PrimeServe
All policies
Legal Policy

Privacy Policy

How PrimeServe collects, uses, stores, and protects personal data.

Updated 1 May 2026Effective 1 May 2026

This policy applies to PrimeServe Facility Solutions business buyers and platform users. For policy questions or operational support, contact PrimeServe through the support details listed in the relevant policy section.

1. Introduction

Primeserve Facility Solutions ("PrimeServe", "we", "us", or "our") respects the privacy of every individual and business that uses the PrimeServe web application, mobile application, websites, and related services (collectively, the "Platform"). This Privacy Policy describes how we collect, use, store, share, retain, and protect personal and business information processed through the Platform.

This Privacy Policy is published in accordance with the provisions of the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (the "DPDP Act"), as applicable and as progressively notified.

2. Scope

This Privacy Policy applies to all users of the Platform, including authorized representatives of business buyers, employees of buyer organizations, prospective customers, visitors to the website, and any individual whose personal information is provided to PrimeServe in connection with a transaction or potential transaction.

3. Role of PrimeServe

In respect of the personal information we collect directly from users for the operation of the Platform, PrimeServe acts as a Data Fiduciary (under the DPDP Act). In some cases, where personal information is provided by a buyer organization in respect of its employees or representatives, PrimeServe may act as a Data Processor on behalf of the buyer organization. The buyer organization is responsible for ensuring that such personal information has been lawfully obtained and shared with PrimeServe.

4. Information We Collect

We may collect the following categories of information:

4.1 Personal Information

  • Full name, designation, and role of authorized representatives;
  • Email address and mobile number;
  • Username and account credentials (passwords are stored in hashed form using bcrypt and are never accessible to PrimeServe staff);
  • Photograph or signature captured for proof of delivery (where applicable).

4.2 Business Information

  • Business name, registered address, branch addresses, and shipping locations;
  • GSTIN, PAN, business registration number, CIN, and other tax identifiers;
  • Trade references and business background;
  • Bank account details (for refunds and credit verification).

4.3 Transaction Information

  • Order history, cart activity, product preferences, purchase patterns, and reorder cycles;
  • Invoices, delivery challans, and payment records;
  • Communication and support interactions in connection with orders.

4.4 Payment Information

  • Payment method selected (UPI, card, net banking, COD, credit, NEFT);
  • Transaction reference numbers, success or failure status, and amount;
  • PrimeServe does NOT store full credit card numbers, CVV, or net banking passwords. These are handled directly by the payment service provider (Razorpay) in accordance with PCI-DSS standards.

4.5 Credit Assessment Information

  • Documents submitted in connection with a credit application, including bank statements, GST returns, financial information, and authorization letters;
  • Internal scoring and credit history maintained by PrimeServe in respect of payment behavior.

4.6 Device, Technical, and Usage Information

  • IP address, browser type and version, device type, operating system, and screen resolution;
  • Pages visited on the Platform, time spent, click paths, and search queries;
  • Cookies and similar tracking technologies, including persistent and session cookies;
  • Approximate geolocation derived from IP or device location (where permission is granted).

4.7 Delivery Information

  • Delivery address(es), special instructions, time-window preferences;
  • Proof of delivery: signature on delivery challan, OTP, photograph of received goods, GPS-tagged timestamp.

4.8 Communications

  • Email, SMS, WhatsApp, in-app chat, and call records (where calls are recorded for quality and training, with prior intimation as required by law);
  • Marketing preferences and consent records.

5. How We Collect Information

We collect information through:

  • Direct submission by users during registration, ordering, credit application, and support interactions;
  • Automated logging through cookies, pixels, server logs, and analytics tools;
  • Communications received from buyer organizations (where they nominate authorized representatives);
  • Third-party sources such as the GSTIN public registry (for verification), payment gateways (for transaction status), and credit information bureaus (where the user has consented or where permitted by law).

6. Purposes of Processing

We process personal and business information for the following purposes:

  • To register and verify user accounts and business credentials;
  • To accept, process, fulfill, deliver, and invoice orders;
  • To issue GST-compliant tax invoices and maintain books of account as required by law;
  • To assess, approve, monitor, and recover credit extended to buyer organizations;
  • To prevent and detect fraud, unauthorized access, and abuse of the Platform;
  • To respond to queries, complaints, and grievances;
  • To send transactional communications (order confirmations, delivery updates, invoice copies, payment reminders, account notices);
  • To send marketing and promotional communications by email, SMS, WhatsApp, or push notifications, where consent has been provided or where permitted under applicable law;
  • To analyze and improve the Platform, the catalog, pricing, and the customer experience;
  • To comply with legal, regulatory, audit, and tax obligations; and
  • To enforce these Terms and other policies, and to protect PrimeServe's legal rights.

