PRIVACY POLICY 

Effective Date: 01 January 2026

Last Updated: 01 January 2026 

This Privacy Policy (“Policy”) explains how Wercatalyst Ventures Pvt Ltd (“Company”, “we”, “us”, or “our”) collects, uses, processes, stores, discloses, and protects personal data of users through its mobile application, internal systems, and related services (“Application” or “App”). 

This Policy is legally binding and is framed in compliance with applicable Indian laws, including the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and UIDAI Aadhaar regulations. 

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

                                                                                                                             COMPANY INFORMATION 

Legal Entity Name:

 Wercatalyst Ventures Pvt Ltd

 Registered Address:

 S-43, Atlanta Shopping Mall, Althan Bhimrad, Surat – 395007, Gujarat, India 

Official Contact Email: legal@wercatalyst.com 

Grievance Officer:

Name: Ashish Upadhya 

Contact Number: 84602xxxxx 

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

1. DEFINITIONS AND INTERPRETATION 

1. “Personal Data” means any data about an individual who is identifiable by or in relation to such data. 

2. “Sensitive Personal Data” includes financial information, Aadhaar details, government-issued identification, and location data. 

3. “User” means any individual accessing or using the Platform, including Riders, Supervisors, Administrators, and Client Representatives. 

4. “Rider” means delivery personnel or field workforce onboarded through the Platform. 5. “Processing” means any operation performed on             personal data including collection, storage, use, sharing, or deletion. 

5. “Processing” means any operation performed on personal data including collection, storage, use, sharing, or deletion. 

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

2. APPLICABILITY, INTERPRETATION, AND USER DEFINITIONS 

2.1 Applicability

This Privacy Policy applies to all personal data that is collected, processed, stored, disclosed, transferred, or otherwise handled by Wercatalyst Ventures Pvt Ltd through its mobile application, associated web platforms, backend systems, databases, integrations, and operational processes (collectively, the “Application”).

This Policy applies irrespective of whether the personal data is collected: 

   • Directly from users,

  • Automatically through the Application or devices, or 

  • From authorized third-party sources. 

This Policy is legally binding on every individual who downloads, installs, registers, accesses, or uses the Application in any manner, whether         temporarily or permanently, including cases where the Application is accessed on behalf of another entity or organization. 

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

2.2 Categories of Users 

For the purposes of this Privacy Policy, users are defined and categorized as follows: 

(a) Rider / Delivery Personnel 

Any individual who applies for engagement, is onboarded, verified, or performs delivery, logistics, or field-based operational services through the Application. This includes riders who are active, inactive, suspended, terminated, or under review, whose personal data may continue to be processed for legal, compliance, audit, or dispute resolution purposes.

(b) Supervisor / Field Manager 

Any individual authorized by the Company or its client organizations to assign tasks, monitor attendance, verify operational activities, track routes, manage shifts, or supervise riders or workforce personnel using the Application.  

(c) Administrative User 

An employee, contractor, or authorized representative of the Company who has access to administrative dashboards, system controls, compliance tools, reports, analytics, or user management features of the Application.

(d) Client Representative

 An authorized individual acting on behalf of a client organization that uses the Application for workforce onboarding, operational monitoring, compliance verification, payroll coordination, or business management purposes.  

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

2.3 Scope of Processing 

This Privacy Policy governs all personal data processing activities carried out through the Application, including but not limited to processing related to: 

• Recruitment and onboarding of riders and workforce personnel 

• Identity, address, and background verification 

• Attendance recording and shift management 

• GPS-based route tracking during operational hours 

• Workforce performance monitoring and evaluation 

• Payroll processing and financial payouts 

• Regulatory compliance, audits, and record-keeping 

• Internal reporting, analytics, system monitoring, and security 

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

2.4 Territorial Scope 

This Privacy Policy applies to: 

• All users located within the territory of India, and 

• Users located outside India whose personal data is processed in connection with services offered, managed, or controlled from India, 

subject to applicable Indian laws, including the Digital Personal Data Protection Act, 2023 and the Information Technology Act, 2000. 

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

2.5 Binding Effect 

By accessing, registering for, or using the Application, users confirm that they have read, understood, and agreed to be legally bound by this Privacy Policy and all applicable laws. Continued use of the Application constitutes ongoing acceptance of this Policy and any updates made thereto. 

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

3. LEGAL FRAMEWORK 

This Policy is governed by and interpreted in accordance with: 

1. Digital Personal Data Protection Act, 2023 

2. Information Technology Act, 2000 

3. SPDI Rules, 2011 

4. Aadhaar Act, 2016 and UIDAI regulations 

5. Other applicable Indian laws 

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

4. TYPES OF PERSONAL DATA COLLECTED 

4.1 Basic Personal Information 

• Full name 

• Mobile number 

• Date of birth 

• Photograph / selfie 

• Educational qualification 

• Work experience 

• Expected salary 

4.2 Identity and Address Verification Data (Sensitive Personal Data) 

• Aadhaar card (front and back) 

• PAN card • Driving license 

• Electricity bill or valid address proof 

Aadhaar information is collected solely for identity verification and compliance purposes, strictly in accordance with UIDAI regulations, and is not used for authentication, profiling, or any prohibited purpose. 

