Privacy Policy
Last updated: February 24, 2026
Effective date: February 24, 2026
business Data Controller & Company Identity expand_more
digi.shopping is a product of Kriyaetive Verse Private Limited ("Kriyaetive", "we", "us", or "our"), a company incorporated under the laws of India.
Registered Office
Kriyaetive Verse Private Limited, India
Data Protection Officer
For all privacy-related inquiries, data subject requests, or complaints, contact us at: privacy@kriyaetive.com
Kriyaetive acts as the data controller (or equivalent under applicable law) for personal data processed through digi.shopping. This policy applies to users in all countries where digi.shopping operates, including India, United States, United Kingdom, Australia, New Zealand, Germany, France, Finland, UAE, and any future markets.
public Scope of This Policy expand_more
This Privacy Policy applies to the digi.shopping website, progressive web app (PWA), API services, the business.digi.shopping vendor platform, individual shop storefronts (shopname.digi.shopping), and any related services operated by Kriyaetive. It covers all data collected through these services regardless of how you access them (browser, installed PWA, or future mobile applications).
database What Data We Collect expand_more
Search Queries
Your search queries are collected and anonymised to improve our AI recommendation engine. We do not link queries to your personal identity unless you are signed in to a digi.shopping account.
Account Information (Optional)
If you create a digi.shopping account or subscribe to Pro, we collect your email address, display name, and authentication provider details (e.g., Google or phone number). This is collected with your explicit consent.
Email Address — Newsletter (Optional)
If you subscribe to our newsletter, we collect your email address with your explicit opt-in consent. This is stored securely and used solely for sending curated shopping recommendations and product alerts.
Analytics Data
We use Cloudflare Web Analytics, a privacy-first analytics solution that does not use cookies, fingerprinting, or any form of cross-site tracking. It collects aggregated page views, referrer data, and basic interaction metrics.
Device & Technical Data
We automatically collect minimal technical information such as browser type, operating system, screen resolution, language preference, timezone (used for region auto-detection), and IP address (processed transiently by Cloudflare for security and not stored by us).
Local Storage Preferences
We store your preferences (cookie consent choice, language, region, search history, theme) locally on your device using your browser's built-in storage. This data never leaves your device unless you are signed in and choose to sync.
Vendor Data (business.digi.shopping)
If you register as a vendor, we collect your shop name, business address, contact details, GST number (optional), product catalog data, and deal/transaction history. This data is processed to operate the vendor marketplace.
checklist How We Use Your Data expand_more
To provide and improve AI-powered product recommendations
To personalise your shopping experience based on your region and preferences
To send newsletter updates and price alerts (only if you've opted in)
To operate the vendor marketplace and negotiation features
To generate anonymised, aggregated analytics to improve service quality
To detect, prevent, and address fraud, abuse, and security incidents
To comply with applicable legal obligations and regulatory requirements
To enforce our Terms of Service and protect our legal rights
To communicate important service updates and policy changes
gavel Legal Basis for Processing expand_more
We process your data on the following legal grounds, depending on the type of data and your region:
Consent
Newsletter subscriptions, email marketing, price alerts, and cookie preferences. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Legitimate Interest
Service analytics, fraud prevention, service improvement, and security. We balance our legitimate interests against your rights and freedoms.
Contractual Necessity
Processing needed to provide the digi.shopping service, manage your account, process Pro subscriptions, and operate vendor marketplace features.
Legal Obligation
Processing required to comply with tax laws, consumer protection regulations, court orders, or government requests under applicable law.
