THE NINJACART PLATFORM PRIVACY POLICY

1. What is the Ninjacart Platform?

63Ideas Infolabs Private Limited, a company incorporated under the laws of India, having its registered office at Indiqube Helios Business Park Tower-E, Second floor Chandana, Kadubeesanahalli, Panathur, Bangalore, Bangalore South, Karnataka, India, 560103 (“Company”) and its affiliates have, as a part of their business objective, operate mobile applications by the name Ninja and Ninja Kirana and website called https://ninjacart.com collectively referred as the (“Ninjacart Platform”) that facilitates services to its users (“Users”) to trade with a wide variety of buyers and sellers in India’s agri-marketplace and record and manage their trades seamlessly with minimum effort. The Ninjacart Platform also allows Users to pay and collect money from buyers and sellers across India, via multiple payment options (“Services”).

Certain credit facility services accessible through the Ninja App are facilitated by Ninjacart Services Private Limited (“NSPL”), a subsidiary of the Company, and are governed by NSPL’s separate terms as described in Section 15 below.

 

2. What is this Privacy Policy?

This Privacy Policy (the “Privacy Policy”) describes how and why the Ninjacart Platform collects, uses, transfers and discloses the information provided by the Users. All Users shall be bound by this Privacy Policy and the Company shall not use any information supplied by Users, except in accordance with this Privacy Policy.

By clicking on ‘I/We Accept’ during the sign-up process, Users agree to and accept the terms and conditions provided under this Privacy Policy, read in addition to the Ninjacart Platform terms (“Terms & Conditions”) (accessible here). Users who do not agree with the terms set out in this Privacy Policy and the Terms & Conditions are advised to refrain from accepting them and are also advised to refrain from using any Services. Users’ visit to and/or use of the Ninjacart Platform and any dispute over privacy is subject to this Privacy Policy and the Terms & Conditions.

 

3.Why does the Company have this Privacy Policy?

This Privacy Policy is published pursuant to:

  • Section 43A of the Information Technology Act, 2000;
  • Rule 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“Privacy Rules”);
  • Rule 3(1) of the Information Technology (Intermediaries Guidelines and Digital Media Ethics Code) Rules, 2021;
  • The Digital Personal Data Protection Act, 2023, and rules issued thereunder, to the extent in force; and
  • Guidelines and regulations issued by the relevant regulators from time to time, to the extent applicable to the Company.
  •  

In this Privacy Policy, the Company will disclose the types of information collected from Users. It will also specify why the Company collects this information, the modes and means by which it will be used, and the entities or persons who will have access to this information.

 

4. What is Sensitive Personal Data or Information?

Under the Privacy Rules, sensitive personal data or information of a person means and includes such personal information about that person relating to the following (“Personal Information”):

  • Passwords;
  • Information such as bank accounts, credit and debit card details or other payment instrument details (“Information”);
  • Physical, physiological and mental health condition;
  • Sexual orientation;
  • Medical records and history;
  • Biometric information; and
  • Information received by body corporates under lawful contract or otherwise.

There is also certain information which will be collected from Users such as addresses, email addresses, telephone numbers, address proof and identity proof, User photographs and other contact information which may be used to personally identify Users directly or indirectly either from the collected information alone or from said information combined with other information which the Company may have access to about the User (“Personally Identifiable Information”). It is important to note that information that is freely available in the public domain, or accessible under the Right to Information Act, 2005, or any other law will not be considered Sensitive Personal Information, or as Personally Identifiable Information. Sensitive Personal Information and Personally Identifiable Information is collectively referred to as (“User Information”).

 

5. What Sensitive Personal Information and Personally Identifiable Information does the Company collect from Users?

The Company will only collect User Information that is necessary for the purposes of rendering the Services and will not further process it in a manner that is incompatible with those purposes unless otherwise consented by the User.

a. Sensitive Personal Information:

In the course of transacting on the Ninjacart Platform, the Company may provide Users the option to pay with a credit card, wire transfer, or debit card through the Ninjacart Platform’s third-party payment gateway provider or any other platform. This third-party payment gateway provider may be required to collect certain Financial Information from Users. The Financial Information so collected will only be used for billing and payment for the use of the Services through the Ninjacart Platform. The processes of verifying the Financial Information will be entirely conducted by Users and the Ninjacart Platform shall have no part in such processes.

