Last updated: 06 Mar 2025
1. DEFINITION
For the purposes of this Privacy Policy, the following key terms shall have the meanings assigned to them:
GENERAL
2.1 THRYL is a brand under Glazer Labs Private Limited, an Indian company with a registered office located at Office No 601, 6th floor cube By Solaris, B/S Rajoo India, Rundh-Vesu, Piplod, Piplod (Surat) Surat Gujarat India 395007, and its technical processors ("Company," "We," "Us," or "Our") are committed to protecting Your privacy and ensuring the confidentiality of Your data over the internet. This privacy policy ("Privacy Policy") applies to all content displayed and services offered to persons using or visiting ("Users," "You," or "Your") https://www.thryl.io and/or the mobile application under the name and style of Thryl ("App"), collectively referred to as "Platform."
2.2 The purpose of this Privacy Policy is to inform the User about the usage/processing of their personal data collected when using the services available on the Website/App. For the purpose of this Privacy Policy, we refer to any individual or group of individuals defined under law with whom we have a contractual relationship, including merchants, advertisers, deal partners, brands, businesses, etc., as "Business Partners"; to any individual or group of individuals defined under law whose services are used by us in order to provide our intended Services (defined hereinafter) to You through our Platform as "Service Providers"; and to our associate, subsidiary, affiliate, and/or group companies as "Thryl Entities."
2.3 We believe it is important for You to understand what information we collect from You, how it is used, and who will have access to that information. This Privacy Policy sets forth the policy in relation to the collection and usage of all types of Information Collected (specified below) in this Privacy Policy, including but not limited to Personal Information (defined hereinafter), including any Sensitive Personal Information (defined below) and User Data (defined hereinafter) that You may provide to us while using our Platform and related services (collectively "Services"). This Privacy Policy is an electronic record in the form of an electronic contract formed under the Information Technology Act, 2000, and the rules made thereunder. This Privacy Policy does not require any physical, electronic, or digital signature and is a legally binding document between the User and Us.
2.4 By visiting or using our Platform, domain name, and any other linked pages, features, content, or any other services we offer from time to time in connection therewith, or by using the Services in any manner, You acknowledge that You accept the practices and policies outlined in this Privacy Policy, and You hereby consent to our collection, use, and disclosure of Information Collected in accordance with this Privacy Policy. If You are not agreeable to this, please do not use this Platform and/or Services provided by us.
2.5 We collect, use, share, disclose, and protect Your personal data provided while using the Services available on the Platform. The data and Information Collected (defined hereinafter) is used only to enhance the operation of the Platform, allowing You to use all the listed features and allowing us to respond to Your requests/queries in an efficient manner. The Personal Information is used strictly in line with our business purposes and to provide You with useful features.
2.6 In this Privacy Policy, "Personal Information" shall mean information through which a User is capable of being identified, directly or indirectly, in combination with other information available or likely to be available with us, in particular by reference to User, their name, email address, phone number, username, password, billing address, Internet Protocol ("IP") address, as well as any information associated with the foregoing ("Personal Information"). Personal Information does not include anonymized information that has been appropriately processed to make it non-identifiable in order to irreversibly prevent its identification.
2.7 We respect the privacy of our Users and are committed to protecting it in all respects. The information about the User is collected by us as: (i) information supplied by Users; (ii) information automatically tracked during Users' navigation on the Platform; and/or (iii) information communicated directly to us via e-mail, telephone, or another channel.
2.8 User acknowledges that this Privacy Policy, Terms and Conditions, and such other policies as may be framed by us from time to time (as available at our Platform linked above), form our collective agreement ("Agreement") with the User in relation to his or her use of the Platform. Any capitalized term used but not defined in this Privacy Policy shall have the meaning attributed to it in our Terms and Conditions. In the event this Privacy Policy conflicts with the Agreement or any other agreement between You and the Company, the terms of the Terms and Conditions will prevail.
2.9 User acknowledges that this Privacy Policy, Terms and Conditions, and such other policies as may be framed by us from time to time (as available at our Platform linked above), form our collective agreement ("Agreement") with the User in relation to his or her use of the Platform. Any capitalized term used but not defined in this Privacy Policy shall have the meaning attributed to it in our Terms and Conditions. In the event this Privacy Policy conflicts with the Agreement or any other agreement between You and the Company, the terms of the Terms and Conditions will prevail.
