Privacy Policy
Last updated: May 7, 2026 · Grievance Officer · Terms of Service
1. Introduction
This Privacy Policy explains how S3agents ("we", "us", or "our"), the developer of the e-Kirana suite of applications, collects, uses, and protects your personal information. This policy covers all of our mobile applications:
- e-Kirana — Customer shopping app
- e-Kirana Delivery — Delivery partner app
- e-Kirana Companion — Companion app for shopkeepers
Our architecture is decentralized.The shopkeeper's computer is the primary database for orders, customers, delivery records, and daily transactions. We do not operate a central server that stores customer order history, delivery boy GPS history, or daily transaction data. Our cloud infrastructure (Cloudflare) acts as a real-time relay between devices and stores only the shopkeeper's account, payment subscription, and shop registration details.
2. Information We Collect
The types of information we collect depend on which app you use:
e-Kirana (Customer App)
- Account information via Google Sign-In (name, email address)
- Phone number for order communication
- Delivery address and location data
- Order history and preferences (stored on the shopkeeper's device)
- Device information and crash reports (via Sentry)
- App usage analytics (via Firebase Analytics)
e-Kirana Delivery (Delivery Partner App)
- Authentication via QR code scanning (the rider's name and an access token are issued by the shop owner from their shopkeeper app)
- Real-time GPS location, including background location tracking only during active deliveries. This location streams in real-time to the customer's tracking page and the shopkeeper's dashboard; it is not stored on our servers and is discarded once the delivery batch ends. Apple Privacy Manifest classification: Precise Location, linked to your account identity (rider ID), used only for App Functionality, not used for tracking or advertising.
- Camera access for QR code scanning during login (no images are stored or transmitted)
- Delivery batch data fetched from the shopkeeper for the duration of the delivery: customer name, customer phone number, delivery address, ordered items, total amount, and payment method (cash / online / credit). This data is processed on the rider's device only during the active delivery and is not retained on our central servers.
- Information the rider records to complete a delivery: amount collected, payment method, delivery notes, and any partial-delivery item adjustments. These records are sent to the shopkeeper's device, which is the system of record.
- Local app notifications for the foreground tracking service, batch updates, and delivery prompts (no remote push notifications are received — riders refresh the app manually to fetch new batches)
- Network connection metadata (WiFi / cellular type) used to maintain a stable connection during deliveries
- Crash reports, performance traces, in-app interaction breadcrumbs, and session replays (via Sentry) used for diagnosing app issues. Apple Privacy Manifest classification: Crash Data and Performance Data, not linked to your identity, used for Analytics. See Section 4 for full Sentry disclosure.
What we do not collect: we do not collect your contacts, photos library, microphone, health data, advertising identifiers (IDFA / Android Advertising ID), or biometric data. We do not register a remote push token. We do not send your Aadhaar, PAN, payment card numbers, UPI VPAs, bank account numbers, or one-time passwords (OTPs) to any external service.
e-Kirana Companion
- Camera access for QR code scanning
- Notification access to read UPI payment confirmations
- Transaction verification data
- Device information and crash reports (via Sentry)
3. How We Use Your Information
We use the collected information for the following purposes:
- To provide, maintain, and improve our services
- To process and deliver orders
- To track deliveries in real-time and provide accurate ETAs
- To verify payment transactions
- To communicate order updates and important notifications
- To diagnose technical issues and improve app stability
- To comply with legal obligations
What we do not do with your data. We do not sell your personal data to anyone. We do not share your data with advertisers, data brokers, or for any third-party advertising or marketing purpose. We do not use your data to track you across other apps or websites. The Apple Privacy Manifest declaration NSPrivacyTracking is set to false for all our apps, and the list of tracking domains is empty.
