Frexic Privacy Policy

We collect various types of information to provide and improve our services: A. Personal Information You Provide: When you register or use our Platform, we collect: • Full name • Mobile phone number • Delivery addresses (home, office, etc.) B. Payment Information: All payments are done through secured payment gateways (Frexic stores no information about payment details e.g. card, UPI etc.) C. Order and Usage Information: • Products browsed and purchased • Order history and preferences • Items in cart and wishlists • Product ratings and reviews • Customer support interactions • Search queries on the Platform D. Device and Technical Information: • Device type, model, and operating system • Unique device identifiers (IMEI, device ID) • IP address and approximate location • Browser type and version • Mobile network information • App usage statistics and crash reports • Cookies and similar tracking technologies E. Location Information: With your permission, we collect: • Precise GPS location (when app is in use) • Approximate location based on IP address • Delivery location coordinates • Location history for delivery optimization F. Communications: • Customer support chat transcripts • Emails and messages sent to us • Call recordings (for quality and training) • Feedback and survey responses • Social media interactions G. Information from Third Parties: • Payment gateway transaction details • Delivery partner location and status H. Camera and Media Access: • Photos you upload (for reviews, profile pictures) • Product images captured for quality complaints • Camera access for QR code scanning • Access to your device's photo library or storage when you choose to upload or attach an image I. SMS and Call Logs (with Permission): • SMS for OTP verification • Order-related messages from us • Call logs for customer service interactions We collect this information when you: • Create an account or update your profile • Place or modify orders • Contact customer support • Use specific features requiring permissions • Interact with promotional campaigns • Voluntarily provide feedback or reviews

We use your information for the following purposes: A. Service Delivery and Order Fulfillment: • Process and fulfill your orders • Coordinate delivery with delivery partners • Send order confirmations and delivery updates • Handle product returns and refunds • Manage your account and preferences • Authenticate your identity • Process payments securely B. Personalization and Improvement: • Recommend products based on your preferences • Customize your shopping experience • Analyze buying patterns and trends • Improve our product selection • Optimize delivery routes and timing • Enhance app features and performance • A/B testing for better user experience C. Communication: • Send transactional messages (order updates, receipts) • Promotional offers and discounts (you can opt-out) • Product recommendations and newsletters • Service announcements and updates • Customer satisfaction surveys • Important policy or terms changes • Respond to your inquiries and support requests D. Safety and Security: • Prevent fraud and unauthorized transactions • Detect and prevent security threats • Verify account ownership and prevent identity theft • Monitor for suspicious activities • Ensure payment security • Protect against abuse and spam • Enforce our Terms of Use E. Legal and Compliance: • Comply with legal obligations and regulations • Respond to law enforcement requests • Resolve disputes and enforce agreements • Maintain records for tax and accounting • Comply with FSSAI and food safety regulations • Meet know-your-customer (KYC) requirements F. Analytics and Research: • Understand user behavior and preferences • Conduct market research • Measure advertising effectiveness • Generate anonymized statistical reports • Improve supply chain efficiency • Forecast demand for products G. Marketing and Advertising: • Show you relevant advertisements • Measure campaign performance • Send personalized offers • Retarget visitors who didn't complete purchases • Partner with brands for co-marketing H. Product Development: • Develop new features and services • Test new product categories • Improve quality control processes • Optimize inventory management

