Privacy Policy

Effective Date: January 16, 2026Last Updated: January 16, 2026Version: 1.0

1. Introduction

This Privacy Policy ("Policy") describes how Zlice ("Zlice," "we," "us," or "our"), the operator of the Zlice mobile application and website (collectively, the "Platform"), collects, uses, stores, shares, and protects personal data of users ("you," "your," or "User") in accordance with the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Information Technology Act, 2000, and other applicable laws of India.

Zlice operates as a technology platform facilitating food ordering, delivery, and related services within the IIT Kharagpur campus. By accessing or using the Platform, you consent to the practices described in this Policy.

For users under 18 years of age: Please read Section 6 carefully regarding verifiable parental consent requirements.

2. Data Fiduciary Information

As the Data Fiduciary under the DPDP Act, 2023:

DetailInformation
Platform NameZlice
Operating AddressIIT Kharagpur, Paschim Medinipur, West Bengal 721302
Contact Emailprivacy@zlice.in
Response TimeWithin 72 hours of receipt

*Note: Upon formal incorporation, this section will be updated with registered company details.*

3. Information We Collect

We collect personal data based on lawful purposes and the principle of data minimization. Below is a comprehensive breakdown:

3.1 Account Information

Data PointPurposeLegal Basis
Full NameUser identification, delivery coordinationContractual necessity
Mobile NumberOTP verification, order updates, delivery coordinationContractual necessity
Email AddressAccount recovery, transactional communicationsContractual necessity
Institute Email (@iitkgp.ac.in)Campus affiliation verificationLegitimate interest
Roll NumberCampus residency verification, subsidized accessLegitimate interest
Hall of ResidenceDelivery logistics within campusContractual necessity
Room NumberLast-mile delivery coordinationContractual necessity
Profile Photo (Optional)Account personalizationConsent

3.2 Order and Transaction Data

Data PointPurposeRetention Period
Order HistoryOrder fulfillment, customer support, dispute resolution8 years (GST compliance)
Payment Method (masked)Transaction processingDuration of relationship
Delivery AddressesEfficient delivery routingDuration of account
Order PreferencesPersonalized recommendationsUntil withdrawal of consent
Invoices and ReceiptsLegal and tax compliance8 years

3.3 Device and Technical Data

Data PointPurpose
Device ID/IMEI (hashed)Fraud prevention, multi-accounting detection
Operating System & VersionApp compatibility, troubleshooting
IP AddressSecurity, fraud detection
App VersionTechnical support
Push Notification TokenDelivery updates, promotional messages (with consent)

3.4 Location Data

We collect location data only when you actively use the Platform for ordering or delivery tracking:

TypeWhen CollectedPurpose
Precise LocationDuring active orderShow nearby eateries, delivery tracking, ETA calculation
Coarse LocationApp foreground onlyCampus zone identification
  • We do NOT track your location in the background when the app is closed.
  • We do NOT track your movement across campus when you are not using the Service.
  • You may disable location access via device settings; however, this may limit certain features.

3.5 Dietary Preferences

Data PointHandling
Vegetarian/Non-Vegetarian/Eggetarian filtersUsed solely to curate menu options
Jain/Halal/Other dietary markersStored locally on device when possible

Commitment: We do NOT use dietary preferences for behavioral profiling, targeted advertising based on religious or cultural inferences, or discriminatory service provision.

3.6 Aura Loyalty Program Data

Data PointPurpose
Points BalanceReward tracking
Earning HistoryProgram transparency
Redemption HistoryFraud prevention, accounting
Tier StatusBenefit eligibility

4. How We Use Your Information

Your personal data is processed for the following purposes:

4.1 Service Delivery

  • Processing and fulfilling food orders
  • Coordinating with Restaurant Partners and Delivery Partners
  • Providing real-time order tracking
  • Customer support and dispute resolution

4.2 Platform Operations

  • Account creation and authentication
  • Fraud prevention and security monitoring
  • Compliance with legal obligations
  • Platform improvement based on aggregated analytics

4.3 Communications

  • Transactional messages (order confirmations, delivery updates)
  • Account-related notifications (password reset, security alerts)
  • Promotional communications (only with explicit opt-in consent)

4.4 Aura Loyalty Program

  • Calculating and crediting loyalty points
  • Applying tier-based benefits
  • Detecting fraudulent or abusive program usage

5. Data Sharing and Disclosure

We share your personal data only as necessary for service delivery and legal compliance:

5.1 Service Partners

Partner TypeData SharedPurpose
Restaurant PartnersName, Phone (during active order only)Order preparation and handover
Delivery PartnersName, Phone, Delivery AddressOrder delivery
Payment GatewayTransaction details (encrypted)Payment processing

Masking Protocol: Your phone number is masked or replaced with a temporary proxy number during communications with Delivery Partners where technically feasible.

5.2 What We Do NOT Do

  • We do NOT sell your personal data to third parties.
  • We do NOT share your contact details with Restaurant Partners for their independent marketing purposes without explicit opt-in consent.
  • We do NOT share your Roll Number, Hall, or academic information with any external party.

5.3 Legal and Regulatory Disclosure

We may disclose your information if required by:

  • Court orders or legal process
  • Government or regulatory bodies exercising lawful authority
  • Law enforcement agencies investigating fraud or security threats
  • Compliance with the DPDP Act, IT Act, or other applicable laws

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the successor entity, subject to the same privacy protections.

6. Protection of Minor Users (Under 18)

6.1 Legal Framework

In accordance with Section 9 of the Digital Personal Data Protection Act, 2023, individuals under 18 years of age are classified as "children." Processing their personal data requires verifiable parental or guardian consent.

6.2 Age Verification

Upon signup, you are required to provide your Date of Birth. If you are under 18:

  1. Your account creation will be paused.
  2. You must provide your parent/guardian's email address or mobile number.
  3. A consent request (OTP or confirmation link) will be sent to your parent/guardian.
  4. Your account will only be activated upon receipt of verified parental consent.

6.3 Restrictions for Minor Users

For users identified as under 18, we:

  • Disable all targeted advertising and behavioral tracking.
  • Disable profiling based on order history or preferences.
  • Process data strictly for order fulfillment and essential communications.
  • Do not share data with third parties for marketing purposes.

6.4 Verification Methods

In compliance with Draft Rule 10 of the DPDP Rules:

  • OTP verification to parent's registered mobile number
  • Email confirmation link to parent's verified email
  • DigiLocker or government-authorized digital consent mechanism (when available)

7. Data Retention

We retain your personal data as follows:

Data CategoryRetention PeriodReason
Account InformationDuration of account + 1 year post-deletionAccount recovery, legal disputes
Order and Transaction Records8 years from transaction dateGST Act, Consumer Protection Act compliance
Payment DataNot stored (processed by payment gateway)PCI-DSS compliance
Location DataDeleted within 24 hours of order completionData minimization
Aura Points HistoryDuration of account + 1 yearAudit trail
Support Tickets3 years from resolutionQuality assurance, legal disputes

8. Your Rights Under DPDP Act

As a Data Principal, you have the following rights:

8.1 Right to Access

You may request a summary of your personal data processed by us and the processing activities undertaken.

8.2 Right to Correction

You may request correction of inaccurate or misleading personal data. Update your profile directly in-app or contact us.

8.3 Right to Erasure

You may request deletion of your personal data by:

  • Navigating to Settings → Account → Delete Account, or
  • Emailing privacy@zlice.in with subject "Data Deletion Request"

Timeline: Profile data will be erased from active servers within 30 days of request. Data required for legal compliance (e.g., transaction records) will be retained as mandated by law.

8.4 Right to Grievance Redressal

You may file a complaint with our support team. If unresolved within 30 days, you may escalate to the Data Protection Board of India.

8.5 Right to Withdraw Consent

You may withdraw consent for specific processing activities (e.g., marketing communications) at any time via app settings. Withdrawal does not affect the lawfulness of processing conducted prior to withdrawal.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

MeasureImplementation
EncryptionTLS 1.3 for data in transit; AES-256 for data at rest
Access ControlRole-based access; principle of least privilege
AuthenticationOTP-based login; device binding
MonitoringAutomated anomaly detection for fraudulent access
Incident ResponseBreach notification within 72 hours as per DPDP Act

9.1 Data Storage Location

Your data may be stored on cloud infrastructure (e.g., AWS, Google Cloud) which may have servers located outside India. We ensure that such transfers comply with applicable data protection laws and that adequate safeguards are in place.

10. Cookies and Tracking Technologies

10.1 Mobile Application

The Zlice app uses:

  • Essential Cookies: Session management, authentication
  • Analytics (Anonymized): Aggregated usage patterns to improve the app

We do NOT use third-party advertising trackers or sell data to ad networks.

10.2 Website

If you access Zlice via web browser, we use:

  • Strictly Necessary Cookies: Required for website functionality
  • Performance Cookies: Anonymized analytics (e.g., page load times)

You may control cookie preferences via your browser settings.

11. Third-Party Links

The Platform may contain links to third-party websites (e.g., restaurant websites, payment gateways). We are not responsible for the privacy practices of such third parties. We encourage you to read their privacy policies before providing any personal data.

12. Updates to This Policy

We may update this Privacy Policy from time to time. Changes will be notified via:

  • In-app notification
  • Email to your registered address (for material changes)
  • Updated "Last Updated" date at the top of this Policy

Continued use of the Platform after such updates constitutes acceptance of the revised Policy.

13. Contact Us

For any privacy-related queries, concerns, or requests:

ChannelDetails
Emailprivacy@zlice.in
Operating AddressIIT Kharagpur, Paschim Medinipur, West Bengal 721302
Response TimeWithin 72 hours

14. Governing Law and Jurisdiction

This Privacy Policy shall be governed by and construed in accordance with the laws of India. Any disputes arising under this Policy shall be subject to the exclusive jurisdiction of the courts in Paschim Medinipur, West Bengal.

By using the Zlice Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.