2.10 For any Services that the User may use, we will collect the data that is strictly necessary (i) for the delivery of the Services, (ii) for the performance of a contract for which User is a party, (iii) for which User has given consent for such processing of data, or (iv) for compliance with a legal obligation to which we are subject.
2.11 By using the Platform or by otherwise giving us Information Collected, You will be deemed to have read, understood, and agreed to the practices and policies outlined in this Privacy Policy and agree to be bound by the Privacy Policy. You hereby consent to our collection, use, sharing, and disclosure of Your Information Collected as described in this Privacy Policy. We reserve the right to change, modify, add, or delete portions of the terms of this Privacy Policy at our sole discretion at any time.
2.12 You further agree that such collection, use, storage, disclosure, and/or transfer of Your Information Collected shall not cause any loss to any other person. You acknowledge that anything done, caused to be done, whether expressly or impliedly in contravention of this Privacy Policy may render the User liable for legal action.
PROCESSING OF INFORMATION
3.1 Users, particularly those accessing the Platform from jurisdictions outside of India, acknowledge and agree that their Personal Information shall primarily be processed and stored within India or any other jurisdiction where the Company engages third-party service providers to process such data on its behalf. By accepting this Privacy Policy, Users explicitly provide their informed consent for the collection, processing, sharing, and storage of their Personal Information in accordance with the provisions contained herein. Users further acknowledge that data protection laws applicable in India or any other jurisdiction where the data is processed may vary from, or provide lesser protections than, those applicable in their country of residence.
3.2 In the event that a User has any concerns regarding the manner in which their Personal Information is being processed, stored, or shared, they are advised to refer to Section 10 (Withdrawal of Consent and Permission) of this Privacy Policy for detailed guidance on their rights and available remedies.
USER RIGHTS AND CONSENT MANAGEMENT
4.1 User Rights
Users of the THRYL Platform have the following rights concerning their Personal Information, Sensitive Personal Data or Information (SPDI), and User Data:
Right to Access – Users may request access to their Personal Information stored on the Platform.
Right to Correction – Users can request corrections or updates to any inaccurate or outdated Personal Information.
Right to Deletion – Users may request the deletion of their Personal Information, subject to applicable legal and regulatory requirements.
Right to Restrict Processing – Users may request a restriction on how their Personal Information is processed if they contest its accuracy, object to
its processing, or require the data for legal claims.
Right to Data Portability – Where technically feasible, Users may request a copy of their Personal Information in a structured, commonly used, and machine-readable format.
Right to Object – Users can object to processing activities, including marketing communications, profiling, and automated decision-making.
Right to Withdraw Consent – Users can withdraw their consent to the collection, processing, and sharing of their Personal Information at any time, subject to any resulting limitations on Platform usage.
4.2 Consent Management
Consent for data collection and processing is obtained through the following methods:
Explicit Consent: Users actively provide consent by agreeing to this Privacy Policy upon registering on the Platform or when providing information voluntarily.
Implied Consent: Users continuing to use the Platform after being notified of data collection practices are considered to have provided implied consent.
Contractual Consent: Users entering into agreements with THRYL for specific services agree to the necessary processing of their Personal Information as part of the contract.
4.3 Withdrawal of Consent
Users may withdraw their consent at any time by contacting [Insert Contact Email]. However, withdrawal of consent may result in:
Limited or restricted access to certain features of the Platform.
Inability to continue using services that require Personal Information processing.
Continued retention of certain data as required by law or regulatory obligations.
Upon receipt of a withdrawal request, THRYL will:
Acknowledge the request within 24 hours.
Process the request within 15 business days, subject to any legal or contractual obligations.
Notify the User of any remaining legal requirements preventing complete deletion of their data.
4.4 Opt-Out from Marketing Communications
Users have the right to opt out of marketing and promotional communications at any time through:
The “Unsubscribe” link included in marketing emails.
Updating communication preferences in their Platform account settings.
Sending a request to [Insert Contact Email] to stop receiving promotional content.
Once an opt-out request is received, THRYL will:
Immediately process the request.
Ensure no further marketing communications are sent to the User unless they opt back in.
INFORMATION COLLECTED
5.1 The Company, in the course of providing Services through the Platform, shall collect, process, and store certain categories of information from the User ("Information Collected"), which include but are not limited to the following:
Personal Information: Includes but is not limited to the User’s name, phone number, username, password, email address, and IP address. Additionally, the Company may collect details of websites visited before and after using the Platform to enhance security, track user engagement, and facilitate analytical research.