Where a User voluntarily shares such data, or where required for the Company’s own Services (excluding Credit Facility services, which are governed by NSPL’s separate terms under Section 15), the Company may also collect Users’ credit bureau data (based solely on the User’s consent), income data, bank statements and other financial information for support services such as KYC verification with third parties, with the consent of the User. Such information is transacted through secure, encrypted digital platforms of approved payment gateways. While the Company will make commercially reasonable efforts to protect Users’ financial information, Users are strongly advised to exercise discretion while providing financial information, given that the Company cannot guarantee absolute security over the internet.

b. Personally, Identifiable Information:

The Company may collect the following PII from its Users in the normal course of a User’s use of the Ninjacart Platform: account number, mobile number, business name, PAN number, date of birth, full name, address, masked Aadhaar number.

c. Automatically Generated Information:

When a User visits the Ninjacart Platform, the Company automatically receives:

  • Uniform resource locator of the site from which such user visits the Ninjacart Platform;
  • Details of the website such User is visiting on leaving the Ninjacart Platform;
  • The internet protocol (IP) address of each user’s computer operating system;
  • Type of web browser the user is using, email patterns; and
  • The user’s internet service provider.

d. Locations

The Company may, with the consent of the User, access, collect and/or store information regarding the User’s location via the Ninjacart Platform, including global positioning system coordinates of the device used to access the Ninjacart Platform. The location data collected does not include any Personally Identifiable Information about the User.

e. Telephone Calls and Other Communications Received from Users:

Subject to applicable laws, the Company may keep records of telephone calls, emails, transactional SMS and other channels of communication received from and made to Users for the purpose of administration of Services, research and development, training, business intelligence, business development, or for User administration. The Ninjacart Platform may share such records with third parties when required by law or to provide or facilitate the User with the Services.

In addition to the User Information collected above, the Company may collect other information not directly or indirectly linked to a User, which is aggregated, anonymised or de-identified, including mobile phone resources, files and media, contact list, call logs, telephony functions, camera, microphone, location, or any other facility necessary for onboarding/KYC requirements, with the explicit consent of the User. All User Information is collected on an as-is basis and the Company shall not be responsible for the authenticity of the User Information provided by Users.

Please note that all User Information is collected by the Company on an as-is basis and the Company shall not be responsible for the authenticity of the User Information provided by Users

Further, without prejudice to the above and subject to applicable laws, you hereby expressly consent to providing the following permissions to us in relation to the respective data usage:

Without prejudice to the above and subject to applicable laws, Users expressly consent to providing the following permissions in relation to the respective data usage:

  • SMS data (Transactional SMS): To understand a User’s income and spending patterns, thereby helping the Company or its affiliates in credit evaluation and facilitating higher limits and faster approval rates.
  • Phone Permission: To collect and monitor specific information about a User’s device, including hardware model, operating system and version, unique device identifiers (IMEI, serial number), MAID (Mobile Advertising Identifiers), and user profile information, to uniquely identify devices and prevent unauthorised devices from acting on a User’s behalf.
  • App Permission: To collect information on installed applications on the device to understand usage of applications such as VPNs and gaming applications for fraud detection and risk profiling during the lending journey.

 

6. When does the Company collect User Information?

The Company collects User Information when Users register on the Ninjacart Platform, place an order, subscribe to a newsletter, or enter information on the Ninjacart Platform. The Company may use email, app notifications, SMS, MMS or other forms of communication (such as WhatsApp) to share information with Users about promotions or features regarding the Ninjacart Platform which the Company or its affiliates, subsidiaries, business partners, advertisers and sponsors may choose to offer. Users may receive such communication where they have opted in or consented during the registration process.

 

7. Who has access to your information?

a) Employees, Authorised Personnel and Affiliates

All information collected, stored, processed or disclosed to the Company by Users is accessible only to authorised personnel and employees of the Company on a need-to-know basis. All employees and data processors with access to User Information are obliged to respect its confidentiality. The Company may also disclose User Information to its affiliates for business purposes, such as promotion, sales or marketing of such affiliates’ services.

b) Government Institutions or Authorities

The Company may be required to disclose User Information to governmental institutions or authorities under any law or judicial decree, or where the Company deems it necessary to protect its rights or the rights of others, prevent harm to persons or property, fight fraud and credit risk, or enforce this Privacy Policy or the Terms. The Ninjacart Platform shall not be responsible for the manner or method in which such institutions and authorities use or disclose such User Information.

