This Policy applies to merchants, outlet owners, authorised staff, and onboarding applicants using partner.gatimitra.com, the GatiMitra Merchant app, and merchant APIs. It should be read with our Terms of Service and Code of Conduct.
Merchant Privacy Policy
How GatiMitra collects, uses, stores, and shares information when you use the partner portal, merchant app, and related merchant services.
Important Agreement
This Policy applies to merchants, outlet owners, authorised staff, and onboarding applicants using partner.gatimitra.com, the GatiMitra Merchant app, and merchant APIs. It should be read with our Terms of Service and Code of Conduct.
1Data fiduciary
| Legal name | GATIMITRA ON DEMAND SERVICES PRIVATE LIMITED |
| Role | Data Fiduciary under the Digital Personal Data Protection Act, 2023 (DPDPA) |
| Registered office | Vill-Maulanagar, Post-Majhwe Nawada, Hisua, Bihar, India |
| Privacy contact | privacy@gatimitra.com |
| Grievance Officer | grievance.officer@gatimitra.com |
2Personal data we collect
2.1 Provided by you
| Category | Examples |
|---|---|
| Business identity | Legal business name, trade name, store type, GSTIN, FSSAI licence, PAN |
| Owner / signatory | Name, email, phone, designation, digital signature |
| Outlet | Address, geo-coordinates, photos, menu, pricing, operating hours |
| Banking | Account holder name, account number, IFSC (for settlements) |
| Documents | KYC, agreements, cancelled cheque, identity proofs |
| Support | Tickets, chat messages, call recordings where disclosed |
2.2 Collected automatically
| Category | Examples |
|---|---|
| Device & app | Device model, OS, app version, IP address, crash logs |
| Usage | Screens visited, button taps, order actions, session duration |
| Location | Outlet coordinates you provide; coarse location for weather or ops alerts when enabled |
2.3 From third parties
| Source | Data |
|---|---|
| Payment gateways | Payment confirmation for onboarding / subscriptions |
| OTP providers | SMS delivery status |
| Regulators / authorities | As required under law |
3Purposes of processing
| Purpose | Examples |
|---|---|
| Onboarding & KYC | Verify identity, activate your outlet |
| Order operations | Route orders, notify you, display customer first name & items |
| Settlements | Calculate payouts, generate invoices, TDS certificates |
| Support | Resolve disputes, compensation, technical issues |
| Safety & fraud | Detect fake outlets, duplicate accounts, wallet abuse |
| Product improvement | Analytics on feature usage (aggregated where possible) |
| Legal compliance | Tax, audit, court orders |
4Sharing of data
We do not sell personal data. We share data only as needed:
| Recipient | Why | Data shared |
|---|---|---|
| Customers | Order fulfilment | Outlet name, address snippet, prep status (not your personal phone unless masked call) |
| Delivery partners | Pickup | Outlet address, order ID, handover instructions |
| Payment processors | Collections & payouts | Transaction amounts, bank tokens |
| Cloud hosting (e.g. Supabase, R2) | Storage | Encrypted application data |
| Authorities | Legal obligation | As mandated |
5Retention
- Active merchant records are retained for the duration of the partnership and as required for tax, audit, and dispute resolution (typically up to eight (8) years for financial records unless law requires longer).
- After delisting, we may retain anonymised or aggregated data for analytics.
6Security
We use encryption in transit (TLS), access controls, and audit logging. No system is perfectly secure — report suspected breaches to security@gatimitra.com immediately.
7Your rights (DPDPA)
Subject to applicable law, you may:
- Access and correct business and contact data via the partner portal profile section
- Withdraw consent for optional marketing communications
- Raise grievances via grievance.officer@gatimitra.com
- Nominate a contact in case of incapacity (for sole proprietors)
We will respond within timelines prescribed under DPDPA and IT Rules.
8Staff accounts
If you add staff to your outlet, you are responsible for their conduct and for sharing only necessary access. Staff activity may be logged for audit.
9International transfers
Data is primarily processed in India. If processed abroad (e.g. by a sub-processor), we ensure appropriate safeguards per applicable law.
10Children's data
Merchant services are for businesses. Do not provide children's personal data except where legally required.
11Updates
We may update this Policy. Material changes will be notified via the portal or app. Latest version: /privacy-policy.
12Contact
| Purpose | |
|---|---|
| Privacy requests | privacy@gatimitra.com |
| Grievances | grievance.officer@gatimitra.com |
| Merchant support | support@gatimitra.com |
