Legal

Data Sharing Policy

Last updated: 1 May 2025

TifunBox Food Services Private Limited is committed to transparency about the data we share and with whom. This Data Sharing Policy supplements our Privacy Policy and provides a clear breakdown of every category of third party that receives your personal data, what data they receive, why, and what safeguards are in place.

Our core commitment

TifunBox does not sell, rent, or trade your personal data to any third party for commercial marketing purposes — ever.

Kitchen Partners

Data shared

Your name
Delivery address
Order items & quantities
Dietary notes / special instructions
Contact number (for order-specific queries)

Purpose

To prepare and dispatch your order correctly.

Retention

Kitchen Partners are required to delete order-linked personal data within 30 days of order completion.

Safeguards

Kitchen Partners sign a data processing agreement with TifunBox and are prohibited from using your data for any purpose other than fulfilling your order.

Delivery Partners

Data shared

Your name
Delivery address
Contact number (masked where technically possible)

Purpose

To locate the delivery address and contact you if needed during delivery.

Retention

Delivery logs are retained for 90 days for dispute resolution, then deleted.

Safeguards

Delivery partners access data only through the TifunBox driver app and cannot export or copy customer details.

Payment Processors

Data shared

Transaction amount
Order reference ID
Device fingerprint (for fraud detection)
Billing details as required by the gateway

Purpose

To authorise and process your payment securely.

Retention

Payment processors retain records as required by PCI-DSS and RBI guidelines.

Safeguards

All payment gateways used by TifunBox are PCI-DSS Level 1 compliant. TifunBox does not store full card numbers or CVV.

Cloud & Hosting Providers

Data shared

Encrypted account data
Order records
Usage logs

Purpose

To operate and maintain the TifunBox platform.

Retention

Follows TifunBox's own retention schedule.

Safeguards

Data is stored in servers located in India (or within the SAARC region with equivalent legal protections). Providers are bound by data processing agreements.

Analytics & Crash Reporting Tools

Data shared

Anonymised or pseudonymised usage events
Crash logs
Device type, OS version, app version

Purpose

To diagnose technical issues and improve app performance and user experience.

Retention

Retained in aggregated/anonymised form for up to 24 months.

Safeguards

No name, email, phone, or address is sent to analytics providers. Data is pseudonymised before transmission.

Notification Services (SMS / Push)

Data shared

Mobile number (for SMS)
Device push token (for push notifications)
Order status data required for message content

Purpose

To deliver order confirmations, status updates, and (with your consent) promotional communications.

Retention

Push tokens are refreshed and old tokens removed automatically. SMS logs are retained for 90 days.

Safeguards

Providers are authorised under TRAI's Telecom Commercial Communications Customer Preference Regulations.

Law Enforcement & Regulatory Authorities

Data shared

Any data lawfully requested

Purpose

To comply with court orders, government directions, FSSAI inspections, or to protect the safety of our users and the public.

Retention

Only what is required and for the period stipulated by the authority.

Safeguards

TifunBox will notify you of any such disclosure where legally permitted to do so.

Your Rights Regarding Shared Data

Under the Digital Personal Data Protection Act, 2023 you may request that we ask our third-party partners to cease processing your data or delete it where it is no longer necessary. To exercise this right, email [email protected] with the subject line "Data Sharing — Opt Out / Deletion Request". We will coordinate with the relevant partner and confirm action within 30 days.