Social Media Information: Any information voluntarily shared by the User on social media platforms linked with their Platform account, including but not limited to usernames, preferences, and any associated metadata.
Device and Usage Information: Includes device type, operating system, browser details, IP address, geolocation data, and unique device identifiers. The Company may also collect logs related to the User’s interaction with the Platform, including access times, pages viewed, and other behavioral data.
Sensitive Personal Data or Information (SPDI): As per the Information Technology (Reasonable Security Practices and Procedures
Passwords;
Financial information such as bank accounts, credit/debit card details;
Physical, physiological, and mental health conditions;
Medical records and history;
Biometric information;
Sexual orientation;
Any information received by the Company under lawful contract or otherwise.
Communications and Support Data: Any correspondence between the User and the Company, including emails, messages, and calls, which may be stored for internal analysis and customer support.
Publicly Available Information: The Company reserves the right to use any information that is freely available in the public domain without explicit consent from the User.
5.2. The User acknowledges and consents to the processing of the aforementioned data for the purpose of rendering the Services, ensuring compliance with legal obligations, and enhancing the functionality of the Platform.
INFORMATION DISCLOSURE
6.1 The Company may, in accordance with applicable legal and regulatory requirements, transfer, store, or process Information Collected, including but not limited to Personal Information, on secure data servers operated by the Company or its authorized third-party service providers. Such storage and processing shall be conducted in compliance with prevailing data protection laws and the terms stipulated by the relevant data server’s policy. The Company shall implement commercially reasonable physical, managerial, operational, and technical security measures to prevent unauthorized access, alteration, disclosure, misuse, destruction, or loss of Personal Information.
6.2. The Platform may contain hyperlinks, advertisements, embedded content, or other references to third-party websites, applications, or services. The User acknowledges and agrees that the Company does not control, and shall not be held responsible or liable for, the privacy practices, policies, security measures, or content of such third-party platforms. The provision of a hyperlink or reference does not constitute an endorsement, sponsorship, or affiliation by the Company. Once a User navigates to a third-party platform, the collection, use, and disclosure of any Personal Information provided by the User shall be subject to the privacy policy and terms of service of the respective third party. The Company expressly disclaims any liability arising from the use of third-party platforms and encourages Users to review their respective privacy policies before engaging with them.
6.3 The Company shall not use the User’s Personal Information for direct marketing, promotional communications, or targeted advertisements without obtaining the User’s explicit, prior, and informed consent. Where such consent is obtained, the User shall retain the right to withdraw consent at any time by clicking the "unsubscribe" link included in marketing communications, modifying account settings on the Platform, or by submitting a written request to the designated grievance redressal officer via the contact details provided in this Privacy Policy. The withdrawal of consent shall not affect the lawfulness of processing based on consent prior to withdrawal.
6.4 The Company reserves the right to disclose or transfer Personal Information without obtaining additional consent in circumstances where such disclosure or transfer is necessary to:
Comply with applicable laws, court orders, legal proceedings, regulatory requirements, law enforcement requests, or government inquiries;
Prevent, investigate, or prosecute fraudulent activities, unauthorized access, data breaches, cyberattacks, or any other security-related incidents;
Protect and defend the rights, property, security, or safety of the Company, its Users, employees, affiliates, business partners, or the general public;
Enforce the Company’s Terms of Use, policies, or contractual obligations;
Respond to claims of copyright infringement, intellectual property violations, defamation, or other legal claims against the Company or its Users;
Detect, prevent, or mitigate financial crimes, including money laundering, terrorist financing, identity theft, and payment fraud.
6.5 The Company shall not, under any circumstances, sell, lease, license, or commercially exploit the User’s Personal Information to third parties for monetary gain or marketing purposes. However, the Company may share anonymized, aggregated, or de-identified data with third-party service providers, business partners, academic institutions, or research organizations for statistical analysis, market research, product development, and service enhancements, provided that such information cannot be used to directly or indirectly identify any User.
6.6 The disclosure of Personal Information under this section shall not be deemed a violation of confidentiality or data protection obligations by the Company. The Company shall not be held liable for any consequences arising from disclosures made in good faith and in compliance with applicable laws, provided that such disclosures are reasonably necessary to protect the legitimate interests of the Company and its stakeholders. .
