Legal Document

Privacy Policy

How we collect, use, and protect your information.

Effective Date: April 26, 2025·Last Updated: April 26, 2025·Jurisdiction: Republic of India
IMPORTANT — PLEASE READ CAREFULLY

By accessing or using the Cirota platform (website, mobile app, or any related service), you unconditionally agree to every provision in this document. If you do not agree, you must immediately stop using all Cirota services.

Contents

  1. Introduction & Scope
  2. Information We Collect
  3. How We Use Your Information
  4. Data Storage & Security
  5. Data Sharing & Disclosure
  6. AI Nutrition Advisor — Dr. Sona
  7. Location Data
  8. Cookies & Tracking Technologies
  9. Data Retention
  10. Your Rights (Indian Law)
  11. Children's Privacy
  12. Third-Party Services & External Links
  13. Changes to This Privacy Policy

1. Introduction & Scope

Cirota ('we', 'us', 'our', or 'the Company') operates a meal subscription and tiffin delivery platform accessible via our website and mobile application (collectively, the 'Platform'). This Privacy Policy describes how we collect, use, store, disclose, and protect information about you when you use our Platform.

This Policy applies to all users including customers, delivery partners, and administrative personnel. By using the Platform you consent to the data practices described herein.

2. Information We Collect

2.1 Information You Provide Directly

  • Full name, email address, and phone number provided during account registration
  • Delivery address(es) including locality, city, PIN code, and GPS coordinates
  • Subscription plan preferences (Veg Lite, Veg Prime, Non-Veg Lite, Non-Veg Prime)
  • Meal selection preferences, modification requests, pause requests, and special delivery instructions
  • Health information voluntarily shared with our AI Nutrition Advisor (Dr. Sona), including dietary restrictions, allergies, medical conditions, and wellness goals
  • Payment information processed via Razorpay (we do not store raw card numbers or banking credentials)
  • Government-issued identification documents and photographs submitted by delivery partners during onboarding and verification
  • Support tickets, chat messages, complaints, and feedback submitted to us

2.2 Information Collected Automatically

  • Device identifiers, IP address, browser type and version, operating system
  • Log data: pages visited, features used, timestamps, session duration, click and interaction patterns
  • Real-time GPS location of delivery partners transmitted during active delivery sessions (Leaflet/OpenStreetMap integration)
  • Cookies and similar tracking technologies for authentication, session management, and usage analytics
  • Google Analytics measurement data (Measurement ID: G-4ZNVJRQ2FH) including behavioural and traffic data

2.3 Information from Third-Party Services

  • Google Sign-In: your Google account name, email, and profile picture as authorised by you
  • Razorpay: payment confirmation identifiers, transaction IDs, and refund references
  • Google Gemini AI: conversation data processed by Google's AI infrastructure to power Dr. Sona responses

3. How We Use Your Information

3.1 Service Delivery

  • Processing and fulfilling your meal subscription and individual orders
  • Scheduling, routing, and dispatching delivery partners to your registered address
  • Sending OTP verification codes and transactional emails via Nodemailer
  • Enabling real-time delivery tracking on your customer dashboard
  • Processing payments and issuing refunds through Razorpay

3.2 Platform Operations

  • Managing your account, subscription settings, pauses, modifications, and cancellations
  • Powering the AI Nutrition Advisor (Dr. Sona) using Google Gemini AI to provide personalised dietary guidance
  • Verifying delivery partner identities and eligibility through document checks
  • Managing kitchen operations, inventory planning, and holiday scheduling in the admin panel
  • Generating delivery histories, customer analytics, and operational reports

3.3 Communications

  • Sending order confirmations, delivery status notifications, and service updates
  • Responding to customer support tickets and queries
  • Sharing promotional offers, new plan announcements, or service changes — you may opt out at any time

3.4 Legal & Safety

  • Complying with applicable Indian laws, regulatory orders, and court directions
  • Preventing fraud, abuse, unauthorised access, and security incidents
  • Enforcing our Terms and Conditions and protecting the rights of Cirota and other users

4. Data Storage & Security

4.1 Infrastructure

Your data is stored in Google Firebase (Firestore database, Firebase Authentication, and Firebase Storage) hosted on Google Cloud Platform servers, which may be located in the United States, Europe, or other jurisdictions operated by Google LLC. By using Cirota you consent to this cross-border data transfer.

4.2 Security Measures

  • Firebase Security Rules governing database read/write access
  • Firebase Authentication token-based session management
  • OTP-based email verification for new account registrations
  • HTTPS/TLS encryption for all data in transit
  • Razorpay's PCI-DSS compliant infrastructure for all payment data

4.3 Disclaimer of Absolute Security

NO SYSTEM IS 100% SECURE.

