Privacy Policy

Data Fiduciary / Controller: KOKUMI TECHNOLOGIES PRIVATE LIMITED

Registered Address: MR-01 3rd Floor Alt F JMD, Empire Square, Sector-28, MG Road, DLF QE, Gurugram, Haryana 122002, India

Support Email: support@kokumitech.com

Privacy & Grievance Desk: grievance@kokumitech.com (Please include “Privacy – aaloo.ai”)

This Policy applies when you:

Create or use an aaloo.ai account.

Log meals, upload food photos, and build taste preferences.

Post reviews, comments, or participate in community features (including direct messages).

Purchase subscriptions or other paid features.

Participate in points/rewards, redemptions, contests, cash prizes, or brand campaigns.

Interact with our ads/remarketing (where enabled) and our analytics.

We collect personal data (i) you provide, (ii) automatically, and (iii) from third parties you choose to use.

A) Information you provide

Account and profile: Name, username, email, phone number, password (stored in hashed form), profile photo, bio, city, language preferences.

Food, taste and preference data: Meal logs, images/videos you upload, cuisine preferences, likes/dislikes, ratings, reviews, comments, bookmarks, searches.

Wellness and health-related inputs (if you choose to provide them): Dietary preferences, allergy-related inputs, intolerances, and other wellness/nutrition details you enter. We treat this category with heightened safeguards because it can be sensitive.

Community and messaging: Posts, comments, reactions, reports, and direct messages (including attachments).

Subscriptions and purchases: Plan details, purchase timestamps, transaction references, and refund status. Payment card/bank credentials are typically processed by payment processors and app stores; we do not store full card numbers when processed by those parties.

Rewards, redemptions, contests and cash prizes: Shipping/contact information for fulfillment. Winner verification details (for eligibility, fraud prevention, and compliance), which may include age verification and tax/identity details where required to award prizes.

Support: Customer support messages, emails, and information you choose to share for troubleshooting.

B) Information collected automatically

Device and technical data: IP address, device type, OS, app version, browser type, language, time zone, device identifiers (where available), diagnostic logs, crash reports.

Usage data: Screens/pages visited, clicks, time spent, search queries, interactions (e.g., what you view/like), referral sources, and feature performance metrics.

Approximate location: Coarse location inferred from IP address (city/region level).

C) Information from third parties

Social login: If you sign in using a social login provider, we receive identifiers and basic profile information as permitted by your settings with that provider.

Advertising and measurement partners: If we run ads/remarketing, partners may provide attribution signals (e.g., ad clicks, conversions) and device/app measurement identifiers, subject to your device settings and applicable law.

Brand partners: If you opt into brand campaigns, we may receive campaign participation and fulfillment status (and share limited data needed to deliver the offer).

Some features may work better with location. You can choose whether to share:

Precise location (GPS): Only if you opt in via your device permission and/or in-app prompt.

Approximate location: May be inferred from IP; you can still use the Services without GPS.

You can withdraw precise location permission at any time in your device settings.

We use personal data for the following purposes:

Provide and operate the Services (accounts, meal logs, feeds, community, DMs).

Personalization and recommendations (taste profiling, discovery ranking, content suggestions).

Wellness features you request (informational only; not medical advice).

Subscriptions and billing (payments, renewals, invoices/receipts, refunds).

Rewards, redemptions, contests and cash prizes (eligibility, verification, fraud prevention, prize delivery, partner fulfillment).

Safety and integrity (spam prevention, abuse detection, moderation, enforcing our Terms). India’s intermediary diligence framework may influence how platforms handle reporting and takedown workflows.

Analytics and improvement (debugging, product performance, feature testing).

Advertising and remarketing (where enabled) and marketing communications (with opt-outs as required).

Legal compliance (tax/accounting, responding to lawful requests, dispute handling, enforcing rights).

We process personal data based on grounds recognized under the DPDP Act and operationalized through the DPDP Rules, 2025, including consent and lawful purposes such as providing requested services, security/fraud prevention, and compliance with law.

Other regions: Depending on where you live, we may rely on one or more of: contract necessity, consent, legitimate interests, and legal obligations.

We run advertising and remarketing to grow the platform and measure campaign effectiveness.

Web cookies / pixels: In some regions (including the EU/EEA), non-essential cookies generally require user consent before being set.