6.7 In the event of any corporate restructuring, including but not limited to a merger, acquisition, sale of assets, consolidation, restructuring, bankruptcy, insolvency, or other transfer of business interests, the Company may transfer the Personal Information of its Users to the acquiring entity, successor organization, or relevant third parties involved in the transaction. The acquiring entity shall be contractually obligated to uphold the same level of data protection as stipulated in this Privacy Policy and to process Personal Information in compliance with applicable legal and regulatory requirements. Users shall be duly notified of any such transfer through appropriate communication channels, and where required by law, the Company shall seek additional consent before proceeding with such transfer.
6.8 The Company reserves the right to monitor, audit, and review the security practices of any third-party service providers, business partners, or affiliates with whom Personal Information is shared to ensure compliance with this Privacy Policy and applicable data protection laws. The Company shall require such third parties to implement industry-standard security protocols and data protection measures to safeguard the confidentiality and integrity of Personal Information.
6.9 The Company shall maintain records of all data disclosures made under this section, including the categories of Personal Information disclosed, the purpose of disclosure, the recipients of such data, and the legal basis for such disclosure. Such records shall be retained for the duration required by applicable laws and shall be made available to relevant regulatory authorities upon request.
USE OF INFORMATION COLLECTED
7.1 The Company may collect, store, process, and use the Personal Information and User Data, including but not limited to payment details such as cardholder name, encrypted credit/debit card number, expiration date, banking details, and wallet information. Such information may be used solely for the purpose of facilitating transactions initiated by the User on the Platform. The Company ensures that all payment-related data is processed in accordance with applicable data protection and payment security laws, including encryption and secure storage practices.
7.2 The Company, along with third-party data processors, vendors, hosting partners, and service providers engaged on its behalf, may collect, store, and process Information Collected for the following purposes:
To send confirmations and notifications regarding Services via SMS, email, WhatsApp, or any other authorized communication channel, including updates, modifications, and alerts.
To facilitate customer support and allow Company representatives to contact the User in relation to inquiries, complaints, or assistance requests.
To personalize and optimize the content and functionality of the Platform to enhance User experience.
To solicit feedback, conduct surveys, and request reviews of the Platform and Services for quality enhancement.
To send verification messages or authentication emails to validate and secure User accounts, thereby preventing unauthorized access or fraudulent activity.
To conduct identity verification and ensure compliance with the Company’s security policies and applicable regulations, including fraud prevention and misuse detection.
To send personalized notifications or promotional offers, including birthday/anniversary messages, exclusive discounts, and special benefits, subject to the User’s marketing preferences and consent.
To investigate, mitigate, or resolve disputes, troubleshoot technical issues, facilitate collection of payments, and detect and prevent fraudulent activities, financial crimes, or unauthorized access.
To analyze demographic trends and behavioral patterns to improve the Platform’s usability and effectiveness.
To diagnose technical issues, monitor the security of the Platform, and ensure compliance with industry-standard cybersecurity measures, including tracking IP addresses and login activity.
To comply with judicial or regulatory requirements and provide necessary information to law enforcement authorities, government agencies, or courts in accordance with applicable legal obligations.
To facilitate communication between the User and third parties offering services through the Platform, where applicable.
To detect, prevent, and respond to security breaches, cyber threats, identity fraud, money laundering, and illicit financial transactions, including forensic audits conducted internally or in collaboration with government agencies.
To share, transfer, or disclose Information Collected in case of significant corporate events such as mergers, acquisitions, sales, restructuring, or transfer of business assets, provided that such transactions comply with applicable data protection laws and ensure continuity of data protection rights for Users.
To conduct statistical analysis, risk assessments, and data analytics for the purpose of product development, business forecasting, and operational improvements.
To create targeted marketing campaigns and promotional strategies for the Company’s Services, provided that Users have explicitly consented to receiving marketing communications.
7.3 Marketing Promotions, Research, and Reward Programs
The Company may use Personal Information to conduct marketing research, promotions, and contests aimed at improving user engagement and customer experience. Users may voluntarily participate in such promotional activities, and any data collected for these activities shall be used exclusively for the intended purpose.
The Company may send Users periodic marketing emails, newsletters, and special promotional offers. Users retain the right to opt out of such communications at any time through the unsubscribe link provided in emails or by adjusting marketing preferences in their account settings.
The Company may operate reward programs that offer incentives to Users. Enrollment in such programs may require processing of Personal Information, and Users may view the status of their rewards by logging into their account. If a third party is responsible for fulfillment of rewards, the Company may share necessary Personal Information with such third party, subject to appropriate data protection measures. Users may opt out of participation in such programs by submitting a written request to the Company.
