PRIVACY POLICY
This Privacy Policy ("Policy") describes how Spiritufy India Private Limited ("Company", "we", "us", or "our") collects, uses, shares, and protects personal information of users ("you", "Customer", or "User") who access or use our digital platform available at www.Rituals24.com and/or our mobile application (collectively, the "Platform"). This Policy applies to all users including Customers (devotees), Pandits/Priests (Service Providers), and visitors to the Platform.
1. INFORMATION WE COLLECT
We collect personal data that you provide directly to us, that we collect automatically, or that we receive from third parties. The categories of information we collect include:
(a) Information You Provide Directly:
- (i) Customers: Full name, mobile number, email address, delivery address(es), preferred language, booking history, payment details, and any content you post (such as reviews, ratings, or feedback).
- (ii) Pandits/Service Providers: Full name, photograph, video introduction, government-issued identity proof (e.g., [Aadhaar Redacted], PAN), address proof, mobile number, email address, bank account details, certificates and qualifications, character certificate, years of experience, specializations, temple affiliation, service areas, travel radius, and availability schedule.
- (iii) All Users: Login credentials, profile information, communications sent through the Platform (chat, voice notes, video calls), and support queries submitted to us.
(b) Information Collected Automatically:
Each time you access or use the Platform, we automatically collect certain technical and usage data, including:
- (i) Device information: device type, operating system, browser type and version, device identifiers, and mobile network information.
- (ii) Usage data: pages visited, features used, search queries, booking history, clicks, session duration, and interaction logs.
- (iii) Location data: GPS coordinates, service location, and — for Pandits performing offline visits — real-time location data tracked from job acceptance to job completion, and geo-fence monitoring for a defined period post-service completion.
- (iv) Technical data: IP address, log files, cookies, web beacons, pixel tags, and other tracking technologies.
(c) Information from Third Parties:
- (i) Payment processors and financial institutions in connection with transactions made on the Platform.
- (ii) Analytics and advertising network providers (e.g., Google Analytics, Meta/Facebook Pixel) for platform performance analysis.
- (iii) Courier and logistics partners for order and delivery tracking.
- (iv) Other users who may provide information about you (e.g., Pandit ratings and reviews about Customers).
2. HOW WE USE YOUR INFORMATION
We use the information we collect for the following purposes:
- (a) To create and manage your Account and verify your identity on the Platform.
- (b) To process and confirm bookings for Pandit Services and Pooja Store orders, and to match Customers with suitable Pandits.
- (c) To facilitate OTP-based service commencement verification for offline bookings.
- (d) To process payments, issue invoices and receipts, and manage refunds, commissions, and earnings for Pandits.
- (e) To communicate with you regarding bookings, order updates, delivery tracking, payment confirmations, and service reminders.
- (f) To send festival reminders, promotional offers, new service announcements, and marketing communications (which you may opt out of at any time).
- (g) To enable in-app communication between Customers and Pandits, including chat, voice notes, VOIP calling (with Pandit number masking), and video calls, and to retain call recordings for quality assurance and dispute resolution.
- (h) To monitor Pandit location data during and after service delivery for safety, fraud prevention, and anti-bypass detection purposes as described in our Terms and Conditions.
- (i) To display Pandit profiles ("Know Your Pandit" section), including verification badges, specializations, ratings, and reviews, to Customers on the Platform.
- (j) To manage the Pooja Store, including product listings, order fulfilment, delivery tracking via courier AWB integration, and processing of returns and refunds.
- (k) To monitor and enforce compliance with our Terms and Conditions, detect fraudulent or suspicious activity, and prevent abuse of the Platform.
- (l) To conduct analytics, trend analysis, and research to improve the Platform, personalise your experience, and develop new features and services.
- (m) To comply with applicable legal obligations, respond to law enforcement or court orders, and protect our legal rights.
- (n) To administer and protect our business and the Platform, including for troubleshooting, data analysis, system testing, and internal operations.
3. LEGAL BASIS FOR PROCESSING
We process your personal data on the following legal bases:
- (a) Contractual Necessity: Processing is necessary to perform a contract with you, including providing the Services, processing bookings, and enabling Pandit Services.