schedule Data Retention expand_more
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:
Search logs: Anonymised and retained for 90 days, then automatically purged
Email addresses (newsletter): Retained until you unsubscribe. Deleted within 30 days of unsubscription
Account data: Retained for the duration of your account. Deleted within 30 days of account deletion request
Analytics data: Aggregated by Cloudflare; no personal data retained beyond 30 days
Vendor data: Retained for the duration of the vendor relationship plus any legally required retention period
Transaction/deal records: Retained for 7 years for tax and legal compliance (as required under Indian law)
Security/fraud logs: Retained for up to 12 months to investigate and prevent abuse
flag Your Rights — India (DPDPA 2023) expand_more
Under the Digital Personal Data Protection Act, 2023 (DPDPA), if you are an Indian resident, you have the following rights:
Right to Access: Obtain a summary of your personal data and processing activities
Right to Correction: Request correction of inaccurate or incomplete personal data
Right to Erasure: Request deletion of your personal data, subject to legal retention requirements
Right to Grievance Redressal: Lodge a complaint with our Grievance Officer or the Data Protection Board of India
Right to Nominate: Nominate another person to exercise your rights in case of your death or incapacity
Grievance Officer: Contact grievance@kriyaetive.com. We will acknowledge your complaint within 48 hours and resolve it within 30 days.
verified_user Your Rights — EU/EEA & UK (GDPR / UK GDPR) expand_more
If you are in the European Union, European Economic Area, or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR) and UK GDPR:
Right of Access: Request a copy of all personal data we hold about you
Right to Rectification: Correct inaccurate or incomplete personal data
Right to Erasure: Request deletion of your personal data ('right to be forgotten')
Right to Restrict Processing: Request limitation of processing in certain circumstances
Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format
Right to Object: Object to processing based on legitimate interests, including profiling
Right to Withdraw Consent: Withdraw consent at any time without affecting prior lawful processing
Right to Lodge a Complaint: File a complaint with your local supervisory authority (e.g., ICO in UK, CNIL in France, BfDI in Germany)
Contact privacy@kriyaetive.com to exercise these rights. We will respond within 30 days (extendable by 60 days for complex requests).
flag Your Rights — United States (CCPA / State Privacy Laws) expand_more
If you are a resident of California or another US state with privacy legislation (including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and others), you have the following rights:
Right to Know: Request what personal data we have collected, the sources, purposes, and third parties with whom we share it
Right to Delete: Request deletion of your personal data, subject to certain exceptions
Right to Opt-Out of Sale/Sharing: We do not sell or share your personal data for cross-context behavioural advertising
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
Right to Correct: Request correction of inaccurate personal data
Do Not Sell My Personal Information: We do not sell personal data. We do not engage in cross-context behavioural advertising. We honour Global Privacy Control (GPC) signals automatically.
public Your Rights — Australia & New Zealand expand_more
If you are in Australia, you are protected under the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs). If you are in New Zealand, you are protected under the Privacy Act 2020.
Right to Access: Request access to personal information we hold about you
Right to Correction: Request correction of inaccurate, out-of-date, or incomplete personal information
Right to Complain: Lodge a complaint with the OAIC (Australia) or the Office of the Privacy Commissioner (New Zealand)
Right to Anonymity: Where practicable, you may interact with us without identifying yourself (Australia)
Cross-Border Disclosure: Your data may be processed on our infrastructure provider's global network. We ensure comparable protections through contractual safeguards
public Your Rights — UAE (PDPL) expand_more
If you are in the United Arab Emirates, you are protected under the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) and its implementing regulations:
Right to Access: Request access to your personal data and information about how it is processed
Right to Correction: Request correction or completion of your personal data
Right to Erasure: Request deletion of your personal data when no longer necessary
Right to Restrict Processing: Request limitation of processing in certain cases
Right to Data Portability: Receive your data in a readable, common electronic format
Right to Object: Object to processing that affects your rights, including automated decision-making
flight International Data Transfers expand_more
digi.shopping is operated from India and uses a global edge network for performance and security. Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place:
Our infrastructure provider complies with the EU-US Data Privacy Framework, UK Extension, and Swiss-US DPF
Standard Contractual Clauses (SCCs) are in place with third-party processors where required
Data is encrypted in transit using industry-standard encryption and processed transiently at edge locations
We do not permanently store personal data outside India except through our infrastructure provider's compliant systems
For EU/EEA and UK users, transfers are governed by Chapter V of the GDPR / UK GDPR
cookie Cookies & Similar Technologies expand_more
We use minimal cookies and local storage. For a detailed breakdown of all cookies and technologies used, please see our dedicated Cookie Policy.