The Company may verify customer information, including financial and creditworthiness assessments, for fraud prevention and credit-based transactions. Anonymized or aggregated User data may be shared with third-party service providers engaged for payment processing, credit assessments, and data analytics, provided such disclosures do not compromise the confidentiality of identifiable User information.
7.4 Additional Purposes of Data Processin
To tailor Platform features based on User preferences and provide customized recommendations, newsletters, and promotional content.
To maintain User accounts, implement necessary modifications, and issue notifications regarding changes to the Platform’s terms, policies, or functionality.
To compile and analyze anonymized data for internal research, statistical analysis, and business intelligence reports, while ensuring compliance with data privacy best practices.
To exercise legal rights, enforce the Company’s policies, and fulfill regulatory obligations, including fraud detection, abuse prevention, and protection of User rights.
To conduct in-depth analytics on how Users interact with the Platform, assess feature performance, and drive improvements to enhance service efficiency.
The Company may repurpose User-generated content for research, marketing, and product development, provided that such content does not infringe upon User privacy rights.
7.5 Protection of Minors
The Company does not knowingly collect or process Personal Information from individuals under the age of 18 without parental or guardian consent. If the Company becomes aware that such information has been obtained without appropriate authorization, it shall take immediate steps to deactivate the associated account and delete any collected data.
7.6 Corporate Transactions and Business Transfers
In the event of a corporate transaction such as a merger, acquisition, restructuring, or sale of assets, the Company reserves the right to transfer User Information as part of the business transaction. Any such transfer shall be conducted in compliance with data protection laws and subject to legally binding agreements ensuring the continued protection of Personal Information.
7.7 Research, Analytics, and Business Intelligence
The Company may conduct demographic research, behavioral analysis, and trend assessments to refine its business strategy and improve service offerings. Aggregated statistical reports may be shared with business partners, investors, or affiliates, ensuring that such reports do not contain personally identifiable information.
The Company may disclose de-identified and anonymized User statistics for research and industry benchmarking purposes. However, such disclosures shall be devoid of any data points that can be used to trace back to an individual User.
7.8 Legal Compliance and Enforcement
The Company reserves the right to access, preserve, and disclose any Personal Information as necessary to comply with applicable laws, regulatory obligations, or legal enforcement requests. This includes disclosures required to:
Respond to court orders, subpoenas, or regulatory investigations;
Protect the Company’s legal rights, property, or interests;
Safeguard Users from fraud, cybercrime, or security threats.
The Company shall ensure that all disclosures made under this section adhere to the principles of necessity, proportionality, and legitimacy as prescribed by data protection laws.
SHARING OF INFORMATION
8.1. The Company may share Information Collected, including Personal Information, with third parties strictly for the purposes outlined in this Privacy Policy and in accordance with applicable legal and regulatory requirements. Users acknowledge and provide explicit consent for such data sharing where necessary to facilitate the provision of Services requested by Users on the Platform.
8.2 The Company may share Information Collected with the following entities:
Business Partners, Service Providers, and Affiliates: The Company may share Personal Information with business partners, service providers, and affiliate entities engaged in fulfilling services requested by Users. Such disclosures shall be limited to the extent necessary to deliver services and in compliance with contractual and legal obligations.
Third-Party Service Providers: Personally identifiable information and/or other relevant data may be disclosed to third-party service providers for facilitating transactions, processing payments, fraud prevention, IT infrastructure services, customer support, analytics, and marketing operations.
Usage Data and Other Non-Personal Data: The Company may share non-personally identifiable usage data, including technical and analytical information, with third-party entities providing services such as data hosting, communication, marketing, security, research, and academic studies.
Internal Investigations and Legal Compliance: User data may be shared with internal compliance teams, auditors, or agencies conducting investigations related to fraud, security breaches, or regulatory compliance, within or outside the jurisdiction of India.
Legal Obligations and Law Enforcement: The Company may disclose Personal Information when required to do so by law, court orders, or in response to legal processes, including but not limited to requests by law enforcement agencies, government bodies, or regulatory authorities.
Corporate Transactions: In the event of a business merger, acquisition, sale, restructuring, or asset transfer, User information may be transferred to the acquiring entity or successor organization. Users shall be notified in the event of such data transfers.
8.3. The Company shall exercise due diligence in ensuring that third-party service providers, business partners, and affiliates with whom User data is shared adhere to robust data security and confidentiality standards. However, the Company shall not be liable for the misuse of Personal Information by such third parties acting as independent data controllers.
