Privacy Policy for Cropzy

Last Updated: March 13, 2026

1. INTRODUCTION

This Privacy Policy governs the collection, use, and protection of personal data by Cropzy, a mobile application developed by an individual developer ("we," "us," or "our"). Cropzy operates as a Data Fiduciary under India's Digital Personal Data Protection Act, 2023 (DPDP Act). This policy applies to all users ("you," "your," or "Data Principal") of the Cropzy mobile application available on Google Play Store and Apple App Store.

By downloading, installing, or using Cropzy, you acknowledge that you have read, understood, and consent to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use the application.

2. DEFINITIONS

• "Personal Data" means any data about an individual who is identifiable by or in relation to such data, including name, mobile number, business information, and location data.

• "Data Principal" means the individual to whom the personal data relates.

• "Data Fiduciary" means the entity that determines the purpose and means of processing personal data (Cropzy/developer).

• "Processing" means any operation performed on personal data, including collection, storage, use, disclosure, or erasure.

3. DATA WE COLLECT

We collect the following categories of personal data:

3.1 Identity and Contact Information

• Full name

• Mobile phone number

• Business/company name

• User type (Miller or Trader)

3.2 Business Information

• Grain listings (wheat/paddy) including quantity, quality specifications, and pricing

• Counter-offers and negotiation history

• Transaction preferences and history within the app

3.3 Location Data

• GPS-based location for connecting you with nearby traders/millers

• Business address/operating location

3.4 Device and Usage Information

• Device type and operating system

• IP address

• App usage patterns and feature interactions

• Crash logs and diagnostic data

4. PURPOSE OF PROCESSING

We process your personal data for the following specific purposes:

• To create and manage your user account

• To facilitate connections between wheat/paddy traders and millers

• To enable posting, browsing, and negotiation of grain listings

• To provide market rate visibility through aggregated listing data

• To communicate regarding account activity, offers, and app updates

• To ensure platform security and prevent fraudulent activity

• To comply with legal obligations under Indian law

5. LEGAL BASIS FOR PROCESSING

Under Section 6 of the DPDP Act, 2023, we process your personal data based on:

5.1 Consent: By registering and using Cropzy, you provide free, specific, informed, unconditional, and unambiguous consent to the processing described in this policy. You provide this consent through clear affirmative action by accepting this Privacy Policy and Terms of Use during registration.

5.2 Certain Legitimate Uses: We may process data without consent where necessary for:

• Compliance with legal obligations

• Responding to medical emergencies involving you

• Employment-related purposes (if applicable)

6. DATA SHARING AND DISCLOSURE

6.1 Other Users: Your business listings (grain type, quantity, price, location) are visible to other registered traders and millers to facilitate market connections. Your contact information is shared only when you actively engage in negotiations or transactions.

6.2 Service Providers: We engage third-party processors for:

• Cloud hosting and data storage

• Push notification services

• Analytics and crash reporting

All processors are contractually bound to implement security safeguards and process data only as instructed by us.

6.3 Legal Requirements: We may disclose personal data when required by:

• Order of court, tribunal, or regulatory authority

• Direction of the Data Protection Board of India

• Applicable laws of India

7. DATA SECURITY

Pursuant to Section 8(5) of the DPDP Act and Rule 6 of the DPDP Rules, 2025, we implement the following reasonable security safeguards:

• Encryption: End-to-end encryption for data transmission using TLS/SSL protocols

• Access Controls: Role-based access limiting data exposure to authorized personnel only

• Data Masking: Obfuscation of sensitive identifiers where possible

• Monitoring: Continuous logging and review to detect unauthorized access

• Backups: Verified backup systems to ensure data resilience

• Storage: Secure cloud infrastructure with industry-standard protections

We retain logs and personal data for a minimum period of one year as mandated by Rule 6(2) of the DPDP Rules, 2025, to detect, investigate, and remediate unauthorized access.

