Privacy
Policy

Welcome to Coltan Fleet ("Application", "Platform", "App"). The Application is owned, operated, and maintained by Coltan Company ("Company", "We", "Us", "Our"), incorporated and operating under the laws of the Republic of India.

For the purposes of the Digital Personal Data Protection Act, 2023 (DPDP Act), the Company acts as the "Data Fiduciary" in respect of all personal data collected through the User Application. Our registered address and grievance contact details are set out in Section 19 of this Policy.

This Policy applies exclusively to the Coltan Fleet User Application used by end-users ("User", "You", "Your") who book on-demand delivery services for grocery items, food items, and other goods through the Platform. Separate policies govern rider/delivery partner accounts.

This Policy governs:

• All personal data collected when you download, register, access, or use the Coltan Fleet User Application;
• Data processed during the course of placing, tracking, managing, or cancelling a delivery order;
• Data collected through customer support interactions, feedback mechanisms, promotional activities, and any other features available within the Application;
• Data transmitted to us through your mobile device, including device identifiers, location signals, and usage analytics.

In compliance with the DPDP Act, 2023, we process your personal data on the following lawful grounds:

• Consent: For processing your personal data for purposes beyond the core delivery service (e.g., marketing communications, analytics). You provide free, specific, informed, unconditional, and unambiguous consent by creating an account and accepting this Policy.
• Contractual Necessity: Processing required to fulfil the delivery service contract between you and the Company, including order management, payment processing, and rider assignment.
• Legitimate Uses: As permitted under Section 7 of the DPDP Act, 2023 — including for compliance with legal obligations, protection of life, or responding to medical emergencies.
• Legal Obligation: To comply with applicable Indian laws, judicial orders, or directions of competent authorities.

You represent that you are at least 18 years of age (or have obtained valid parental/guardian consent where applicable under law) and have the legal capacity to enter into a binding agreement.

The Coltan Fleet Application requires access to your device's location to function correctly. Location data is used exclusively to:

• Auto-detect your delivery address and nearby serviceable areas;
• Enable you to track your assigned delivery rider in real time;
• Optimise delivery routing for faster service.

We request FOREGROUND location access during active use of the Application. We do NOT request background location access unless a specific feature requires it, in which case a separate, distinct consent prompt will be displayed.

We do not sell, rent, or trade your personal data to any third party. We disclose your data only in the following limited circumstances:

We retain your personal data only for as long as necessary:

• Account data: Retained for the duration of your active account plus 3 years after deletion (for legal compliance and dispute resolution);
• Order & transaction records: Retained for 7 years in accordance with GST and financial record-keeping laws;
• Communication & support records: Retained for 2 years;
• Location data (session-level): Deleted after 90 days following order completion;
• Marketing preferences & consent logs: Retained until withdrawn and for 1 year thereafter.

We implement industry-standard technical and organisational security measures, including:

• Transport Layer Security (TLS 1.2 or higher) for all data transmitted between your device and our servers;
• AES-256 encryption for data at rest on our cloud infrastructure;
• Role-based access controls ensuring only authorised personnel access personal data on a need-to-know basis;
• Regular security audits, penetration testing, and vulnerability assessments;
• Multi-factor authentication (MFA) for internal administrative access;
• Incident response procedures in accordance with applicable Indian data breach notification requirements.

The Coltan Fleet Application is not intended for use by children below the age of 18 years. We do not knowingly collect personal data from minors. If you are a parent or guardian and believe that your child has provided us with personal data without appropriate consent, please contact our Grievance Officer immediately at the details in Section 19. Upon verification, we will promptly delete such data in accordance with applicable law.

Under the DPDP Act, 2023, and applicable Indian law, you have the following rights:

• Right to Information: Obtain a summary of personal data being processed and the processing activities undertaken.
• Right to Correction & Erasure: Correct inaccurate or incomplete personal data, and request erasure of data no longer necessary for the purposes collected, subject to legal retention obligations.
• Right to Grievance Redressal: Have grievances addressed by our Grievance Officer in a timely manner, and escalate unresolved disputes to the Data Protection Board of India once constituted.
• Right to Nominate: Nominate an individual to exercise your rights in the event of your death or incapacity.
• Right to Withdraw Consent: Withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
• Right to Opt-Out of Marketing: Opt out of promotional communications at any time via in-app settings.

To exercise any of the above rights, submit a request through Account Settings in the Application or contact our Grievance Officer as specified in Section 19. We will respond to verified requests within the timelines prescribed by applicable law.

You may withdraw your consent at any time by:

• Navigating to Settings → Account → Delete Account within the Application;
• Submitting a written request to our Grievance Officer at the contact details in Section 19.

Upon receipt of a valid deletion request, we will delete or anonymise your personal data within 30 days, subject to:

• Retention obligations required by applicable law (refer Section 8);
• Pending orders or outstanding payment disputes;
• Active legal proceedings or regulatory investigations.

The Application may use cookies, pixel tags, device fingerprinting, and similar tracking technologies for:

• Session management and authentication;
• Remembering your preferences and saved addresses;
• Analysing application usage through analytics SDKs embedded in the Application;
• Measuring the effectiveness of promotional campaigns.

You may control certain tracking preferences through your device settings (e.g., resetting your Advertising ID). Disabling certain technologies may affect Application functionality.

The Application may integrate with or display links to third-party services such as payment gateways, mapping services, and social media platforms. Such third parties operate under their own independent privacy policies, and we bear no responsibility for their data practices. We encourage you to review the privacy policies of any third-party services before sharing your information with them.

By registering on the Platform and accepting this Policy, you consent to receive:

• Transactional messages: Order confirmations, OTPs, status updates, and payment receipts (mandatory for service delivery; cannot be opted out of while your account is active);
• Service messages: Policy updates, account security alerts, and operational notices;
• Promotional messages: Offers, discounts, and newsletters (optional; you may opt out at any time through Settings → Notifications or via the unsubscribe link in any marketing email).

We reserve the right to update or amend this Policy at any time. Any material changes will be notified via:

• In-application notifications;
• A prominent notice on our website (if applicable);
• Email or SMS to the registered contact details on your account.

The revised Policy will indicate the updated "Effective Date" at the top. Your continued use of the Application after the effective date constitutes your acceptance of the changes. If you do not agree, you must discontinue use and request account deletion.

In accordance with Google Play Developer Policies, we confirm:

• We collect personal and sensitive user data only to the extent necessary for the legitimate functioning of the Application and the purposes disclosed in this Policy;
• We do not use personal data for purposes not disclosed to the user;
• We provide a prominent, accessible link to this Policy within the Application and on the Play Store listing;
• We handle all data in a manner consistent with Google Play's User Data Policy, including requirements relating to location data, financial information, device identifiers, and sensitive permissions;
• We implement appropriate security measures to protect user data as described in Section 9.

This Privacy Policy is governed by and shall be construed in accordance with the laws of the Republic of India, including but not limited to:

• Information Technology Act, 2000;
• Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011;
• Digital Personal Data Protection Act, 2023;
• Consumer Protection Act, 2019.

Any dispute arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of the competent courts located in Patna, India.