4. Third-Party Services
Our apps use the following third-party services. Each service collects data according to its own privacy policy, with which we contractually require it to comply:
- Google Sign-In — Authentication (Customer app)
- Firebase — Analytics and authentication services (Customer app)
- Sentry (Functional Software, Inc.) — Error tracking, crash reporting, performance traces (sampled at 20%), breadcrumbs of in-app interactions, and session replays (sampled at 100% on errors and 10% of regular sessions; may capture screen content). Sentry data is processed in the United States (sentry.io on Google Cloud Platform, us-central). Sentry's sub-processors include AWS, Cloudflare, Google LLC, Anthropic, OpenAI, Mailgun, and SendGrid. Cross-border transfer is governed by Sentry's Data Processing Agreement (v5.1.0, May 2024) which incorporates the EU Standard Contractual Clauses, the UK International Data Transfer Addendum, the EU–US Data Privacy Framework, and a CCPA addendum. Default Sentry retention is up to 90 days. We configure the Sentry SDK with
sendDefaultPii=false; mask all input fields and media in session replays by default; and route every payload through the SDK's default Data Scrubber which removes fields matchingpassword,secret,auth,api_key,credentials,authorization,session, and credit-card patterns.
Diagnostic data we deliberately exclude from Sentry: Aadhaar numbers, PAN, payment card numbers, UPI VPAs, bank account numbers, OTPs, and the contents of customer order data on the rider's device.
We plan to phase out Sentry in a future release once equivalent diagnostics are available from a provider with India-region hosting. - Expo — App updates delivery (signed bundle distribution)
- Cloudflare — API and real-time relay services. The relay between rider, customer tracking page, and shopkeeper dashboard is operated on Cloudflare Workers and Durable Objects. The relay does not persist location coordinates, customer order data, or transaction data — it forwards messages between connected devices and is torn down when the delivery batch ends. Our map tile server (used to render the delivery route map) runs on our own Cloudflare infrastructure and does not log requests or location queries.
Reserve Bank of India payment data localisation. Per the RBI circular dated 6 April 2018, all data relating to UPI VPAs, payment card numbers, and bank account numbers must be stored only in India. Our apps do not transmit any of these values to Sentry or any other cross-border service. Our payment-related code paths scrub these values before any diagnostic event is created.
5. Background Location (Delivery App Only)
The e-Kirana Delivery app collects location data in the background only during active deliveries. This is essential for:
- Providing real-time delivery tracking to customers
- Calculating accurate delivery routes and ETAs
- Ensuring delivery proof and completion verification
Background location tracking is not active when you are not on an active delivery. You can revoke location permissions at any time through your device settings.
We do not store your location data.Coordinates flow in real-time from the rider's phone, through an ephemeral Cloudflare relay, to the customer's tracking page and the shopkeeper's dashboard. Once the delivery batch is completed or cancelled, the relay is torn down and no GPS history is retained on our infrastructure.
5a. What Customers See About a Delivery Partner
When a customer opens the live tracking page for an order being delivered, they can see:
- The delivery partner's live position on a map
- Estimated time of arrival (ETA)
- The delivery partner's phone number, so the customer can call the rider directly if needed
This information is shown only while the delivery is in progress and disappears once the order is marked delivered.
5b. What a Delivery Partner Sees About a Customer
During an active delivery, the rider's app shows:
- The customer's name
- The customer's phone number (to coordinate handover)
- The delivery address
- The list of ordered items and the amount to collect
- The payment method (cash, online, or credit)
Customer phone numbers are currently shown directly to riders to enable doorstep coordination. This information is fetched from the shopkeeper's device for the duration of the delivery and is not retained centrally.
5c. What the Shop Owner Sees About a Delivery Partner
The shop owner who issued the rider's login QR code can see, from their shopkeeper application:
- Whether the rider is currently online
- The rider's live position during active batches
- The list of batches the rider has been assigned, started, completed, or rejected
- Payments collected and any delivery notes recorded by the rider
If you are a delivery partner, please be aware that this visibility is part of how the shop owner manages the team. The data lives on the shop owner's computer, not on our servers.
6. Notification Access (Companion App Only)
The e-Kirana Companion app uses notification listener access to automatically detect UPI payment confirmations from banking apps. This data is processed locally on your device and is used solely to verify payment completion. We do not store or transmit the content of your other notifications.
7. Data Storage and Security
We take appropriate measures to protect your personal information. All data is transmitted over encrypted connections (HTTPS / TLS / WSS).
