Skip to Content
Hyperlocal marketplace · Shantigram, Ahmedabad · Become a vendor →
ShantigramCentral
Sign In Sign Up

Your data, your rules

Privacy Policy

How ShantigramCentral collects, uses, and protects personal information.

Last updated: April 2026.

1. Who we are

ShantigramCentral ("we", "us", "our") is a hyperlocal marketplace operated for the residents and shop owners of the Shantigram Township in Ahmedabad, India. We are the data fiduciary under the Digital Personal Data Protection Act, 2023 ("DPDP Act") and the intermediary under Section 2(w) of the Information Technology Act, 2000 ("IT Act") for the data collected through this platform.

2. What we collect

  • Identity & contact data: name, mobile number, email, residential flat or shop unit, optional photograph.
  • KYC data (vendors only): Aadhaar number (last four digits visible to you, full number stored encrypted), PAN number, GSTIN where applicable, and uploaded identity / address / shop-licence documents.
  • Transaction data: orders, bookings, invoices, payment-method tokens, refunds and return requests.
  • Technical data: IP address, browser/device fingerprint, session cookies, pages visited, referring URL.
  • Communication data: messages exchanged through the support form, ticket threads and email correspondence with our team.

3. Why we collect it

We process your personal data only for these specific purposes:

  • To verify that you are a Shantigram resident or shop owner and prevent impersonation.
  • To run the marketplace — show listings, process orders, fulfil bookings, raise invoices, and settle payouts to vendors.
  • To comply with our legal obligations under the GST Act, Companies Act, IT Rules 2021, income-tax law, and any lawful order from an Indian court or government authority.
  • To detect, prevent and respond to fraud, abuse, harassment, or violations of our Terms.
  • To send transactional notifications (order updates, booking reminders, KYC status, invoices). We will not send you promotional messages without your explicit, revocable opt-in.

4. Lawful basis

We process personal data on the basis of your consent (DPDP Act §6) and, where applicable, on the grounds of certain legitimate uses permitted under §7 of the DPDP Act, including the performance of services you have requested, compliance with law, and the protection of life or safety.

5. Sharing and disclosure

We share personal data only with:

  • Vendors you have ordered from or booked, limited to the data needed to fulfil that order or booking (your name, delivery address, mobile number).
  • Payment processors (currently Razorpay) under their own privacy policies, to charge your payment method and disburse refunds.
  • Cloud and hosting providers who store data on our behalf within India and under written processing agreements.
  • Government authorities when required by a lawful written order.

We do not sell your data. We do not share it with advertising networks.

6. Your rights

Under the DPDP Act you have the right to:

  • Access a summary of the personal data we hold about you.
  • Correct or update inaccurate data.
  • Erase data we no longer need to hold (subject to retention obligations under tax law).
  • Withdraw consent at any time, with the same ease with which you gave it.
  • Nominate another individual to exercise your rights in case of incapacity or death.
  • Lodge a complaint with the Data Protection Board of India.

To exercise any of these rights, write to privacy@shantigramcentral.com. We will respond within 30 days.

7. Retention

We keep KYC data for as long as your vendor account is active, plus eight years after closure (the retention period prescribed under §36 of the CGST Act, 2017 for tax records). Order, invoice and payout data is retained for the same eight-year period. Technical logs are pruned after 180 days.

8. Security

We follow the "reasonable security practices and procedures" defined in Rule 8 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. This includes TLS in transit, encryption at rest for Aadhaar/PAN/document fields, role-based access control, and audit logs of all administrative access. No system is perfectly secure; if a breach occurs, we will notify the Data Protection Board of India and affected users without undue delay as required by §8(6) of the DPDP Act.

9. Children

ShantigramCentral is not directed to children below 18. We do not knowingly collect personal data from minors and will delete any such data as soon as we become aware of it.

10. Cookies

We use first-party session cookies strictly necessary to keep you signed in and to remember your draft vendor application. We do not use third-party tracking cookies or behavioural advertising cookies.

11. Grievance Officer

In compliance with §11 of the IT Act, 2000 and Rule 5(9) of the IT (Reasonable Security Practices) Rules, 2011, our Grievance Officer is:

[REPLACE — Officer Name]
ShantigramCentral, Shantigram Township, SG Highway, Ahmedabad 382421
grievance@shantigramcentral.com

12. Changes

We may update this policy. The "Last updated" date at the top reflects the latest revision. Material changes will be notified by email and on the homepage at least 14 days before taking effect.