8.4. The Company does not sell, rent, or trade individual User data, including Personal Information, to third parties for marketing or commercial purposes. However, anonymized or aggregated statistical data may be shared with partners, investors, advertisers, or business affiliates for analytics and service enhancement.
8.5. The Company may share filtered or specific categories of Personal Information with trusted business partners, corporate affiliates, or financial institutions offering co-branded services or promotional benefits. Users who choose to avail such services shall be subject to the respective third-party privacy policies.
8.6. Users acknowledge that information voluntarily shared on publicly accessible sections of the Platform, such as reviews, forums, or community interactions, may be visible to third parties and are shared at the User’s discretion.
8.7. The Company shall retain a record of all data disclosures made pursuant to this section, detailing the nature of the information shared, the recipients, and the lawful basis for such sharing. These records shall be maintained for the period prescribed by applicable laws and may be disclosed to regulatory authorities upon request.
8.8. In the event of any material changes in the data-sharing practices of the Company, Users shall be notified through appropriate communication channels, and where legally required, Users' consent shall be obtained prior to such changes taking effect.
Tenure of Storing Your Information
9.1. Data Retention Periods
The Company shall retain Information Collected, including Personal Information, Sensitive Personal Data or Information (SPDI), and User Data, only for the duration necessary to fulfill the purposes outlined in this Privacy Policy. The retention periods are determined based on the following criteria:
Active Account Duration:
User Data shall be retained as long as the User maintains an active account on the Platform and continues to use Our Services.
If a User remains inactive for 24 months, the Company may delete or anonymize their Personal Information, subject to applicable laws.
Dispute Resolution & Legal Obligations:
Data necessary for resolving disputes, enforcing legal rights, or responding to legal claims shall be retained until the resolution of the dispute or claim, subject to applicable statutory limitations.
If litigation or regulatory investigation is initiated, the data shall be retained until the case is legally resolved, including any appeal periods.
Business & Analytics Purposes:
Aggregated, de-identified, or anonymized data used for analytics, research, and product development may be retained indefinitely, provided that such data does not directly or indirectly identify any individual User.
9.2 Secure Deletion & Anonymization
Upon the expiry of the applicable retention period, or at the User's request where legally permissible, the Company shall securely delete, anonymize, or aggregate Personal Information to prevent unauthorized access or misuse. The deletion process shall be conducted as follows:
Personal Data Removal:
Personal Information shall be permanently erased from active databases using industry-standard deletion techniques (e.g., cryptographic wiping, secure overwriting).
In cases where deletion is not feasible due to technical or legal reasons, the data will be anonymized or pseudonymized, ensuring that it cannot be linked back to an individual User.
Handling of Backup Copies:
Backup copies containing Personal Information shall be securely stored and isolated from live systems.
These backups shall be encrypted using AES-256 encryption and retained only for disaster recovery and security compliance purposes.
Any Personal Information stored in backups shall be permanently deleted within 90 days from the time of deletion in active systems, unless a longer retention period is mandated by law.
User-Initiated Deletion Requests:
Users may request the permanent deletion of their Personal Information by submitting a written request to the Company’s Grievance Officer (refer to Section 11 for details).
Upon verification of the request, the Company shall process data deletion within 30 days, subject to any legal obligations requiring continued retention.
Anonymization for Research & Analytics:
If the Company determines that certain User Data can be repurposed for analytics, research, or statistical purposes, such data shall be irreversibly anonymized in accordance with data protection best practices.
Anonymized data shall be stored separately from identifiable data and used solely for lawful business purposes.
9.3 Exceptions & Continued Data Retention
Notwithstanding the above retention policies, the Company reserves the right to retain User Data under the following circumstances:
To comply with a legal obligation, including but not limited to court orders, regulatory directives, or financial reporting requirements.
To protect the rights, property, security, or safety of the Company, its Users, employees, or the public.
To prevent fraud, cyber threats, or security breaches, including forensics and investigations into unauthorized activities.
Where continued retention is mandated by a competent government authority or required for regulatory audits.
Upon the cessation of such legal or regulatory requirements, the Company shall proceed with secure deletion or anonymization as described in Section 6.2.
