Privacy Policy
1. Definition
For the purposes of this Privacy Policy, the following key terms shall have the meanings assigned to them:
- “Company,” “We,” “Us,” or “Our” refers to Glazer Labs Private Limited, registered at Office No 601, 6th Floor, Cube By Solaris, Piplod, Surat, Gujarat, India 395007.
- “User,” “You,” or “Your” refers to any individual accessing or using the Platform, including registered users and visitors.
- “Platform” refers to all content, websites, and services offered by THRYL, including https://www.thryl.io and the THRYL mobile application.
- “Services” refers to all products, functionalities, and services provided through the Platform.
- “Personal Information” refers to any data that identifies an individual, including name, email address, phone number, username, password, IP address, and billing details.
- “Sensitive Personal Data or Information (SPDI)” refers to passwords, financial details, health conditions, sexual orientation, medical records, biometric information, and any other legally defined sensitive data.
- “User Data” refers to all information collected from Users during use of the Platform, including browsing activity, preferences, and interactions.
- “Business Partners” refers to any individual or entity with whom We have a contractual relationship, including merchants, advertisers, and brands.
- “Service Providers” refers to individuals or entities engaged by Us to assist in delivering Services, including third-party vendors and data processors.
- “Thryl Entities” refers to our associate, subsidiary, affiliate, and/or group companies involved in delivering services through the Platform.
2. General
2.1 THRYL is a brand under Glazer Labs Private Limited. This Privacy Policy applies to all content displayed and services offered through https://www.thryl.io and the THRYL mobile application (“Platform”).
2.2 This Privacy Policy informs Users about how their personal data is collected and processed when using the Services available on the Platform.
2.3 This Privacy Policy is an electronic record formed under the Information Technology Act, 2000. It is a legally binding document between the User and the Company and does not require any physical, electronic, or digital signature.
2.4 By visiting or using our Platform, you acknowledge that you accept the practices outlined in this Privacy Policy and consent to our collection, use, and disclosure of your information. If you do not agree, please do not use this Platform.
2.5–2.12 We collect, use, share, disclose, and protect your personal data only to enhance the Platform and respond to your requests. Personal Information is used strictly in line with our business purposes. We reserve the right to change this Privacy Policy at our sole discretion. Continued use of the Platform constitutes acceptance of any changes made.
3. Processing of Information
3.1 Users accessing the Platform from jurisdictions outside of India acknowledge that their Personal Information shall primarily be processed and stored within India or any other jurisdiction where the Company engages third-party service providers. By accepting this Privacy Policy, Users provide their informed consent for the collection, processing, sharing, and storage of their Personal Information.
3.2 In the event that a User has concerns regarding how their Personal Information is being processed, they are advised to refer to Section 11 (Withdrawal of Consent and Permission) of this Privacy Policy for guidance on their rights and available remedies.
4. User Rights & Consent Management
4.1 User Rights — Users of the THRYL Platform have the following rights:
- Right to Access – Users may request access to their Personal Information stored on the Platform.
- Right to Correction – Users can request corrections to any inaccurate or outdated Personal Information.
- Right to Deletion – Users may request deletion of their Personal Information, subject to applicable legal requirements.
- Right to Restrict Processing – Users may request restriction on how their Personal Information is processed.
- Right to Data Portability – Where technically feasible, Users may request a copy of their Personal Information in a machine-readable format.
- Right to Object – Users can object to processing activities including marketing communications and automated decision-making.
- Right to Withdraw Consent – Users can withdraw their consent at any time, subject to resulting limitations on Platform usage.
4.2 Consent Management — Consent is obtained via Explicit Consent (agreeing to this Policy upon registration), Implied Consent (continuing to use the Platform after notification), and Contractual Consent (entering into agreements with THRYL for specific services).
4.3 Withdrawal of Consent — Users may withdraw consent at any time by contacting us at resident.grievance@thryl.io. THRYL will acknowledge within 24 hours and process the request within 15 business days.
4.5 Opt-Out from Marketing — Users may opt out of marketing communications at any time via the “Unsubscribe” link in marketing emails or by updating preferences in their account settings.
5. Information Collected
5.1 The Company collects the following categories of information from the User:
- Personal Information: Name, phone number, username, password, email address, IP address, and details of websites visited before and after using the Platform.
- Social Media Information: Any information voluntarily shared on social media platforms linked with their THRYL account, including usernames, preferences, and associated metadata.
- Device and Usage Information: Device type, operating system, browser details, IP address, geolocation data, and unique device identifiers. Logs including access times and pages viewed.
- Sensitive Personal Data or Information (SPDI): Passwords; financial information such as bank account and credit/debit card details; physical, physiological, and mental health conditions; medical records; biometric information; sexual orientation.
- Communications and Support Data: Any correspondence between the User and the Company, including emails, messages, and calls, stored for internal analysis and customer support.
