Privacy Policy for Glazed Bakery
This Privacy Policy constitutes a legally binding agreement governing how Glazed ("we", "us", "our") collects, processes, stores, and shields personal data within our operational ecosystem. This policy is structured to align with the Digital Personal Data Protection (DPDP) Act and other applicable Indian statutes, ensuring maximum protection and capital efficiency for our systems.
By executing a transaction, submitting your mobile number, or interacting with our digital interfaces, you grant explicit, unambiguous consent to the data processing architectures detailed below.
1. Data Minimization & Categories of Collection
We limit data extraction to the absolute baseline required to process orders, maintain account security, and compute loyalty metrics. We collect:
- Primary Identity Identifiers: Your mobile phone number, which serves as the core unique cryptographic anchor for your account profile.
- Transactional Ledgers: Multi-factor transaction history, billing metrics, timestamps, payment gateway verification codes, and chosen fulfillment methods.
- Loyalty Metadata: Accrued coin balances, First-In, First-Out (FIFO) chronological decay logs, and platform redemption histories.
- Technical Footprints: IP addresses, session authorization tokens, device metadata, and login telemetry captured during portal access.
2. WhatsApp Marketing & Native Platform Controls
Our communication network utilizes automated and manual pipelines to transmit both utility messaging (order updates, digital receipts) and promotional campaigns.
- Mandatory Native Opt-Out Mechanism: We do not maintain or recognize text-based text triggers (such as replying with the keyword "STOP") within the chat interface. To terminate promotional or marketing messages, you must exclusively utilize WhatsApp’s built-in "Block Business" feature.
- Indemnification of Messaging Streams: If you fail to deploy the native WhatsApp block feature, Glazed is entirely indemnified against any civil, criminal, or regulatory claims regarding unsolicited messaging, spamming, or violations of DND/telecom compliance frameworks.
3. Mandatory Channel for Grievances, Consent Withdrawal, and Erasure
To maintain systemic consistency and prevent fragmented records, we enforce a single, absolute point of contact for all data privacy mandates.
- The Exclusive Channel: Any formal grievance, data access request, correction request, consent withdrawal, or permanent account erasure petition under the DPDP Act must be sent directly and exclusively to: contact@glazed.co.in.
- Exclusion of Alternate Channels: Data requests, notices, or complaints submitted via any other communication channel—including but not limited to Instagram Direct Messages, WhatsApp business chats, verbal declarations to kiosk floor staff, or comments on social media platforms—are legally void and will not be entertained or processed. Glazed disclaims all liability for failing to act on requests submitted outside the mandated email protocol.
4. Technical Vulnerabilities, Rogue Actors, and Firm Indemnity Loopholes
To the maximum extent permitted under applicable law, Glazed establishes absolute civil liability insulation regarding the integrity of our technical pipelines:
- Internal Rogue Actors and Tech Lockouts: While Glazed deploys standard security protocols, the firm shall be completely indemnified and held harmless from any user-side claims, data exposures, or profile discrepancies arising from unauthorized technical interventions, malicious system overrides, internal infrastructure lockouts, or rogue data manipulation executed by individual team members, employees, or third-party contractors acting outside their authorized administrative scope or violating proprietary code access protocols.
- Third-Party Infrastructure Failures: Our digital layers, including loyalty.glazed.co.in/loyalty, rely on external cloud service providers, SMS aggregators, and API pipelines. Glazed accepts zero financial or legal liability for database leaks, point calculation drops, or transmission delays caused by host server failures, third-party network breaches, or global telecommunication disruptions.
- Exploit Reconciliation Rights: If a database glitch or technical exploit generates artificial, inflated, or mathematically impossible loyalty data within a user profile, Glazed retains the unilateral right to freeze the account, isolate the record, and purge or reverse the faulty data points without liability.
5. Data Retention, Erasure Outcomes, and Account Security
- Retention Boundaries: We store core transactional and identity logs only for the duration necessary to satisfy tax auditing, commercial compliance, and legal defense requirements in India.
- Erasure Forfeiture Clauses: Processing a verified erasure request through contact@glazed.co.in results in the immediate, permanent purging of your mobile number and profile from our active systems. This action triggers the instantaneous dissolution of all accrued loyalty balances and coins. These assets cannot be restored, transferred, or monetized post-erasure.
- Credential Safeguards: Access to our centralized loyalty dashboard is verified via dynamic One-Time Passwords (OTPs) sent to your mobile terminal. The user remains solely responsible for preventing unauthorized access to their device. Glazed is entirely indemnified against third-party point depletions resulting from credential sharing or device compromise.
6. Severability and Jurisdictional Authority
- Severability: If any provision, paragraph, or clause within this Privacy Policy is adjudicated to be illegal, invalid, or unenforceable by a court of competent authority, that specific element will be severed. The remaining provisions will retain full legal force and effect.
- Governing Law: This policy is governed by and construed strictly under the laws of India. Any litigation, regulatory escalation, or arbitration arising from our data handling architectures shall fall under the exclusive jurisdiction of the competent courts in Bhubaneswar, Odisha.