In-app advertising IDs: Your device may provide controls to limit ad tracking or reset identifiers (availability varies by OS).

Your controls:

Cookie preferences (web) via our cookie banner/manager where available, and browser settings.

Opt-out of marketing emails/SMS via unsubscribe links or in-app settings (where available).

Device-level controls for ad tracking and permissions (GPS, notifications).

We do not share personal data beyond what is necessary to run the Services and comply with law.

We may share personal data with:

A) Service providers (processors): Vendors that provide hosting, storage, analytics, crash reporting, customer support tools, security/fraud prevention, moderation tooling, and communications (email/SMS/push). They process data under contractual obligations and for our instructions.

B) Payment processors and app stores: To process transactions and subscriptions. Note: Exact payment processors may vary by geography and product rollout; we will update this Policy when final vendors are selected.

C) Brand partners and fulfillment providers: For redemptions, deliveries, and brand campaigns, we may share limited information necessary to fulfill the offer (e.g., name, contact details, shipping address, eligibility confirmation).

D) Legal, safety and enforcement: We may disclose data when we believe it is necessary to comply with law, protect user safety, our rights, or public safety, or detect/prevent fraud, abuse, or security incidents.

E) Aggregated / de-identified insights: We may share aggregated or de-identified insights (e.g., city-level food trend analytics). We take reasonable steps to reduce the risk of re-identification.

Public content: Depending on your settings and product design, your profile, reviews, comments, and posts may be public and searchable.

Direct messages: DMs are intended to be private between participants, but we may review or analyze messages in limited situations, such as a user report, abuse/spam detection and enforcement, or legal compliance requests.

Please do not post or message sensitive personal information unless you are comfortable sharing it with others.

We retain personal data only as long as needed for the purposes in this Policy, and for legitimate business and legal requirements.

Typical retention approach (may vary by context and law):

Account data: retained while your account is active; after deletion, we delete or de-identify data unless we need to retain it for legal compliance, fraud prevention, or dispute resolution.

User content: removed when you delete it (where supported). Copies may persist in backups for a limited period (typically 30–90 days).

Payments, subscriptions, prizes: retained for accounting/tax/audit obligations and fraud prevention for limited period.

Security logs: typically retained for 90–180 days (or longer if needed to investigate incidents).

We use reasonable technical and organizational measures such as access controls, encryption in transit, monitoring, and least-privilege practices. No system is fully secure; you should use a strong password and keep your device secure.

A) India (DPDP rights): Subject to applicable conditions, you may have rights to access information about processing, correct/update data, request erasure, withdraw consent, and use grievance redressal mechanisms.

How to exercise DPDP rights: email grievance@aaloo.ai with subject “DPDP Request – aaloo.ai”. We may verify your identity.

B) Data export: You can request a download/export of your account data where supported in-app or through our Grievance Desk.

C) Marketing choices: You can opt out of marketing emails/SMS (where provided). Transactional and service messages (e.g., receipts, security alerts) may still be sent.

D) California (CCPA/CPRA) — if applicable: If you are a California resident, the CCPA provides rights such as access, deletion, correction (under CPRA), and the right to opt out of certain “sale” or “sharing” practices as defined by the law.

How to exercise: email grievance@aaloo.ai with subject “California Privacy Request – aaloo.ai”.

Your data may be stored or processed outside your state/country depending on where our servers and vendors operate. We apply appropriate safeguards consistent with applicable law. Under India’s DPDP framework, cross-border transfers may be subject to government-notified restrictions.

The Services are not intended for children under 13. If we learn that a child under 13 provided personal data in a manner not permitted by law, we will take steps to delete the data and restrict the account.

Any wellness, nutrition, allergy, or health-related insights are provided for informational purposes only and are not medical advice. Always consult qualified professionals for medical decisions, allergies, and dietary restrictions.

The Services may include third-party links or integrations. Their privacy practices are governed by their own policies. We are not responsible for third-party privacy practices.

We may update this Policy from time to time. If changes are material, we will notify you via the Services or other reasonable means. The “Last Updated” date reflects the latest revision.

Privacy & Grievance Desk: grievance@kokumitech.com

Support: support@kokumitech.com

KOKUMI TECHNOLOGIES PRIVATE LIMITED

MR-01 3rd Floor Alt F JMD Empire Square, Sector-28, MG Road, DLF QE, Gurugram, Haryana 122002, India