Cloudflare Web Analytics: No cookies, no fingerprinting, no cross-site tracking
Essential cookies: Cloudflare security tokens (e.g., __cf_bm) to protect against bots and DDoS
Local browser storage: Your preferences, search history, and consent choices — stored only on your device
We do not use any third-party advertising, retargeting, or behavioural tracking cookies
link Affiliate Links Disclosure expand_more
As an Amazon Associate, digi.shopping earns from qualifying purchases. We also earn affiliate commissions from other partner retailers (including Flipkart, Cuelinks, Impact.com, ShareASale, and others) when you purchase through our links.
This does NOT influence our AI recommendations. Our AI evaluates products based on quality, value, user reviews, and relevance — never affiliate commission rates. We recommend products we believe are genuinely the best options, and we actively tell you what not to buy through our "Skip These" feature.
When you click an affiliate link, the retailer may set cookies on your device (e.g., Amazon's 24-hour affiliate cookie). These cookies are governed by the respective retailer's privacy policy, not ours.
smart_toy AI & Automated Decision-Making expand_more
digi.shopping uses artificial intelligence (including Google Gemini models) to generate product recommendations. Important disclosures:
AI recommendations are generated automatically based on publicly available product data, reviews, and pricing
No human reviews individual recommendations before they are displayed to you
Your search queries are sent to third-party AI providers (Google Gemini) for processing — these are not linked to your identity
We do not use your personal data for profiling that produces legal or similarly significant effects
You have the right to request human review of any AI-generated recommendation or decision that affects you
AI outputs may contain inaccuracies — always verify product details with the retailer before purchasing
lock Data Security expand_more
We implement industry-standard technical and organisational measures to protect your data:
Industry-standard encryption for all data in transit
Email addresses are hashed before storage
DDoS protection and Web Application Firewall (WAF)
Rate limiting to prevent abuse
Regular security reviews and dependency updates
Minimal data collection principle — we only collect what we need
Access controls limiting employee access to personal data on a need-to-know basis
Data Breach Notification: In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours (as required by GDPR) and affected individuals without undue delay. For Indian users, we will notify the Data Protection Board of India as required under DPDPA.
cloud Third-Party Services & Sub-Processors expand_more
We share data with the following categories of third-party service providers, each bound by data processing agreements:
Cloudflare (US)
Infrastructure provider — hosting, content delivery, security, analytics, and data storage services.
Google (US) — Gemini AI
AI model provider for product research and recommendations. Search queries are sent without personal identifiers.
Firebase (Google, US)
Authentication services (phone and Google sign-in). Processes authentication data per Google's privacy policy.
Affiliate Partners
Amazon, Flipkart, Cuelinks, Impact.com, ShareASale and others. These partners track purchases made through affiliate links per their own privacy policies.
We do not sell, rent, or trade your personal data to any third party. Data is only shared as described above and as necessary to provide our services.
child_care Children's Privacy expand_more
digi.shopping is not directed at children under the age of 16 (or 13 in the United States under COPPA, or the applicable minimum age in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate parental consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at privacy@kriyaetive.com.
visibility_off Do Not Track & Global Privacy Control expand_more
We honour Do Not Track (DNT) browser signals and Global Privacy Control (GPC) signals. When we detect either signal, we automatically set your cookie preference to "rejected" and do not load any non-essential tracking. This is in compliance with the California Consumer Privacy Act (CCPA) and other applicable laws that recognise GPC as a valid opt-out mechanism.
update Changes to This Policy expand_more
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes:
We will update the 'Last updated' and 'Effective date' at the top of this page
We will notify registered users and newsletter subscribers via email at least 14 days before material changes take effect
We will display a prominent notice on our website for at least 30 days
Where required by law, we will obtain your consent for material changes to how we process your data
mail Contact Us expand_more
For any questions, concerns, or requests relating to this Privacy Policy or your personal data:
Privacy & Data Protection
privacy@kriyaetive.com
Grievance Officer (India — DPDPA)
grievance@kriyaetive.com
General Inquiries
hello@kriyaetive.com
We aim to respond to all privacy-related requests within 30 days. For EU/EEA residents, this may be extended by up to 60 days for complex requests, with prior notification.