E-Commerce Privacy Policy

GoldRush Aura Ecom LLP

Effective Date: __________

1. DEFINITIONS AND INTERPRETATION

1.1 In this Privacy Policy, unless the context otherwise requires:

• "Application" means the GoldRush Aura mobile application and website platform for e-commerce services
• "Company", "We", "Us", "Our" means GoldRush Aura Ecom LLP, a limited liability partnership incorporated under the laws of India
• "Personal Data" means any information relating to an identified or identifiable natural person
• "Services" means the e-commerce services including browsing, purchasing, and delivery of products
• "User", "You", "Your" means any person accessing or using the Application
• "Processing" means any operation performed on Personal Data, whether automated or not
• "Third Party" means any person or entity other than the User or the Company

1.2 Headings are for convenience only and shall not affect interpretation.

2. INTRODUCTION AND ACCEPTANCE

2.1 GoldRush Aura Ecom LLP ("Company") is committed to protecting your privacy and Personal Data in compliance with:

• The Information Technology Act, 2000 and Rules thereunder
• The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
• The Consumer Protection Act, 2019 and E-Commerce Rules, 2020
• Any other applicable data protection legislation

2.2 By accessing, browsing, or using our Application, you expressly acknowledge that you have read, understood, and agreed to be bound by this Privacy Policy without reservation.

2.3 If you do not agree with any provision of this Privacy Policy, you must immediately cease using the Application and Services.

2.4 This Privacy Policy applies exclusively to our e-commerce operations and does not cover any trading platform services, which are governed by a separate policy.

3. INFORMATION WE COLLECT

3.1 Information You Provide Directly:

When you register, place orders, or use our Services, we may collect:

(a) Account Information:

• Full legal name (as per government ID)
• Email address
• Mobile number (verified via OTP)
• Date of birth
• Gender
• Username and encrypted password

(b) Payment Information:

• UPI ID and UPI transaction details
• Bank account details for NEFT transfers
• Payment gateway transaction references
• Payment transaction history
• Billing preferences

IMPORTANT: We do NOT collect or accept:

• Credit card or debit card details
• Card CVV, PIN, or security codes
• Cash payments
• Cash on Delivery (COD) information

Accepted Payment Methods ONLY:

• UPI (Unified Payments Interface)
• NEFT (National Electronic Funds Transfer)
• Payment Gateway bank transfers

(c) Customer Service Information:

• Support tickets and correspondence
• Complaint records
• Return and refund requests
• Call recordings (with prior notice)

3.2 Information Automatically Collected:

(a) Device Information:

• Device type, model, and manufacturer
• Operating system and version
• Unique device identifiers (IMEI, MAC address, Android ID)
• Mobile network information
• Screen resolution and device settings

(b) Usage Information:

• IP address and approximate location
• Browser type and version
• Pages visited and time spent
• Click patterns and navigation paths
• Date and time stamps of activities

(c) Location Information:

• Precise geolocation (with explicit consent via device permissions)
• City and region-level location
• IP-based location approximation
• Location history for delivery optimization

(d) Technical Information:

• Cookies and similar tracking technologies
• Log files and server data
• Crash reports and diagnostic data
• Application performance metrics
• Network connectivity information

3.3 Information from Third-Party Sources:

(a) Payment gateways and financial institutions

(b) Delivery and logistics partners

(c) Marketing and analytics service providers

(d) Fraud detection and prevention services

(e) Publicly available sources and data aggregators (where permitted by law)

3.4 Sensitive Personal Data:

We may collect the following Sensitive Personal Data with your explicit consent:

• Financial information (bank account, card details)
• Government-issued identification numbers (if required for specific transactions)
• Biometric information (only for specific authentication, with separate consent)

We do NOT collect: Caste, religious beliefs, sexual orientation, medical records, or biometric data unless absolutely necessary and with explicit, separate consent.

4. PURPOSE AND LEGAL BASIS FOR PROCESSING

4.1 We process your Personal Data for the following purposes:

(a) Contractual Necessity:

• Account registration and management
• Order processing
• Payment processing and invoicing
• Customer service and support
• Managing returns, refunds, and exchanges

(b) Legitimate Business Interests:

• Personalizing user experience and recommendations
• Improving Application functionality and performance
• Conducting market research and analytics
• Developing new products and services
• Protecting our legal rights and property

This includes creation and sharing of anonymised and aggregated statistical data with business partners, advertisers, analysts and the public, which does not identify any individual User

(c) Legal Compliance:

• Complying with court orders, legal processes, and law enforcement requests
• Meeting tax, accounting, and regulatory obligations
• Maintaining records as required by law
• Preventing illegal activities and policy violations

(d) Consent-Based Processing:

• Sending promotional communications and offers
• Targeted advertising and marketing
• Sharing data with marketing partners
• Processing location data for enhanced services
• Any other purpose for which you provide specific consent

(e) User Generated Content: To host, display, reproduce, publish, distribute and use any product reviews, ratings, feedback, images, videos, comments or other content voluntarily submitted by Users on the Application or on any promotional or advertising material of the Company.

5. DISCLOSURE OF PERSONAL DATA

5.1 We may share your Personal Data with the following categories of recipients:

(a) Service Providers and Business Partners:

• Payment gateways and financial institutions
• Email and SMS service providers
• Marketing and advertising partners
• Analytics and data intelligence services

5.2 What We Do NOT Do:

• We do NOT sell your Personal Data to third parties for their marketing purposes
• We do NOT rent your Personal Data to data brokers or aggregators
• We do NOT share your Sensitive Personal Data without explicit consent

5.3. The Company shall not sell, trade, license, lease, or commercially exploit the Personal Data or Sensitive Personal Data of any User to any third party for monetary or commercial consideration.

6. DATA SECURITY MEASURES

6.1 We implement and maintain reasonable technical, operational, and physical security measures to protect your Personal Data despite these measures, no system is completely secure. We cannot guarantee absolute security of your Personal Data.

6.2. You are responsible for:

• Maintaining confidentiality of your password
• Logging out after use, especially on shared devices
• Promptly notifying us of any unauthorized access
• Using strong, unique passwords

6.3 Users may manage communication preferences, marketing consents, location permissions and other privacy settings through their account dashboard, device settings or within the Application.

7. CHILDREN'S PRIVACY

7.1 Our Application and Services are NOT intended for individuals under 18 years of age.

7.2 We do NOT knowingly collect Personal Data from minors without verified parental consent.

8. THIRD-PARTY LINKS AND SERVICES

8.1 Our Application may contain links to third-party websites, applications, payment gateways, and social media platforms.

8.2 We are NOT responsible for:

• Privacy practices of third-party sites
• Content or accuracy of external websites
• Security measures of linked platforms
• Data collection by third parties

8.3 We strongly encourage you to review the privacy policies of any third-party services you access through our Application.

8.4 Your interactions with third-party services are governed by their respective terms and policies, not this Privacy Policy.

8.5. Certain features of the Application may be operated by third-party developers, software development kits (SDKs), plugins, payment gateways or service providers, whose terms of use and privacy policies shall apply in addition to this Privacy Policy.

9. CHANGES TO THIS PRIVACY POLICY

9.1 We reserve the right to modify this Privacy Policy at any time to:

• Reflect changes in our practices
• Comply with new legal requirements
• Incorporate new features or services
• Address security concerns
• Improve transparency and clarity

9.2 Notification of Changes:

• Updated "Last Updated" date at the top
• Prominent notice on Application homepage
• Email notification for material changes
• In-app notification upon next login
• Reasonable advance notice period (minimum 15 days for material changes)

9.3 Continued use of the Application after notification constitutes acceptance of the revised Privacy Policy.

9.4 If you do not agree to changes, you must discontinue use and may request account deletion.

9.5 Previous versions will be archived and available upon request.

10. DISCLAIMER AND LIMITATION OF LIABILITY

10.1 While we implement reasonable security measures, we DISCLAIM all liability for:

• Unauthorized access due to circumstances beyond our control
• Data breaches caused by third-party service providers
• Loss or corruption of data due to technical failures
• Interception of data during transmission over public networks
• Any damages arising from use or inability to use the Application

10.2 TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE SHALL NOT BE LIABLE FOR:

• Any indirect, incidental, special, consequential, or punitive damages
• Loss of profits, revenue, data, or business opportunities
• Any damages exceeding the amount paid by you to us in the 12 months preceding the claim
• Payment processing delays or failures by banks, UPI providers, or payment gateways

10.3 This limitation applies regardless of the legal theory (contract, tort, negligence, strict liability, or otherwise).

11. PAYMENT METHODS AND RESTRICTIONS

11.1 Accepted Payment Methods:

We ONLY accept the following payment methods:

• UPI (Unified Payments Interface)
• NEFT (National Electronic Funds Transfer)
• Payment Gateway bank transfers

11.2 Payment Methods We DO NOT Accept:

• Credit cards
• Debit cards
• Cash payments
• Cash on Delivery (COD)
• Cheques
• Demand Drafts
• Prepaid instruments or wallets (except UPI)

11.3 Payment Data Security:

All payments are processed through secure, encrypted payment gateways. Since we do not accept card payments, we do NOT store or process any credit/debit card information, CVV numbers, or card PINs.

