Privacy Policy

1. Who is the Data Fiduciary

For personal data processed on the Zittru platform, the Data Fiduciary under the DPDP Act is Feinit Consulting & Integration Services, operating the Zittru brand in India. Where we use third-party service providers (for example, cloud hosting, payments, maps, messaging, or identity verification), they process data on our instructions under appropriate contracts and security requirements.

2. Personal data we collect

2.1 From customers

• Account & profile: name, mobile number, email, country code, sign-in and session information, and profile photo if you upload one.
• Identity / KYC (when applicable): government identity documents and related verification data (such as name, date of birth, address, and document references, with sensitive numbers masked where we can), photographs or video used for liveness checks, and verification outcome. We use regulated identity-verification providers where required. For DigiLocker Aadhaar verification, Aadhaar is consent-based through the provider; we store only the masked Aadhaar value or last four digits where returned, and do not store your full Aadhaar number or Aadhaar document in our databases. For passport and document-upload fallback checks, we keep the verification result and provider reference, not full identity document numbers, unless a specific law requires otherwise.
• Booking data: pickup and delivery addresses, recipient (consignee) name and phone, bag count and category, weight, declared value, notes or photographs you upload, time windows, handover codes (such as OTPs), and status updates.
• Payment data: transaction references and limited payment-method indicators (for example, last digits or payment type). We do not store full card numbers or security codes. Card, UPI, and wallet details are handled by our licensed payment gateway provider.
• Location: pickup and delivery addresses (needed to fulfil your booking), device location when you allow it (to help with addresses and service in your area), and partner location during an active trip for tracking and safety.
• Communications: messages with support, call recordings where we record calls for quality and disputes, and SMS, email, or messaging we send about your booking.
• Device & usage: general device and app information, IP address, language, and logs needed to keep the service reliable and secure.

2.2 From partner drivers and operators

If you onboard as a Partner (individual driver, fleet operator, hub operator, or logistics carrier), we collect what is required to verify you, pay you, and dispatch jobs:

• Business or individual name, contact details, address, photograph, and emergency contact.
• KYC and compliance documents (such as government ID, tax identifiers, driving licence, vehicle registration, insurance, permits, and bank details for payouts), as applicable to your role.
• Vehicle and service-area information needed to assign work.
• Location and job updates during active assignments, handover photographs (packaging and receipts), and app diagnostic data.
• Payout, settlement, tax, and dispute records.

2.3 What we do not collect

We deliberately keep our data footprint small. In particular, Zittru does not:

• read your phone's contact list, call log, or SMS inbox;
• scan or report the list of other apps installed on your device;
• track your device location in the background when you are not actively using the service;
• build advertising profiles, sell access to your phone number, or share your data with ad networks;
• knowingly collect data from children under 18. The service is intended for adults; bookings on behalf of a minor must be made and supervised by a parent or guardian who is the account holder. If you believe a minor has provided personal data without verifiable parental consent, contact us and we will delete it.

3. Why we process personal data (purposes and legal basis)

We process personal data only for specified, lawful purposes. Under the DPDP Act this is principally based on the consent you give when you create an account or place a booking, and on certain legitimate uses recognised by law (for example, performing the service you requested, partner onboarding, compliance with law, and fraud prevention). Specific purposes include:

• Creating and managing your account and signing you in securely.
• Pricing, confirming, fulfilling, tracking, and supporting bookings, including assigning pickup, transit, and delivery partners.
• Processing payments, refunds, settlements, and records required for tax and accounting.
• Verifying identity where required for bookings or partner onboarding.
• Detecting and preventing fraud, abuse, unsafe use, and prohibited goods.
• Sending service-related messages (booking updates, security notices, policy changes) and, only with your consent, marketing about Zittru, which you can opt out of at any time.
• Complying with legal obligations and responding to lawful requests.
• Improving reliability, safety, and quality of the Platform.
• Handling disputes and defending legal claims.

We do not use your personal data to train external generative-AI models; we do not sell, rent, or barter personal data; and we do not run targeted advertising networks on the Platform.

4. Sharing with partners and service providers

4.1 Independent partners

To deliver a booking, we share the minimum operational data with the partner assigned to each leg: typically your name, phone number, addresses, time window, bag count, special instructions, and handover codes needed to complete pickup or delivery. Delivery partners receive consignee details only for the final leg. Partners must use this data only to perform the booking, keep it secure, and comply with applicable privacy law. Depending on their role, a partner may process data on our behalf or under their own legal obligations.

