Scope, Data Fiduciary Identity & Legal Framework
This Privacy Policy applies to visitors, registered users, account holders, customers, mobile app users, and other individuals who access, use, or interact with HPzenAi's websites, mobile applications, e-commerce platform, connected products, cloud services, and related support systems. HPzenAi acts as the data fiduciary for personal data processed through its owned and operated channels. This policy is intended to operate in line with the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, applicable subordinate rules, and other Indian laws relevant to electronic commerce, consumer protection, and data handling.
- HPzenAi Technologies Private Limited, Anekal, Bengaluru, Karnataka, India, is the entity responsible for the personal data processed through HPzenAi's owned and operated platforms.
- By accessing or using HPzenAi services, you acknowledge that HPzenAi may process personal data in accordance with this Privacy Policy and applicable law. Where required by law, HPzenAi will obtain consent before processing personal data.
- HPzenAi determines the purposes and means of processing for personal data collected through its own channels.
- This policy does not govern personal data processed by independent third-party services accessible through HPzenAi platforms, including marketplace platforms, payment gateways, and logistics partners; users should review those services' privacy policies independently.
Account Registration & Security
HPzenAi applies a data-minimisation approach to account registration and authentication. Only the information reasonably required for account creation, account security, and service delivery is collected at the relevant stage of use.
- Email address is the primary identifier for all HPzenAi accounts and is used for account sign-up, sign-in, order confirmations, dispatch notifications, warranty communications, and support correspondence.
- Name, phone number, and delivery address are collected at the time of placing an order, solely for the purposes of order fulfilment, shipment dispatch, and customer communication.
- Login credentials, passwords, and authentication tokens are protected using appropriate cryptographic and access-control measures; HPzenAi does not intentionally store plaintext account passwords.
- Additional verification measures may be used for sensitive account actions such as password reset, account recovery, or security-related account changes.
- HPzenAi will never request login credentials, OTPs, or session tokens via phone call, email, WhatsApp, or any channel other than the official secure platform interface.
Categories of Personal Data Collected
HPzenAi collects personal data across the categories described below, depending on how the customer interacts with its platforms, products, and services. HPzenAi applies the principle of data minimisation and collects only data that is necessary for the identified purpose.
- Identity and contact data: full name, email address, mobile phone number, billing address, shipping address, state, city, and PIN code. This data is collected primarily for order fulfilment, shipment dispatch, real-time delivery tracking and notifications, invoicing, and customer communication.
- Financial and transactional data: payment status, payment references, Razorpay transaction identifiers, UPI transaction identifiers where applicable, order history, invoice numbers, and GST or PAN details for registered business accounts. HPzenAi does not store full card numbers, CVV data, UPI PINs, net-banking credentials, or other full payment authentication data on its own systems; payment collection and processing are handled through the authorised Razorpay payment gateway and its banking or network partners.
- Device and technical data: IP address, approximate network-derived geolocation, browser type and version, operating system, device type and model, mobile app version, session identifiers, and referring URLs. HPzenAi does not collect, request, or access precise GPS location data on any platform.
- Support and communication data: support ticket content, email and WhatsApp correspondence, review and rating submissions, and content voluntarily submitted through feedback or community channels. HPzenAi may use WhatsApp Business messaging for order updates, customer support, warranty assistance, and service-related communications where the user initiates or consents to such interaction.
- Marketing and preference data: communication preferences, opt-in and opt-out history, promotional interaction records, and referral or affiliate identifiers.
- Mobile application permissions: HPzenAi mobile applications access device permissions only when required for a specific feature and only after obtaining the user's permission through the operating system permission controls.
IoT Data, Sensor Telemetry & Connected Devices
Certain HPzenAi connected products may transmit operational and sensor data to HPzenAi's cloud platform based on the product configuration, connectivity settings, and service features enabled by the user. HPzenAi seeks to limit such collection to data reasonably required for product operation, remote support, diagnostics, analytics, and service improvement.
- Sensor and telemetry data collected from connected HPzenAi products may include: device serial number, firmware version, connectivity status, operational state, sensor readings (such as voltage, current, power, temperature, load, or other measurements specific to the product), event logs, alert histories, and system diagnostic data.
