Effective Date: May 26, 2026

1. Introduction

Welcome to the Got Tea mobile application ("Got Tea App", "App"). The App is operated by THEGOT HOSPITALITY PVT LTD ("Got Tea", "we", "our", or "us").

We are committed to protecting your privacy and handling your personal information responsibly. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard information when you use the Got Tea App, our loyalty and rewards services, in-store QR workflows, store locator, referral features, wallet passes, notifications, and related support services.

This Privacy Policy is intended to comply with applicable Indian privacy and data protection laws, including the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023, to the extent applicable and in force.

By using the App, you acknowledge that you have read and understood this Privacy Policy.

2. Definitions

• Personal Information or Personal Data: Information that identifies you or can reasonably be linked to you, directly or indirectly.
• Sensitive Personal Data or Information (SPDI): Information treated as sensitive under applicable Indian law, such as passwords, financial information, health information, biometric information, and similar categories. The App does not require you to create a password and does not ask you to enter full card, bank account, or payment instrument details in the App.
• Data Principal or User: The individual to whom the personal data relates.
• Processing: Any operation performed on personal data, including collection, storage, use, sharing, disclosure, deletion, or anonymisation.
• Service Provider or Processor: A third party that processes information for us or helps us operate the App and related services.

3. Information We Collect

We collect information only where it is needed to provide, secure, improve, or support the App and our services.

Account and Authentication Information

Examples:

• Mobile phone number;
• OTP verification status, challenge identifiers, and authentication tokens;
• Firebase user ID or other internal account identifiers;
• Account creation date and registration status.

Purpose:

• To create, verify, and secure your Got Tea account;
• To let you sign in using OTP;
• To prevent misuse, spam, fraud, and unauthorised access.

Source:

• Provided by you during login or registration;
• Generated by our authentication systems and service providers.

Profile Information

Examples:

• First name, last name, display name;
• Date of birth;
• Profile photo, if you choose to add one;
• Referral code and referred-by code, if applicable;
• Notification preferences.

Purpose:

• To personalize your account and App experience;
• To confirm eligibility for registration and relevant offers;
• To support referrals, loyalty rewards, and customer support;
• To manage communication preferences.

Source:

• Provided by you;
• Generated through App features, such as referral code creation.

Loyalty, Rewards, Coupons, and QR Information

Examples:

• Token balance, lifetime tokens earned, spent, or reversed;
• Stamps, reward cards, streaks, milestones, and visit counts;
• Coupons, coupon QR codes, coupon status, expiry, and redemption history;
• Identity QR tokens and coupon QR tokens;
• Gifted rewards, recipient lookup status, recipient phone number, masked phone number, gift messages, and related reward details.

Purpose:

• To operate the Got Tea loyalty program;
• To issue, display, redeem, gift, and track rewards and coupons;
• To let store staff verify eligible purchases and redemptions;
• To detect abuse, duplicate claims, or fraud.

Source:

• Generated when you use the App;
• Generated from in-store or delivery order workflows;
• Received from our backend systems, store systems, or service providers.

Order and Transaction Information

Examples:

• Store or branch details;
• Order number, invoice number, invoice date, order channel, order status, item count, bill amount, item names, quantities, modifiers, and token count;
• Payment mode, payment sub-mode, amount, and payment reference, where available from store or order systems.

Purpose:

• To show your order history;
• To calculate and award loyalty tokens, stamps, rewards, and streaks;
• To handle support requests and resolve order or reward issues;
• To maintain business, accounting, fraud-prevention, and legal records.

Source:

• Generated or received from Got Tea stores, point-of-sale systems, delivery order workflows, and related service providers.

Location Information

Examples:

• Approximate or precise foreground location, if you grant location permission;
• Distance from you to Got Tea stores;
• A derived list of nearby Got Tea store locations associated with your account.

Purpose:

• To show nearby Got Tea stores;
• To sort stores by distance;
• To support location-based store discovery and relevant updates.

Source:

• Collected from your device only after you grant foreground location permission.

You can disable location access at any time through your device settings. If location access is disabled, the App can still show stores, but nearby sorting and location-based features may be limited.

Camera, Photos, and Media

Examples:

• Camera access for scanning QR codes and taking profile photos;
• Photos selected from your device library for your profile photo;
• Selfies or edited images created through App photo features, if you choose to save them.

Purpose:

• To scan delivery or reward QR codes;
• To let you set or update a profile photo;
• To create styled profile photos when you use those optional App features.

Source:

• Collected from your device only after you grant the relevant camera or photo permission and use the feature.

We do not access your camera or photo library unless you grant permission and interact with the relevant feature.