- Publicly Available Information: The Company reserves the right to use any information freely available in the public domain without explicit consent.
5.2 The User acknowledges and consents to the processing of the aforementioned data for the purpose of rendering Services, ensuring legal compliance, and enhancing Platform functionality.
6. Information Disclosure
6.1 The Company may transfer, store, or process Information Collected on secure data servers operated by the Company or its authorized third-party service providers. Commercially reasonable security measures are implemented to prevent unauthorized access or misuse.
6.2 The Platform may contain hyperlinks or references to third-party websites. The Company is not responsible for the privacy practices of such third-party platforms.
6.3 The Company shall not use the User’s Personal Information for direct marketing or targeted advertisements without the User’s explicit, prior, and informed consent.
6.4 The Company reserves the right to disclose Personal Information without additional consent when necessary to: comply with applicable laws; prevent fraudulent activities; protect the rights of the Company or Users; enforce Terms of Use; respond to intellectual property claims; or detect financial crimes.
6.5 The Company shall not sell, lease, license, or commercially exploit Personal Information. Anonymized, aggregated, or de-identified data may be shared with service providers for statistical analysis, provided such information cannot identify any User.
6.7 In the event of corporate restructuring, including a merger, acquisition, or sale of assets, the Company may transfer User Personal Information to the acquiring entity. Users shall be duly notified of any such transfer.
7. Use of Information Collected
7.1 The Company may collect, store, process, and use Personal Information including payment details solely for the purpose of facilitating transactions initiated by the User on the Platform.
7.2 Information Collected may be used for the following purposes:
- To send confirmations and notifications regarding Services via SMS, email, WhatsApp, or other authorized channels.
- To facilitate customer support and allow Company representatives to contact the User.
- To personalize and optimize the content and functionality of the Platform.
- To conduct identity verification and ensure compliance with the Company’s security policies.
- To send personalized notifications or promotional offers, subject to the User’s marketing preferences.
- To investigate, mitigate, or resolve disputes, troubleshoot technical issues, and detect fraudulent activities.
- To analyze demographic trends and behavioral patterns to improve Platform usability.
- To comply with judicial or regulatory requirements and provide information to law enforcement authorities.
- To conduct statistical analysis, risk assessments, and data analytics for product development and service improvement.
7.5 Protection of Minors — The Company does not knowingly collect Personal Information from individuals under 18 without parental consent. If such information is obtained without authorization, the Company shall deactivate the account and delete collected data.
7.8 Legal Compliance — The Company may access, preserve, and disclose Personal Information as necessary to comply with applicable laws, court orders, subpoenas, or regulatory investigations; protect the Company’s legal rights; or safeguard Users from fraud and security threats.
8. Sharing of Information
8.1 The Company may share Information Collected with third parties strictly for the purposes outlined in this Privacy Policy. Users acknowledge and provide explicit consent for such data sharing where necessary to facilitate the provision of Services.
8.2 The Company may share Information Collected with:
- Business Partners, Service Providers, and Affiliates: Limited to the extent necessary to deliver services and in compliance with contractual obligations.
- Third-Party Service Providers: For facilitating transactions, processing payments, fraud prevention, IT infrastructure, customer support, analytics, and marketing operations.
- Internal Investigations and Legal Compliance: User data may be shared with compliance teams, auditors, or agencies conducting fraud or security investigations.
- Legal Obligations and Law Enforcement: When required by law, court orders, or government requests.
- Corporate Transactions: In the event of a business merger, acquisition, or asset transfer. Users shall be notified of such transfers.
8.4 The Company does not sell, rent, or trade individual User data to third parties for marketing or commercial purposes. However, anonymized or aggregated statistical data may be shared with partners for analytics and service enhancement.
8.6 Users acknowledge that information voluntarily shared on publicly accessible sections of the Platform, such as reviews or forums, may be visible to third parties and is shared at the User’s discretion.
9. Tenure of Storing Your Information
9.1 Data Retention Periods — The Company shall retain Information Collected only for the duration necessary to fulfill the purposes outlined in this Privacy Policy:
- Active Account Duration: User Data is retained as long as the User maintains an active account. If a User remains inactive for 24 months, the Company may delete or anonymize their Personal Information.
- Service Fulfillment & Legal Compliance: Personal Information required for transaction history shall be retained for 5 years from the date of last activity. Data for tax compliance and AML requirements shall be stored for up to 7 years.
- Dispute Resolution: Data necessary for resolving disputes shall be retained until the resolution of the dispute, including any appeal periods.
- Analytics & Research: Aggregated, de-identified data may be retained indefinitely, provided it does not directly or indirectly identify any individual User.
9.2 Secure Deletion & Anonymization — Upon expiry of the applicable retention period, or at the User’s request, the Company shall securely delete, anonymize, or aggregate Personal Information. Backup copies shall be encrypted using AES-256 encryption and retained only for disaster recovery. Backups shall be permanently deleted within 90 days from deletion in active systems.