- IoT product data collection and cloud synchronisation depend on the user's connectivity and service configuration; products that are not connected to HPzenAi's cloud services may not transmit the same categories of data.
- Unless otherwise agreed in writing, operational telemetry and device-generated data collected through HPzenAi products remain associated with the customer account through which the device is managed and are processed solely for the purposes described in this Privacy Policy.
- Connected product and sensor data is used for device monitoring, remote diagnostics, performance analysis, alerting, firmware support, system improvement, and product quality and reliability enhancement.
- Sensor, telemetry, and IoT device data is not sold, licensed, or disclosed to any third party for commercial, advertising, or research purposes; this data is strictly for HPzenAi's internal product operations and improvement activities.
- HPzenAi does not use IoT telemetry data to identify personal behaviour patterns, create advertising profiles, or conduct behavioural advertising.
- Retention periods for IoT, telemetry, and device diagnostics data are governed by the retention section of this policy.
- Communications between connected devices and HPzenAi cloud services are protected using appropriate transport and storage security controls.
Purposes & Legal Bases for Processing
HPzenAi processes personal data only for the specific purposes described below, on one or more of the following lawful bases: customer consent, contractual necessity, business and operational purposes, and compliance with applicable legal obligations.
- Contract performance: processing orders, managing accounts, dispatching products, issuing GST-compliant invoices, enabling warranty and after-sales service, and all activities necessary to fulfil the customer's purchase.
- Consent: sending promotional or marketing communications, deploying non-essential analytics or marketing cookies, and personalising product recommendations.
- Business and operational purposes: fraud detection and prevention, platform security, product and firmware quality improvement, operational analytics, customer satisfaction assessment, and connected device health monitoring.
- Legal obligation: maintaining statutory records under the Companies Act, 2013, CGST Act, 2017, income tax regulations, and other applicable Indian laws.
- Product improvement and safety: using anonymised or pseudonymised IoT operational and telemetry data to improve product reliability, detect hardware or firmware issues, release security patches, and enhance product safety.
- HPzenAi does not process personal data for automated individual profiling, algorithmic decision-making with legal or similarly significant effects, or commercial data exploitation purposes beyond those described in this policy.
Data Sharing & Third-Party Disclosures
HPzenAi does not sell personal data. Personal data is shared with third parties only where necessary for the purposes described in this policy and subject to contractual data processing obligations and confidentiality requirements.
- Logistics and order fulfilment: for direct-store orders, identity and shipping address data (name, phone number, delivery address, and order reference) is shared with Shiprocket, HPzenAi's B2C logistics aggregation partner. Shiprocket transmits the minimum necessary delivery data to the assigned logistics carrier to complete the shipment. Shiprocket operates under its own privacy policy, and the assigned carrier operates under its respective data handling terms; customers are encouraged to review those policies.
- Payment and financial service providers: RBI-authorised payment gateways, acquiring banks, UPI processors, and fraud-prevention service providers who process payment transactions on HPzenAi's behalf under PCI-DSS compliant and contractually bound data processing terms.
- Cloud infrastructure and technology providers: cloud hosting, database management, push notification delivery, email and SMS dispatch, and customer relationship management service providers engaged to operate HPzenAi platforms; these providers act as data processors under written data processing agreements.
- Marketplace platforms: order-level data is exchanged with Amazon, Flipkart, or other marketplace operators solely for fulfilment, buyer protection, customer support, and return management for orders placed through those respective channels.
- Orders placed through Amazon, Flipkart, or other marketplace platforms are additionally governed by the privacy policies and terms of those respective platforms.
- Legal and regulatory bodies: government authorities, regulatory agencies, law enforcement agencies, or courts when disclosure is required by applicable Indian law, a valid court order, or a regulatory direction.
- Business transfers: in the event of a merger, acquisition, business restructuring, or asset sale, personal data may be transferred to successor entities subject to equivalent data protection obligations.
Cloud Infrastructure, Data Residency & International Transfers
HPzenAi's digital platforms, backend services, and connected device cloud are hosted on commercial cloud infrastructure and related service-provider systems selected by HPzenAi for operational, security, and scalability requirements.
