Privacy Policy
1. Introduction
Thristo (“Thristo”, “we”, “our”, or “us”) respects your privacy and is committed to protecting the personal information you share with us when using our mobile application and related services (collectively, the “Service”). This Privacy Policy explains what information we collect, how we use it, how we share it, and the choices you have.
By using Thristo you accept the practices described in this policy. If you do not agree, please do not use the Service.
2. Information We Collect
We collect two kinds of information: Personal Information and Non-Personal Information.
Personal Information
Examples of personal information we may collect:
- Contact details: full name, email address, phone number.
- Delivery information: shipping address, billing address.
- Payment details: payment instrument identifiers or transaction metadata (note: full card or UPI details are processed by our payment processors — see Third-Party Services).
- Order information: order history, order preferences, returns and refunds data.
- Support and communications: messages you send to customer support, feedback or survey responses.
Non-Personal & Technical Information
We automatically collect technical and usage data, including:
- Device data: device model, operating system, unique device identifiers.
- Usage data: pages/screens you view, app features used, search queries, timestamps.
- Network data: IP address, approximate location based on IP, carrier information.
- Analytics data: crash reports, performance metrics, and aggregated usage statistics.
3. How We Use Your Information
We use the information we collect for legitimate business purposes, including to:
- Process and fulfill orders, manage payments, refunds and returns.
- Provide, maintain and improve the Service, features, and user experience.
- Send transactional messages about orders, delivery status, and account activity.
- Send marketing or promotional communications, where you have given consent or where permitted by law. You may opt out at any time.
- Detect, prevent and investigate fraud, abuse, security incidents, and technical issues.
- Comply with legal obligations and enforce our terms, including in connection with disputes or potential violations.
5. Third-Party Payment & Service Providers
Payment processing (credit/debit cards, UPI, wallets) is handled by third-party payment processors (for example, Razorpay, Paytm, or similar). We do not store full payment card data on our servers. Please review the privacy policies of those third parties for details on how they handle payment data.
Delivery partners and logistics providers receive the information required to complete deliveries (name, phone number, delivery address, and order details).
7. Data Security
We implement industry-standard administrative, technical and physical safeguards to help protect personal data from unauthorized access, use, disclosure, alteration and destruction. Measures may include:
- Encryption of data in transit (HTTPS/TLS) and at rest where appropriate
- Access controls and authentication for personnel
- Regular security assessments and monitoring
Although we strive to protect your information, no system can be completely secure. If we become aware of a breach affecting your personal data, we will follow applicable legal requirements, which may include notifying affected users and regulators.
8. Data Retention
We retain personal data only as long as necessary to provide the Service, fulfill the purposes described in this Policy, comply with legal obligations, resolve disputes and enforce agreements.
Typical retention examples (subject to change):
Orders & transaction records: retained for at least 3–7 years for tax and accounting obligations;
Account profile data: retained while your account is active and for a reasonable period thereafter;
Analytics and logs: retained in aggregated or pseudonymized form for analytics; raw logs retained for a period necessary for debugging/security (e.g., 90–365 days).
9. International Transfers
Thristo may store and process information on servers located in India or in other countries. If your data is transferred outside your country, we will protect it as required by law and by appropriate safeguards.
10. Your Rights & Choices
Depending on your jurisdiction, you may have rights regarding your personal data such as:
- Access — request a copy of the personal data we hold about you.
- Correction — request correction of inaccurate or incomplete information.
- Deletion — request deletion of personal data where legally permitted.
- Portability — request a machine-readable copy of certain data you provided.
- Restriction / Objection — request restriction or object to processing where applicable.
- Opt-out — opt out of marketing communications at any time by using the unsubscribe link in emails or by contacting us.
To exercise any of these rights, contact us using the contact details below. We may need to verify your identity before responding to requests. We will respond in accordance with applicable law.
11. Children's Privacy
Our Service is not intended for children under 13, and we do not knowingly collect personal information from children under 13. If you become aware that we have inadvertently collected information from a child under 13, please contact us so we can delete the data.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will revise the “Effective date” at the top and may provide additional notice (for example, in-app or via email). Please review this page periodically.
13. Contact Us
If you have questions, requests, or concerns about this Privacy Policy or our privacy practices, please contact:
| Company | Thristo |
|---|---|
| thristo.co@gmail.com | |
| Phone | +91 88677 49527 |
| Address | Registered Office / Contact Address: #1681/1481, No. 4, First floor, Samad Arcade, 80 feet road, HBR Layout, 3rd Block, Bangalore-560043 |
If you would like to contact our Data Protection Officer (DPO) or privacy team, please use the email above and include "Privacy / DPO" in the subject line.
14. Legal Bases & Additional Disclosures
Where applicable law requires that we state our legal base for processing personal data, we rely on one or more of the following:
- Performance of a contract (to fulfill orders and provide the Service)
- Consent (for optional marketing communications or analytics where consent is required)
- Legitimate interests (to improve our service, detect fraud, and operate our business)
- Legal obligation (to comply with applicable law)
This policy is intended to be read together with any additional notices that may be provided where we collect your personal data (for example, during registration or at checkout).