Privacy Policy

Effective date: 29 April 2026 · Last updated: 29 April 2026

1. Who We Are

This Privacy Policy is issued by Balu Ram Rajeshwar Kumar (the proprietary firm that owns and operates the brand "Annapurna Spices", hereinafter referred to as "Annapurna Spices", "we", "our", or "us"). We are committed to protecting the privacy and personal data of every visitor, customer, dealer, and partner who interacts with us through our website, our WhatsApp channel, our social media handles, our retail counter, or our offline distribution network.

This policy is published in accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000 read with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the Consumer Protection (E-Commerce) Rules, 2020, and Rule 3(1) of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.

By accessing our website, sharing your information with us, or transacting with us, you confirm that you have read, understood, and consented to the practices described below.

2. Information We Collect

2.1 Information you provide directly

  • Identity & contact: name, email address, mobile number, postal/billing/shipping address, GSTIN (for B2B/dealer accounts), business name, and PAN where required.
  • Account credentials: login identifiers and authentication tokens issued by sign-in providers (e.g. Google).
  • Order data: items selected, quantities, sizes, special instructions, delivery preferences, gift messages.
  • Payment data: we do not store full card or UPI credentials. Payments are processed by PCI-DSS compliant payment gateways. We retain only transaction IDs, payment status, last-4 digits where shared by the gateway, and tax invoices.
  • MaAI inputs: health goals, dietary preferences, allergies, taste profile, and similar data you voluntarily enter into the MaAI Health Profile, Smart Compare, and Mood Recipes features.
  • Communications: any message, query, complaint, image, voice note, or feedback you send to us through any channel.

2.2 Information collected automatically

  • Device & technical data: IP address, browser type and version, operating system, device identifiers, time zone, and language settings.
  • Usage data: pages visited, time spent, products viewed, searches, clicks, referring URLs, scroll depth, and add-to-list events.
  • Cookies & similar technologies: first-party and third-party cookies, local storage, session storage, and pixels used for security, analytics, and marketing measurement.

2.3 Information collected via WhatsApp

When you contact us through our WhatsApp Business number, place a "WhatsApp Order" through any feature on this website, or click any "Chat on WhatsApp" link, the following data may be collected and processed by us:

  • Your WhatsApp display name and profile picture as exposed by the WhatsApp platform.
  • Your mobile number associated with your WhatsApp account.
  • The full content of messages, attachments, images, voice notes, documents, and location data that you share with us.
  • Pre-filled order text generated by our website (e.g. recipe ingredient lists, product names, SKUs, sizes, and quantities) that you choose to send.
  • Delivery status, read receipts (where enabled), and timestamps of conversations.
  • Tags, labels, and notes that our team applies internally to your conversation for order fulfilment and customer-support purposes.

Please note that the WhatsApp platform is owned and operated by Meta Platforms, Inc. and is governed by its own terms and privacy policy. Any data you share with us via WhatsApp is also subject to Meta's privacy practices, which we do not control.

2.4 Information collected via social media

We maintain official handles on Facebook, Instagram, YouTube, and Google Business Profile. When you interact with our content or pages on these platforms, we may receive the following information from the respective platform, subject to your account's privacy settings:

  • Your public profile name, username, and profile picture.
  • Comments, reviews, ratings, direct messages, story replies, mentions, tags, and reactions directed at our handles.
  • Aggregate, de-identified insights provided by the platform (impressions, reach, demographic ranges, follower counts, story views).
  • Click and view events on our paid or organic advertisements served through Meta Ads Manager, YouTube Ads, or Google Ads.
  • Lead-form submissions where you voluntarily share name, phone, or email through Meta or Google lead forms.
  • Pixel and conversion data collected through the Meta Pixel, Google Analytics, and Google Tag Manager when you visit our website after clicking such advertisements.

We do not scrape, harvest, or otherwise collect information from social media users who have not directly engaged with us. We do not buy mailing lists.

2.5 Information from third parties

  • Payment gateways (status of transactions, fraud signals).
  • Logistics & delivery partners (proof of delivery, return scans, address corrections).
  • Marketplaces such as Amazon, Flipkart, JioMart, and Blinkit (only where you have placed an order with us through their platforms).
  • Authentication providers such as Google (only the basic profile information you authorise during sign-in).

3. Lawful Basis & Purpose

We process personal data only where we have a lawful basis under the DPDP Act, 2023 — namely your consent, the performance of a contract with you, compliance with a legal obligation, or a clearly identified legitimate use. The purposes are:

  • To accept, confirm, fulfil, pack, dispatch, and deliver your orders.
  • To raise GST-compliant tax invoices and meet statutory record-keeping obligations.
  • To provide customer support, handle returns, replacements, and refunds.
  • To operate, maintain, and improve our website, MaAI features, and recommendation engine.
  • To prevent fraud, abuse, spam, and unauthorised access.
  • To send transactional messages (order confirmations, dispatch alerts, delivery confirmations) over SMS, email, and WhatsApp.
  • To send promotional messages where you have opted in, including festive offers, new product launches, and recipe inspiration.
  • To comply with applicable law, court orders, and lawful requests from regulators or law enforcement.