We share your information with third parties only as described below: A. With Delivery Partners: We share information needed for delivery: • Name and delivery address • Phone number for coordination • Delivery instructions and landmarks • Order contents (for handling requirements) • Real-time delivery location (for tracking) Delivery partners are independent contractors bound by confidentiality agreements. B. With Payment Processors: Payment information is shared with: • Payment gateways (Razorpay, Paytm, etc.) • Banks and financial institutions • UPI service providers • Card networks (Visa, Mastercard, RuPay) These partners are PCI-DSS compliant and process payments securely. C. With Service Providers: We work with third-party service providers for: • Cloud hosting (Amazon Web Services, Google Cloud) • SMS and email services • Customer support platforms • Analytics and data analysis • Marketing and advertising platforms • Credit verification agencies • Background verification services All service providers are bound by confidentiality agreements. D. With Marketing Partners: For advertising and promotions, we may share: • Anonymized and aggregated data • Cookie IDs and device identifiers • General demographic information • Interest categories (not personal details) We NEVER sell your personal information. E. Business Transfers: In the event of a merger, acquisition, or sale: • Your information may be transferred to the new entity • You will be notified of any such transfer • The new entity will be bound by this Privacy Policy • You will have the option to delete your data F. Legal Requirements: We may disclose your information when required to: • Comply with legal obligations or court orders • Respond to government or regulatory requests • Protect our rights, property, or safety • Protect rights and safety of our users • Prevent fraud or illegal activities • Enforce our Terms of Use • Cooperate with law enforcement We will notify you of such disclosures unless prohibited by law. G. With Your Consent: We may share your information with other third parties when: • You explicitly authorize the sharing • You participate in partner programs • You connect third-party apps or services • You engage in co-branded promotions H. Anonymized and Aggregated Data: We may share anonymized, aggregated data that doesn't identify you: • Industry reports and market research • Business analytics with partners • Public disclosures about our services • Academic research (with proper safeguards) What We DON'T Do: • Sell your personal information to data brokers • Share your data for others' marketing without consent • Provide your contact details to telemarketers • Disclose your purchase history publicly

We implement industry-standard security measures to protect your information: A. Technical Security Measures: • SSL/TLS encryption for data transmission • Encryption of sensitive data at rest • Secure, PCI-DSS compliant payment processing • Regular security audits and vulnerability assessments • Firewalls and intrusion detection systems • Multi-factor authentication for admin access • Secure API endpoints • Regular software updates and patches B. Organizational Security: • Background checks for employees with data access • Strict access controls - need-to-know basis only • Employee training on data protection • Confidentiality agreements with all staff • Incident response procedures • Regular security awareness training • Data protection impact assessments C. Physical Security: • Secure data centers with 24/7 monitoring • Biometric access controls • CCTV surveillance • Redundant power and cooling systems • Disaster recovery and backup systems D. Payment Security: • We do NOT store complete credit/debit card numbers • Card data processed through PCI-DSS compliant gateways • Tokenization of payment information • 3D Secure authentication for online payments • Fraud detection and prevention systems E. Account Security: You can protect your account by: • Using a strong, unique password • Enabling biometric authentication (fingerprint/face) • Not sharing your password or OTP with anyone • Logging out from shared devices • Monitoring your account for suspicious activity • Reporting unauthorized access immediately F. Data Breach Response: In the unlikely event of a data breach: • We will investigate immediately • Affected users notified within 72 hours • Details of what data was compromised • Steps we're taking to address the breach • Recommendations for protecting yourself • Support and assistance provided G. Limitations: Despite our security measures: • No system is 100% secure • Internet transmission carries inherent risks • You are responsible for your account security • We are not liable for unauthorized access due to your negligence • Third-party websites and services have their own security H. Your Responsibilities: • Keep your password confidential • Do not share OTPs or security codes • Use updated and secure devices • Avoid public WiFi for sensitive transactions • Review your account activity regularly • Report suspicious emails or calls claiming to be from Frexic • Enable device security features I. Third-Party Security: • Payment gateways maintain their own security • Cloud providers have independent security measures • We vet all third-party partners for security compliance • Regular audits of partner security practices

