
• Right to Deletion: Request deletion of your account and personal data
• Right to Withdraw Consent: Withdraw consent for marketing communications or location access at any time
• Right to Data Portability: Request your data in a portable format
• Right to Opt Out of Marketing: Unsubscribe from promotional SMS/email/push via app settings or by contacting us
• Right to Opt Out of Analytics Tracking: Email us at contact@ozi.in to opt out of CleverTap behavioural analytics
• Right to Grievance Redressal: Lodge a complaint with us or the relevant data protection authority

To exercise any of these rights, email us at contact@ozi.in. We will respond within 30 days.

10. Push Notifications and Marketing Communications

• Order notifications (delivery status, OTP, confirmations) are sent by default and are necessary for service delivery
• Promotional notifications are sent only if you have opted in

You can opt out of promotional communications at any time via:

• App Settings > Notifications, or
• Replying STOP to any SMS, or
• Emailing contact@ozi.in

11. Security Practices

We implement industry-standard security measures to protect your personal data:

• End-to-end encryption during data transmission (TLS/SSL)
• Secure, access-restricted storage servers
• PCI-DSS compliant payment processing via Razorpay
• Regular security audits and vulnerability assessments
• Strict role-based access controls — only authorised Ozi personnel can access user data
• Continuous staff training on data privacy and security best practices

Despite these measures, no system is 100% secure. In the event of a data breach that affects your rights, we will notify you as required by applicable law.

12. Call and Message Recordings

Calls and messages made through the Ozi platform may be recorded for internal training purposes and service quality improvement.

These recordings are used only within the Ozi organisation, retained for up to 90 days, and are never shared externally.

13. Children's Privacy

The Ozi app is not directed at children under the age of 13 (or under 18 where applicable under Indian law for certain data categories). We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us at contact@ozi.in and we will promptly delete it.

14. Cookies and Tracking Technologies

On our website (ozi.in), we may use cookies and similar technologies to:

• Maintain your session
• Understand how users navigate the site
• Improve site performance

You can disable cookies via your browser settings. This may affect some website functionality but will not affect core app features.

15. Third-Party Links

Our Platform may contain links to third-party websites or services. This Privacy Policy does not apply to those external sites. We encourage you to review their respective privacy policies.

16. Policy Updates

We may update this Privacy Policy from time to time. When we do:

• The "Last Updated" date at the top will be revised
• For material changes, we will notify you via in-app notification or email
• Continued use of the Platform after changes constitutes acceptance of the updated policy

17. Grievance Officer

In accordance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, our Grievance Officer details are:

18. Contact Us

For any privacy-related questions, concerns, or requests: