Privacy Policy for Refil
Last Updated: 06 April 2025
This Privacy Policy describes how Purpleventures Management Consultants LLP ("Purpleventures", "we", "us", or "our"), operating under the brand and app name "Refil" (the "App"), collects, uses, shares, and protects your personal information. This policy applies to our website [https://refil.in] and our mobile applications available on iOS and Android platforms (collectively, the "Services").
Purpleventures Management Consultants LLP is located in India. For any privacy-related concerns, please contact us at:
Email: info@refil.in
By using our Services, you consent to the practices described in this Privacy Policy.
1. What Personal Data is Collected
We collect various types of personal information from you when you use our Services, as detailed below:
A. Basic Identification Data:
- Email address: Collected during account registration and for communication.
- First name and last name: Collected during account registration and order processing.
- Phone number: Collected during account registration and for communication related to orders and support.
- Address, City, ZIP/Postal code, State/Province: Collected for delivery purposes and account information.
- Social Media Profile Info: If you choose to connect with social media platforms like Facebook or Twitter, we may collect your public profile information as permitted by your privacy settings on those platforms.
B. Household and Usage Data:
- Number of household members: Collected to personalize your experience and potentially for usage analysis.
- Pantry/jar usage data (inventory levels, consumption patterns, frequency of use): Collected through your interaction with the App to help you manage your refills and provide insights.
- Custom jar names (user-input labels): Collected to personalize your pantry organization within the App.
- Device ID (smartphone and smart storage system): Collected for device identification, App functionality, and troubleshooting.
- App usage logs and crash reports: Collected automatically to understand how you use the App and to identify and fix issues.
- IP address, browser/device type: Collected automatically for security purposes, website analytics, and to optimize our Services for your device.
C. Location Data:
- Approximate location: May be derived from your IP address or WiFi information for general service improvements and regional offers.
- GPS-based location: Collected with your explicit consent to provide location-based services such as delivery address suggestions. You can typically control location access through your device settings.
D. Device Permissions & Access:
- Camera: We request access to your device's camera if you choose to upload photos (e.g., for product identification) or scan QR codes (e.g., for smart device pairing or product information). You can grant or deny this permission.
- Phonebook/Contacts: We may request access to your contacts if you choose to use features related to sharing or referrals. You can choose not to grant this permission or revoke it at any time.
- Bluetooth: We require Bluetooth access to connect and interact with compatible smart storage systems or other connected devices you may use with Refil. You can control Bluetooth access through your device settings.
- WiFi details: We may access your WiFi network information to facilitate seamless connectivity between your devices and our Services.
E. Order & Payment Information:
- Purchase history: We maintain a record of your past orders for your convenience and to improve our service offerings.
- Delivery address: Collected for processing and delivering your orders.
- Integrated payment processing via Razorpay: We utilize Razorpay, a third-party payment processor, to securely handle your payment information. We do not directly store your full credit/debit card details or other sensitive payment information on our servers. Please refer to Razorpay's privacy policy for details on their data handling practices.
F. Analytics & Tracking Tools:
We use various analytics and tracking tools to understand user behavior, improve our Services, and for marketing purposes:
- Google Analytics: To analyze website and App traffic and usage patterns.
- AdSense for ads: To display advertisements on our website (if applicable).
- Invisible reCAPTCHA: To protect our website and App from spam and bot activity. This tool may collect hardware and software information, such as device and application data, and send it to Google for analysis.
- Google Ads (including remarketing campaigns): To deliver targeted advertisements to you on other websites and platforms based on your interaction with our Services.
2. How Personal Data is Used
We use your personal data for various purposes, including:
- Providing and Improving Services: To operate, maintain, and improve our website, App, and features; to personalize your experience; to provide customer support; and to troubleshoot issues.
- Account Management: To create and manage your account, verify your identity, and process your requests.
- Order Fulfillment: To process your orders, arrange for delivery, and communicate with you about your purchases.
- Personalization: To analyze your pantry usage and preferences to offer relevant product suggestions and personalized content.
- Communication: To send you transactional emails (e.g., order confirmations, delivery updates), respond to your inquiries, and provide important service-related announcements.
- Marketing and Promotions: With your consent (where required), to send you promotional emails and offers about our products and services.
- Analytics and Research: To analyze user behavior, trends, and demographics to understand how our Services are used and to inform our business decisions.
- Security and Fraud Prevention: To protect our Services and users from fraud, abuse, and unauthorized access.
- Legal Compliance: To comply with applicable laws, regulations, and legal processes.
- Improving Smart Features: To analyze your pantry data to enhance the functionality and intelligence of our smart storage system features (if applicable).
3. Data Retention Policies
We will retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including for the duration of your account being active, to provide you with the Services, to comply with our legal obligations, resolve disputes, and enforce our agreements.
Specific data retention periods may vary depending on the type of data and the purpose of processing. For example, order history may be retained for a longer period for accounting and tax purposes. When we no longer need your personal data, we will securely delete or anonymize it.
If your account is inactive for a significant period, we may contact you to inquire about its status. We reserve the right to terminate inactive accounts and delete associated data.
4. Data Security Measures
We implement reasonable security measures designed to protect your personal information from unauthorized access, use, disclosure, alteration, or destruction. These measures include:
- Encryption: Using industry-standard encryption technologies (e.g., SSL/TLS) to protect data transmitted between your device and our servers.
- Access Controls: Limiting access to personal information to authorized personnel who need to know the information to perform their job duties.
- Data Storage Security: Employing secure data storage facilities and practices to safeguard your information.
- Regular Security Assessments: Conducting regular security assessments and vulnerability scans to identify and address potential risks.
While we strive to protect your personal information, no method of transmission over the internet or method of electronic storage is completely secure. Therefore, we cannot guarantee its absolute security.
5. Use of Cookies and Tracking Tools
We and our third-party partners use cookies and other tracking technologies (e.g., web beacons, pixels) to collect information about your browsing activity on our website and within the App.
- Cookies: Small text files that are placed on your device by your browser when you visit a website. They help us remember your preferences, understand how you interact with our Services, and personalize your experience.
- Web Beacons/Pixels: Small graphic images embedded in web pages or emails that track your interaction with the content.
We use cookies and tracking tools for the following purposes:
- Essential Cookies: Necessary for the basic functionality of our website and App, such as enabling you to log in and navigate.
- Analytics Cookies: To collect information about how you use our Services, such as which pages you visit and how long you spend on them. This helps us improve the performance and design of our Services. (e.g., Google Analytics)
- Advertising Cookies: To deliver targeted advertisements to you based on your interests and browsing history. (e.g., Google Ads, AdSense)
- Functional Cookies: To remember your preferences and provide enhanced features, such as language settings and saved items.
Your Choices Regarding Cookies:
You can control and manage cookies through your browser settings. Most browsers allow you to block or delete cookies. Please note that blocking certain cookies may impact the functionality and your experience of our Services.
For information on how Google uses data collected through Google Analytics, AdSense, and Google Ads, please refer to Google's Privacy Policy. You can also opt-out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.
6. User Rights Under GDPR and CCPA
If you are a resident of the European Economic Area (EEA) or California, you have certain rights regarding your personal data under the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA), respectively. These rights may include:
GDPR (EEA Residents):
- Right to Access: You have the right to request access to the personal data we hold about you.
- Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
- Right to Erasure ("Right to be Forgotten"): You have the right to request the deletion of your personal data under certain circumstances.
- Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data under certain circumstances.
- Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
- Right to Object: You have the right to object to the processing of your personal data for certain purposes, such as direct marketing.
- Right not to be subject to automated decision-making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
- Right to Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw your consent at any time.
CCPA/CPRA (California Residents):
- Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources of the information, the purposes for collecting it, and the categories of third parties with whom we share it.
- Right to Delete: You have the right to request the deletion of your personal information, subject to certain exceptions.
- Right to Opt-Out of Sale or Sharing of Personal Information: You have the right to opt out of the "sale" or "sharing" of your personal information as defined under California law. Please note that our use of analytics and advertising cookies may be considered "sharing" under the CPRA. You can manage your cookie preferences as described in Section 5.
- Right to Correct Inaccurate Personal Information: You have the right to request that we correct inaccurate personal information that we maintain about you.
- Right to Limit Use and Disclosure of Sensitive Personal Information: You have the right to direct us to only use your sensitive personal information for limited purposes.
- Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA/CPRA rights.
Exercising Your Rights:
To exercise any of these rights, please contact us at info@refil.in with a clear description of your request. We may need to verify your identity before processing your request. We will respond to your request within the timeframes required by applicable law.
7. Opt-Out Instructions for Marketing
You have the right to opt-out of receiving marketing communications from us at any time. You can do so by:
- Clicking on the "unsubscribe" link at the bottom of any marketing email we send you.
- Adjusting your notification preferences within the App settings (if applicable).
- Contacting us directly at info@refil.in with your request to be removed from our marketing lists.
Please note that even if you opt out of marketing communications, we may still send you transactional emails related to your account or orders.
8. Data Sharing with Third Parties
We may share your personal information with the following categories of third parties for the purposes described in this Privacy Policy:
- Service Providers: We engage third-party service providers to perform various functions on our behalf, such as payment processing (Razorpay), delivery services, website hosting, data analysis (Google Analytics), email marketing, and customer support. These providers have access to your personal information only to the extent necessary to perform their services and are contractually obligated to protect your information.