You have the following rights regarding your personal information: A. Right to Access: You can: • View your personal information in account settings • Request a copy of all data we hold about you • Access your order history and transaction records • Review your communication preferences • See what data we've shared with third parties How to exercise: Email privacy@frexic.com or use in-app settings B. Right to Correction: You can: • Update your name, email, phone number • Modify delivery addresses • Correct inaccurate information • Update preferences and settings How to exercise: Through app settings or contact support C. Right to Deletion ("Right to be Forgotten"): You can request deletion of: • Your account and profile • Personal information we hold • Order history (subject to legal retention requirements) • Payment information • Communication history How to exercise: • Email privacy@frexic.com with your request Note: We may retain some information for: • Legal or regulatory compliance (up to 7 years for tax records) • Fraud prevention and security • Resolving disputes • Enforcing our agreements D. Right to Data Portability: You can: • Download your data in a machine-readable format • Transfer your data to another service • Receive your data via email How to exercise: Request via privacy@frexic.com E. Right to Restrict Processing: You can request that we: • Stop using your data for certain purposes • Limit how we process your information • Freeze data while we verify accuracy How to exercise: Email privacy@frexic.com F. Right to Object: You can object to: • Use of your data for marketing purposes • Automated decision-making and profiling • Data processing based on legitimate interests • Sharing with certain third parties How to exercise: Opt-out via app settings or email G. Right to Opt-Out of Communications: You can opt-out of: • Promotional emails (click "Unsubscribe" link) • SMS marketing (reply STOP to messages) • Push notifications (in device/app settings) • WhatsApp messages (opt-out via chat) Note: You cannot opt-out of essential transactional messages. H. Right to Withdraw Consent: You can withdraw consent for: • Location tracking • Camera and photo access • Microphone access • Contact list access • SMS and call log access How to exercise: Through device settings I. Right to Lodge a Complaint: If you're unsatisfied with how we handle your data: • Contact our Grievance Officer: privacy@frexic.com • File a complaint with relevant authorities • Approach consumer courts J. Rights for Minors: If you are under 18: • A parent/guardian must manage your account • They can exercise all privacy rights on your behalf • We may request proof of guardianship K. Right to Nominate: You can nominate someone to: • Manage your account in case of incapacity • Exercise rights on your behalf if deceased How We Process Your Requests: • Acknowledgment within 24 hours • Verification of your identity • Processing within 30 days • Notification of completion • Free of charge (unless requests are excessive) We may ask for: • Proof of identity • Clarification of your request • Additional information to locate your data

How long we keep your information: A. Active Account Data: While your account is active, we retain: • Profile information • Order history • Preferences and settings • Payment methods • Communication history • Delivery addresses Duration: As long as account remains active B. After Account Deletion: Personal data is: • Deleted within 30 days of deletion request • Anonymized and de-identified • Removed from active systems However, we may retain: • Transaction records (7 years for tax compliance) • Legal documents and agreements • Fraud prevention records • Dispute resolution records C. Specific Retention Periods: Payment Information: • Card tokens: Until card expires or removed • Transaction history: 7 years (tax law requirement) • Failed payment records: 1 year • Refund records: 7 years Communication Records: • Customer support chats: 3 years • Email correspondence: 5 years • Call recordings: 90 days (unless part of dispute) • Feedback and reviews: Indefinitely or until deleted Order Information: • Completed orders: 7 years • Cancelled orders: 3 years • Returns/exchanges: 7 years • Quality complaints: 5 years Location Data: • GPS coordinates: 90 days • Delivery locations: 7 years (linked to orders) • Approximate location: 1 year Technical Data: • App usage analytics: 2 years • Crash reports: 1 year • Device identifiers: 3 years • Cookies: As specified in Cookie Policy Marketing Data: • Promotional preferences: Until opt-out • Campaign analytics: 2 years • A/B test results: 1 year D. Legal and Regulatory Requirements: We retain data longer when required by: • Income Tax Act (7 years for financial records) • GST regulations (6 years minimum) • Companies Act (8 years) • Consumer Protection Act (as needed for claims) • Court orders or investigations E. Anonymized Data: After retention periods: • Data is anonymized and aggregated • Cannot be linked back to you • Used for analytics and research • Retained indefinitely F. Deletion Process: Upon account deletion: • Personal identifiers removed within 30 days • Backups purged in next backup cycle (90 days) • Third parties notified to delete data • You receive confirmation of deletion G. Exceptions to Deletion: We may retain your data if: • Required by law or regulation • Needed for ongoing legal proceedings • Necessary to prevent fraud • To enforce our agreements • For legitimate business interests How to Request Deletion: • Delete account via app settings • Email privacy@frexic.com • Contact customer support • Submit written request

