Effective Date: April 1, 2026 | Last Updated: April 1, 2026
Vaanir is a live commerce marketplace operated by Kredey Innovations Private Limited, a company incorporated under the Companies Act, 2013, with its registered office in Ghaziabad, Uttar Pradesh, India. Vaanir enables sellers to list products, manage live selling sessions, and receive orders from buyers through a web-based storefront. In the context of applicable data protection law, Kredey Innovations acts as the Data Fiduciary — we determine the purpose and means of processing your personal data.
Legal Entity: Kredey Innovations Private Limited
Platform: Vaanir (vaanir.in)
Contact Email: support@vaanir.in
We collect only the data necessary to operate the platform and fulfill our obligations to you. The specific categories depend on whether you use Vaanir as a Buyer or a Seller.
| Data Category | What We Collect | Purpose |
|---|---|---|
| Account & Identity | Phone number, name, role (buyer/seller) | Account creation, OTP authentication, role assignment |
| Seller Profile | Store name, seller handle, product listings (name, description, price, images, sizes, stock) | Storefront creation, product catalogue, order fulfillment |
| Buyer Profile | Name, phone number, delivery address | Order placement, delivery coordination by sellers |
| Order & Transaction | Items purchased, order value, order status, payment confirmation via Razorpay | Order processing, payment verification, order history |
| Device & Usage | Browser type, device type, IP address, pages visited, session duration | Platform security, performance monitoring, bug resolution |
Directly from you: When you sign up using phone OTP, create your profile, add products (sellers), place orders (buyers), or contact us for support.
Automatically: When you use the platform, we collect device and usage data through standard web technologies (cookies, server logs). This is limited to what is necessary for platform operation and security.
From third-party services: Razorpay provides us with payment confirmation status (success/failure) and a transaction reference ID. Razorpay's own privacy policy governs how they handle your payment data.
Under the Digital Personal Data Protection Act, 2023, we process your personal data on the following grounds:
Consent: You provide explicit consent when you sign up for an account and agree to this Privacy Policy. You may withdraw your consent at any time (see Section 7 below).
Legitimate Use: Certain processing is necessary for the performance of a contract — for example, we must process your delivery address to enable the seller to fulfill your order, and we must store your phone number to authenticate your login.
Platform operation: To authenticate your identity, maintain your account, display your storefront (sellers), process your orders, and enable buyer-seller transactions.
Communication: To send you OTPs for login, order status updates, and essential service notifications. We do not send marketing messages without your separate, explicit consent.
Security and integrity: To detect and prevent fraud, abuse, unauthorized access, and to maintain platform stability.
Legal compliance: To comply with applicable laws, regulations, legal processes, or enforceable government requests.
We do not sell, rent, or trade your personal data to any third party. We share data only in the following limited circumstances:
Buyer ↔ Seller: When a buyer places an order, the seller receives the buyer's name, delivery address, and phone number — strictly for order fulfillment and delivery. Sellers are contractually prohibited from using buyer data for any purpose beyond fulfilling the specific order.
Payment Processor (Razorpay): We share necessary transaction details with Razorpay to process payments. Razorpay operates as an independent Data Fiduciary for payment data.
Legal authorities: We may disclose data if required by law, court order, or government authority under applicable Indian law.
Service providers: We may use third-party services for hosting (e.g., Vercel, Supabase) and analytics. These providers process data only on our instructions and are bound by confidentiality obligations.
Under the Digital Personal Data Protection Act, 2023, you have the following rights:
Right to Access: You may request a summary of your personal data that we hold and how it has been processed.
Right to Correction: You may request correction of any inaccurate or incomplete personal data.
Right to Erasure: You may request deletion of your personal data, subject to any legal obligations that require us to retain certain records.
Right to Withdraw Consent: You may withdraw your consent at any time by contacting us. Upon withdrawal, your account will be deactivated and your data deleted in accordance with our retention policy.
Right to Grievance Redressal: You may file a complaint with our Grievance Officer (see Section 12) or with the Data Protection Board of India.
Account data: Retained for as long as your account is active. Upon account deletion, your data is erased within 90 days, except where retention is required by law.
Order and transaction data: Retained for a minimum of 8 years from the date of the transaction to comply with tax, accounting, and legal requirements under Indian law (including the Income Tax Act, 1961, and the GST Act).
Device and usage data: Retained for up to 12 months, then automatically deleted or anonymized.
We implement reasonable security safeguards to protect your data, including: encryption of data in transit using TLS/SSL, row-level security policies on our database ensuring users can only access their own data, secure OTP-based authentication (no passwords stored), and regular review of access controls and security configurations.
In the event of a data breach, we will notify the Data Protection Board of India and affected users within 72 hours, as required by law.
Vaanir is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected data from a person under 18, we will delete it promptly.
We use strictly necessary cookies to maintain your session and authentication state. We do not use advertising cookies or third-party tracking pixels. If we introduce optional analytics cookies in the future, we will update this policy and obtain your consent before deploying them.
In accordance with the Digital Personal Data Protection Act, 2023 and the Consumer Protection (E-Commerce) Rules, 2020, we have appointed a Grievance Officer:
Grievance Officer: Grievance Officer, Kredey Innovations Private Limited
Email: support@vaanir.in
Acknowledgement: Within 48 hours
Resolution: Within 30 days
Escalation: Data Protection Board of India / National Consumer Helpline 1800-11-4000
We may update this Privacy Policy from time to time. When we make material changes, we will notify you via the platform or by email. Your continued use of Vaanir after such notification constitutes acceptance of the updated policy.