Device, App, and Technical Information

Examples:

• Device type, operating system, App version, IP address, log data, crash or diagnostic information, request metadata, and timestamps;
• Firebase Cloud Messaging token, push notification token, and notification interaction data;
• App update and configuration information;
• Security signals used for app integrity and abuse prevention.

Purpose:

• To operate, secure, debug, and improve the App;
• To send push notifications when you permit them;
• To detect errors, abuse, fraud, and unauthorised access;
• To maintain service reliability.

Source:

• Collected automatically when you use the App or interact with our services.

Clipboard and Referral Information

Examples:

• Referral code text copied to your clipboard, only when you choose to check or paste a referral code in the App;
• Referral invite sharing choices, such as whether you share through WhatsApp, Instagram, SMS, email, or another app.

Purpose:

• To help apply a referral code during sign up;
• To let you share your referral link with others.

Source:

• Provided by you or accessed through your device only when you use the referral feature.

The third-party app you choose for sharing may process information under its own privacy policy.

Analytics and Usage Information

Examples:

• Feature events, such as reward gifting attempts, successful gifting, failed gifting reason, and invite sharing events;
• User ID, event name, event properties, platform, and timestamp.

Purpose:

• To understand App usage;
• To improve loyalty, referral, rewards, and support workflows;
• To diagnose issues and prevent abuse.

Source:

• Generated when you use App features.

4. How We Use Your Information

We use personal information for the following purposes:

• To provide, operate, and maintain the App;
• To create, authenticate, and manage your account;
• To process OTP login and protect account security;
• To operate loyalty, tokens, stamps, rewards, coupons, streaks, referrals, gifting, and QR workflows;
• To show store locations, directions, opening status, and nearby stores;
• To display order history and resolve order or reward issues;
• To send service messages, reward alerts, streak reminders, offers, and other notifications in line with your preferences and permissions;
• To personalize App content, offers, and customer support;
• To improve App performance, reliability, user experience, and features;
• To detect, investigate, and prevent fraud, abuse, duplicate claims, unauthorised access, or illegal activity;
• To comply with legal, tax, accounting, regulatory, and law-enforcement obligations;
• To enforce our terms, policies, and business rights.

5. Consent and App Permissions

We request permissions only when needed for App features. Depending on your device and operating system, the App may ask for:

• Camera permission: To scan QR codes and take profile photos.
• Photo library permission: To select and upload a profile photo.
• Location permission: To show and sort nearby Got Tea stores.
• Notification permission: To send reward alerts, offers, streak reminders, and service updates.
• Clipboard access: To check for a referral code only when you choose to use that feature.

You can withdraw or modify permissions through your device settings. If you withdraw a permission, the related feature may stop working or work with limited functionality.

Where required by law, we will seek consent before collecting or processing personal information. Withdrawal of consent will not affect processing already carried out before withdrawal, and we may continue processing where required or permitted by law.

6. Sharing of Your Information

We do not sell your personal information or SPDI.

We may share information in the following situations:

• With service providers: To operate authentication, OTP delivery, cloud hosting, databases, storage, push notifications, app integrity, analytics, maps, support, order integrations, point-of-sale integrations, and related technical services.
• With Got Tea stores and staff: To verify your account, process QR scans, issue or redeem loyalty rewards, support purchases, and resolve service issues.
• With wallet providers: If you choose to add a pass to Apple Wallet or Google Wallet, relevant pass and account information may be shared with Apple, Google, and related wallet infrastructure.
• With delivery and ordering partners: If you choose to open Zomato, Swiggy, or another third-party service from the App, that service may collect and process your information under its own privacy policy.
• With sharing apps chosen by you: If you share referral links through WhatsApp, Instagram, SMS, email, or another app, your use of that app is governed by its own terms and privacy policy.
• With affiliates and business partners: Where necessary to provide Got Tea services, offers, loyalty benefits, or operational support, subject to appropriate confidentiality and data protection obligations.
• For business transfers: In connection with a merger, acquisition, financing, reorganisation, sale of assets, or transfer of all or part of our business.
• For legal and safety reasons: To comply with applicable law, court orders, government requests, tax or accounting obligations, law-enforcement requests, or to protect the rights, safety, and security of users, Got Tea, or others.
• With your consent: For any other purpose that we disclose to you and to which you consent.

7. Third-Party Services

The App and related systems may use third-party services and infrastructure, including:

• Firebase and Google services for authentication, database, storage, messaging, app integrity, and related cloud functionality;
• Expo and app update infrastructure;
• Apple Wallet and Google Wallet, where you choose to add a pass;
• Store, order, delivery, SMS/OTP, point-of-sale, hosting, and support providers;
• Mapping, image hosting, and content delivery providers;
• Third-party apps and services you choose to open or share through, such as delivery platforms, messaging apps, email, SMS, and social apps.

These third parties process information according to their own terms and privacy policies where they act independently, and according to our instructions where they act as our service providers.

8. Security of Your Information

We use reasonable administrative, technical, and organisational safeguards designed to protect personal information against unauthorised access, use, disclosure, alteration, or destruction. These safeguards may include:

• Authentication and access controls;
• Encrypted transmission using HTTPS or equivalent modern transport security;
• Cloud provider security controls;
• Limited access to personal information based on business need;
• Monitoring and abuse-prevention measures;
• Procedures to delete, anonymise, or restrict information when no longer required.

No method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, but we work to maintain safeguards appropriate to the nature of the information and our services.

9. Retention of Information

We retain personal information only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention periods may vary depending on the type of information:

• Account and profile information is generally retained while your account is active.
• Loyalty, rewards, coupons, referrals, gifts, QR, and order records may be retained as needed for program integrity, accounting, tax, audit, fraud prevention, support, and legal obligations.
• Profile photos are retained until you replace or delete them, delete your account, or request deletion, subject to lawful retention needs.
• Push notification tokens are retained while you have notifications enabled or until they are replaced, removed, or no longer needed.
• Location-derived nearby store data may be updated or overwritten as the feature is used and retained only as needed to support App functionality and operational purposes.
• Diagnostic, security, and usage logs are retained for a limited period needed for reliability, security, analytics, legal, or business purposes.

When information is no longer needed, we will delete, anonymise, or restrict it, unless retention is required or permitted by law.

10. Account Deletion

You may request deletion of your Got Tea App account through the in-app account deletion feature or by contacting us at contactus@gottea.in.

When we process an account deletion request, we will delete or de-identify personal information associated with your account, except where retention is required or permitted for legitimate purposes such as:

• Legal, tax, accounting, or audit obligations;
• Fraud prevention, security, and abuse investigations;
• Dispute resolution and enforcement of rights;
• Records necessary to complete transactions or honour lawful obligations.

Deleting the App from your device does not automatically delete your account or backend records.

11. Your Rights

Subject to applicable law, you may have the right to:

• Access information about the personal data we process about you;
• Request correction of inaccurate or misleading personal data;
• Request completion or updating of incomplete or outdated personal data;
• Request erasure of personal data where retention is no longer necessary or legally required;
• Withdraw consent where processing is based on consent;
• Manage App permissions through your device settings;
• Request grievance redressal;
• Nominate another individual to exercise your rights in the event of death or incapacity, where applicable under law.

To exercise these rights, contact us at contactus@gottea.in or contact the Grievance Officer listed below. We may need to verify your identity before acting on your request.

12. Children and Minors

The App is not intended for users below 13 years of age. If you are between 13 and 18 years of age, you should use the App only with the involvement and consent of a parent or legal guardian where required by applicable law.

If we become aware that we have collected personal information from a child or minor in a manner not permitted by law, we may delete the information, restrict the account, or take other appropriate steps.

13. Marketing and Communications

We may send you service messages, reward alerts, streak reminders, offers, promotions, and App updates through push notifications, SMS, email, in-app messages, or other channels, where permitted by law and in line with your preferences.

You can manage push notification permissions in your device settings and in the App where available. Some service or transactional messages may still be sent where required for account, security, legal, or operational purposes.

14. International Transfers

Our service providers, cloud infrastructure, and technical systems may process or store information in India or other countries. Where personal information is transferred outside India, we will take steps required by applicable law and use appropriate safeguards or contractual arrangements where necessary.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, App features, legal requirements, or operational needs.

If we make material changes, we will notify you by posting the updated Privacy Policy in the App, on our website, or through another appropriate method. The updated Privacy Policy will be effective from the date stated at the top unless otherwise specified.

You should review this Privacy Policy periodically.

16. Grievance Redressal

If you have any questions, requests, or grievances regarding this Privacy Policy or our processing of your personal information, you may contact:

Grievance Officer: Armaan Bindra
Email: armaan@gottea.in
Contact Number: +918851194815
Postal Address: Khasra No. 258, Lane Number 3, Saidulajab, New Delhi, Delhi, 110030

We will address your request or grievance in accordance with applicable law.

17. Contact Us

For general privacy questions or support, contact:

Email: contactus@gottea.in

Postal Address:
THEGOT HOSPITALITY PVT LTD
Got Tea
Property No. 2., Ground Floor
B-6 Market, Safdarjung Enclave
New Delhi, 110029
India