We use cookies and similar technologies to improve your experience: A. What Are Cookies? Cookies are small text files stored on your device that help us: • Remember your preferences • Keep you logged in • Understand how you use our Platform • Show relevant advertisements • Improve our services B. Types of Cookies We Use: Essential Cookies (Cannot Opt-Out): • Account authentication • Security and fraud prevention • Shopping cart functionality • Load balancing • Session management Purpose: Required for Platform to function Performance Cookies: • Page load times • Error tracking • Usage statistics • Feature testing Purpose: Improve Platform performance Functional Cookies: • Language preferences • Location settings • Customization options • Recent searches Purpose: Enhanced user experience Analytics Cookies: • Google Analytics • User behavior patterns • Popular products and features • Traffic sources Purpose: Understand user behavior Advertising Cookies: • Personalized ads • Retargeting campaigns • Ad performance measurement • Interest-based advertising Purpose: Show relevant advertisements C. Similar Technologies: Web Beacons/Pixels: • Track email opens • Measure ad impressions • Monitor page views Local Storage: • Store larger amounts of data • Cache for offline access • Temporary session data Device Fingerprinting: • Identify devices without cookies • Fraud prevention • Security purposes SDKs and APIs: • Analytics platforms • Crash reporting • Push notifications • Social media integration D. Managing Cookies: Browser Settings: • Block all cookies (may break functionality) • Block third-party cookies only • Clear cookies regularly • Receive notification before cookies set Mobile App Settings: • Limit ad tracking (iOS) • Opt out of personalized ads (Android) • Reset advertising ID • Restrict app permissions Platform Controls: • Opt-out of personalized ads in settings • Disable analytics (limits some features) • Cookie preference center E. Cookie Lifespan: Session Cookies: • Deleted when you close browser/app • Used for temporary functions Persistent Cookies: • Remain for specified period • Used for login and preferences • Typical duration: 30 days to 2 years F. Do Not Track (DNT): • We currently don't respond to DNT signals • Working towards compliance • Can opt-out through settings G. Impact of Blocking Cookies: If you disable cookies: • Cannot stay logged in • Cart items not saved • Preferences reset each visit • Some features may not work • No personalized experience H. Updates to Cookie Policy: • We may add or remove cookies • Changes posted in this policy • Continued use implies consent

Protection of children's information: A. Age Restriction: • Frexic is NOT intended for children under 18 • Must be 18+ to create an account • Must have legal capacity to contract • Age verification may be required B. Parental Consent: If you are under 18: • May only use under parent/guardian supervision • Parent/guardian must create and manage account • Parent/guardian accepts responsibility • Parent/guardian consents to data collection C. Information We Don't Knowingly Collect: We do not intentionally collect from children under 18: • Personal information • Payment details • Location data • Photos or videos • Any other data D. If We Discover Child Information: If we learn a child under 18 has provided information: • We will delete it promptly • Account will be suspended or deleted • Parent/guardian will be notified (if identifiable) • No further data collection from that account E. Parental Rights: Parents/guardians can: • Review child's information • Request deletion of data • Refuse further collection • Manage privacy settings • Exercise all privacy rights on behalf of child F. How to Report: If you believe a child has created an account: • Email: privacy@frexic.com • Subject: "Child Privacy Concern" • Provide: Account details and evidence • We will investigate within 48 hours G. School or Educational Programs: • We do not offer school programs • Not targeted at educational institutions • No special student accounts • No collection via schools H. Advertising to Children: • We do not advertise to children • Age-appropriate content filters • No marketing targeted at minors • Compliance with child protection laws I. Third-Party Links: • Platform may contain links to third-party sites • We are not responsible for their privacy practices • Parents should supervise internet use • Review third-party policies before use J. Legal Compliance: We comply with: • Information Technology Act, 2000 • Indian child protection laws • International child privacy standards (where applicable) K. Updates for Minors: • This policy applies to all users • Enhanced protection for those under 18 • Parents should review this policy with minors