4.3 Financial Information

• Bank account number 

• IFSC code

4.4 Location and Technical Information 

• Real-time GPS location during active duty 

• Historical location logs for operational verification 

• IP address 

• Device identifiers 

• App usage logs 

• Device metadata 

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

5. PURPOSE OF COLLECTION AND PROCESSING 

Personal data is collected and processed for the following legitimate purposes: 

1. Rider recruitment, onboarding, and verification 

2. Identity validation and background checks 

3. Legal, regulatory, and audit compliance 

4. Attendance, shift, and workforce management 

5. Route tracking and operational optimization 

6. Fraud detection and prevention 

7. Payroll calculation and payment disbursement 

8. Communications, alerts, and notifications 

9. Analytics, reporting, and service improvement 

10. Legal enforcement, dispute resolution, and claims management 

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

6. SOURCES OF DATA 

Personal data is obtained from: 

1. Direct submission by users 

2. Automatic system and device-based collection 

3. Third-party background verification agencies 

4. Banking and payment service providers 

5. Client organizations using the platform 

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

7. CONSENT AND LAWFUL BASIS 

1. Explicit consent is obtained electronically during onboarding. 

2. Consent includes acceptance of this Privacy Policy. 

3. Consent records include timestamp, user ID, and Policy version. 

4. Users may withdraw consent, subject to legal and contractual obligations. 

5. Certain processing may continue where required by law or employment obligations. 

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

8. DATA SHARING AND DISCLOSURE 

Personal data may be shared strictly on a need-to-know basis with: 

1. Client organizations for workforce onboarding and operations 

2. Government authorities where legally mandated 

3. Background verification agencies 

4. Cloud infrastructure providers 

5. Payment gateways and banking institutions 

The Company does not sell, rent, trade, or commercially exploit personal data. 

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

9. DATA RETENTION POLICY 

1. Data of active riders is retained for the duration of engagement. 

2. Data of inactive riders is retained for up to eight (8) years. 

3. Data may be retained longer where required for legal, audit, or dispute resolution purposes. 

4. Deletion requests are honored unless legally restricted. 

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

10. RIGHTS OF USERS (DATA PRINCIPALS)

 Under applicable law, users have the right to: 

1. Access their personal data 

2. Request correction or updation 

3. Withdraw consent 

4. Request erasure of data 

5. Lodge complaints and grievances 

Requests may be submitted to legal@wercatalyst.com. 

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

11. USER OBLIGATIONS 

Users agree to: 

1. Provide accurate and truthful information 

2. Maintain confidentiality of login credentials 

3. Report unauthorized access immediately 

4. Comply with applicable laws and platform rules 

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

12. DATA SECURITY MEASURES 

The Company follows reasonable and industry-standard security practices, including: 

1. Encryption of data at rest and in transit 

2. Role-based access control 

3. Secure authentication mechanisms 

4. Audit logs and monitoring 

5. Restricted administrative access 

6. Secure cloud storage using Google Firebase 

7. Incident detection and response procedures 

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

13. DATA STORAGE AND CROSS-BORDER TRANSFER 

1. Personal data is stored on Google Firebase cloud infrastructure. 

2. Data processing may occur outside India subject to lawful safeguards. 

3. Cross-border transfers comply with applicable Indian data protection laws. 

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

14. DATA BREACH MANAGEMENT 

In case of a data breach: 

1. Immediate containment and investigation will be undertaken 

2. Affected users and authorities will be notified as required by law 

3. Remedial and corrective measures will be implemented promptly 

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

15. LIMITATION OF LIABILITY 

To the maximum extent permitted by law: 

1. The Company shall not be liable for indirect, incidental, or consequential damages 

2. Liability is limited to losses directly attributable to proven negligence 

3. Users acknowledge inherent risks of digital platforms 

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

16. CHANGES TO THIS POLICY 

1. This Policy may be updated periodically 

2. Updates will be communicated via in-app notifications 

3. Continued use of the Application constitutes acceptance 

4. Previous versions will be archived for reference00

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 

17. GOVERNING LAW AND JURISDICTION 

1. This Policy shall be governed by the laws of India 

2. Courts located in India shall have exclusive jurisdiction 

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

18. CONTACT AND GRIEVANCE REDRESSAL 

For privacy-related concerns: 

Email: legal@wercatalyst.com 

Grievance Officer: Ashish Upadhya 

Contact: 84602xxxxx 

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

ACKNOWLEDGMENT 

By accessing or using the Application, you acknowledge that you have read, understood, and agreed to this Privacy Policy.