- HPzenAi may store and process data on infrastructure operated by third-party cloud, communication, analytics, and business-service providers engaged under contractual confidentiality and data-processing obligations.
- HPzenAi seeks, where operationally feasible, to use infrastructure and service configurations appropriate for Indian business and consumer operations; however, certain processors or integrations may involve storage, routing, backup, or support access outside India.
- Where cross-border processing or access occurs, HPzenAi applies contractual, organisational, and technical safeguards appropriate to the nature of the data and applicable legal requirements.
- Users may contact HPzenAi at support@hpzenai.com, call +91 8147827776, or use WhatsApp at +91 8147827776 for additional information regarding the handling framework applicable to their personal data.
Data Security & Firmware Update Practices
HPzenAi implements technical and organisational measures intended to protect personal data, preserve platform integrity, and support the security of its connected product ecosystem.
- HPzenAi employs encryption, access controls, authentication mechanisms, network security controls, logging, monitoring, and other industry-standard security measures appropriate to the nature of the data processed.
- Access to personal data is restricted to authorised personnel and service providers on a need-to-know basis, subject to role-based or function-based access controls where applicable.
- All payment processing is handled through authorised third-party payment processors, including Razorpay, and HPzenAi does not intentionally store full card numbers, CVV data, or UPI PINs on its own infrastructure.
- HPzenAi may release software and firmware updates, including security updates, bug fixes, and compatibility improvements, for supported connected products.
- HPzenAi periodically reviews and updates its technical and organisational security measures to address evolving security threats, technological developments, and operational requirements.
- Although HPzenAi applies reasonable security safeguards, no method of transmission, storage, or processing can be guaranteed to be completely secure or immune from unauthorised access, misuse, or system failure.
- In the event of a personal data breach that is likely to affect data principals, HPzenAi will take reasonable steps to investigate, mitigate, and comply with applicable legal reporting and notification obligations under Indian law.
Data Retention & Deletion Schedules
HPzenAi retains personal data only for the period reasonably necessary to fulfil the relevant processing purpose, or for such longer period as may be required by applicable law, regulatory obligation, audit requirement, dispute preservation, or legitimate business record-keeping needs.
- Account and identity data: retained for the duration of the active account and for three years following account closure or the date of last account activity.
- Transactional and financial records: retained for a minimum of seven years from the date of the transaction in compliance with the Companies Act, 2013, CGST Act, 2017, and applicable income tax regulations.
- Active IoT and sensor data: generally retained in primary accessible storage for approximately thirty days from collection, subject to service design and operational requirements.
- Archived IoT and sensor data: may then be transitioned to restricted-access archival storage for up to twelve months from the original collection date for forensic analysis, security investigation, product support, and legal or regulatory preservation purposes.
- Support and warranty records: retained for two years from the date of the last support interaction or warranty claim resolution.
- Marketing and consent records: retained for the duration of the active consent and for three years thereafter to evidence regulatory compliance.
- Technical and session data: retained for up to twelve months from collection, unless aggregated or anonymised for platform improvement analytics.
- Where personal data must be retained beyond the stated periods due to pending litigation, regulatory investigation, law enforcement requests, or a specific statutory obligation, it will be preserved under restricted-access conditions and deleted promptly once the legal retention obligation has been discharged.
Cookies, Notifications & Communication Preferences
HPzenAi uses cookies and similar tracking technologies on its websites and applications to enable core platform functionality, measure performance, and support optional marketing activities. HPzenAi also sends push notifications to mobile app users for operational and, optionally, promotional purposes.
- Strictly necessary cookies: required for authentication, session management, shopping cart functionality, and security features; these cannot be disabled while using the platform.
- Functional cookies: store interface preferences such as language, region, and display settings to improve usability on repeat visits.
- Analytics cookies: collect aggregated, anonymised data about page visits, navigation patterns, and device types to help HPzenAi improve platform performance.
- Marketing and targeting cookies: deployed only with prior explicit consent and may enable personalised promotional content and campaign performance measurement.
- Where required by applicable law, HPzenAi will obtain user consent before placing non-essential cookies or similar tracking technologies.
