Privacy Policy

1. FLH Privacy Policy

1.1 Who We Are

FLH ("we", "our", "us") operates a mobile marketplace application that connects users with independent vendors. We are committed to protecting the privacy and security of all users who access and use our platform.

1.2 What This Policy Covers

This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our mobile application and related services.

1.3 Geographic Scope

Our services are offered only within India. Personal data is primarily stored and processed in India in accordance with Indian data protection and privacy laws.

1.4 Your Agreement

By using our platform, you agree to this Privacy Policy, our Terms of Use, and applicable service terms. Your use of the platform constitutes your consent to the collection, use, storage, disclosure, and processing of your personal data as described in this Privacy Policy.

1.5 Legal Compliance

This Privacy Policy is governed by:

• Information Technology Act, 2000 and rules made thereunder
• Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
• Indian Contract Act, 1872
• Digital Personal Data Protection Act, 2023 (when applicable)
• Other applicable Indian laws on data protection and privacy

2. INFORMATION WE COLLECT

2.1 Personal Information

Account Information:

• Full name
• Mobile number
• Email address
• Delivery address
• Date of birth
• Gender

Location Data:

• GPS location (with your explicit permission)
• Delivery location preferences

Identity Verification Data (when required):

• PAN card details (for specific transactions)
• GST number (for business accounts)
• Government-issued ID verification (when legally required)

2.2 Transaction Information

• Order details and history
• Purchase amounts and timestamps
• Payment transaction IDs (generated by Razorpay)
• Buying behavior and preferences
• Cart and wishlist information

2.3 Device & Technical Information

• Device type, model, and operating system
• IP address
• Browser information and app version
• Unique device identifiers
• App usage patterns and preferences
• Crash reports and error logs
• Time zone settings

2.4 Communication Data

• Customer support messages
• Feedback and reviews
• Survey responses
• Correspondence via email or chat

2.5 Data Collection Methods

We collect information through:

• Direct provision: Information you provide during registration, orders, or profile updates
• Automatic collection: Data collected through your use of the app
• Permissions: SMS, contacts, location, camera, photo gallery access (only with your explicit consent)
• Voluntary participation: Contests, surveys, and promotional activities

3. HOW WE USE YOUR INFORMATION

3.1 Primary Purposes

• Account Management: Create and maintain your user account
• Order Processing: Facilitate transactions between you and vendors
• Payment Processing: Enable secure payments through Razorpay
• Delivery Services: Coordinate product delivery to your address
• Communication: Send order confirmations, shipping updates, and important notifications
• Customer Support: Respond to your queries and resolve issues

3.2 Secondary Purposes

• Security & Fraud Prevention: Detect, prevent, and investigate fraudulent transactions
• Service Improvement: Analyze app usage to enhance user experience
• Personalization: Customize your browsing experience and product recommendations
• Internal Research: Study demographics, interests, and customer behavior
• Dispute Resolution: Resolve conflicts between users and vendors
• Legal Compliance: Meet regulatory requirements and legal obligations

3.3 Advanced Services (With Your Consent)

With your explicit consent, we may:

• Check eligibility for credit facilities or payment products
• Issue GST invoices for business purchases
• Provide access to services from affiliates and lending partners
• Optimize payment options based on your transaction history
• Provide personalized delivery recommendations
• Enable loyalty programs and reward points
• Offer customized promotions

3.4 Analytics

We may analyze data on an aggregated, anonymized basis to:

• Understand user activity and demographics
• Improve platform functionality
• Gather broad insights for internal research
• Share aggregated insights (not personally identifiable) with business partners

4. COOKIES & TRACKING TECHNOLOGIES

4.1 What Are Cookies

Cookies are small data files stored on your device that help us improve your experience on our platform.

4.2 Types of Cookies We Use

Session Cookies:

• Automatically deleted when you close the app
• Help maintain your session while browsing

Persistent Cookies:

• Remain on your device for a set period
• Remember your preferences for future visits

Analytics Cookies:

• Google Analytics for understanding app usage
• Help us measure effectiveness of features

Third-Party Cookies:

• Placed by our service providers
• Used for analytics and advertising

4.3 Purpose of Cookies

Cookies help us:

• Remember your login information
• Analyze app usage patterns
• Measure promotional effectiveness
• Promote trust and safety
• Provide personalized content
• Improve overall user experience

4.4 Managing Cookies

You can decline or delete cookies through your device/browser settings. Note that:

• Declining cookies may limit certain platform features
• You may need to enter your password more frequently
• Some services may not function properly without cookies

Google Analytics Opt-Out: Visit https://tools.google.com/dlpage/gaoptout

5. INFORMATION SHARING AND DISCLOSURE

5.1 Internal Sharing

We may share your information with FLH group companies and affiliates for consolidated services and enhanced user experience.

