Privacy Policy

1. Introduction

Thristo (“Thristo”, “we”, “our”, or “us”) respects your privacy and is committed to protecting the personal information you share with us when using our mobile application and related services (collectively, the “Service”). This Privacy Policy explains what information we collect, how we use it, how we share it, and the choices you have.

By using Thristo you accept the practices described in this policy. If you do not agree, please do not use the Service.

2. Information We Collect

We collect two kinds of information: Personal Information and Non-Personal Information.

Personal Information

Examples of personal information we may collect:

• Contact details: full name, email address, phone number.
• Delivery information: shipping address, billing address.
• Payment details: payment instrument identifiers or transaction metadata (note: full card or UPI details are processed by our payment processors — see Third-Party Services).
• Order information: order history, order preferences, returns and refunds data.
• Support and communications: messages you send to customer support, feedback or survey responses.

Non-Personal & Technical Information

We automatically collect technical and usage data, including:

• Device data: device model, operating system, unique device identifiers.
• Usage data: pages/screens you view, app features used, search queries, timestamps.
• Network data: IP address, approximate location based on IP, carrier information.
• Analytics data: crash reports, performance metrics, and aggregated usage statistics.

3. How We Use Your Information

We use the information we collect for legitimate business purposes, including to:

• Process and fulfill orders, manage payments, refunds and returns.
• Provide, maintain and improve the Service, features, and user experience.
• Send transactional messages about orders, delivery status, and account activity.
• Send marketing or promotional communications, where you have given consent or where permitted by law. You may opt out at any time.
• Detect, prevent and investigate fraud, abuse, security incidents, and technical issues.
• Comply with legal obligations and enforce our terms, including in connection with disputes or potential violations.

4. Sharing & Disclosure

We do not sell your personal information. We may share personal data in the following limited circumstances:

• Service providers: third parties who perform services on our behalf (payment processors, delivery/logistics partners, analytics providers, hosting and cloud services, customer support platforms).
• Affiliates and business transfers: in connection with a merger, acquisition, reorganization, or sale of assets (we will notify or post updated policies where required by law).
• Legal and safety: where required by law, to respond to legal process, or to protect the rights, property or safety of Thristo, our users, or others.
• With your consent: when you expressly permit us to share data (for example, to integrate with third-party services).

5. Third-Party Payment & Service Providers

Payment processing (credit/debit cards, UPI, wallets) is handled by third-party payment processors (for example, Razorpay, Paytm, or similar). We do not store full payment card data on our servers. Please review the privacy policies of those third parties for details on how they handle payment data.

Delivery partners and logistics providers receive the information required to complete deliveries (name, phone number, delivery address, and order details).

6. Cookies & Tracking Technologies

We and our service providers use cookies, local storage, mobile identifiers and similar technologies to collect information about your activity and device to:

• Enable core functionality of the app
• Remember your preferences
• Provide analytics and performance improvements
• Serve personalized content or offers (where permitted)

If you wish to opt out of certain analytics or advertising tracking, please consult your device settings or the opt-out controls provided in the app (where available).

7. Data Security

We implement industry-standard administrative, technical and physical safeguards to help protect personal data from unauthorized access, use, disclosure, alteration and destruction. Measures may include:

• Encryption of data in transit (HTTPS/TLS) and at rest where appropriate
• Access controls and authentication for personnel
• Regular security assessments and monitoring

Although we strive to protect your information, no system can be completely secure. If we become aware of a breach affecting your personal data, we will follow applicable legal requirements, which may include notifying affected users and regulators.

8. Data Retention

We retain personal data only as long as necessary to provide the Service, fulfill the purposes described in this Policy, comply with legal obligations, resolve disputes and enforce agreements.

Typical retention examples (subject to change):
Orders & transaction records: retained for at least 3–7 years for tax and accounting obligations;
Account profile data: retained while your account is active and for a reasonable period thereafter;
Analytics and logs: retained in aggregated or pseudonymized form for analytics; raw logs retained for a period necessary for debugging/security (e.g., 90–365 days).

9. International Transfers

Thristo may store and process information on servers located in India or in other countries. If your data is transferred outside your country, we will protect it as required by law and by appropriate safeguards.

10. Your Rights & Choices

Depending on your jurisdiction, you may have rights regarding your personal data such as:

• Access — request a copy of the personal data we hold about you.
• Correction — request correction of inaccurate or incomplete information.
• Deletion — request deletion of personal data where legally permitted.
• Portability — request a machine-readable copy of certain data you provided.
• Restriction / Objection — request restriction or object to processing where applicable.
• Opt-out — opt out of marketing communications at any time by using the unsubscribe link in emails or by contacting us.

To exercise any of these rights, contact us using the contact details below. We may need to verify your identity before responding to requests. We will respond in accordance with applicable law.

11. Children's Privacy

Our Service is not intended for children under 13, and we do not knowingly collect personal information from children under 13. If you become aware that we have inadvertently collected information from a child under 13, please contact us so we can delete the data.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will revise the “Effective date” at the top and may provide additional notice (for example, in-app or via email). Please review this page periodically.

13. Contact Us

If you have questions, requests, or concerns about this Privacy Policy or our privacy practices, please contact:

If you would like to contact our Data Protection Officer (DPO) or privacy team, please use the email above and include "Privacy / DPO" in the subject line.

14. Legal Bases & Additional Disclosures

Where applicable law requires that we state our legal base for processing personal data, we rely on one or more of the following:

• Performance of a contract (to fulfill orders and provide the Service)
• Consent (for optional marketing communications or analytics where consent is required)
• Legitimate interests (to improve our service, detect fraud, and operate our business)
• Legal obligation (to comply with applicable law)

This policy is intended to be read together with any additional notices that may be provided where we collect your personal data (for example, during registration or at checkout).