4. Cookies & Tracking

We use the following categories of cookies and similar technologies:

  • Strictly necessary: session, authentication, cart/list, and security cookies (cannot be disabled).
  • Functional: remembers your language, region, and preferences.
  • Analytics: Google Analytics and similar tools to understand aggregate usage.
  • Marketing: Meta Pixel, Google Ads conversion tags, and re-targeting cookies (loaded only with your consent where required).

You can disable non-essential cookies via your browser settings or our cookie banner where shown. Disabling certain cookies may affect site functionality.

5. How We Share Your Data

We do not sell your personal data. We share data only with the following categories of recipients, and only to the extent necessary:

  • Service providers: hosting, database, email, SMS, WhatsApp Business Solution Providers (BSPs), analytics, cloud storage, customer-support tooling.
  • Payment processors: PCI-DSS compliant gateways such as Razorpay, PayU, Cashfree, Paytm, and similar (as applicable from time to time).
  • Logistics partners: India Post, Delhivery, DTDC, BlueDart, Shadowfax, Ekart, Ecom Express, and any local courier we engage.
  • Marketplaces: only the data required to fulfil orders placed on Amazon, Flipkart, JioMart, Blinkit, and similar platforms.
  • Professional advisors: chartered accountants, auditors, lawyers, and tax consultants under confidentiality.
  • Government & law enforcement: only when required by law, court order, or to protect our legal rights.
  • Successor in interest: in the event of a merger, acquisition, restructuring, or sale of business assets, with appropriate safeguards.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including:

  • Account data: for the lifetime of your account and up to 3 years after deletion or last activity, whichever is shorter, unless retention is required by law.
  • Order, invoice & GST records: retained for at least 8 financial years as required under the CGST Act, 2017 and the Income Tax Act, 1961.
  • WhatsApp & support conversations: retained for up to 24 months from the last message for quality, dispute, and audit purposes.
  • MaAI profile data: retained until you delete your profile or your account, after which it is purged within 30 days.
  • Marketing consent records: retained for the duration of your consent plus 12 months for compliance evidence.
  • Server, security & access logs: retained for up to 12 months.

7. Data Security

We follow reasonable security practices and procedures consistent with ISO/IEC 27001 principles. Measures include TLS/SSL encryption in transit, access controls, role-based authorisation, hashed passwords, regular backups, vendor-risk assessments, and periodic security reviews. Despite our efforts, no internet transmission or electronic storage is fully secure; you share information at your own risk and must keep your account credentials confidential.

8. Your Rights

Subject to verification of your identity, you have the right to:

  • Access a summary of personal data we hold about you.
  • Request correction or updating of inaccurate or incomplete data.
  • Request erasure of your personal data (see our Data Deletion Policy).
  • Withdraw consent for processing or marketing at any time.
  • Nominate another individual to exercise your rights in case of death or incapacity.
  • Lodge a grievance with our Grievance Officer (Section 11) and, if unresolved, with the Data Protection Board of India.

9. Children's Data

Our services are intended for users aged 18 years and above. We do not knowingly collect personal data from children. If a parent or legal guardian becomes aware that their child has shared data with us, please contact us at annapurna2486@gmail.com and we will delete it promptly.

10. International Transfers

Personal data is primarily stored on servers located in India. Some service providers (cloud hosting, analytics, email, WhatsApp BSP) may process data outside India. Such transfers are made only to jurisdictions and providers offering adequate data protection, and only as permitted under the DPDP Act, 2023.

11. Grievance Officer & Contact

In compliance with the Information Technology Act, 2000 and the Consumer Protection (E-Commerce) Rules, 2020:

Grievance Officer: Mr. Piyush Arya

Firm: Balu Ram Rajeshwar Kumar (brand: Annapurna Spices)

Address: Shop No. 2486, Gurudwara Road, near Singh Sabha, Anand Colony, Neelpur, Rajpura, District Patiala, Punjab – 140401, India

Email: annapurna2486@gmail.com

Phone: +91 98723 17568

Hours: 9:00 AM – 7:00 PM (Mon–Sat), 9:00 AM – 2:00 PM (Sun)

We acknowledge complaints within 48 hours and aim to resolve them within 30 days, as required under applicable law.

12. Updates to this Policy

We may update this Privacy Policy from time to time. The "Effective date" at the top reflects the latest version. Material changes will be notified through our website, email, or WhatsApp. Continued use of our services after such notification constitutes acceptance of the revised policy.