HosaFlow logo

HosaFlow

Privacy

Legal

Privacy Policy

For HosaFlow Customers and Store Owners

Legal tabs

Legal CenterTerms (Customer + Owner)Privacy (Customer + Owner)

Third-party standards

Supabase PrivacySupabase SecurityGoogle Privacy (OAuth)Google Terms (OAuth)
Jump to:Customer sectionOwner addendum

Last updated: March 1, 2026

1. Who We Are

HosaFlow is a local discovery and self-checkout shopping platform that connects customers with local stores for a seamless shopping experience. We enable customers to scan products, build their cart, and complete purchases digitally while shopping in physical stores.

2. What Data We Collect

When you sign in to HosaFlow using Google OAuth, we collect: • Your name • Your email address • Your profile photo (optional) • Google user ID for authentication We do NOT have access to your Google password. During app usage, we also collect: • Location data (only if enabled by you) to find nearby stores • Shopping cart information • Purchase history and order details • Product scans and preferences • Loyalty points and rewards data • Payment transaction details (processed securely through payment processors integrated by stores such as Razorpay, PhonePe, Cashfree, PayU, Paytm, and others)

3. How We Use Your Data

We use your information for: • Account creation and authentication • Managing your shopping cart and orders • Processing payments securely • Showing nearby stores based on your location • Tracking loyalty points and rewards • Sending order confirmations and updates • Improving our service and user experience • Customer support and communication We do NOT: • Sell your data to third parties • Use your data for advertising to third parties • Share your personal information without your consent

4. Data Storage & Security

Your data is stored securely on Supabase (a secure cloud database platform) with: • End-to-end encryption • Secure access controls • Industry-standard security practices • Regular security audits Payment information is processed securely via payment processors integrated by stores (such as Razorpay, PhonePe, Cashfree, PayU, Paytm), which are PCI-DSS compliant. We never store your full payment card details.

5. Data Sharing

We share limited data only with: • Stores you shop at (order details, contact info for fulfillment) • Payment processors integrated by stores (Razorpay, PhonePe, Cashfree, PayU, Paytm, etc.) for transaction processing • Service providers who help operate our platform We do NOT sell or rent your personal information to third parties. We may disclose your information if required by law or to protect our rights and users.

6. Location Data

We collect location data only if enabled by you. When enabled, we use it to: • Show nearby stores and deals • Calculate distance to shops • Improve local shopping experience Location data is collected only during active app usage, not in the background. You can: • Deny location access at any time • Use the app without location (with limited features) • Control location permissions in your device settings

7. Your Rights

You have the right to: • Access your personal data • Update or correct your information • Delete your account and data • Export your data • Withdraw consent for data processing • Opt-out of marketing communications To exercise these rights, contact us at support@hosaflow.com

8. Account Deletion

You can request account deletion by: • Visiting https://hosaflow.com/delete-account • Emailing support@hosaflow.com Users can request account deletion by email or via the delete-account page. We process verified requests within 30 days. Upon deletion: • Personal profile fields are deleted/anonymized • Saved payment preferences and customer-linked push tokens are removed • Transaction/order/tax/security records may be retained for legal/accounting/fraud-prevention purposes • Deletion is irreversible

9. Cookies & Tracking

We use: • Session cookies for authentication • Local storage for app preferences • Analytics to improve user experience We do NOT use third-party advertising trackers.

10. Children's Privacy

HosaFlow is not intended for users under 13 years of age. We do not knowingly collect data from children. If you believe a child has provided us data, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via: • Email notification • In-app announcement • Updated "Last Modified" date Continued use after changes constitutes acceptance.

12. Contact Us

For questions, concerns, or requests regarding your privacy: Email: support@hosaflow.com App: HosaFlow Customer App Response time: Within 48 hours

Store Owner Privacy Addendum

This addendum applies to store owners using HosaFlow owner tools and POS services.

A1. Data We Collect from Owners

We collect shop profile data (name, address, phone), owner account identifiers, shop location coordinates/plus code, uploaded media and documents, and operational activity needed to run the platform.

A2. Device and Log Data

We may collect technical logs and device/app telemetry such as IP address, browser/app version, device model/OS, session timestamps, error logs, security events, and feature usage events to diagnose issues, prevent abuse, and improve service reliability.

A3. Data Storage and Processing Location

Owner data may be stored and processed in cloud infrastructure operated by our service providers, including India and other jurisdictions where contracted infrastructure is hosted, subject to reasonable contractual and technical safeguards.

A4. Third-Party Service Providers

We use trusted third-party services to operate the platform, including infrastructure and data services (for example Supabase), messaging/notification services (for example Firebase), and where enabled payment and settlement partners/gateways. These providers process data only for legitimate platform operations.

A5. Security Measures

We apply reasonable administrative, technical, and organizational safeguards, including access controls, transport encryption, and monitoring/audit practices to reduce unauthorized access and misuse risks. No internet-based system can be guaranteed 100% secure.

A6. Government ID and Compliance Data

To improve trust and abuse prevention, owners may be required to submit a valid government-issued identity proof and compliance documents. Verification status may affect store visibility and feature access.

A7. Owner Rights

Owners may request access/correction/deletion where applicable by contacting support@hosaflow.com. Some data may be retained to satisfy legal, audit, tax, or security obligations.

Your Privacy Matters

We are committed to protecting your personal information and being transparent about our data practices.