Privacy Policy

Overview

By accessing or using Tiffinly, you agree to the collection and use of information in accordance with this policy. If you do not agree with any part of this policy, please do not use our Service.

Information We Collect

We collect several types of information to provide and improve our Service to you:

Category	Examples	Purpose
Account Information	Name, email address, phone number, password	Account creation and authentication
Location Data	GPS coordinates, delivery address, city/area	Matching you with nearby kitchens and enabling delivery
Order & Subscription Data	Meal preferences, delivery schedule, order history	Fulfilling your subscriptions and improving recommendations
Payment Information	Transaction IDs, wallet balance (card details are not stored by us)	Processing payments securely
Device & Usage Data	Device type, OS, app version, pages visited, click patterns	App performance, bug fixing, analytics
Communications	Support chat messages, feedback, reviews	Customer support and service improvement

Information you provide directly: We collect information you give us when you register, place an order, contact support, or fill in any form in the app or website.

Information collected automatically: When you use our Service, we may automatically collect device identifiers, log data, and usage statistics via analytics tools.

How We Use Your Data

We use the information we collect for the following purposes:

• Service Delivery: To process your subscriptions, coordinate deliveries, assign riders, and ensure your meals arrive on time.
• Account Management: To create and maintain your account, authenticate your identity, and let you manage your preferences.
• Payments: To process transactions and maintain your wallet balance securely.
• Notifications: To send you delivery updates, order confirmations, promotional offers, and important service alerts via push notifications, SMS, or email.
• Personalisation: To recommend kitchens and meal plans based on your past orders and location.
• Support: To respond to your queries, complaints, and feedback.
• Safety & Security: To detect, prevent, and address fraud, abuse, and security incidents.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes.
• Analytics & Improvement: To understand how users interact with our Service and improve features and performance.

We do not sell your personal data to third parties for their marketing purposes.

Data Sharing

We may share your information with the following categories of recipients, strictly for the purposes described:

• Kitchen / Store Partners: Your name, delivery address, phone number, and order details are shared with the kitchen preparing your meals. This is essential for order fulfilment.
• Delivery Riders: Your delivery address and contact number are shared with the assigned rider to complete your delivery.
• Payment Processors: Securely handle transactions. They are independently PCI-DSS compliant and do not retain your full card details on our systems.
• Cloud & Infrastructure Providers: Our servers, databases, and storage are hosted with reputable cloud providers (e.g., AWS, Google Cloud). Data is protected by encryption in transit and at rest.
• Analytics Services: Aggregated, anonymised usage data may be shared with analytics platforms to help us understand app performance.
• Legal Authorities: We may disclose your information if required by law, court order, or to protect the rights, property, or safety of Tiffinly, its users, or others.

Cookies & Tracking

Our website uses cookies and similar tracking technologies to enhance your browsing experience. Cookies are small data files placed on your device.

Types of cookies we use:

• Essential Cookies: Required for the website to function (e.g., session management, login state). Cannot be disabled.
• Preference Cookies: Remember your language selection and display preferences.
• Analytics Cookies: Help us understand page traffic and user behaviour in aggregate form.

You can instruct your browser to refuse all cookies or alert you when a cookie is being sent. However, some parts of our Service may not function properly without cookies.

Our mobile application may use device identifiers and similar technologies for analytics and personalisation, as permitted by your device settings.

Data Security

We implement industry-standard security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction:

• All data transmitted between your device and our servers is encrypted using TLS (HTTPS).
• Passwords are stored using strong hashing algorithms — we never store plain-text passwords.
• Access to personal data is restricted to authorised personnel on a need-to-know basis.
• Payment data is processed through PCI-DSS compliant payment gateways.
• We conduct regular security reviews and vulnerability assessments.

While we strive to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We encourage you to use a strong, unique password and keep your account credentials confidential.

Data Retention

We retain your personal data for as long as necessary to provide the Service and fulfil the purposes described in this policy, unless a longer retention period is required by law.

• Active accounts: Data is retained for the lifetime of your account.
• Deleted accounts: After you delete your account, we retain minimal data (e.g., transaction records) for up to 3 years for legal, tax, and fraud-prevention purposes, then securely delete it.
• Order history: Retained for up to 5 years for accounting and regulatory compliance.
• Analytics data: Anonymised and aggregated; retained indefinitely for trend analysis.

Your Rights

Depending on your location and applicable law, you may have the following rights with respect to your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your account and associated personal data (subject to legal retention obligations).
• Portability: Request your data in a structured, machine-readable format.
• Objection: Object to processing of your data for marketing or profiling purposes.
• Restriction: Request that we limit how we use your data in certain circumstances.
• Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at the details provided below. We will respond within 30 days. You may also delete your account directly from Account → Settings → Delete Account in the app.

Children's Privacy

Our Service is not directed to individuals under the age of 13 years. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately and we will take steps to delete such information.

Policy Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last updated" date at the top of this page.
• Send a notification via the app or email for significant changes.
• Provide a 30-day notice period before material changes take effect, where required by law.

We encourage you to review this policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact our Data Privacy team: