Privacy Policy – Pinified

Pinified (“Company”, “we”, “us”, or “our”) is committed to safeguarding the privacy of individuals who visit our website, use our mobile application, or engage with our logistics services (“you”, “your”, or “User”).

This Privacy Policy outlines how we collect, use, store, disclose, and protect your personal data in compliance with the Digital Personal Data Protection Act, 2023 (“DPDPA”) and other applicable laws of India.

1. Scope

This Privacy Policy applies to all personal data collected by Pinified in connection with our services, including:

• Customers: Individuals and businesses using C2C, B2C, or Hyperlocal services for pickup and delivery.
• Service Providers (Supply Side): Individual Fleet Owners, Drivers, Delivery Partners, Delivery Boys and Agencies providing vehicle services (2W/3W).
• Recipients: Individuals designated to receive shipments.

The policy covers data processed for the purpose of generating logistics orders, facilitating deliveries, managing fleet operations, and processing payments. Pinified acts as a technology and logistics aggregator and does not control how Delivery Partners process data beyond delivery execution.

2. Types of Personal Data Collected

We may collect the following categories of personal data, including sensitive personal data, from you depending on your role (Customer or Service Provider):

A. For Customers (C2C, B2C, Enterprise)

• Identity Information: Full name, Identification documents, viz., Aadhar Card, PAN Card of individuals, GSTIN (for B2C/Enterprise), and business registration and incorporation details.
• Contact Information: Pickup and delivery addresses, phone numbers, and email addresses.
• Shipment Data: Details of the consignment (weight, material type, value) to assess carriability and restricted materials.
• Recipient Information: Name, address, and phone number of the person receiving the shipment.
• Financial Information:
  • Payment details for prepaid orders (C2C) and card details.
  • Credit history/score for B2C firms operating on 15–30 days credit lines (accessed through consent mechanism).

B. For Service Providers (Fleet Owners & Agencies)

• Identity & KYC Information: Aadhaar number, PAN number, Driving License (DL), and Voter ID. Aadhaar is collected only where legally permitted and strictly on a voluntary basis. Users may provide alternative government-issued identification documents.
• Vehicle Information: Vehicle Registration Certificate (RC), insurance details, and fitness certificates.
• Financial Information: Bank account details (Account number, IFSC) for payouts.
• Location Data: Real-time GPS location for route optimization and shipment tracking.

C. Technical Data (All Users)

• Device & Technical Information: IP address, browser type, cookies, and device identifiers.

Note: We collect such data only with your express and informed consent.

3. Purpose of Collection and Use

We process your data for the following purposes:

• Service Fulfillment: To execute pickups and deliveries (Intracity/Intercity) and manage return pickups.
• Pricing & Eligibility:
  • To calculate "Spot Pricing" for Hyperlocal orders based on immediate demand.
  • To evaluate eligibility for credit lines (B2C/Enterprise) for financial products or services.
• Fleet Management: To verify the identity of drivers/fleet owners and ensure vehicle compliance.
• Safety & Compliance:
  • To assist in KYC verification as required by regulatory guidelines.
  • To resolve weight disputes and damage claims (especially for courier/cargo movements).
• Communications: To send shipment status updates, OTPs for delivery validation, and invoices.
• Improvement: For internal analytics to improve service delivery (with anonymized and aggregated data).

4. Legal Basis for Processing

Your personal data is collected and processed based on the following legal grounds:

• Your explicit consent under Section 5 of the DPDPA.
• For performance of a contract between you (Customer/Fleet Owner) and Pinified.
• For compliance with legal obligations, such as KYC norms and tax invoicing.
• For legitimate interests, such as fraud detection, preventing shipment of restricted materials, or service improvement.

5. Consent Management

• You have the right to grant, review, withdraw, or modify your consent at any time.
• Withdrawal of consent (e.g., turning off location services for a Driver) may result in discontinuation of services.
• We provide clear options to provide or deny consent for specific purposes at the time of data collection.

6. Data Sharing and Disclosure

We may share your personal data only with the following parties and under strict confidentiality obligations:

• Operational Partners: Customer details (Name, Address, Phone) are shared with Fleet Owners/Drivers to fulfill the delivery. Fleet details (Driver Name, Vehicle No., Tracking) are shared with Customers.
• Financial Partners: Banks and NBFCs for credit checks on B2C clients or processing payouts.
• Authorized Service Providers: Verification agencies (for background checks on drivers), payment gateways, and cloud infrastructure providers.
• Government Authorities: Regulators or courts as mandated by law (e.g., in cases of restricted material transport).
• Credit Bureaus: With your consent, for checking creditworthiness (specifically for B2C credit terms).

We do not sell or rent your personal data to any third party.

7. Data Storage and Retention

• Your personal data will be stored securely on servers located in India or jurisdictions compliant with Indian law.
• We retain data only as long as necessary for the purposes stated (e.g., retention of invoice data for tax audits) or as required under applicable law.
• Upon expiration of the retention period, data will be securely deleted or anonymized.

8. Your Rights as a Data Principal

You have the following rights under the DPDPA:

• Right to Access: Know what data we hold about you (e.g., trip history, payment records).
• Right to Correction: Request corrections to inaccurate or outdated information (e.g., updating address or vehicle details).
• Right to Erasure: Request deletion of your personal data (subject to legal obligations like tax record keeping).
• Right to Grievance Redressal: Lodge complaints with us or the Data Protection Board of India.

You may exercise these rights by writing to our Grievance Officer at the contact below.

9. Data Security Measures

We implement industry-standard technical and organizational safeguards including but not limited to:

• Encryption of data in transit (e.g., payment data) and at rest.
• Secure servers and firewalls.
• Role-based access controls (ensuring only relevant staff see sensitive B2C credit data).
• Regular vulnerability assessments.

10. Cookies and Tracking Technologies

• We may use cookies and GPS tracking technologies to enhance user experience, provide real-time tracking, and collect usage statistics.
• You may modify your browser or device settings to decline cookies/location tracking; however, this may affect site functionality or the ability to book/fulfill orders.

11. Grievance Redressal Mechanism

For questions, concerns, or complaints regarding this Privacy Policy, your personal data, or liability/damage disputes related to data usage, please contact our Grievance Officer:

We will acknowledge complaints within 24 hours and resolve them within 7 business days.

12. Updates to This Policy

We may update this Privacy Policy from time to time. Any material changes will be notified on our website/app. Your continued use of our services after such changes constitutes your consent to the revised policy.

13. Governing Law and Jurisdiction

This Privacy Policy shall be governed by and construed in accordance with the laws of India. Any disputes shall be subject to the exclusive jurisdiction of the courts located in Ahmedabad.