Despite reasonable security measures, Cirota cannot guarantee absolute security of your data. We shall not be liable for any unauthorised access, data breach, hacking, or loss of data caused by factors beyond our reasonable control, including third-party infrastructure failures. You use the Platform at your own risk.

5. Data Sharing & Disclosure

5.1 Service Providers

We share data with third-party service providers strictly to operate the Platform:

  • Google LLC — Firebase, Google Sign-In, Google Maps/Leaflet, Google Gemini AI (Dr. Sona)
  • Razorpay Software Pvt. Ltd. — payment processing and refund management
  • Email infrastructure providers — for transactional email delivery (Nodemailer)

5.2 Legal Disclosure

We may disclose your information without notice if required by law, regulation, court order, or government authority, or if we believe in good faith that disclosure is necessary to protect the safety of any person or to prevent fraud.

5.3 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of assets, your information may be transferred to the successor entity. We will notify you via email or a prominent Platform notice before your data becomes subject to a different privacy policy.

5.4 No Sale of Personal Data

Cirota does not sell, rent, or trade your personal information to third parties for their independent marketing or commercial purposes.

6. AI Nutrition Advisor — Dr. Sona

6.1 How It Works

Dr. Sona is an AI-powered conversational nutrition assistant built on Google Generative AI (Gemini). Your conversation messages, health disclosures, and dietary preferences shared with Dr. Sona are transmitted to Google's Gemini API for processing.

6.2 Important Disclaimers

DR. SONA IS NOT A LICENSED MEDICAL PROFESSIONAL.

Advice provided by Dr. Sona is purely informational and for general wellness guidance only. It does NOT constitute medical diagnosis, clinical nutrition therapy, or professional medical advice. NEVER rely on Dr. Sona for emergency medical situations — call 108 (ambulance) immediately. Cirota shall bear NO liability whatsoever for any health outcome, injury, allergic reaction, medical condition, or consequence resulting from reliance on Dr. Sona's guidance.

6.3 Health Data

Health information you voluntarily disclose to Dr. Sona is processed by Google Gemini AI and may be stored in our Firebase database to personalise future interactions. By using Dr. Sona, you explicitly consent to this processing. You may request deletion of your Dr. Sona conversation history at any time.

7. Location Data

7.1 Customer Location

We use your delivery address (including GPS coordinates you provide) solely to route deliveries to your location. We do not continuously track customer device locations without consent.

7.2 Delivery Partner Location

Delivery partners' real-time GPS location is collected and transmitted via the Platform during active delivery sessions to enable live tracking visible to customers and admins. This tracking ceases when the delivery partner is not on an active assignment. Delivery partners consent to this tracking as a condition of their engagement with Cirota.

8. Cookies & Tracking Technologies

We use cookies and local storage to maintain authentication sessions (Firebase Auth tokens), remember user preferences, and analyse Platform usage. Most browsers allow you to disable cookies; however, doing so may impair your ability to log in and use the Platform.

Third-party services (Google Analytics, Firebase) may set their own cookies subject to their respective privacy policies.

9. Data Retention

  • Account data is retained for the duration of your active subscription plus 2 years thereafter
  • Delivery history and transaction records are retained for 7 years as required by Indian tax and accounting laws
  • Dr. Sona conversation logs are retained for 1 year unless you request earlier deletion
  • Delivery partner documents are retained for 3 years post-engagement
  • You may request deletion of your account and associated data at any time, subject to our legal retention obligations

10. Your Rights (Indian Law)

Under applicable Indian law and the Information Technology (Amendment) Act, 2008 and its rules, you have the right to:

  • Access and review the personal data we hold about you
  • Correct inaccurate or incomplete information
  • Request deletion of your account and personal data (subject to legal retention requirements)
  • Withdraw consent to optional data processing (e.g., marketing communications)
  • Raise a grievance with our Grievance Officer (contact details below)

10.1 Grievance Officer

Grievance Officer: Cirota Support Team

Email: cirota.dev@gmail.com

Response Time: We will acknowledge your request within 72 hours and resolve within 30 days.

Platform: You may also raise a ticket via the Support section in your customer dashboard.

11. Children's Privacy

The Cirota Platform is not intended for use by children under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has registered on our Platform, please contact us immediately and we will delete such data promptly.

12. Third-Party Services & External Links

The Platform integrates third-party services including Google, Razorpay, Facebook, Apple, and Leaflet/OpenStreetMap. These services have their own privacy policies. Cirota assumes NO responsibility for the data practices of any third-party service or any website linked to or from our Platform.

13. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Changes become effective upon posting to the Platform. Continued use of the Platform after changes constitutes acceptance of the revised Policy. We encourage you to review this Policy periodically.

© 2025 Cirota. All rights reserved.

Last reviewed: April 26, 2025

Terms & ConditionsRefund PolicyBack to home