Setu

Privacy Policy

Digital Personal Data Protection Act, 2023 (India) · Last updated June 2026

This notice explains how personal data is collected and processed when you use the Setu checkout on a merchant's store. The merchant (Data Fiduciary) determines the purposes of processing; Setu acts as a Data Processor on the merchant's behalf.

1. Data we collect

Contact: mobile number (for OTP verification and order updates).
Delivery: name, address, pincode, city and state.
Order: selected product, quantity, amount, and payment method.
Behavioural: anonymous on-site activity (page/product views, scroll, cart) used to gauge purchase intent.

2. Purpose & lawful basis

We process the above only after your explicit consent, for these specific purposes: verifying your identity, fulfilling and delivering your order, sending order updates, and preventing fraud. We do not sell your personal data.

3. Your rights under the DPDP Act

Right to access a summary of your personal data being processed.
Right to correction and erasure of your personal data.
Right to withdraw consent at any time (without affecting prior lawful processing).
Right to grievance redressal and to nominate another person in case of incapacity.

4. Retention

Personal data is retained only as long as necessary for the stated purposes or as required by law, after which it is erased.

5. Security

Data is transmitted over encrypted (HTTPS/TLS) connections. We apply input sanitization, CSRF protection, rate limiting, and access controls, and we do not write personal data (such as phone numbers) into application logs.

6. Grievance Officer

For any privacy request or grievance, contact the merchant's Grievance Officer via the store's listed support channel, or email privacy@setu.app. We respond within the timelines prescribed by the DPDP Act.

This is a product template. Merchants should review and adapt this notice and name a specific Grievance Officer before going live.

‹ Back to checkout