Privacy Policy

Last updated: 2026-06-07 · Version 2.0

1. Who we are (Data Fiduciary)

TailsMart is a hyperlocal pet super-app operated by Care4Tails Private Limited (CIN: U96092KA2023PTC171347), registered office at House No. 117, Sahana, Ground Floor, 5th A Cross, 32nd Main, ITI Layout, JP Nagar 1st Phase, Bengaluru, Karnataka 560078, India. We are the "Data Fiduciary" for the personal data we collect about you. This policy explains how we collect, use, store and share your personal data under the Digital Personal Data Protection Act, 2023 (DPDP) and the Information Technology Act, 2000 and rules made thereunder.

2. What we collect

• Account: phone number, name, email (optional), profile photo.
• Pets: species, breed, age, and medical history you choose to upload.
• Location: delivery addresses you save and, while an active order is in transit, the rider's current GPS coordinates (visible only to you).
• Orders & bookings: items purchased, services booked, payment status. Payment gateways (such as Razorpay) handle card / UPI / netbanking data; we receive only a token, never the full card number.
• Device & usage: browser type, operating system, IP address and app interactions, for security and analytics.

3. Why we use it & our lawful basis

We process your data to deliver orders, schedule appointments, route patients to vets, process adoption applications, send transactional SMS / push, prevent fraud, comply with law, and improve the Platform. Under the DPDP Act we rely on your consent (which you may withdraw) and on the "legitimate uses" permitted by the Act (for example, fulfilling a service you have requested and meeting legal obligations). We process personal data only for these specified purposes.

4. Who we share data with

• Partners (pet stores / vet clinics / shelters / service providers) you transact with — they receive only what is needed to fulfil the service (for example, your pet's medical history when you book that vet).
• Delivery riders during active orders — they see your name, phone and delivery address.
• Service providers acting as Data Processors on our behalf: payment gateway (Razorpay), OTP/SMS provider, database & auth hosting (Supabase), transactional email and analytics. They are bound to use the data only for the services we engage them for.
• Law enforcement or authorities, only where we are legally compelled.

We do not sell your data and we do not share it with advertisers.

5. How long we keep it

We retain data only as long as necessary for the purpose or as required by law. In summary: active account data is kept while your account exists; orders, payments and tax records are retained for the period required under tax law; clinical/veterinary records are retained for at least 3 years as applicable; rider GPS pings are deleted after 24 hours; OTP sessions after 1 day. Our full retention schedule and deletion practices are maintained internally and applied consistently.

6. Your rights under the DPDP Act

• Access: request a copy of your data — see Export my data.
• Correction & updating: edit your profile, addresses and pets from your account.
• Erasure: delete your account — see Delete account. Some records (such as orders and veterinary visits) may be retained for legal/regulatory reasons but are stripped of personally identifying fields where lawful.
• Withdraw consent: manage marketing communications in Settings; withdrawing consent does not affect processing already carried out.
• Grievance redressal & nomination: raise a grievance with our Grievance Officer (below) and nominate another individual to exercise your rights in the event of death or incapacity.
• If unresolved, you may complain to the Data Protection Board of India.

7. Children's data

The Platform is intended for users aged 18 and above. We do not knowingly process the personal data of children except as permitted by the DPDP Act with verifiable parental consent. If you believe a child has provided us data, contact our Grievance Officer and we will delete it.

8. Security

All traffic uses HTTPS. We use phone-number + OTP sign-in (no stored passwords). Payment card details never touch our servers. Database access enforces row-level security so Partners can access only their own data. We take reasonable security safeguards as required by law; no system is perfectly secure, and we will notify you and the Data Protection Board of a personal-data breach as required.

9. Cookies

We use cookies and similar technologies to keep you signed in, remember preferences and measure usage. You can control cookies through your browser settings.

10. Grievance / Data Protection Officer

• Name: Abhishek DG (Chief Grievance & Data Protection Officer)
• Email: abhishek@tailsmart.in
• Phone: +91 78994 52307
• Address: Care4Tails Private Limited, House No. 117, Sahana, Ground Floor, 5th A Cross, 32nd Main, ITI Layout, JP Nagar 1st Phase, Bengaluru, Karnataka 560078

We acknowledge grievances within 48 hours and make our best efforts to resolve them within 30 days, in line with the DPDP Act, 2023 and the Consumer Protection (E-Commerce) Rules, 2020. If you are not satisfied with our response, you may escalate to the Data Protection Board of India once it is operational.

11. Changes

We will post material changes here and, where appropriate, notify active users via push or SMS. Questions: privacy@tailsmart.in.