7. Legal Basis and Consent

Personal information is processed on one or more of the following legal bases:

  • Consent of the data principal (where applicable);
  • Performance of a contract with the buyer organization;
  • Compliance with a legal obligation (such as tax and accounting laws);
  • Legitimate purposes (such as fraud prevention, network and information security, and direct marketing to existing customers within the limits of applicable law).

Consent, where required, is obtained at the time of registration, order placement, credit application, or marketing opt-in. The user may withdraw consent at any time by contacting the Grievance Officer or by using the in-app opt-out / unsubscribe controls. Withdrawal of consent shall not affect the lawfulness of processing prior to such withdrawal.

8. Use of Information for Order Fulfillment

Information necessary to fulfill an order — including the buyer's name, business name, delivery address, contact number, and order details — is shared with internal warehouse staff, delivery personnel, and (where applicable) third-party logistics providers, solely to enable delivery and post-delivery support.

9. Use of Information for GST and Tax Compliance

GSTIN, PAN, billing details, invoice information, and transaction records are used to issue GST-compliant tax invoices, file GST returns, maintain books of account, comply with audit requirements, and respond to lawful requests from tax authorities. Such information is retained for the period prescribed under the GST law and the Income Tax Act, 1961.

10. Use of Information for Credit Assessment

Credit application documents and payment behavior records are used to assess creditworthiness, set credit limits, monitor outstanding balances, and recover overdue amounts. Aggregated and anonymized credit data may be used for internal risk modeling. PrimeServe does not currently use third-party credit bureaus for B2B credit assessment in the beta phase, but may do so in the future with separate consent.

11. Use of Information for Fraud Prevention

PrimeServe uses transaction patterns, IP and device data, and order behavior signals to detect and prevent fraudulent activity. Where a transaction is flagged as suspicious, additional verification may be requested or the transaction may be declined.

12. Sharing of Information

PrimeServe does not sell or rent personal information. We may share information with the following categories of recipients, only to the extent necessary for the purpose for which the information was collected:

  • Suppliers, distributors, and manufacturers — for procurement of ordered products;
  • Logistics partners and own-fleet delivery staff — for delivery and post-delivery service;
  • Payment gateways and banks — for processing of payments and refunds;
  • IT and cloud service providers, including database, analytics, communication, and infrastructure providers — for hosting and operation of the Platform;
  • Auditors, accountants, and legal advisors — for audit and legal compliance;
  • Government, regulatory, and law-enforcement authorities — where required by law or to protect PrimeServe's legal rights;
  • Marketing service providers — for sending promotional communications, where consent has been obtained;
  • Successors in interest — in connection with a merger, acquisition, restructuring, or sale of assets, subject to appropriate confidentiality obligations on the successor.

13. Cookies and Tracking Technologies

PrimeServe uses cookies and similar tracking technologies to operate, secure, and improve the Platform. These include:

  • Strictly necessary cookies — required for login, session management, cart, and checkout;
  • Functional cookies — to remember preferences (language, location);
  • Analytics cookies — including Google Analytics — to understand how the Platform is used and to improve performance;
  • Advertising and remarketing cookies — including Meta Pixel — to deliver relevant advertising on third-party platforms.

The user may control non-essential cookies through the cookie consent banner displayed on first visit, the browser settings, and the in-app preferences. Disabling certain cookies may limit functionality of the Platform.

14. Marketing Communications

By registering on the Platform, the user consents to receive transactional communications relating to their orders, account, and platform notices through email, SMS, WhatsApp, and push notifications.

Marketing communications (promotional offers, new product launches, seasonal campaigns) are sent only where the user has provided consent at the time of registration or subsequently. The user may opt out of marketing communications at any time by:

  • Using the unsubscribe link in any marketing email;
  • Replying STOP to any marketing SMS or WhatsApp message;
  • Updating preferences in the account settings on the Platform; or
  • Contacting the Grievance Officer.

Opt-out from marketing communications shall not affect transactional communications, which are essential to the operation of the account.

