We value the trust you place in us and recognize the importance of secure transactions and information privacy. This Privacy Policy describes how MisterETec (collectively “MisterETec”, “we”, “us”) collect, use, share or otherwise process your personal data through MisterETec website www.misteretec.com (hereinafter referred to as the “Platform”).

This Privacy Policy describes our practices in connection with business-to-business related services and covers individuals who have business relationships or who contact us further to the services provided by us on this Platform. The Policy also provides information about the choices you have regarding the use of your personally identifiable data as defined under the applicable laws (“personal data”) and the rights provided to you, including the ability to access, rectify or update information about you.

Your personal data will primarily be stored and processed in the India region and may have data protection laws that are different from those that apply in the country in which you are located. By visiting this website, you expressly agree to be bound by the terms and conditions of this Privacy Policy, and the Terms of Use and agree to be governed by the laws of India including but not limited to the laws applicable to data protection and privacy. If you do not agree please do not use or access our Platform.

1. Collection of Personal Data

When you use our Platform, we collect and store your personal data which you provide from time to time. Our primary goal in doing so is to provide you with a safe, efficient, smooth, and customized experience. This allows us to provide services and features that most likely meet your needs, and to customize our Platform to make your experience safer and easier. More importantly, while doing so we collect personal data from you that we consider necessary for achieving this purpose.

We may collect personal data in many ways including correspondence, by telephone, email, via our website and chatbot from our website, from social media and publications, from other publicly available sources, advertisers, commercially available sources, business partners and from third parties.

If you are registered as a Buyer/Seller with us, we will have your details provided at the time of registering and during the course of your engagement with us. Where possible, we indicate which fields are required and which fields are optional. You always have the option to not provide information by choosing not to use a particular service or feature on the Platform. This information is compiled and analysed on an aggregated basis. This information may include the URL that you just came from (whether this URL is on our Platform or not), which URL you next go to (whether this URL is on our Platform or not), your computer browser information, and your IP address.

We use data collection devices such as "cookies" on certain pages of the Platform to help analyse our web page flow. "Cookies" are small files placed on your hard drive that assist us in providing our services. We offer certain features that are only available through the use of a "cookie". Most cookies are "session cookies", meaning that they are automatically deleted from your hard drive at the end of a session. You are always free to decline our cookies if your browser permits, although in that case you may not be able to use certain features on the Platform and you may be required to re-enter your one-time password more frequently during a session.

We collect only the minimum necessary data to operate the Platform securely and efficiently. This includes full name, email address, mobile number, date of birth (for age verification in restricted categories), complete shipping and billing addresses (including house/flat number, street, landmark, city, state, PIN code), government-issued identification proofs (only for seller KYC, e.g., PAN card, Aadhaar – stored in masked format with last 4 digits visible only), GSTIN, registered business name, and PAN (mandatory for B2B sellers or buyers claiming Input Tax Credit), profile picture (optional, user-uploaded for account personalization).

Sensitive Personal Data or Information (SPDI) is collected only with your explicit double opt-in consent. This includes bank account number, IFSC code, account holder name (required for direct refunds or seller payouts), credit/debit card details (card number, expiry, CVV – processed via PCI-DSS certified payment gateways; we store only tokenized data and last 4 digits), UPI ID or virtual payment address (for instant refunds or payments), health or biometric data (only if purchasing medical devices, fitness trackers, or wellness products – e.g., blood pressure readings for compatibility, stored only with encrypted consent form).

Non-personal or automatically collected information includes IP address, unique device identifier (UDID), browser type and version, operating system, screen resolution, language settings, behavioral session data (pages visited, products viewed, search queries, time spent on each page, clickstream data, referral source), approximate geolocation (derived from IP address for delivery feasibility, shipping cost calculation, and fraud detection), cookies, local storage, web beacons, pixel tags, and similar technologies for session management and analytics.

Information from third-party sources is collected only with your consent, including social login credentials (name, email, profile picture from social platforms – only if you choose social signup), payment gateway transaction logs (success/failure status, transaction ID – no full financial data), logistics partner updates (delivery proof of delivery, digital signature, photo – anonymized and deleted after 90 days), verified reviews or ratings from integrated platforms (if any).

We strictly do not collect data from children under 18 years without verifiable parental/guardian consent (via email or documented approval). Any inadvertently collected minor data is immediately and permanently deleted.

2. Use of Personal Data

All data processing is lawful, transparent, and purpose-limited under Indian laws. We use your information for core operational and contractual purposes including account registration, secure login, password reset, and two-factor authentication (2FA), order placement, inventory matching with sellers, invoice generation (with GST breakdown under our GSTINs: 07CEFPN9507J1Z8 for Delhi and 09CEFPN9507J1Z2 for UP), secure payment processing, fraud checks (via gateway APIs), and refund disbursement, real-time delivery coordination (sharing address with logistics for dispatch and tracking).

We enhance the Platform and user experience through AI-based personalized product recommendations using browsing and purchase history, search engine optimization, wishlist synchronization across devices, abandoned cart recovery emails/SMS, in-app notifications for price drops, restocks, or flash sales.