- (b) Consent: Where you have given us explicit consent to process specific categories of data (e.g., location data for geo-monitoring, receiving promotional communications).
- (c) Legitimate Interests: Processing is necessary for our legitimate business interests, such as fraud prevention, platform security, improving our Services, and anti-bypass monitoring — provided such interests are not overridden by your data protection rights.
- (d) Legal Obligation: Processing is necessary to comply with applicable laws, including tax obligations, court orders, and regulatory requirements.
4. SHARING OF YOUR PERSONAL DATA
We do not sell your personal data. However, we may share it in the following circumstances:
- (a) With Pandits: We share Customer name, contact details, booking information, and service address with the Pandit assigned to a booking, solely for the purpose of providing the booked service.
- (b) With Customers: We share Pandit profile information (name, photo, specializations, ratings, verified status) with Customers to facilitate booking decisions. Pandit contact numbers are not disclosed to Customers.
- (c) With Payment Processors: We share transaction-related information with our authorised payment gateway partners (such as Razorpay) for processing payments.
- (d) With Logistics and Courier Partners: We share Customer delivery address and order details with third-party courier services for fulfilment of Pooja Store orders.
- (e) With Service Providers: We may share data with trusted third-party service providers who assist us in operating the Platform, including cloud hosting, analytics, customer support, email delivery, and SMS gateway providers. These providers are contractually bound to use your data only as directed by us.
- (f) With Affiliates: We may share your data with entities within our corporate group for purposes consistent with this Policy.
- (g) For Legal Compliance: We may disclose your data to law enforcement agencies, courts, regulators, or government bodies where required by applicable law, court order, or in connection with legal proceedings.
- (h) In Business Transitions: In the event of a merger, acquisition, restructuring, or sale of assets, your personal data may be transferred to the successor entity, subject to equivalent privacy protections.
- (i) With Your Consent: We may share your data with other third parties where you have given us explicit consent to do so.
5. LOCATION DATA AND GEO-MONITORING
- (a) For offline Pandit Services, we collect real-time GPS location data from Pandits beginning from the time a job is accepted and continuing until the job is marked as complete. This data is stored alongside timestamps, job IDs, and Customer IDs.
- (b) Following service completion, we may create a geo-fence around the Customer's service location. If a Pandit re-enters this geo-fence without an active booking on the Platform within a defined monitoring period (e.g., 7–30 days), the system will flag this for review. This measure is designed to protect the Platform's integrity and prevent off-platform solicitation.
- (c) By using the Platform for offline services, both Pandits and Customers consent to this location monitoring to the extent permitted under applicable law. Location data collected for geo-monitoring purposes shall not be used for any other purpose without further consent.
- (d) For Customers, location data (delivery address, service address) is used solely for booking fulfilment and logistics. We do not continuously track Customer location.
6. COOKIES AND TRACKING TECHNOLOGIES
- (a) We use cookies, web beacons, pixel tags, and similar tracking technologies on our website and mobile application to recognise you, remember your preferences, and improve your experience on the Platform.
- (b) Types of cookies we use:
- (i) Essential Cookies: Required for the basic functioning of the Platform, such as maintaining your session and enabling secure login.
- (ii) Functional Cookies: Used to remember your preferences and personalise your experience, such as language settings.
- (iii) Analytics Cookies: Used to collect data on how users interact with the Platform, including pages visited, time spent, and errors encountered, to help us improve our Services.
- (iv) Marketing Cookies: Used to deliver relevant promotional content and measure the effectiveness of our marketing campaigns.
- (c) You may manage or disable cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of the Platform. We do not control third-party cookies placed on our Platform by advertisers or analytics partners.
7. CALL RECORDING AND COMMUNICATION DATA
- (a) All in-app communications between Customers and Pandits — including chat messages, voice notes, VOIP calls, and video calls — are routed through our secure Platform infrastructure. Both Pandit and Customer phone numbers are masked and are not disclosed to either party.
- (b) VOIP calls made through the Platform may be recorded for the purposes of quality assurance, dispute resolution, and security. By using the in-app calling feature, you consent to such recording.