15. Data Retention

Personal and business information is retained for the following periods, except where a longer or shorter period is required or permitted by law:

  • Account information: for the duration of the account, plus 3 (three) years following account closure;
  • Transaction records, invoices, and tax documents: for 8 (eight) years from the end of the financial year, in accordance with GST and Income Tax law;
  • Credit application documents: for 7 (seven) years from the date of credit closure;
  • Marketing consent and preferences: until consent is withdrawn or for 3 (three) years of inactivity, whichever is earlier;
  • Server logs and security records: for 12 (twelve) months;
  • Support communications: for 3 (three) years;
  • Cookies: as per the duration set on each cookie type.

After the applicable retention period, information is securely deleted, anonymized, or archived in a manner that prevents identification of the data principal.

16. Data Security

PrimeServe implements reasonable security practices and procedures to protect personal and business information, including:

  • Encryption of data in transit using TLS/SSL;
  • Hashing of passwords using bcrypt;
  • Role-based access controls within the admin and operational systems;
  • Secure cloud hosting on Supabase (India region) with industry-standard data center controls;
  • Regular review of security configurations and access logs; and
  • Internal training and confidentiality obligations for staff with access to data.

Despite these measures, no system is completely secure. PrimeServe shall not be liable for unauthorized access, loss, or corruption of data caused by events outside its reasonable control, except to the extent required by applicable law. In the event of a data breach involving personal information, PrimeServe shall notify the affected data principals and the Data Protection Board (under the DPDP Act) within the timelines and in the manner prescribed.

17. User Rights

Subject to applicable law and operational feasibility, the user has the following rights in respect of their personal information:

  • Right to access — to obtain confirmation of whether and how PrimeServe processes their personal information, and to obtain a summary of such information;
  • Right to correction — to request correction of inaccurate or outdated personal information;
  • Right to erasure — to request deletion of personal information, except where retention is required by law or for legitimate business purposes;
  • Right to withdraw consent — to withdraw consent for processing where the legal basis is consent;
  • Right to grievance redressal — to file a grievance with the Grievance Officer;
  • Right to nominate — to nominate another individual to exercise rights in the event of death or incapacity, in accordance with the DPDP Act.

Requests should be sent to the Grievance Officer with sufficient information to verify the identity of the requester. PrimeServe shall respond within the timeline prescribed by applicable law (typically 30 days under DPDP Rules, where notified).

18. Business Account Administration

Where multiple authorized representatives of a buyer organization use the same business account, the buyer organization is responsible for managing internal access, removing former employees, and notifying PrimeServe of any changes. Personal information of authorized representatives may be visible to other authorized representatives within the same buyer organization for the purpose of internal procurement coordination.

19. Cross-Border Transfer

All personal and business information is hosted within India on Supabase infrastructure and on PrimeServe's primary databases. Cross-border transfer of personal information is not currently undertaken. Should this position change in future (for example, with the use of cloud services hosted outside India), this Privacy Policy shall be updated, and where required, separate consent shall be obtained or appropriate safeguards put in place under the DPDP Act.

20. Children's Privacy

The Platform is not intended for use by individuals under the age of 18 (eighteen). PrimeServe does not knowingly collect personal information of minors. If PrimeServe becomes aware that personal information of a minor has been collected, such information shall be deleted promptly.

21. Third-Party Links

The Platform may contain links to third-party websites, payment gateways, or services. PrimeServe is not responsible for the privacy practices of any third party. Users are encouraged to review the privacy policies of any third party before providing information to it.

22. Updates to this Privacy Policy

PrimeServe may update this Privacy Policy from time to time. The updated policy shall be posted on the Platform with a revised "Last updated" date. Material changes shall be notified through email or in-app notification. Continued use of the Platform after such notification shall constitute acceptance of the updated Privacy Policy.

23. Grievance Officer / Contact

Any grievance, query, or request relating to personal information or this Privacy Policy may be addressed to the Grievance Officer:

  • Name: [Grievance Officer Name to be designated]
  • Email: grievance@primeservefs.com
  • Phone: +91 7795242918
  • Address: No. 5/1, Jogpalya, Halasuru (Ulsoor), Bengaluru – 560008, Karnataka, India
  • Hours: Monday to Saturday, 9:00 AM to 9:00 PM IST

Where the grievance is not satisfactorily addressed, the user may approach the Data Protection Board of India (or any successor regulator) under the DPDP Act, 2023.

24. Legal Review Disclaimer

This Privacy Policy has been drafted in good faith and reflects practices applicable as of the effective date. As the DPDP Act and its rules are progressively notified, this Privacy Policy shall be updated. Independent legal advice is recommended for any specific situation.