c) Other Parties

The Ninjacart Platform may share/use User Information with other parties (payment gateway service providers, logistics service providers, affiliate entities, etc.) for the purposes of: (i) providing services and technical support in relation to the Services and enhancing User experience; (ii) detecting and preventing identity theft, fraud or other potentially illegal acts; (iii) monitoring and enhancing User interest and engagement, including through promotional activity; or (iv) processing the purchase of Services on the Ninjacart Platform directly or through an affiliate entity.

d) Merging/Acquiring Parties/Investing Parties

In the event the Company is merged with or acquired by another business entity, it will be required to transfer all User Information to such merging or acquiring party. The Company may also share User Information with bona fide potential investors and investors. In such cases, the Company will take all reasonable efforts to ensure User Information is protected by the merging, acquiring, or investing entity, in conformity with applicable laws.

e) Third Party upon Sale

The Company may also disclose or transfer User Information to any third party as part of a reorganisation or sale of assets, a division, or transfer of part or all of the Company. Any third party to which the Company transfers or sells its assets will have the right to continue to use the User Information provided to the Company.

f) Third Party Sites

The Company does not exercise control over websites displayed as search results or links from within the Services. These other sites may place their own cookies or files on Users’ computers, or collect or solicit User Information, for which the Company shall not be held responsible or liable. The Company does not make any representations concerning the privacy practices of such third parties, nor guarantee the accuracy, integrity or quality of information available on such websites. Inclusion of such websites does not imply endorsement by the Company.

 

8. How do we use your information?

The Company may use User Information collected when Users register, make a purchase, sign up for the Company newsletter, respond to a survey or marketing communication, or use other application features of the Ninjacart Platform, in the following ways:

  • a. To identify the User, understand their needs and resolve disputes, if any;
  • b. To personalise User experience and deliver content and product offerings of interest to Users;
  • c. To improve the Ninjacart Platform in order to better serve Users;
  • d. To set up, manage and facilitate the offer of products and enhance the Services to meet User requirements;
  • e. To respond to User customer service requests;
  • f. To provide ongoing Services;
  • g. To administer a contest, promotion, survey or other Ninjacart Platform features, and keep Users apprised of promotions and offers;
  • h. To facilitate the processing of User transactions by third-party payment gateways;
  • i. To request ratings and reviews of services or products offered on the Ninjacart Platform;
  • j. To meet legal and regulatory requirements;
  • k. To resolve technical issues and troubleshoot problems in the Services or the Ninjacart Platform;
  • l. To detect and protect the Company and the Ninjacart Platform from error, fraud and other criminal activities;
  • m. To enforce the Terms & Conditions; and
  • n. Other reasons which, prior to being put into effect, shall be communicated to Users through an update to this Privacy Policy, accompanied by fresh consent where required by applicable law.

 

9. How do we protect your information?

The Company has implemented security policies, rules and technical measures, as required under applicable law, including firewalls, transport layer security and other physical and electronic security measures, to protect User Information from unauthorised access, improper use or disclosure, unauthorised modification, and unlawful destruction or accidental loss. While the Company is committed to maintaining the confidentiality of all User Information, it shall not be responsible for any breach of security, or for the actions of third parties that receive a User’s User Information, due to events beyond the Company’s reasonable control, including acts of government, computer hacking, unauthorised access, computer crashes, or breach of encryption. All User Information collected via the Ninjacart Platform is maintained in electronic form on servers and/or cloud systems accessible to certain employees of the Company. User Information is stored by Microsoft Azure, located at Pune, India.

User Information may also be converted to or stored in physical form (such as hard drives or server racks) from time to time. Regardless of the manner of storage, the Company shall make commercially reasonable efforts to ensure User Information is kept confidential and disclosed only in accordance with this Privacy Policy.

9A. International Transfer of User Information

User Information collected through the Ninjacart Platform is, as a general practice, stored and processed within India, including on servers operated by Microsoft Azure located at Pune, India, as described in Section 9 above.