Information about cross-border data transfers: A. Primary Data Storage: • Data primarily stored in India • Servers located in Indian data centers • Compliance with Indian data protection laws • Subject to Indian jurisdiction B. When We Transfer Data: Cloud Services: • Amazon Web Services (AWS) - Global infrastructure • Google Cloud Platform - May store outside India • Backup servers in multiple countries • Redundancy for reliability Service Providers: • Payment gateways with international operations • Analytics platforms (Google, Facebook) • Email and SMS services • Customer support platforms Business Operations: • Group companies and affiliates • International consultants • Cross-border technical support C. Countries We May Transfer To: • United States • European Union • Singapore • Other countries where our service providers operate D. Safeguards for Transfers: When data is transferred outside India: • Standard Contractual Clauses (SCCs) • Adequacy decisions (where applicable) • Binding Corporate Rules • Equivalent data protection standards • Encryption during transfer • Access controls and monitoring E. Legal Basis for Transfers: • Your explicit consent • Necessary for contract performance • Legal obligations • Legitimate business interests • Public interest or legal claims F. Third-Party Protections: Service providers must: • Maintain equivalent security standards • Comply with data protection laws • Sign data processing agreements • Allow audits and inspections • Report data breaches G. Data Subject Rights: Even when data is transferred: • You retain all privacy rights • Can access, correct, delete data • Can withdraw consent • Can lodge complaints H. Withdrawal of Consent: You can withdraw consent for transfers: • May limit Platform functionality • Essential services may be unavailable • Some features require data processing abroad How to withdraw: • Email privacy@frexic.com • Specify which transfers to restrict • We'll respond within 30 days I. Notification of Changes: We will notify you if: • New countries added for data storage • Service providers change • Material changes to safeguards • Changes in legal basis J. Accessing Foreign Stored Data: • Same access rights apply • May take longer (up to 45 days) • No additional charges • Verification required K. Government Access: • Indian law enforcement has priority • Foreign government access only with valid legal process • We resist overbroad requests • Notify you unless legally prohibited L. Brexit and GDPR: • If you're in EU/UK: • GDPR rights apply • Additional safeguards implemented • Right to lodge complaint with EU authorities

How we update this Privacy Policy: A. Right to Modify: We reserve the right to update this Privacy Policy: • To comply with new laws or regulations • To reflect changes in our practices • To add new features or services • To improve clarity and transparency • Based on user feedback • For business or operational reasons B. Types of Changes: Material Changes: Examples include: • Collecting new categories of personal data • Using data for new purposes • Sharing with new types of third parties • Changing data retention periods • Reducing your privacy rights For material changes, we will: • Notify you at least 7 days in advance • Email to your registered email address • Push notification through the app • Prominent notice on Platform • Require acceptance for continued use Non-Material Changes: Examples include: • Clarifying existing practices • Fixing typos or grammatical errors • Updating contact information • Adding examples or details • Reorganizing content For non-material changes: • Updated policy posted immediately • "Last Updated" date changed • May not send individual notifications C. How You'll Be Notified: Email Notification: • Sent to registered email • Subject: "Frexic Privacy Policy Update" • Summary of key changes • Link to updated policy • Effective date In-App Notification: • Pop-up or banner • Before next order • Cannot dismiss until acknowledged • Link to full policy SMS Alert: • For significant changes • Summary of impact • Link to policy Website Banner: • Prominent notice on homepage • Visible for 30 days • Click to view changes D. Your Options After Changes: If You Accept: • Continue using the Platform • Your continued use implies acceptance • New policy applies to all data If You Don't Accept: • Stop using the Platform • Delete your account • Request data deletion • Export your data before leaving E. Reviewing Changes: • Check "Last Updated" date at top • Review periodically (recommended: every 3 months) • Compare with previous version • Contact us with questions F. Version History: • We maintain archive of previous versions • Available on request • Email privacy@frexic.com for older versions • Helps you track changes over time G. Effective Date: • Changes effective on date specified • Not retroactive unless required by law • Existing data handled per policy when collected H. Grandfathering: In some cases: • Existing users may operate under old terms • New users subject to new policy • Explicitly communicated when applicable I. Regulatory Changes: If new laws require changes: • Implemented immediately • May not provide advance notice • Communicated as soon as possible • Compliance takes priority J. Feedback on Changes: You can: • Submit feedback on changes • Ask questions about updates • Request clarifications • Suggest improvements Contact: privacy@frexic.com K. Annual Review: We commit to: • Review policy at least annually • Update as needed • Ensure accuracy and completeness • Maintain compliance with laws

