Aharana

Last updated: March 30, 2026

Aharana ("we", "our", or "us") operates the Aharana mobile application and website (collectively, the "Service"), a food, grocery, and parcel delivery platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By accessing or using the Service, you agree to this Privacy Policy.

1. Information We Collect

1.1 Information You Provide Directly

• Account information: Name, phone number, email address, and profile photo.
• Delivery addresses: Home, work, or other saved addresses including GPS coordinates.
• Order details: Items ordered, order preferences, special instructions, and order history.
• Payment information: Payment method selection (cash on delivery or online payment). We do not store credit/debit card numbers directly; online payments are processed by our payment partner, Razorpay.
• Support interactions: Messages sent through our in-app chat, customer support tickets, feedback, ratings, and reviews.
• Parcel details: Sender and receiver names, phone numbers, pickup and drop-off addresses, parcel size, and weight.

1.2 Information Collected Automatically

• Device information: Device model, operating system version, unique device identifiers, app version, and language preference.
• Location data: With your permission, we collect precise GPS location to show nearby restaurants and stores, calculate delivery estimates, and enable real-time order tracking. You can disable location access in your device settings, but some features will be limited.
• Usage data: Pages viewed, features used, search queries, session duration, and interaction patterns within the app.
• Log data: IP address, browser type (for web), access times, and referring URLs.
• Push notification tokens: Firebase Cloud Messaging (FCM) tokens for delivering order updates and promotional notifications.

1.3 Information from Third Parties

• Phone authentication: We use Firebase Authentication to verify your phone number via OTP (one-time password). Firebase provides us with your phone number and a unique user identifier.
• Payment processors: Razorpay may share transaction status and payment confirmation details with us (but not your full card number).

2. How We Use Your Information

We use the information we collect to:

• Provide and operate the Service: Process and deliver your food, grocery, and parcel orders.
• Customer support: Respond to your inquiries, resolve complaints, and provide assistance through our in-app chat and support system.
• Personalization: Show restaurants and stores near you, suggest items based on your order history, and display relevant offers.
• Order tracking: Provide real-time delivery tracking with driver location updates.
• Communication: Send order confirmations, delivery updates, payment receipts, and important service announcements via push notifications and SMS.
• Analytics and improvement: Analyze usage patterns to improve our app, fix bugs, optimize delivery routes, and enhance user experience.
• Safety and security: Detect and prevent fraud, unauthorized access, and other harmful activities.
• Legal compliance: Comply with applicable laws, regulations, and legal processes.
• Marketing: With your consent, send promotional offers, discounts, and new restaurant notifications. You can opt out of marketing communications at any time.

3. How We Share Your Information

We do not sell your personal information. We may share your information with:

• Delivery partners (drivers): Your name, delivery address, and phone number are shared with assigned delivery partners to complete your delivery. Drivers see only the information needed for the current delivery.
• Vendors (restaurants and stores): Your name and order details are shared with vendors to prepare your order. Vendors do not receive your full address or phone number unless required for delivery coordination.
• Payment processors: Razorpay processes online payments. Their use of your data is governed by their own privacy policy.
• Cloud infrastructure: We use Amazon Web Services (AWS) for hosting. Data is stored in the AWS Mumbai (ap-south-1) region.
• Analytics services: We use Sentry for error tracking and application monitoring to improve service reliability.
• Firebase (Google): For phone authentication, push notifications, and crash reporting.
• Cloudinary: For image storage and delivery (vendor photos, menu item images).
• SMS providers: MSG91 for OTP delivery and transactional SMS notifications.
• Law enforcement: When required by law, court order, or governmental regulation, or when necessary to protect our rights, safety, or property.
• Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

4. Data Retention

• Account data: Retained for as long as your account is active. After account deletion, we retain anonymized order data for up to 3 years for business analytics and legal compliance.
• Order history: Retained for 3 years for customer reference, dispute resolution, and regulatory requirements.
• Location data: Real-time location is used only during active orders and is not stored permanently. Delivery addresses are retained as part of your account.
• Support chat messages: Retained for 1 year for quality assurance and dispute resolution.
• Payment records: Transaction records are retained for 7 years as required by Indian tax and financial regulations.
• Analytics data: Aggregated and anonymized analytics data may be retained indefinitely.

5. Data Security

We implement appropriate technical and organizational measures to protect your information:

• All data in transit is encrypted using HTTPS/TLS.
• Passwords and sensitive tokens are hashed using bcrypt.
• Authentication tokens are stored in device keychains (encrypted storage) on mobile devices.
• Database access is restricted and monitored.
• Security headers (Helmet.js) protect against common web vulnerabilities (XSS, clickjacking, MIME sniffing).
• Rate limiting is enforced to prevent abuse.
• Regular database backups are performed and securely stored.

While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

6. Your Rights

You have the following rights regarding your personal data:

• Access: You can view your profile information, order history, saved addresses, and wallet transactions within the app at any time.
• Correction: You can update your name, email, and profile information through the Edit Profile screen in the app.
• Deletion: You can request account deletion through the app (Profile > Delete Account). Upon deletion, we will remove your personal data within 30 days, except where retention is required by law.
• Data portability: You can request a copy of your personal data by contacting us at privacy@aharana.com.
• Withdraw consent: You can withdraw consent for location access and push notifications through your device settings. You can opt out of marketing communications through the Notification Preferences screen in the app.
• Complaint: If you believe your data rights have been violated, you may file a complaint with us or with the appropriate data protection authority.

7. Children's Privacy

Our Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will promptly delete it. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@aharana.com.

8. Cookies and Tracking (Web)

Our website (https://aharana.com) may use cookies and similar technologies to:

• Maintain your session and authentication state.
• Remember your preferences (language, theme).
• Analyze traffic and usage patterns.

You can control cookies through your browser settings. Disabling cookies may affect the functionality of the website.

9. Third-Party Links

Our Service may contain links to third-party websites or services (e.g., payment gateway, app stores). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

10. International Data Transfers

Your data is primarily stored and processed in India (AWS Mumbai region). Some third-party services (Firebase, Cloudinary, Sentry) may process data in other regions. By using our Service, you consent to the transfer of your information to these locations.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through an in-app notification or by updating the "Last updated" date at the top of this page. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

12. Contact Us