Privacy Policy

Published under the IT Act, 2000, the SPDI Rules, 2011, and the Digital Personal Data Protection Act, 2023.

Last Updated: 23 June 2026 · Owned and operated by Parveen Kumar, doing business as AnythingKart.

This Privacy Policy governs the manner in which Parveen Kumar, doing business as AnythingKart(“we”, “us”, “our”), collects, uses, processes, and retains data of users (“User”, “you”) of the AnythingKart platform comprising its website, customer application, seller application, and administrative systems (the “Platform”). By accessing or using the Platform, you consent to the practices described herein.

1. Data We Collect

  • User Identity Data: name, email address, contact number, shipping and billing address, and billing information.
  • Device & Technical Data: automated device fingerprints including Device UUID, subnet/IP range, browser and hardware signatures, and session telemetry.
  • Location Data: live geofenced GPS pincodes captured via precise pin-drop mapping at checkout, used solely for hyperlocal delivery validation.
  • Attribution Data: inbound marketing variables such as UTM tags and Meta/Facebook Pixel identifiers.

2. Purposes of Processing

Your data is processed strictly for legitimate business purposes, including:

  • hyperlocal delivery serviceability validation;
  • prevention of affiliate self-attribution and incentive fraud;
  • automated Return-to-Origin (RTO) risk profiling;
  • order fulfilment, customer support, and grievance redressal; and
  • platform security and session-log management.

3. Payment Processing

Payments are processed through our PCI-DSS-compliant aggregator network, including JusPay and alternative terminal providers. No complete card credentials are stored on our servers. All payment execution follows encrypted, tokenised PCI-DSS protocols handled by the respective licensed payment aggregator.

4. Data Retention Lifecycle

  • Granular trace logs (raw impressions/clicks): retained in the active transactional database for 30–90 days.
  • Aggregated summary metrics: migrated to analytical storage for 1–2 years.
  • Financial, tax-invoicing, and GST/TCS/TDS records: retained in cold compliance storage for up to 7 years, as mandated under applicable Indian tax statutes.

5. Disclosure to Third Parties

We share data only with logistics partners, payment aggregators, and statutory authorities strictly to the extent necessary for fulfilment, settlement, or legal compliance. We do not sell personal data.

6. Your Rights (DPDP Act, 2023)

You have the right to access, correct, and erase your personal data, to withdraw consent, and to grievance redressal. Requests may be addressed to our Grievance Officer below.

7. Cookies, Analytics & Tracking

The Platform uses strictly necessary cookies for security, session continuity, and to remember your cookie preferences. With your consent, we also use the following analytics tools to understand how the Platform is used and to improve it:

  • Google Analytics 4: aggregated traffic, page, and conversion analytics. Loaded using Google Consent Mode — analytics cookies are set only after you accept.
  • Microsoft Clarity: anonymised heatmaps and session replays showing how visitors interact with pages. Loaded only after you accept.

On your first visit you may choose “Accept all” or “Only essential” via our cookie banner. If you decline, no analytics or advertising cookies are stored. You can change your choice anytime using the “Cookie preferences” link in the footer; your choice applies across AnythingKart’s website and its subdomains.

8. Grievance Officer

In compliance with the IT Act, 2000 and the DPDP Act, 2023:

Complaints will be acknowledged within 48 hours and resolved within one month of receipt.