12. INDEMNIFICATION

12.1 You agree to indemnify, defend, and hold harmless GoldRush Aura Ecom LLP, its directors, officers, employees, agents, and affiliates from and against any and all claims, liabilities, damages, losses, costs, and expenses (including reasonable attorneys' fees) arising from:

(a) Your violation of this Privacy Policy

(b) Your violation of any applicable laws or regulations

(c) Your violation of third-party rights, including intellectual property or privacy rights

(d) Any false, inaccurate, or misleading information provided by you

(e) Unauthorized use of your account due to your failure to maintain security

(f) Your misuse of the Application or Services

12.2 We reserve the right to assume exclusive defense and control of any matter subject to indemnification, and you agree to cooperate with our defense.

13. GOVERNING LAW AND DISPUTE RESOLUTION

13.1 Governing Law: This Privacy Policy shall be governed by and construed in accordance with the laws of India, without regard to conflict of law principles.

13.2 Jurisdiction: The courts of Mumbai, Maharashtra shall have exclusive jurisdiction over any disputes arising from this Privacy Policy.

13.3 Dispute Resolution Process:

Step 1 - Informal Resolution: Contact our Grievance Officer first. We will attempt to resolve within 30 days.

Step 2 - Arbitration: Disputes may be submitted to arbitration under the Arbitration and Conciliation Act, 1996:

• Sole arbitrator appointed by mutual consent
• Seat and Venue of arbitration: Mumbai, Maharashtra
• Language: English
• Arbitration costs shared equally unless award specifies otherwise

Step 3 - Litigation: As a last resort, you may file suit in courts of Mumbai, Maharashtra.

14. SEVERABILITY

14.1 If any provision of this Privacy Policy is found to be invalid, illegal, or unenforceable by a court of competent jurisdiction:

• Such provision shall be modified to the minimum extent necessary to make it valid and enforceable
• If modification is not possible, the provision shall be severed
• The remaining provisions shall continue in full force and effect
• The invalidity shall not affect other provisions

15. WAIVER

15.1 No waiver of any term or provision of this Privacy Policy shall be deemed a further or continuing waiver of such term or any other term.

15.2 Our failure to assert any right or provision under this Privacy Policy shall not constitute a waiver of such right or provision.

15.3 Any waiver must be in writing and signed by our authorized representative.

16. ENTIRE AGREEMENT

16.1 This Privacy Policy, together with our Terms of Service and any other legal notices published on the Application, constitutes the entire agreement between you and GoldRush Aura Ecom LLP regarding privacy matters.

16.2 This Privacy Policy supersedes all prior or contemporaneous agreements, communications, and proposals (oral or written) regarding privacy.

17. ACKNOWLEDGMENT AND CONSENT

17.1 By clicking "I Accept," registering an account, or using our Application, you acknowledge that:

• You have read and understood this Privacy Policy in its entirety
• You agree to the collection, use, and disclosure of your Personal Data as described
• You are at least 18 years of age or have parental consent
• You will comply with all applicable laws and this Privacy Policy
• You understand your rights and how to exercise them
• You understand we ONLY accept payments via UPI, NEFT, and Payment Gateway bank transfers (NO credit cards, NO debit cards, NO cash, NO COD)
• You consent to receive communications as described herein

17.2 If you do not agree, do not use our Application or Services.

18. GRIEVANCE OFFICER AND USER RIGHTS

18.1 In accordance with the Information Technology Act, 2000 and the Consumer Protection (E-Commerce) Rules, 2020, the Company has appointed a Grievance Officer to address any discrepancies, complaints or grievances:

Name: Grievances Officer

Email: support@goldrushaura.com

Address: Shop No 5 Sai Palkhi, Chawl No.1 Alkapuri Road, Nallosapare E, Alkapuri Police Chowky, Vasai, Thane- 401209, Maharashtra, India.

18.2 The Grievance Officer shall acknowledge receipt of any complaint within 48 hours and resolve the same within 15 days.

18.3 Users have the right to:

• (a) Access their Personal Data
• (b) Request correction or updating of inaccurate data
• (c) Withdraw consent
• (d) Request deletion of data, subject to legal and contractual obligations
• (e) Lodge complaints regarding misuse of their data

Effective Date: __________