Legal
Privacy Policy
For HosaFlow Customers and Store Owners
Legal tabs
Third-party standards
Last updated: April 27, 2026
1. Who We Are
HosaFlow is a local discovery and self-checkout shopping platform that connects customers with local stores for a seamless shopping experience. We enable customers to scan products, build their cart, and complete purchases digitally while shopping in physical stores.
2. What Data We Collect
When you sign in to HosaFlow using Google OAuth, we collect: • Your name • Your email address • Your profile photo (optional) • Google user ID for authentication We do NOT have access to your Google password. During app usage, we also collect: • Location data (only if enabled by you) to find nearby stores • Discovery preferences, favorites, and store-interest signals • Local post views, taps, saves, hides, reports, and similar engagement events • Notification preferences and local discovery opt-in choices • Shopping cart information • Purchase history and order details • Product scans and preferences • Loyalty points and rewards data • Customer-support and abuse-report content you submit to us • Payment transaction details (processed securely through payment processors integrated by stores such as Razorpay, PhonePe, Cashfree, PayU, Paytm, and others)
3. How We Use Your Data
We use your information for: • Account creation and authentication • Managing your shopping cart and orders • Processing payments securely • Showing nearby stores based on your location • Personalizing discovery feeds, local posts, and relevant store updates • Tracking loyalty points and rewards • Sending order confirmations and updates • Sending opted-in notifications and discovery alerts • Improving our service and user experience • Preventing fraud, abuse, and unsafe use of the platform • Customer support and communication We do NOT: • Sell your data to third parties • Use your data for advertising to third parties • Share your personal information without your consent
4. Data Storage & Security
Your data is stored securely on Supabase (a secure cloud database platform) with: • End-to-end encryption • Secure access controls • Industry-standard security practices • Regular security audits Payment information is processed securely via payment processors integrated by stores (such as Razorpay, PhonePe, Cashfree, PayU, Paytm), which are PCI-DSS compliant. We never store your full payment card details.
5. Data Sharing
We share limited data only with: • Stores you shop at (order details, contact info for fulfillment) • Payment processors integrated by stores (Razorpay, PhonePe, Cashfree, PayU, Paytm, etc.) for transaction processing • Service providers who help operate our platform, including infrastructure, notifications, analytics, moderation, and AI-assisted features where enabled We do NOT sell or rent your personal information to third parties. We may disclose your information if required by law or to protect our rights and users.
6. Location Data
We collect location data only if enabled by you. When enabled, we use it to: • Show nearby stores and deals • Rank and personalize local discovery content • Calculate distance to shops • Improve local shopping experience Location data is collected only during active app usage, not in the background. You can: • Deny location access at any time • Use the app without location (with limited features) • Control location permissions in your device settings
7. Discovery, Personalization, and Notifications
HosaFlow may use your location, store follows, shopping behavior, interaction history, and preference settings to determine which local posts, discovery cards, offers, or alerts are shown to you. Some discovery content may be personalized, time-limited, or filtered for safety and abuse prevention. You can manage notification permissions and relevant app settings in your device or in-app preferences.
8. Your Rights
You have the right to: • Access your personal data • Update or correct your information • Delete your account and data • Export your data • Withdraw consent for data processing • Opt-out of marketing communications To exercise these rights, contact us at support@hosaflow.com
9. Account Deletion
You can request account deletion by: • Visiting https://hosaflow.com/delete-account • Emailing support@hosaflow.com Users can request account deletion by email or via the delete-account page. We process verified requests within 30 days. Upon deletion: • Personal profile fields are deleted/anonymized • Saved payment preferences and customer-linked push tokens are removed • Transaction/order/tax/security records may be retained for legal/accounting/fraud-prevention purposes • Deletion is irreversible
10. Cookies & Tracking
We use: • Session cookies for authentication • Local storage for app preferences • Analytics to improve user experience We do NOT use third-party advertising trackers.
11. Children's Privacy
HosaFlow is not intended for users under 13 years of age. We do not knowingly collect data from children. If you believe a child has provided us data, please contact us immediately.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via: • Email notification • In-app announcement • Updated "Last Modified" date Continued use after changes constitutes acceptance.
13. Contact Us
For questions, concerns, or requests regarding your privacy: Email: support@hosaflow.com App: HosaFlow Customer App Response time: Within 48 hours
Store Owner Privacy Addendum
This addendum applies to store owners using HosaFlow owner tools and POS services.
A1. Data We Collect from Owners
We collect shop profile data (name, address, phone), owner account identifiers, shop location coordinates or plus code, uploaded media and documents, local posts and discovery content, AI prompts and instructions submitted by owners, generated drafts and edits, and operational activity needed to run the platform.
A2. Device and Log Data
We may collect technical logs and device/app telemetry such as IP address, browser/app version, device model/OS, session timestamps, error logs, security events, and feature usage events to diagnose issues, prevent abuse, and improve service reliability.
A3. AI and Discovery Data Handling
Where AI-assisted or local discovery features are enabled, we may process prompts, drafts, edited outputs, publication choices, timing preferences, and moderation outcomes to deliver the feature, enforce governance, improve reliability, and investigate abuse. We may also measure whether AI suggestions were edited, published, or discarded to improve feature quality and safety.
A4. Data Storage and Processing Location
Owner data may be stored and processed in cloud infrastructure operated by our service providers, including India and other jurisdictions where contracted infrastructure is hosted, subject to reasonable contractual and technical safeguards.
A5. Third-Party Service Providers
We use trusted third-party services to operate the platform, including infrastructure and data services (for example Supabase), messaging and notification services (for example Firebase), analytics and abuse-prevention tools, AI or machine-learning subprocessors where enabled, identity-verification vendors, and payment or settlement partners and gateways where enabled. These providers process data only for legitimate platform operations.
A6. Media, Document, and Generated Content Handling
Owners are responsible for ensuring uploaded images, logos, product media, documents, prompts, and generated content are lawful and owned or licensed by them, and do not contain prohibited or unnecessary sensitive data. We may review, restrict, label, or remove content that violates platform rules or law.
A7. Security Measures
We apply reasonable administrative, technical, and organizational safeguards, including access controls, transport encryption, and monitoring/audit practices to reduce unauthorized access and misuse risks. No internet-based system can be guaranteed 100% secure.
A8. Government ID and Compliance Data
To improve trust and abuse prevention, owners may be required to submit a valid government-issued identity proof and compliance documents. Verification status may affect store visibility and feature access.
A9. Owner Rights
Owners may request access, correction, or deletion where applicable by contacting support@hosaflow.com. Some data may be retained to satisfy legal, audit, tax, moderation, analytics, or security obligations.
Your Privacy Matters
We are committed to protecting your personal information and being transparent about our data practices.