5.2 Vendors and Business Partners

Vendors receive:

• Order details (items, quantity, amount)
• Delivery address and contact information
• Purchase timestamps

Purpose: To fulfill your orders and deliver products.

5.3 Service Providers

We share necessary data with trusted third-party service providers:

Payment Partner - Razorpay

• Processes all payment transactions securely
• Maintains payment instrument details on their secure servers
• PCI-DSS Level 1 compliant
• Privacy policy: https://razorpay.com/privacy/

FLH does not have access to your complete card details, CVV, or banking credentials.

Technology & Infrastructure:

• Cloud hosting services (AWS, Google Cloud)
• Database management providers
• Server and infrastructure partners

Communication Services:

• SMS service providers (for order notifications)
• Email service providers (for account communications)
• Push notification services

Analytics & Optimization:

• Google Analytics
• App performance monitoring tools
• User behavior analysis platforms

Customer Support:

• Customer service software providers
• Help desk management tools

Logistics Partners:

• Delivery and shipping service providers
• Order tracking systems

5.4 Credit Bureaus and Financial Partners

If we offer credit facilities or financial products, we may share data with:

• Credit bureaus for credit checks
• Lending partners for loan products

5.5 Market Research

We may share anonymized data with market research agencies for surveys and industry insights. Participation in surveys is always voluntary.

5.6 Legal Disclosures

We may disclose your information when required:

Legal Obligations:

• Court orders and legal processes
• Government requests and subpoenas
• Law enforcement agencies
• Regulatory authorities

Protection of Rights:

• To enforce our Terms of Use or Privacy Policy
• To protect our rights, property, or safety
• To protect user rights and public safety
• To prevent fraud or illegal activities

5.7 Business Transfers

In the event of merger, acquisition, sale of assets, or corporate reorganization, your personal data may be transferred to the acquiring entity. The new entity will be required to follow this Privacy Policy.

6. SURVEYS & MARKET RESEARCH

We or third-party research agencies may occasionally conduct surveys. Participation is entirely voluntary.

Survey data may include:

• Personal contact information
• Demographic information
• Purchasing behavior and preferences
• Feedback on products and services

Purpose: To tailor your experience, provide relevant content, and improve our services.

7. DATA SECURITY

7.1 Security Measures We Implement

Technical Safeguards:

• SSL/TLS encryption for data in transit
• Secure data encryption at rest
• Firewall protection
• Regular security vulnerability assessments

Administrative Safeguards:

• Access controls and authentication mechanisms
• Employee training on data protection
• Regular security audits
• Incident response procedures

Partnership with Trusted Providers:

• PCI-DSS compliant payment gateway (Razorpay)
• SOC 2 certified cloud providers
• ISO certified service partners

7.2 User Responsibilities

You are responsible for:

• Keeping your login credentials confidential
• Using a strong, unique password
• Logging out after each session, especially on shared devices
• Not sharing your account with others
• Immediately notifying us of any unauthorized access
• Using secure internet connections

7.3 Limitations

Data Breach Response: If a security breach occurs affecting your personal data, we will:

• Investigate the incident promptly
• Take immediate steps to mitigate damage
• Notify affected users as required by law
• Report to relevant authorities when required

8. DATA RETENTION

8.1 Retention Period

We retain your personal information:

• As long as your account remains active
• As long as necessary to provide our services
• As required by applicable laws and regulations

8.2 Extended Retention

We may retain data beyond account closure if necessary to:

• Prevent fraud or future abuse
• Resolve disputes and troubleshoot problems
• Assist with investigations
• Exercise our legal rights or defend against legal claims
• Comply with legal, regulatory, tax, or accounting requirements

8.3 Anonymized Data

After the retention period, we may retain data in anonymized or aggregated form for analytics and research.

8.4 Deletion Requests

You may request deletion of your account and data at any time. Note that:

• Deletion is subject to legal retention requirements
• Some data may be retained in backup systems temporarily
• Requests are processed within 30 business days

9. YOUR RIGHTS

9.1 Right to Access

Request a copy of your personal data and understand how it's being used.

9.2 Right to Correction

Update your personal information through app settings or contact customer support.

9.3 Right to Deletion

Request deletion of your account and personal data (subject to legal retention requirements).

9.4 Right to Data Portability

Request your data in a structured, commonly used format.

9.5 Right to Object

Object to certain data processing activities or use of data for marketing purposes.

9.6 Right to Withdraw Consent

Withdraw previously provided consent or permissions.

Note: Withdrawal may limit service functionality and is not retroactive.