- (c) Communication records may be reviewed by authorised Company personnel in connection with disputes, complaints, or legal investigations. We retain such records for a period as required under applicable law or our internal data retention policy, whichever is longer.
8. DATA SECURITY
- (a) We implement industry-standard security measures to protect your personal data from unauthorised access, disclosure, alteration, or destruction. These include encryption of sensitive data in transit and at rest, password hashing, access controls, OTP-based identity verification, call masking, and regular security audits.
- (b) Pandit onboarding includes identity verification, government ID validation, and real-time selfie verification to ensure the safety and security of Customers using the Platform.
- (c) While we take reasonable precautions, no method of data transmission or storage is completely secure. We cannot guarantee absolute security of your personal data. In the event of a data breach that is likely to result in a risk to your rights or freedoms, we will notify you as required by applicable law.
- (d) You are responsible for maintaining the confidentiality of your Account credentials. Please notify us immediately if you suspect any unauthorised use of your Account.
9. DATA RETENTION
We retain your personal data for as long as your Account is active or as necessary to provide the Services, resolve disputes, enforce our Terms and Conditions, and comply with our legal obligations.
(b) Specific retention periods:
- (i) Account information: Retained for the duration of your Account and for up to 3 years after Account deletion, as required for legal compliance.
- (ii) Transaction records and invoices: Retained for a minimum of 7 years as required under Indian tax and financial laws.
- (iii) Pandit location logs: Retained for the duration of the geo-monitoring period and for up to 90 days thereafter, unless required for an active dispute or investigation.
- (iv) Call recordings: Retained for up to 90 days, or longer where required for an active dispute or legal matter.
- (v) Communication data (chat, voice notes): Retained for up to 180 days following the conclusion of the relevant booking.
- (c) We may aggregate and anonymise personal data for analytical or research purposes, in which case the anonymised data may be retained indefinitely.
10. THIRD-PARTY LINKS AND SERVICES
- The Platform may contain links to third-party websites, payment gateways, or services. This Policy does not apply to such third-party platforms, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you interact with through our Platform.
11. TRANSFERS OF PERSONAL DATA
- (a) Your personal data may be stored and processed in India or in other countries where our service providers and partners operate. By using the Platform, you consent to the transfer of your personal data to such countries, which may have different data protection laws than your country of residence.
- (b) We ensure that any international transfers of personal data are subject to appropriate safeguards in accordance with applicable law.
12. PANDIT-SPECIFIC PRIVACY PROVISIONS
- (a) Pandits are required to provide sensitive personal data including government ID, bank account details, and location information as part of the onboarding process. This data is used solely for verification, payment processing, and Platform operations.
- (b) Pandit earnings, commission breakdowns, and withdrawal history are accessible only to the individual Pandit and authorised Company administrators.
- (c) Pandit location data collected during service delivery is used for service tracking, safety, and fraud prevention. Detailed location logs are not shared with Customers except where required for dispute resolution.
- (d) Pandits may update their profile, service offerings, availability, and travel radius through the Pandit application at any time.
13. POOJA STORE — SPECIFIC DATA PRACTICES
- (a) When you place an order through the Pooja Store, we share your name, delivery address, and contact number with our logistics and courier partners for order fulfilment and tracking.
- (b) Order history, invoices, and itemized receipts are stored in your Account and may be downloaded at any time.
- (c) Product reviews submitted on the Pooja Store are publicly visible and associated with your display name. Please do not include sensitive personal information in your reviews.
14. UPDATES TO THIS POLICY
- (a) We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will notify you through the Platform or via email prior to the changes taking effect.
- (b) Your continued use of the Platform following notification of changes constitutes your acceptance of the updated Policy. We encourage you to periodically review this Policy for the latest information on our privacy practices.
15. GRIEVANCE OFFICER
If you have any questions, concerns, or complaints about this Policy or our data practices, or wish to exercise any of your rights, please contact our Grievance Officer:
Designation: Grievance Officer
Email: grievanceofficer@rituals24.com
Address: UTC UNIT-1103, TOWER-B, B-35 SECTOR-132, NOIDA, G.B. NAGAR, U.P. - 201301.