- Advertising Partners: We may share certain information with advertising partners (e.g., Google Ads) to deliver targeted advertisements to you and to measure the effectiveness of our advertising campaigns.
- Analytics Providers: We share data with analytics providers (e.g., Google Analytics) to understand how users interact with our Services and to improve them.
- Social Media Platforms: If you choose to connect your Refil account with social media platforms, we may share certain information with these platforms as described in Section 1.
- Business Transfers: In the event of a merger, acquisition, sale of assets, or other business transaction, your personal information may be transferred to the acquiring entity. We will provide notice if your personal information becomes subject to a different privacy policy as a result of such a transaction.
- Legal Compliance and Protection: We may disclose your personal information to law enforcement agencies, regulatory bodies, or other third parties if we are required to do so by law or legal process, or if we believe in good faith that such disclosure is necessary to (a) protect our rights, property, or safety, or the rights, property, or safety of others; (b) investigate fraud or other illegal activities; or (c) respond to a government request.
We will not sell your personal information to third parties for their direct marketing purposes without your explicit consent.
9. Children's Data Handling
Our Services are generally not directed towards children under the age of 13. However, due to the nature of our App (e.g., managing household pantry), we may indirectly collect limited data that could potentially relate to children under 13. For instance, if a user inputs the contents of their family pantry, this might include items intended for children.
We do not knowingly solicit or collect personal information directly from children under 13 without verifiable parental consent.
If you are a parent or guardian and believe that your child under 13 has provided personal information to us without your consent, please contact us at info@refil.in and we will take steps to remove that information and terminate the child's account, if applicable.
While our Services are not primarily targeted at children, we acknowledge the possibility of indirect data collection. If in the future we intend to directly target children under 13 as a primary audience, we will implement appropriate measures to comply with the Children's Online Privacy Protection Act (COPPA) and other applicable laws, including obtaining verifiable parental consent prior to collecting, using, or disclosing personal information from children.
10. International Data Transfers
As Purpleventures Management Consultants LLP is located in India, your personal information may be transferred to and processed in India. India may have data protection laws that are different from the laws of your country.
When we transfer your personal information internationally, we will take appropriate safeguards to protect your information as described in this Privacy Policy and in accordance with applicable laws, such as:
- Standard Contractual Clauses: Implementing standard contractual clauses approved by the European Commission for transfers of personal data from the EEA to countries outside the EEA.
- Other Adequacy Mechanisms: Relying on other legally recognized mechanisms for international data transfers, as applicable.
By using our Services and providing us with your personal information, you consent to the transfer, processing, and storage of your information in India and other countries outside of your country of residence, where data protection laws may be different.
11. Updates to the Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, and other factors. We will post the updated Privacy Policy on our website and within the App and update the "Last Updated" date at the top of this policy.
If we make material changes to this Privacy Policy, we will provide you with additional notice, such as by email or through a prominent notice within the App, as required by applicable law. We encourage you to review this Privacy Policy periodically to stay informed about our data handling practices.
Your continued use of our Services after the posting of an updated Privacy Policy constitutes your acceptance of the changes. If you do not agree with the updated Privacy Policy, you should stop using our Services.
12. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data handling practices, please contact us at:
Email: info@refil.in
We are committed to addressing your concerns and resolving any privacy-related issues in a timely and effective manner.
Compliance with Privacy Regulations
Refil is committed to complying with the following privacy regulations:
- California Online Privacy Protection Act (CalOPPA): We are committed to meeting the requirements of CalOPPA by providing this clear and comprehensive Privacy Policy and informing users about the categories of personal information collected and how it is used.
- California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA): We aim to comply with the CCPA/CPRA by providing California residents with the rights outlined in Section 6, including the right to know, delete, and opt-out of the sale or sharing of their personal information.
- General Data Protection Regulation (GDPR): For users in the European Economic Area (EEA), we are committed to adhering to the GDPR by providing a lawful basis for processing personal data, ensuring data security, respecting user rights as detailed in Section 6, and implementing safeguards for international data transfers.
- India IT Act and related rules: We comply with the applicable provisions of the India Information Technology Act, 2000, and related rules concerning data privacy and security.
- Children's Online Privacy Protection Act (COPPA): While our services are not primarily directed at children under 13, we are mindful of COPPA requirements and will take appropriate steps to comply with COPPA if we directly target children under 13 in the future, including obtaining verifiable parental consent.
By using Refil, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and sharing of your personal information as described herein.
End of Privacy Policy