In the event that the Company or any of its service providers, processors, or affiliates process or store User Information outside India — including where a third party engaged under Section 7 operates infrastructure outside India, or where the Company engages an overseas group entity or subprocessor for support, analytics, or disaster recovery purposes — such transfer shall only be undertaken:

  • to countries or territories that have not been restricted by notification of the Central Government under Section 16 of the Digital Personal Data Protection Act, 2023, or any successor or equivalent provision under applicable Indian law;
  • on the basis of the User’s consent to this Privacy Policy, which the User provides with the knowledge that certain processing activities may involve cross-border data flows as described in this Section; and
  • subject to appropriate contractual safeguards with the receiving entity, including data transfer or data processing agreements, intercompany data sharing agreements (where the transfer is to a Company affiliate or subsidiary, including NSPL), or standard contractual clauses, requiring the recipient to apply data protection standards substantially equivalent to those set out in this Privacy Policy.

The Company does not, as of the date of this Privacy Policy, transfer User Information to any country or territory restricted under applicable Indian law. Where the Company’s processing arrangements change such that User Information will be regularly transferred outside India, the Company will update this Privacy Policy accordingly and, where required by applicable law, seek fresh consent from Users prior to such transfer taking effect.

Users may write to the Grievance Officer named in Section 16 to request further details of any specific international transfer arrangement applicable to their User Information.

 

10. Retention of User Information

User Information will be held for as long as necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable law. The Company shall cease to retain User Information, or remove the means by which User Information can be associated with particular Users, as soon as it is reasonable to assume the purpose for which it was collected is no longer being served by its retention.

 

11. Withdrawal of User Consent

Users may withdraw their consent for the collection, use and/or disclosure of User Information in the Company’s possession or control by submitting a request to queries@ninjacart.com. The Company will process such requests within a reasonable time from receipt, and thereafter will not collect, use and/or disclose the relevant User’s User Information as per their request.

For User Information relating to a copy of a credit information report provided by a credit information company, the Company will process the consent withdrawal request within 2 working days of receipt.

Depending on the extent of a User’s withdrawal of consent, the User may not be able to further use or access the Ninjacart Platform or avail Services.

 

12. Users Right to Review and Modify User Information

Users can access their User Information at any time to review the same. Users can seek to rectify any inaccurate or deficient User Information, and the Company may rectify it if feasible.

 

13. Do we use Cookies?

The Company uses cookies for tracking purposes and for the collection of relevant metadata. Users can choose to have their devices warn them each time a cookie is sent, or turn off all cookies, through their device browser settings. If Users turn cookies off, some features of the Ninjacart Platform that make the User experience more efficient may no longer function as intended.

 

14. Changes in Privacy Policy

The Company reserves the right to modify this Privacy Policy at any time; please review it frequently. Changes and clarifications take effect immediately upon posting on the Ninjacart Platform. Where the Company makes any material change to this Privacy Policy, it will notify Users so that Users are aware of what information is collected, how it is used, and under what circumstances it may be used and/or disclosed. The Company may push updates to Users at regular intervals to fix production issues and improve the User experience; Users may be required to install such updates to continue using the Ninjacart Platform. Continued use of the Services confirms acceptance of this Privacy Policy, as amended.

 

15. Credit Facility Facilitation — Separate NSPL Terms 

Certain credit facility services accessible through the Ninja App — including the facilitation of Users’ applications for, and access to, credit facilities from partner Lenders, facilitation of repayment, and monitoring of related loan accounts (collectively, “Credit Facility”) — are provided by Ninjacart Services Private Limited (“NSPL”), a subsidiary of the Company. Based on the User’s consent to this Privacy Policy, the Company may share User Information with NSPL for the purpose of Credit Facility Facilitation.

The Credit Facility, and all collection, use, processing, storage, sharing and disclosure of User Information in connection with the Credit Facility, is governed exclusively by NSPL’s separate Credit Facility Terms and NSPL’s own privacy policy. Users seeking to avail a Credit Facility will be separately required to read and accept NSPL’s Credit Facility Terms before proceeding.

The Company (63Ideas Infolabs Private Limited) is not a Lender, does not itself facilitate the Credit Facility, and has no role, obligation or liability in connection with the Credit Facility, any Loan Agreement, or the processing of User Information for Credit Facility purposes.

 

16. Questions and Contact Information

If there are any questions regarding this Privacy Policy, you may contact us using the information below:

Grievance Officer: Raghavendra Rao T S

Contact Details: 080-35018270 || queries@ninjacart.com

Address: Indiqube Helios Business Park Tower-E, Second floor Chandana, Kadubeesanahalli, Panathur, Bangalore, Bangalore South, Karnataka, India, 560103