Users may request permanent deletion of their Personal Information by submitting a written request to the Grievance Officer. The Company shall process data deletion within 30 days upon verification, subject to any legal obligations requiring continued retention.
10. Storage & Security
10.1 The Company is committed to implementing robust technical and organizational security measures to safeguard the confidentiality, integrity, and availability of Personal Information and User Data.
10.2 The Company utilizes third-party cloud service providers, including Amazon Web Services (AWS) and Google Cloud Platform (GCP), for secure storage and processing. All data transmissions are encrypted using TLS/SSL protocols.
10.3 Security Safeguards implemented include:
- Access Controls: Restricting access to Personal Information only to authorized personnel with a legitimate business need.
- Encryption: Encrypting Personal Information during storage and transmission.
- Firewalls and Intrusion Detection: Advanced network security mechanisms to prevent unauthorized access.
- Data Minimization: Ensuring only necessary Personal Information is collected, processed, and retained.
- Periodic Security Audits: Regular security assessments, penetration testing, and audits.
10.5 While the Company employs industry-standard security practices, no digital platform can be completely secure. The Company does not guarantee absolute protection against unauthorized access or cyberattacks. In the event of a confirmed security breach, the Company shall conduct an internal investigation, implement remedial measures, notify affected Users, and provide guidance on protective steps.
10.6 Users are responsible for maintaining the security of their account credentials. Users should: log out from shared devices; keep passwords confidential; enable multi-factor authentication where available; and periodically update passwords.
11. Withdrawal of Consent
11.1 Users shall have the right to withdraw their consent for the collection, processing, or use of their Personal Information at any time by submitting a formal request to the Company. Such withdrawal may result in limited access to the Platform or inability to use certain Services.
11.2 The Company provides Users with the ability to opt out of receiving non-essential communications, including promotional correspondence. Users may opt out by adjusting their notification preferences in account settings or by using the “Unsubscribe” option in marketing emails.
11.3 Users shall have the right to review, update, or correct their Personal Information stored on the Platform by logging into their account using secure credentials.
11.4 Withdrawal of consent shall not affect the lawfulness of data processing carried out prior to such withdrawal. Where retention of Personal Information is required to comply with legal obligations or dispute resolution, the Company shall retain the necessary data despite the withdrawal request.
11.5 Upon receiving a withdrawal request, the Company shall assess its feasibility and respond within a reasonable timeframe, in compliance with applicable data protection laws.
12. Changes to Privacy Policy
12.1 The Company reserves the right to update, modify, amend, or replace this Privacy Policy at any time, at its sole discretion, in accordance with applicable legal and regulatory requirements. Any changes shall be effective immediately upon posting on the Platform. In the event of material changes, the Company shall provide Users with reasonable notice via email or in-app notifications.
12.2 If a User does not agree with the changes to the Privacy Policy, they shall have the right to discontinue use of the Platform and request deactivation or deletion of their account by contacting the Company at the designated email address.
12.3 By continuing to use the Platform after being notified of changes, Users explicitly acknowledge and accept the revised terms. Users are advised to periodically review this Privacy Policy to stay informed about their rights.
12.4 This Privacy Policy constitutes an electronic record as per the provisions of the Information Technology Act, 2000, the IT (Reasonable Security Practices and Procedures and SPDI) Rules, 2011, and other applicable laws in India.
13. Grievance Redressal
13.1 The Company is committed to addressing User grievances, complaints, and concerns regarding the processing of Personal Information, security breaches, and data protection matters in a fair and timely manner.
13.2 The Grievance Officer shall acknowledge receipt of a User’s complaint within 24 hours of submission and undertake to resolve the complaint within 15 days from the date of receipt. If additional time is required, the User shall be notified of the expected resolution timeline.
13.5 Contact the Grievance Officer:
- Designation: Grievance Officer
- Email: resident.grievance@thryl.io
- Address: Office No 601, 6th floor, Cube By Solaris, B/S Rajoo India, Rundh-Vesu, Piplod, Surat, Gujarat, India 395007
13.7 If the User is not satisfied with the resolution provided by the Grievance Officer, they may escalate the matter to the relevant data protection authority or regulatory body in accordance with applicable legal provisions.
14. Contact Us
Users who have queries, concerns, or complaints regarding this Privacy Policy or the Company’s processing of their Personal Information may contact us through the following details. The Company shall make reasonable efforts to respond to all legitimate requests within 15 days from the date of receipt.
| Designation | Grievance Officer |
| resident.grievance@thryl.io | |
| Phone | +91 95126 60096 |
| Address | Office No 601, 6th floor, Cube By Solaris, B/S Rajoo India, Rundh-Vesu, Piplod, Surat, Gujarat, India 395007 |