Privacy Policy — Vendor

Last updated: June 2026

This Privacy Policy describes how Loadindo Technologies Private Limited (“Loadindo”, “we”, “us”, “our”) collects, uses, shares, retains, and protects information about you and your business when you install, register on, or use the Loadindo Vendor App and related services (the “Platform”). It is published in accordance with the Information Technology Act, 2000 (“IT Act”), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”), and the Digital Personal Data Protection Act, 2023 (“DPDP Act”) as and when its provisions are notified.

1. Scope & Consent

This Policy applies to all Vendors and prospective Vendors who use the Loadindo Vendor App, including authorised representatives of business entities. By providing your information and using the Platform you provide free, specific, informed, and unambiguous consent to the collection, processing, and disclosure of your information as described here. You may withdraw consent or exercise your rights at any time as described in Section 11.

2. Definitions

• Personal Data — any data about an identifiable individual.
• Business Data — data about your firm, company, or proprietorship, including GSTIN, CIN, trade name, and place of business.
• Sensitive Personal Data or Information (SPDI) — as defined under the SPDI Rules, including financial information and government identifiers.

3. Information We Collect

3.1 Information You Provide

• Account & Profile: full name of the authorised representative, mobile number (E.164 format, typically +91), email address, password (stored only as a salted hash), profile photograph.
• Business & KYC: registered business name, trade name, GSTIN, PAN, CIN (where applicable), state of registration, principal place of business, and verification responses returned by the Unified Logistics Interface Platform (ULIP), GST taxpayer API, MCA API, and similar licensed verifiers.
• Banking / Settlement (where applicable): bank account number, IFSC, or other settlement details required to receive refunds or to settle freight payable to Drivers via Loadindo.
• Load Details: origin, destination, truck type, weight, volume, commodity, packaging, value, special handling notes, and any consignor/consignee identifiers you provide.
• Support Communications: messages, screenshots, and details you share when contacting Loadindo support or the Grievance Officer.

3.2 Information Collected Automatically

• Device & Technical Data: device model, operating system version, app version, language, time zone, IP address, network type, advertising/installation identifiers, crash data, and diagnostic logs.
• Usage Data: Loads posted, Bids accepted/rejected, screens viewed, in-app navigation, push-token state, and similar telemetry.
• Location: approximate location (typically derived from your IP or pickup-address inputs) for fraud prevention, regional pricing, and analytics. We do not perform background location tracking on the Vendor App.
• Push Token: a Firebase Cloud Messaging (FCM) token assigned to your device to deliver push notifications.
• Audit Trail: additions, edits, and deletions performed by you against documents, profile, Loads, and Trips are logged for accountability and compliance, with sensitive fields redacted.

3.3 Information From Third Parties

• Verification responses from ULIP (GST taxpayer), MCA, and equivalent licensed verifiers.
• Payment status, settlement, and refund metadata from our payment gateway (Razorpay).
• Map, geocoding, and routing data from Google Maps Platform.

4. How We Use Your Information

• To create and operate your account, verify your business, and confirm your authorisation to post Loads on the Platform.
• To make your Loads discoverable to relevant Drivers and to facilitate Bidding.
• To enable you to track Trips in progress, including the Driver's location during an active Trip.
• To process Advance Payments, settlements, refunds, and invoices via the integrated payment gateway.
• To send transactional and service notifications by push, email, or in-app message.
• To detect and prevent fraud, abuse, or violation of these Terms; to enforce our rights and protect Loadindo, Drivers, and third parties.
• To analyse and improve the Platform.
• To comply with legal obligations, respond to lawful requests from authorities, and produce records to regulators when required.

5. Legal Bases for Processing

• Consent — for KYC, banking data, and marketing communications (where applicable).
• Performance of Contract — to deliver the Platform and to facilitate carriage contracts you enter into with Drivers.
• Legitimate Use — for fraud prevention, security, and to comply with applicable law.
• Legal Obligation — to retain audit, tax, and regulatory records.

6. How We Share Your Information

• With Drivers: your registered business name, the contact name and number you nominate for coordination, and Load details (origin, destination, truck type, weight, volume, commodity, packaging, special instructions). Drivers do not receive your full KYC documents.
• With Verification Partners: we transmit GSTIN, PAN, CIN, and related identifiers to ULIP, GST taxpayer API providers, MCA, and other licensed verifiers.
• With Payment & Banking Partners: Razorpay and similar gateways process payments and may receive name, contact, and amount details necessary to complete the transaction.
• With Cloud, Storage, and Notification Providers: Amazon Web Services (S3 storage for documents and Load attachments), Firebase (push notifications), and equivalent infrastructure providers.
• With Professional Advisors: auditors, lawyers, and accountants under appropriate confidentiality obligations.
• With Government & Law Enforcement: in response to a lawful order, summons, regulatory direction, or to protect rights, property, or safety.
• In Corporate Transactions: in connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections.