- Users may manage cookie preferences through browser settings or HPzenAi's cookie consent control; disabling certain cookie categories may affect platform features.
- HPzenAi may send transactional emails relating to account activity, order confirmations, shipping updates, warranty services, security notifications, support communications, and product-related service notices. Users may opt out of promotional emails but cannot opt out of communications necessary for account administration, security, or order fulfilment.
- HPzenAi sends push notifications to mobile app users for transactional events (order confirmed, dispatched, out for delivery, delivered) and optional promotional communications; transactional notifications are part of the core service.
- Customers who do not wish to receive promotional push notifications may opt out at any time through the notification settings in the HPzenAi mobile app or through the operating system's notification management settings; opting out of promotional notifications does not disable transactional notifications necessary for order fulfilment.
Third-Party Websites & External Links
HPzenAi platforms may contain links to third-party websites, marketplaces, payment providers, logistics portals, app stores, documentation resources, or other external services for user convenience and operational purposes. Such external sites and services are not controlled by HPzenAi and operate under their own terms, privacy notices, and data-handling practices.
- Accessing a third-party website or service through an HPzenAi link is at the user's discretion and risk.
- HPzenAi is not responsible for the privacy practices, content, security standards, or data processing methods of any third-party website or platform.
- Users should review the privacy policy, terms of use, and related legal notices of each third-party website before submitting personal data or conducting any transaction on that platform.
Rights of Data Principals (DPDPA 2023)
As a data principal under the Digital Personal Data Protection Act, 2023, you have the following rights, which HPzenAi is obligated to respect. HPzenAi will respond within the timelines prescribed under applicable law or, where no specific statutory timeline applies, within a reasonable period.
- Right to access information: you may request a summary of the personal data HPzenAi processes about you and the purposes for which it is being processed.
- Right to correction and erasure: you may request correction of inaccurate or incomplete personal data, or erasure of data where continued processing is no longer necessary for the stated purpose.
- Right to withdraw consent: where processing is based on your consent, you may withdraw it at any time; withdrawal does not affect the lawfulness of processing carried out before withdrawal.
- Right to grievance redressal: you may submit a privacy-related grievance to HPzenAi using the contact details provided in this policy.
- Right to nominate: you may nominate a person to exercise your data principal rights in the event of your death or incapacity, in accordance with the procedure prescribed under DPDPA 2023.
- Users may request account closure and deletion of eligible personal data by contacting support@hpzenai.com. Certain records may be retained where required by law, fraud prevention requirements, warranty obligations, dispute resolution, taxation requirements, or regulatory compliance.
- To exercise any of these rights, contact HPzenAi at support@hpzenai.com with sufficient account and identity details to enable verification and response. For support follow-up, users may also call +91 8147827776 or use WhatsApp at +91 8147827776.
Children's Privacy
HPzenAi products and services are not intended for individuals under the age prescribed under applicable law. Where required by law, HPzenAi may require parental or guardian consent before processing personal data relating to minors. Privacy-related queries, requests, and grievances may be addressed to HPzenAi by email.
- If a parent or guardian believes that personal data relating to a minor has been provided to HPzenAi inappropriately, they should contact support@hpzenai.com so that the matter can be reviewed and appropriate corrective action can be taken.
Grievance Officer
For privacy-related complaints, grievances, or rights requests under this Privacy Policy, users may contact HPzenAi through the grievance contact details below. HPzenAi will acknowledge and address grievances within the timelines prescribed under applicable law.
- Grievance Officer
- HPzenAi Technologies Private Limited
- Registered office: HPzenAi Technologies Private Limited, 02/A, Bidaragere Road, Anekal Town, Bengaluru, Karnataka - 562106, India
- Email: support@hpzenai.com
- Phone: +91 8147827776
- WhatsApp: +91 8147827776
- For complete contact details and department-specific contact channels, refer to the Contact Us page.
Policy Updates
HPzenAi may update this Privacy Policy from time to time to reflect changes in law, technology, products, services, or business operations. The version published on the HPzenAi platform is the operative version.
- Where reasonably practicable, HPzenAi will notify associated members and customers of material policy changes through available communication channels, which may include WhatsApp message, mobile app notification, and email.