9.7 How to Exercise Your Rights

In-App: Profile → Settings → Privacy Settings

Contact Us:

• Email: info@lotofhappysmiles.com (write "Data Rights Request" in subject)
• Phone: +91 8886053331

Process:

• We will verify your identity before processing requests
• Response within 30 business days
• Free of charge (unless requests are excessive)

10. USER CONSENT

10.1 Platform Usage Consent

By using our platform or providing personal data, you consent to the collection, use, storage, disclosure, and processing of your personal information as described in this Privacy Policy.

10.2 Third-Party Data Consent

If you provide another person's personal data to us (such as delivery recipient details), you represent that:

• You have the authority to provide that information
• You have obtained necessary consent from that person
• You permit us to use the information according to this Privacy Policy

10.3 Communication Consent

By providing your contact information, you consent to be contacted via SMS, instant messaging apps, phone calls, email, and in-app notifications by:

• FLH and our representatives
• Vendors and business partners
• Service providers
• Marketing agencies (for promotional content with opt-out option)

Purpose: Order updates, customer service, promotional offers, surveys, and important announcements.

10.4 Sensitive Permissions

• Location Access: For delivery address suggestions and location-based services
• Camera Access: For uploading product images and scanning QR codes
• Photo Gallery: For selecting images to upload
• Contacts (if requested): For referral programs and sharing products

You can revoke these permissions in your device settings at any time.

10.5 Withdrawing Consent

You may withdraw consent by:

• Adjusting app permissions in device settings
• Contacting customer support
• Using in-app privacy settings
• Emailing with "Withdrawal of Consent" in subject line

11. THIRD-PARTY SERVICES

11.1 Payment Partner - Razorpay

Important Information:

• Razorpay processes all payment transactions
• Maintains payment instrument details on their secure servers
• Has its own privacy policy: https://razorpay.com/privacy/
• PCI-DSS Level 1 compliant for maximum security

FLH does not have access to your complete card details, CVV, PIN, or banking credentials

What FLH Receives from Razorpay:

• Payment transaction ID (confirmation number)
• Transaction status (success/failure)
• Transaction amount
• Transaction timestamp

What FLH Does NOT Receive:

• Your credit/debit card numbers
• CVV codes
• Card expiry dates
• UPI PINs
• Net banking passwords
• Any complete payment instrument details

Security Standards: Razorpay maintains the highest level of payment security certification (PCI-DSS Level 1), ensuring your payment information is protected with bank-grade security measures.

11.2 Third-Party Links

Our platform may contain links to vendor websites, partner platforms, or external resources.

11.3 Partner Services

If we partner with third parties for travel bookings, entertainment tickets, or bill payments:

• You may be redirected to partner websites/apps
• Entry based on FLH login credentials (with your permission)
• Governed by partner's privacy policy
• We will clearly inform you before redirection

12. ADVERTISEMENTS

12.1 Third-Party Advertising

We may use third-party advertising companies to serve ads in our app. These companies may use information about your app usage (excluding name, address, email, phone) to provide personalized advertisements.

12.2 Opt-Out of Personalized Ads

• Android: Settings → Google → Ads → "Opt out of Ads Personalization"
• iOS: Settings → Privacy → Advertising → "Limit Ad Tracking"

13. CHILDREN'S PRIVACY

13.1 Age Restrictions

Our platform is available only to persons who can form legally binding contracts under the Indian Contract Act, 1872 (minimum age: 18 years).

We do not knowingly solicit or collect personal information from children under 18.

13.2 Parental Authority

If personal information of a person under 18 is shared, you must be a parent or legal guardian with authority to provide that information.

13.3 If You Believe a Minor Has Provided Data

Contact us immediately at support@flhapp.com. We will investigate and delete the information as quickly as possible.

14. CHANGES TO THIS PRIVACY POLICY

14.1 Policy Updates

We may update this Privacy Policy to reflect changes in our practices, new features, legal requirements, or user feedback.

14.2 How We Notify You

Significant changes will be communicated through:

• In-app notifications
• Email alerts
• Push notifications
• Updated "Last Updated" date at the top

14.3 Your Acceptance

Continued use of the app after changes constitutes acceptance of the updated Privacy Policy.

If you do not agree with changes, discontinue use and contact us to delete your account.

15. LEGAL COMPLIANCE & JURISDICTION

15.1 Applicable Laws

This Privacy Policy is governed by:

• Information Technology Act, 2000
• Information Technology (Reasonable Security Practices) Rules, 2011
• Indian Contract Act, 1872
• Digital Personal Data Protection Act, 2023 (when applicable)
• Other applicable Indian laws

15.2 Jurisdiction

Legal disputes are subject to the exclusive jurisdiction of courts in Visakhapatnam, Andhra Pradesh and governed by the laws of India.

15.3 Regulatory Reporting

We may report personal data to regulatory authorities when required by law or mandated by court orders.

16. Grievance Officer

In accordance with the Information Technology Act, 2000 and applicable rules, FLH has appointed a Grievance Officer to address user concerns.