Where your data lives:
- On the shopkeeper's computer (their local database): customer profiles, order history, delivery records, payment ledgers, delivery boy roster, and daily transaction data. The shopkeeper controls this data on their own machine.
- On the rider's phone (private app storage): the rider's authentication token, currently-active batch, and a small queue of unsynced delivery records waiting to reach the shopkeeper.
- On our cloud (Cloudflare): the shopkeeper's account credentials, payment subscription status, and shop registration details. We do not store customer order history, delivery boy GPS coordinates, or daily transaction data.
The rider's authentication token is held in the device's secure keystore (iOS Keychain / Android Keystore).
8. Data Retention
- Real-time location data: not stored. Discarded immediately once the delivery batch ends.
- Customer, delivery, and order data: retained on the shopkeeper's computer for as long as the shopkeeper chooses, in line with Indian tax and accounting requirements. We do not control this retention.
- Shopkeeper account data: retained by us for as long as the shop subscription is active, and for a reasonable additional period to support reactivation, billing reconciliation, and legal obligations.
- Crash and diagnostic data (Sentry): retained according to Sentry's default retention (typically 30–90 days).
9. Your Rights
You have the right to:
- Access the personal data held about you
- Request correction of inaccurate data
- Request deletion of your account and data
- Withdraw consent for data processing
- Revoke app permissions (location, camera, notifications) through device settings at any time
How to request deletion:
- From within the e-Kirana Delivery app: open the Profile tab and tap "Delete my local app data". This wipes all data the app holds on your device — your authentication token, cached batches, queued sync records, and the resilience ledger. Use this if you no longer wish to use the app on this device.
- If you are a customer or a delivery partner:please contact the shop owner whose store you ordered from / are delivering for. Because the shopkeeper's computer is the primary database, your records (orders, addresses, delivery history, login credentials) are held there. The shop owner can remove them directly. We do not hold a copy of this data centrally.
- If you are a shopkeeper: you can request deletion of your account, payment subscription history, and shop registration details by writing to our Grievance Officer (see Section 13) or by emailing support@ekirana.org.
- For diagnostic data held by Sentry: email our Grievance Officer with the subject line "Privacy: Sentry erasure". We will purge your records from our Sentry organisation. Sentry's standard retention is up to 90 days, after which records age out automatically.
Grievance redressal. For any privacy concern, complaint, or rights request, you can contact our Grievance Officer. Full contact details, escalation path, and response timelines are available at savekiranashop.com/grievance.
10. Children's Privacy
Our services are intended for adults aged 18 and over. The e-Kirana Delivery app additionally requires riders to be 18+ under the Indian Contract Act, 1872 (§11) and the Motor Vehicles Act, 1988. The e-Kirana Customer app may be used by adults purchasing goods.
We do not knowingly collect personal information from anyone under 18. We do not engage in behavioural monitoring of minors and do not direct any advertising or profiling at minors. If you are a parent or guardian and believe a minor has provided us with personal information, please contact our Grievance Officer (Section 13) and we will take appropriate action, including erasure.
11. Compliance with Indian Data Protection Law
Our processing of personal data is consistent with the Digital Personal Data Protection Act, 2023 (DPDPA). By design, we do not centrally store customer, delivery partner, or daily transaction data — these remain with the shopkeeper, who is the data fiduciary for their own customers and staff. We act as a data processor for shopkeeper account information and as a real-time relay for live delivery tracking.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically. Continued use of our apps after changes constitutes acceptance of the updated policy.
13. Contact Us & Grievance Officer
If you have any questions or concerns about this Privacy Policy, our data practices, or wish to exercise any of the rights described in Section 9, please contact our Grievance Officer:
Swapna
Grievance Officer, S3agents
Email: support@ekirana.org
Address: 449, Railway Layout, Bogadi, Mysore, Karnataka — 570026, India
Acknowledgement within 48 hours; resolution targeted within 30 days (statutory cap 90 days).
Full grievance redressal procedure, including the escalation path to the Data Protection Board of India, is available at savekiranashop.com/grievance.
Website: https://savekiranashop.com
This policy is currently published in English. A Hindi translation will be provided to data principals on request.