8. DATA RETENTION AND DELETION

8.1 Retention Period: We retain your personal data only as long as necessary for the purposes stated in this policy, or as required by applicable law. Specifically:

• Account data: Retained while your account is active

• Transaction/listing data: Retained for one year after transaction completion or listing removal

• Logs: Retained for minimum one year as per DPDP Rules

8.2 Automatic Deletion: Upon account deletion or withdrawal of consent, we will delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes (such as resolving disputes or enforcing agreements).

8.3 Notification: We will inform you 48 hours before automated deletion of your data, where applicable.

9. YOUR RIGHTS AS A DATA PRINCIPAL

Under Chapter III of the DPDP Act, 2023, you have the following rights:

9.1 Right to Access: You may request confirmation of whether we process your personal data and obtain a summary of such data.

9.2 Right to Correction and Erasure: You may request correction of inaccurate or misleading data, completion of incomplete data, updating of data, or erasure of data that is no longer necessary for the purpose.

9.3 Right to Grievance Redressal: You have the right to have readily available means of registering a grievance with us regarding our processing of your personal data.

9.4 Right to Nominate: You may nominate any other individual who shall, in the event of your death or incapacity, exercise your rights on your behalf.

10. EXERCISING YOUR RIGHTS

To exercise any of your rights:

• Access, correction, and deletion requests may be made through the in-app "Account Settings" or "Privacy Dashboard" feature

• Grievances may be registered through the in-app support system or by contacting the designated grievance officer (contact details below)

• We will respond to all requests within 72 hours and resolve grievances within 30 days

11. CHILDREN'S DATA

Cropzy is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from children. If we discover that we have inadvertently collected data from a child under 18, we will delete such data immediately. Processing children's data requires verifiable parental consent under Section 9 of the DPDP Act, which we do not obtain as our platform is designed for business use by adults.

12. DATA BREACH NOTIFICATION

In the event of a personal data breach:

12.1 To You: We will notify affected users without delay through your registered mobile number or in-app notification, providing:

• Nature of the breach

• Likely consequences

• Measures taken to mitigate harm

• Contact details for further information

12.2 To Authorities: We will immediately inform the Data Protection Board of India and provide a detailed report within 72 hours as required by Rule 7 of the DPDP Rules, 2025.

13. CROSS-BORDER DATA TRANSFERS

Your personal data is stored and processed within India. Any international transfers of data will comply with Section 16 of the DPDP Act and applicable government notifications. Currently, we do not transfer personal data outside India.

14. GRIEVANCE REDRESSAL AND CONTACT

For any questions, concerns, or grievances regarding this Privacy Policy or our data practices:

Grievance Officer: Devansh Dhingra

Contact: +91 7088611369

Response Time: Within 72 hours

If you are unsatisfied with our response, you may file a complaint with the Data Protection Board of India once operational.

15. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes through:

• In-app notifications

• SMS to your registered mobile number

• Updated "Last Updated" date at the top of this policy

Continued use of Cropzy after such changes constitutes acceptance of the revised policy.

16. CONSENT WITHDRAWAL

You may withdraw your consent to our processing of your personal data at any time by:

• Using the "Delete Account" feature in app settings, or

• Contacting our grievance officer

Withdrawal will be as easy as giving consent. Upon withdrawal, we will cease processing and delete your data within 30 days, except where retention is required by law.

17. THIRD-PARTY SERVICES

Cropzy may contain links to third-party websites or services (such as payment processors for offline brokerage). This Privacy Policy does not apply to such third parties. We encourage you to review the privacy policies of any third-party services you interact with.

18. DISCLAIMER

While we implement reasonable security measures, no electronic storage or transmission is completely secure. We cannot guarantee absolute security of your data but commit to promptly addressing any breaches as per DPDP Act requirements.

----

ACKNOWLEDGMENT

By using Cropzy, you acknowledge that you have read this Privacy Policy, understand it, and consent to the collection, use, and processing of your personal data as described herein.