STORAGE AND SECURITY
10.1. The Company is committed to implementing robust technical and organizational security measures to safeguard the confidentiality, integrity, and availability of Personal Information and User Data. These measures are designed to protect against unauthorized access, misuse, alteration, disclosure, or destruction of data. The Company adheres to industry-recognized security standards and frameworks, including but not limited to data encryption, firewalls, intrusion detection systems, and secure access controls
10.2. The Company utilizes third-party cloud service providers, including Amazon Web Services ("AWS") and Google Cloud Platform ("GCP"), for the secure storage and processing of User Data. All data transmissions are encrypted using secure protocols (e.g., TLS/SSL) to ensure the highest level of data security. Users acknowledge that the storage and security of their Personal Information are subject to the privacy policies and security measures of these third-party service providers, as applicable.
10.3 The Company has implemented commercially reasonable physical, managerial, operational, and technical security safeguards, including:
Access Controls: Restricting access to Personal Information only to authorized personnel with a legitimate business need.
Encryption: Encrypting Personal Information during storage and transmission to mitigate risks of unauthorized interception.
Firewalls and Intrusion Detection: Deploying advanced network security mechanisms to prevent unauthorized access to Company servers.
Data Minimization Practices: Ensuring that only the necessary Personal Information is collected, processed, and retained.
Periodic Security Audits: Conducting regular security assessments, penetration testing, and audits to evaluate vulnerabilities and ensure compliance with industry standards.
10.4. The Company follows strict internal guidelines to ensure that User Data is stored securely and access is restricted to authorized personnel. All databases containing User Data are secured behind firewalls, and access is password-protected with multi-factor authentication. The Company enforces stringent data governance policies to monitor and manage security risks effectively.
10.5 Users acknowledge that, while the Company employs industry-standard security practices, no digital platform or online storage system can be completely secure. The Company does not guarantee absolute protection against unauthorized access, cyberattacks, data breaches, or unforeseen security incidents. In the event of a confirmed security breach that results in unauthorized disclosure of Personal Information, the Company shall:
Conduct an internal investigation to assess the scope and impact of the breach;
Implement necessary remedial measures to prevent further compromise;
Notify affected Users and relevant regulatory authorities, as required by applicable laws;
Provide guidance to Users on steps they may take to protect their information.
10.6 Users are responsible for maintaining the security and confidentiality of their account credentials. To enhance security, Users should:
Log out from their accounts when accessing the Platform from a shared or public device;
Keep passwords confidential and use complex passwords that are not easily guessable;
Enable multi-factor authentication where available;
Periodically update their account passwords and avoid using the same password across multiple platforms.
10.7. The retention and security of Personal Information may be subject to different storage periods based on the nature of the data, regulatory requirements, and operational needs. The Company shall retain Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Policy, after which it shall be securely deleted or anonymized.
10.8. The Company does not sell, trade, or rent Users' Personal Information to third-party advertisers. However, the Company may utilize anonymized and aggregated data for advertising-related analytics and reporting. Such data does not contain personally identifiable information and is used strictly to improve Platform functionality and User experience.
10.9. If a User believes that their Personal Information has been compromised or accessed without authorization, they are encouraged to report the incident to the Company’s Data Protection Officer (DPO) or Grievance Officer for prompt investigation and resolution.
10.10. The Company reserves the right to update or modify its security measures and data protection practices in response to evolving threats, regulatory changes, or advancements in technology. Any material changes to this section shall be communicated to Users in a timely manner, and continued use of the Platform shall constitute acceptance of such changes.
WITHDRAWAL OF CONSENT AND PERMISSION
11.1. Users shall have the right to withdraw their consent for the collection, processing, or use of their Personal Information at any time by submitting a formal request to the Company. Such withdrawal of consent may result in limited access to the Platform or an inability to use certain Services. Users may exercise this right by contacting the Company via email at [insert official email address].
11.2. The Company provides Users with the ability to opt out of receiving non-essential communications, including promotional and marketing-related correspondence from the Company or its Service Providers and Business Partners. Users may opt out of such communications by adjusting their notification preferences in their account settings or by using the "unsubscribe" option provided in marketing emails.
11.3. Users shall have the right to review, update, or correct their Personal Information stored on the Platform by logging into their account using secure credentials. Any discrepancies or changes in Personal Information may be communicated to the Company for rectification via the designated support channels provided in this Privacy Policy.
11.4. Withdrawal of consent shall not affect the lawfulness of data processing carried out prior to such withdrawal. Furthermore, in cases where the retention of Personal Information is required to comply with legal obligations, dispute resolution, or enforcement of agreements, the Company shall retain the necessary data despite the withdrawal request, as permitted by applicable laws.