For legal, regulatory, and compliance purposes, we perform mandatory seller KYC verification (PAN, GSTIN, bank proof) under RBI KYC guidelines and GST laws, fraud and risk monitoring (IP geofencing, device fingerprinting to block suspicious logins), tax compliance including generating e-invoices under our GSTINs, TDS deduction for sellers, filing GST returns, responding to lawful requests from authorities (e.g., cyber cell under IT Act Section 91, income tax notices).

Communication and marketing are consent-based and include transactional messages such as order confirmation, dispatch alert, delivery OTP, invoice attachment (including GSTIN details), promotional content including newsletters, exclusive deals, birthday offers (only if you opt-in during signup or settings), post-purchase feedback surveys and Net Promoter Score (NPS) requests.

Analytics, research, and improvement involve aggregated and fully anonymized data for business intelligence (e.g., top-selling categories in Uttar Pradesh or Delhi), A/B testing of new features (e.g., checkout flow) without identifying individuals, crash and performance analytics to fix bugs.

Legal bases include consent (explicit for SPDI), contractual necessity (for orders), legal obligation (GST/IT Act), legitimate interest (fraud prevention). No automated decisions with legal impact without human review.

3. Sharing and Disclosure of Personal Data

We never sell, rent, or trade your personal data. Disclosure is strictly controlled. With sellers for order fulfillment only, we share buyer’s full name, complete shipping address, contact number, order details. No financial data (card/UPI/bank) is ever shared with sellers.

With third-party service providers (data processors), we share tokenized payment data for transactions with payment gateways, name, address, phone, COD amount, package weight with logistics and courier partners, encrypted backups and hosting with cloud infrastructure (servers located in India), fully anonymized behavioral data with analytics and marketing tools, phone/email for OTPs, alerts, and promotional SMS (if opted-in) with communication gateways. All processors sign Data Processing Agreements (DPAs) and are mandatorily located in India for data localization compliance.

Legal and mandatory disclosures are made to law enforcement, cyber crime units, courts, or regulators under IT Act Sections 67C/69/79, CrPC Section 91, or GST/CBDT summons (including sharing GSTIN-related transaction data if required), in consumer disputes filed via National Consumer Helpline or e-Daakhil portal.

In business continuity scenarios such as proprietorship transfer, merger, acquisition, or insolvency, user data may be transferred as a business asset with prior email notification and opt-out option.

4. Data Security Measures

We implement industry-standard, SPDI Rules-compliant security including AES-256 encryption for data at rest and TLS 1.3 for data in transit, Web Application Firewall (WAF), DDoS protection, rate limiting for network security, role-based access control (RBAC), mandatory 2FA for all admin logins, quarterly penetration testing by certified auditors for vulnerability management.

Physical and organizational controls include secure data centers in India with 24/7 CCTV and biometric access, employee background checks, annual privacy training, signed NDAs, breach response involving detection, containment, notification to affected users and MeitY within 72 hours (per DPDP draft guidelines). While no system is impenetrable, we maintain cyber insurance and regular backups.

5. Your Rights and Choices

You are empowered under IT Act, SPDI Rules, and DPDP Act with the right to access (download your full data report free within 15 days, including GSTIN-linked invoices), right to rectification (update incorrect address/phone via My Account), right to erasure (permanently delete account and non-statutory data; statutory GST records retained as per law), right to restrict/object to processing (pause marketing or analytics), right to data portability (export data in machine-readable format JSON/CSV), right to withdraw consent (instantly via app settings or email), marketing opt-out (unsubscribe link in every email/SMS), grievance redressal (file complaint with our officer; response in 15 days or CCPA). Submit requests to support@misteretec.com with identity proof.

6. Cookies and Tracking Technologies

We use cookie categories including strictly necessary to enable login, cart, checkout; performance/analytics to measure site speed, errors (IP anonymized); functional to save preferences (currency, language); targeting/advertising for remarketing (opt-out via browser settings). Control options include cookie consent banner on first visit, browser settings to block/delete, honoring Do Not Track (DNT) browser signals.

7. Data Retention and Deletion

Retention schedule includes transaction records (invoices, payments under GSTINs) for 7 years (Income Tax + GST laws), user account data until deletion plus 180 days secure backup, inactive accounts auto-purged after 24 months, server logs for 6 months (security audits). Secure disposal is done by overwriting using secure standards.

8. International Data Transfers

100% data residency in India (data centers in India). No cross-border transfer unless you purchase from an international seller (with consent) and protected by Standard Contractual Clauses (SCCs) and DPIA.

9. Updates to This Policy

Changes are posted on the Platform with version number. Material changes (e.g., new data use) are notified via email 30 days prior. Continued use is deemed acceptance.

10. Contact and Grievance Redressal

Support: support@misteretec.com | +91 9220875551

Grievance Officer (Appointed under IT Rules, 2021):
Name: [Proprietor / Designated Officer]
Email: grievance.officer@misteretec.com
Phone: +91 9220875551
Registered Office: Vill Post Reoli, Rewali, Salempur Deori, Deoria, UP – 274602
Additional Office: Block B, Pochanpur Colony, Dwarka, New Delhi – 110075
GSTIN: 07CEFPN9507J1Z8 (Delhi) | 09CEFPN9507J1Z2 (UP)

Acknowledgment within 24 hours, resolution within 15 days.

.