How to reach us with privacy concerns: A. Privacy Officer Contact: For privacy-related queries and requests: Email: privacy@frexic.com Subject Line: "Privacy Query - [Your Concern]" Response Time: Within 24-48 hours What to Include: • Your name and registered email/phone • Nature of your request (access, deletion, correction, etc.) • Specific information you're inquiring about • Any relevant order numbers or dates • Preferred method of response B. Grievance Officer Details: As per Information Technology Act, 2000: Name: [Grievance Officer Name] Designation: Data Protection and Grievance Officer Company: Xenorbit Innovations Private Limited Address: Thane, Maharashtra, India Email: grievance@frexic.com Availability: Monday-Saturday, 9:00 AM - 6:00 PM IST C. What We Handle: • Data access requests • Data correction and deletion requests • Privacy complaints and concerns • Data breach notifications • Opt-out requests • Consent withdrawal • Third-party data sharing inquiries • Cookie and tracking concerns • Children's privacy issues • International transfer questions • Policy clarifications D. Grievance Redressal Process: Step 1: Submit Complaint • Email grievance@frexic.com • Provide detailed description • Include supporting documents • Mention desired resolution Step 2: Acknowledgment • Receive within 24 hours • Ticket number assigned • Timeline communicated • Point of contact provided Step 3: Investigation • Review of your concern • May request additional information • Consultation with relevant teams • Compliance verification Step 4: Resolution • Response within 7 working days • Explanation of findings • Action taken or reasons for denial • Next steps if unsatisfied Step 5: Escalation If not satisfied: • Appeal to senior management • Contact regulatory authorities • File complaint with authorities E. Response Timelines: • Acknowledgment: 24 hours • Simple requests: 7 working days • Complex requests: 30 days • Data portability: 45 days • Extensions communicated in advance F. External Authorities: If unsatisfied with our response: Data Protection Authorities: • Ministry of Electronics and IT (MeitY) • Cyber Crime Cell • Consumer Forums Contact Information: • National Cyber Crime Reporting Portal: cybercrime.gov.in • Cyber Crime Helpline: 1930 • Consumer Helpline: 1800-11-4000 G. Other Contact Methods: General Customer Support: • In-app chat support • Email: support@frexic.com Legal Department: • Email: legal@frexic.com • For legal notices only Data Protection Officer (DPO): • Email: dpo@frexic.com • For EU/international privacy matters I. Business Hours: • Customer Support: 24/7 • Privacy Officer: Monday-Friday, 9 AM - 6 PM • Grievance Officer: Monday-Saturday, 9 AM - 6 PM J. What We Need From You: To process your request: • Valid proof of identity • Account verification details • Specific information you're requesting • Authorization (if acting on behalf of someone) • Clear description of issue K. Verification Process: For security, we may: • Ask for government-issued ID • Send OTP to registered phone/email • Request answers to security questions • Verify recent order details L. Language Support: • Primary: English and Hindi • Regional languages on request • Translation services available M. Follow-Up: • You can track request status • Updates provided at key milestones • Can request expedited processing • Contact us for clarifications N. Confidentiality: • Your complaint treated confidentially • Shared only with relevant personnel • Not used for marketing • Secure storage and handling O. No Retaliation: • Complaints don't affect your account • No negative consequences • Your rights remain protected • Services continue normally