We do not sell your personal or business data to marketing agencies or data brokers.

7. Data Retention

• Account & business data: retained for the duration of your account and for up to seven (7) years after closure for legal, tax, and audit purposes.
• KYC and verification responses: retained for as long as required by law (typically five to seven years) and to maintain a defensible record of compliance.
• Transaction and audit logs: retained for at least ninety (90) days in accordance with the Intermediary Guidelines, and longer where required by tax or regulatory law.
• Load and Trip data: retained for the life of your account and a reasonable period thereafter for dispute resolution, regulatory enquiry, and operational analytics.

8. Account & Data Deletion

You may ask us to delete your Loadindo account and the personal and business data associated with it. This applies to data held by Loadindo Technologies Private Limited (the developer of the Loadindo Vendor App) in connection with your use of the App.

8.1 How to Request Deletion

To request deletion, send a request to support@ntruck.com (or to the Grievance Officer at grievance@ntruck.com) from your registered email address, or from your registered mobile number, with the subject line “Account Deletion Request”.

We verify that the request comes from the account holder or an authorised representative of the business before acting on it. Verified requests are processed within thirty (30) days, and we confirm by email once the deletion is complete.

8.2 Data That Is Deleted

• Your profile information — name of the authorised representative, email address, mobile number, profile photograph, and password hash.
• Your Firebase Cloud Messaging (FCM) push token, device identifiers, and any marketing preferences.
• Saved Load drafts and Load/contact details that are not part of a completed transaction or otherwise subject to legal retention.

Once deleted, your account can no longer be used to log in, and the data above is removed from our active systems and queued for deletion from backups within a reasonable period.

8.3 Data That Is Retained

We retain certain records even after account deletion, where we are legally required to or where retention is necessary to resolve disputes, prevent fraud, and maintain a defensible record of compliance:

• KYC & verification responses (GSTIN, PAN, CIN, and verifier responses) — retained for as long as required by law, typically five to seven (5–7) years.
• Transaction, payment, settlement, and invoice records — retained for up to seven (7) years to meet tax and accounting obligations.
• Transaction and audit logs — retained for at least ninety (90) days, and longer where required by tax or regulatory law.

Where retained data is no longer required for these purposes, it is deleted or irreversibly anonymised at the end of the applicable retention period.

9. Security

We follow reasonable security practices in line with ISO/IEC 27001 principles and the SPDI Rules. Measures include encryption in transit (TLS), encryption at rest where supported by the underlying storage service, role-based access control, JWT-based session management with short-lived access tokens, salted-hash password storage, audit logging, least-privilege deployments, and periodic security reviews. No system can be made absolutely secure, and you are responsible for safeguarding your password, OTPs, and authorised device.

10. Children's Data

The Platform is intended for use by businesses and adult authorised representatives. We do not knowingly collect personal data from anyone under eighteen (18) years of age.

11. Your Rights

Subject to applicable law (including the DPDP Act when in force) and reasonable verification of your identity and authority to act for the business, you may:

• Access the personal and business data we hold and request a summary;
• Correct inaccurate or incomplete data;
• Request erasure of data we are not legally required to retain;
• Withdraw consent where processing is based on consent (subject to consequences such as inability to use the Platform);
• Nominate another person to exercise these rights on your behalf in the event of death or incapacity;
• Raise a grievance with our Grievance Officer (see Section 14).

12. Cookies & Analytics

The mobile App itself does not rely on browser cookies, but uses standard device identifiers and SDKs (including Firebase) for crash reporting, analytics, and push delivery. Where the Platform is accessed via a web browser, essential cookies may be used to maintain a session.

13. International Transfers

Your data is primarily stored on infrastructure located in India. Where certain processing (for example, push notification delivery via Firebase or storage of model verification responses) may involve transfer outside India, we ensure such transfers are conducted in accordance with applicable law and through providers offering equivalent levels of data protection.

14. Grievance Officer

In accordance with the IT Act and the Intermediary Guidelines, the Grievance Officer is responsible for the redressal of complaints relating to this Policy or the Platform.

• Name: Grievance Officer, Loadindo Technologies Private Limited
• Email: grievance@ntruck.com
• Support: support@ntruck.com

Grievances will be acknowledged within forty-eight (48) hours and resolved within one (1) month of receipt. Cyber-security incidents are reported to CERT-In as and when required.

15. Changes to this Policy

We may update this Policy from time to time. Material changes will be notified through the App or by email at least seven (7) days before taking effect. The latest version is always available at /legal/policy.

16. Contact Us

Loadindo Technologies Private Limited
Email: support@ntruck.com
Grievance Officer: grievance@ntruck.com