11.5. Upon receiving a withdrawal request, the Company shall assess its feasibility and respond within a reasonable timeframe, in compliance with applicable data protection laws and regulations.
CHANGES TO PRIVACY POLICY
12.1. The Company reserves the right to update, modify, amend, or replace this Privacy Policy at any time, with or without prior notice, at its sole discretion, in accordance with applicable legal and regulatory requirements. Any such changes shall be effective immediately upon posting on the Platform, unless otherwise specified. In the event of material changes affecting the processing of Personal Information, the Company shall provide Users with reasonable notice via email, in-app notifications, or other appropriate means prior to implementing such changes, to allow Users to review the revised terms.
12.2. If a User does not agree with the changes to the Privacy Policy, they shall have the right to discontinue use of the Platform and request the deactivation or deletion of their account by contacting the Company at the designated email address provided in this Privacy Policy. In such cases, the continued processing of Personal Information shall be subject to the provisions outlined in this Privacy Policy before the changes took effect, to the extent permitted by applicable laws.
12.3. By continuing to use the Platform after being notified of changes to this Privacy Policy, Users explicitly acknowledge and accept the revised terms and agree to be bound by the updated Privacy Policy. Users are advised to periodically review this Privacy Policy to stay informed about their rights and how their Personal Information is processed.
12.4. This Privacy Policy constitutes an electronic record as per the provisions of the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and other applicable laws in India. This Privacy Policy is legally binding between the User and the Company and does not require any physical, electronic, or digital signature.
12.5. The Company complies with the relevant provisions of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, which mandate intermediaries to publish and enforce rules, regulations, and policies governing data collection, usage, and privacy practices. The continued use of the Platform by Users shall constitute their deemed acceptance of this Privacy Policy and any amendments thereto.
GRIEVANCE REDRESSAL
13.1. The Company is committed to addressing User grievances, complaints, and concerns regarding the processing of Personal Information, security breaches, and data protection-related matters in a fair and timely manner. Users may submit grievances in writing to the designated Grievance Officer, along with supporting documents and relevant details required for the resolution of the issue.
13.2. The Grievance Officer shall acknowledge the receipt of a User’s complaint within twenty-four (24) hours of submission and shall undertake to resolve the complaint within fifteen (15) days from the date of receipt, in accordance with applicable legal and regulatory requirements. If additional time is required to resolve the grievance, the User shall be notified of the expected resolution timeline.
13.3. The User shall be responsible for providing complete and accurate information related to the grievance to facilitate prompt investigation and resolution. Failure to provide necessary details may result in delays in the grievance resolution process.
13.4. All grievances shall be addressed in compliance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and any other applicable data protection laws.
13.5. Users may contact the designated Grievance Officer using the details provided below:
Designation: Grievance Officer
Email Address: resident.grievance@thryl.io
Address: Office No 601, 6th floor cube By Solaris, B/S Rajoo India, Rundh-Vesu, Piplod, Piplod (Surat) Surat Gujarat India 395007
13.6. The Grievance Officer shall maintain records of all grievances received, actions taken, and resolutions provided to ensure accountability and compliance with data protection laws. These records shall be retained as required under applicable regulations.
13.7. If the User is not satisfied with the resolution provided by the Grievance Officer, they may escalate the matter to the relevant data protection authority or regulatory body in accordance with applicable legal provisions.
CONTACT US
14.1. Users who have queries, concerns, or complaints regarding this Privacy Policy, the Company’s processing of their Personal Information, or data protection practices may contact the Company through the designated communication channels specified below.
14.2. All inquiries shall be directed to the Company’s designated Grievance Officer. Users should include sufficient details in their correspondence to enable the Company to respond appropriately.
14.3. The Company shall make reasonable efforts to investigate and address inquiries related to Personal Information processing, security practices, and data privacy rights in a timely manner. The Company endeavors to respond to all legitimate requests within fifteen (15) days from the date of receipt of the request. In cases where the request is complex or involves multiple issues, the Company shall notify the User of any anticipated delay and provide updates on the status of the resolution.
14.4. Users may contact the Company through the following details:
Designation: Grievance Officer
Email Address: resident.grievance@thryl.io
Address: Office No 601, 6th floor cube By Solaris, B/S Rajoo India, Rundh-Vesu, Piplod, Piplod (Surat) Surat Gujarat India 395007
14.5. In the event that a User is dissatisfied with the response provided by the Company, they may escalate the issue to the appropriate data protection regulatory authority, as per applicable laws and jurisdictional requirements.
