Privacy Policy

1. Introduction

Cotton to Clothes Technologies ("we", "our", or "us") operates the Gauraiya mobile application ("App"). This Privacy Policy explains how we collect, use, store and protect your information when you use our App and related services.

By using the App, you agree to the practices described in this policy. If you do not agree, please do not use the App.

2. Information We Collect

2.1 Information You Provide

• Account information: Phone number, name, email address (optional)
• Business profile: Business name, address, GST number, photos
• Orders and transactions: Product details, quantities, prices, payment records
• Inventory data: Material names, stock levels, supplier information
• Photos: Product images and showcase photos you upload
• Address information: Delivery and business addresses

2.2 Information Collected Automatically

• Device identifiers: Android ID (or iOS Identifier for Vendor) — used to identify your device for offline data synchronisation across sessions
• Push notification token: A unique token generated by your device to deliver order and payment notifications
• Device information: Device model, manufacturer, operating system version, and app version — used for crash reporting and debugging
• App usage data: Screens visited, features used, error logs — used to improve app performance
• Network information: Online/offline status for sync management

2.3 Location Information

We collect location data only when you use the address search feature to find and pin your business or delivery address. We do not track your location in the background.

3. How We Use Your Information

• Provide and operate the App and its features
• Sync your business data across devices and sessions (offline support)
• Send order updates, payment alerts and procurement notifications via push
• Identify and fix app crashes and technical issues
• Process payments via Razorpay payment gateway
• Verify phone numbers via OTP (SMS)
• Improve app features based on usage patterns
• Respond to your support requests

We do not use your data for advertising or sell it to third parties.

4. Data Sharing

We share data only in the following limited circumstances:

4.1 Service Providers

• Amazon Web Services (AWS): Cloud hosting and file storage (AWS S3) — servers located in Mumbai, India
• Supabase / PostgreSQL: Secure database hosting
• Razorpay: Payment processing — subject to Razorpay's privacy policy
• Expo / Firebase: Push notification delivery infrastructure
• Google Places API: Address search (queries routed via our backend, not directly from your device)

4.2 Legal Requirements

We may disclose information if required by law, court order or to protect the rights and safety of our users.

4.3 Business Transactions

In the event of a merger or acquisition, user data may be transferred to the new entity under the same privacy protections.

5. Device Identifiers — Detailed Disclosure

Google Play requires us to specifically disclose our use of device identifiers:

• What we collect: Android ID (on Android) or Identifier for Vendor (on iOS)
• Why: To uniquely identify your device so that offline-created data can be matched and synced to your account when internet connectivity is restored. Without this, data created offline could be lost or duplicated.
• Where it is stored: On your device (AsyncStorage) and on our secure servers in Mumbai
• Shared with third parties: No
• How long it is retained: Until you delete your account

6. Data Security

• All data transmitted between the App and our servers is encrypted using HTTPS/TLS
• Authentication uses secure JWT tokens with short expiry (24-hour access tokens)
• Sensitive credentials are stored using device secure storage (not plain AsyncStorage)
• Our servers are hosted on AWS with restricted access controls
• Passwords are hashed using bcrypt

7. Data Retention

We retain your data for as long as your account is active. If you delete your account:

• Personal profile data is deleted within 30 days
• Device identifiers and push tokens are deleted immediately
• Transaction and order records may be retained for up to 7 years for legal and tax compliance (Indian law)
• Anonymised/aggregated analytics data may be retained indefinitely

8. Your Rights

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate information in your profile
• Delete your account and associated personal data — request account deletion here
• Withdraw consent for push notifications (via your device settings)
• Data portability — request a copy of your data by contacting us

To exercise these rights, email us at support@cottontoclothes.com or use our account deletion form.

9. Children's Privacy

The App is intended for users aged 18 and above. We do not knowingly collect data from children under 18. If you believe a child has provided us data, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you via a push notification or in-app message. The updated policy will be posted on this page with a revised date.

11. Contact Us

For any privacy-related questions or concerns:

• Email: support@cottontoclothes.com
• Website: cottontoclothes.com
• Address: Cotton to Clothes Technologies, India