Privacy Policy

1. Who we are

Gray Cup Enterprises Private Limited operates the Open D2C platform — a product discovery and search platform for Indian direct-to-consumer brands. This Privacy Policy explains how we collect and use information when you use our website as a buyer or connect your store as a seller.

2. What we collect

From buyers (visitors browsing the platform):

• Browse behavior — pages visited, search queries, products clicked, time on page.
• Device and browser information for analytics and debugging.
• IP address (used for rate limiting and fraud prevention; not stored permanently).
• Account data if you sign up — email address and display name.
• Optional: wishlists, saved searches, and browsing preferences if you create an account.

From sellers (brands connecting their store):

• Business name, website URL, and contact email.
• Publicly available product data crawled from your website (titles, images, prices, descriptions).
• Crawl logs and sync state — timestamps and status of each product sync.
• Account credentials managed via BetterAuth (passwords are hashed, never stored in plain text).

3. What we do not collect

• Payment information of any kind — we do not process transactions.
• Sensitive personal data (Aadhaar, PAN, financial details).
• Any data from seller websites beyond publicly accessible product pages.

4. How we use your data

• To power search, discovery, and product recommendations on the platform.
• To sync and display seller product catalogs accurately.
• To improve platform performance, fix bugs, and understand usage patterns.
• To send transactional emails — account confirmation, crawl status, and similar.
• We do not sell your personal data to third parties.

5. Cookies and analytics

We use cookies for session management and analytics. Analytics data is aggregated and anonymised — we use it to understand traffic patterns, not to identify individuals.

We may use third-party analytics tools (such as Vercel Analytics). These tools collect anonymised usage data under their own privacy policies.

6. Advertising

We may introduce advertising on the platform in the future. If we do, we will update this policy to describe what data is used for ad targeting and how you can opt out. We will not use sensitive personal data for advertising purposes.

7. Data retention

• Buyer account data is retained until you delete your account.
• Seller product data is retained while your store is connected. Disconnecting removes your catalog from the platform within 30 days.
• Analytics data is retained in aggregated form for up to 24 months.

8. Third-party websites

When you click through to a seller's website, you leave Open D2C. That seller's own privacy policy applies from that point forward. We are not responsible for how third-party websites handle your data.

9. Your rights

Under the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023 (India), you have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your account and associated personal data.
• Withdraw consent for data processing where consent is the legal basis.

To exercise any of these rights, email us at legal@opend2c.in.

10. Security

We use industry-standard measures to protect your data — encrypted connections (HTTPS), hashed passwords, and access controls on our databases. No system is perfectly secure, but we take data protection seriously and will notify affected users promptly in the event of a breach.

11. Changes to this policy

We may update this Privacy Policy as the platform evolves. Material changes will be communicated via a notice on the platform. Continued use after changes are posted constitutes acceptance.

12. Contact

Privacy questions or data requests: legal@opend2c.in