4.2 Categories of service providers

We use vetted third parties only where needed to run the Platform. We do not publish a list of specific vendors in this policy. By category, personal data may be processed by:

• Cloud and application hosting — to store and run our systems securely.
• Payment gateway — to process card, UPI, and wallet payments and partner payouts.
• Maps and address services — to validate and display locations you enter.
• Messaging — to send booking updates, OTPs, and support messages.
• Identity verification — to complete KYC where required.
• Logistics carriers — for inter-city movement under contract (see Section 4.1).

These providers are bound by contract to use data only for the services they provide to us and to protect it appropriately. If you need more detail for a specific request (for example, a regulatory or legal enquiry), contact privacy@zittru.com.

4.3 Legal, safety, and corporate transactions

We may disclose personal data to comply with law, court orders, or lawful government requests; to investigate or prevent fraud, safety incidents, or breaches; to enforce our Terms; to defend legal claims; or in connection with a merger, acquisition, or sale of assets, where the recipient must honour this Policy or give you notice of material changes.

5. Where your data is stored and processed

We aim to keep personal data relating to our India operations in India, using infrastructure and service providers that support storage and processing within India, subject to applicable law. In limited cases, a service provider may process data outside India (for example, for global messaging or security tools). We allow that only where permitted under the DPDP Act and applicable law, and with appropriate safeguards. We will update this section if our approach materially changes.

6. Retention

We keep personal data only as long as needed for the purposes above or for legal compliance. Indicative periods:

• Account profile — until you delete your account, plus a short cool-off, then deleted or anonymised.
• Bookings, invoices, and tax records — as required under applicable tax and company law (typically up to several years).
• KYC records — as required under applicable KYC/AML rules, then deleted when no longer required.
• Handover codes, trip photos, and live location — for a limited period after delivery, unless needed for an active dispute.
• Support communications — for a limited period, unless a longer period is needed for a specific dispute.
• Diagnostic and usage logs — for a limited period in identifiable form, then aggregated or deleted.

We may retain data longer where law, a regulator, or a court requires it, or to defend legal claims. Data we no longer need is deleted or anonymised.

7. Security

We use reasonable technical and organisational measures appropriate to the sensitivity of the data, including encryption in transit, access controls, authentication safeguards, and monitoring for abuse. No method is completely secure. Please protect your sign-in credentials, do not share handover codes with anyone except the assigned partner at the door, and contact us promptly at security@zittru.com if you suspect unauthorised access. If a personal-data breach must be reported under the DPDP Act or other applicable law, we will notify the Data Protection Board and affected individuals as required.

8. Your rights

As a data principal under the DPDP Act and, where applicable, other laws, you have the right to:

• Obtain a summary of the personal data we process about you and how it is being processed.
• Request correction, completion, or updating of inaccurate or incomplete personal data.
• Request erasure of personal data where it is no longer necessary or where you withdraw consent, subject to legal retention requirements.
• Withdraw consent for processing that was based on consent, without affecting processing already carried out lawfully.
• Nominate another individual to exercise your rights in the event of your death or incapacity.
• Grievance redressal via our contact in Section 11, and escalation to the Data Protection Board of India under the DPDP Act where applicable.
• Opt out of marketing at any time.

To exercise these rights, email privacy@zittru.com or use in-app options such as account deletion under Profile. We may verify your identity before acting. We may retain certain records where law requires (for example, tax or KYC).

9. Cookies and analytics

We use cookies and similar technologies on the website to keep you signed in, remember preferences, and understand how the site is used in aggregate. We do not use cross-site advertising trackers. You can control cookies in your browser settings.

10. Specific notes for partner drivers and operators

If you onboard as a Partner, additionally please note:

• Your name, photograph, vehicle information, and ratings may be shown to customers and our operations team for transparency and safety.
• Your location is shared with the customer and our team during active jobs only; we do not continuously track you outside active assignments.
• KYC and bank details are used for verification, payouts, and compliance and are not shared with customers.
• You retain your rights as a data principal under the DPDP Act, subject to record-keeping for past trips and payments.
• If you store customer data in your own systems, you are responsible for that processing under your agreement with Zittru and applicable law.

11. Grievance Officer and contact

12. Changes to this Policy

We may update this Policy. Material changes will be indicated by updating the “Last updated” date and, where appropriate, by in-app or email notice. Continued use of the Platform after changes constitutes acceptance. Where we rely on consent and the change requires fresh consent, we will ask for it before relying on the new basis.