Apna Bazar Woburn – Privacy Policy

1. Scope & Updates

   This Policy explains how we collect, use, disclose, and protect personal information of consumers who use the Application or interact with us offline (e.g., at customer service). We may update this Policy from time to time; material changes will be posted on the Application with an updated effective date. If you continue to use the Services after the effective date, you agree to the updated Policy.

2. Information We Collect

   • Identifiers & contact info. Name, email, phone number, delivery/pickup addresses, IP address/device identifiers.
   • Commercial data. Shopping lists, cart contents, purchases, order history, returns/substitutions, gift card balances.
   • Payment info. We use third-party processors to accept payment; we do not store full card numbers or CVV.
   • Geolocation (approximate). For delivery eligibility and fraud prevention.
   • Internet/technical data. Device/browser type, pages viewed, referral/UTM, cookies/SDKs, crash logs.
   • Inferences. Preference profiles to suggest products or weekly baskets.
   • User content. Reviews, ratings, survey responses, support communications.
   • Sensitive data. We do not intentionally collect government IDs or precise geolocation, and we do not collect health records. If you voluntarily provide sensitive data, we will handle it consistent with this Policy and applicable law.

3. Sources of Information

   • Directly from you (checkout, account setup, support).
   • Automatically via cookies, pixels, SDKs, and similar tech when you use the Application.
   • From service providers/partners (payments, analytics, delivery, anti-fraud).

4. How We Use Information

   • Provide the Services (register your account, process orders, deliver/pick up, handle returns).
   • Customer support & communications (order updates, service notices).
   • Personalization & recommendations (suggested baskets, deals).
   • Fraud, security & compliance (detect/prevent fraud, enforce terms, comply with law).
   • Marketing (email/SMS with your consent as required; you can opt out at any time).
   • Analytics & improvement (debugging, measuring performance, optimizing the Application).

5. Disclosures of Information

   We disclose personal information to:

   • Service providers & processors (e.g., hosting, payment processing, logistics/delivery, analytics, customer service, anti-fraud).
   • Business transferees (e.g., merger, acquisition, asset sale).
   • Legal & safety (to comply with law, protect rights, investigate fraud or security incidents).
     We do not sell personal information for money. If we engage in “sharing” or “targeted advertising” as defined by certain state laws, you can opt out (see Section 10).
      

6. Cookies & Online Tracking

   We use first-party and third-party cookies/SDKs for core functionality (e.g., cart, login), analytics, and (if enabled) advertising measurement. You can manage cookies through your browser/device settings and our site controls. Some features may not function without certain cookies.

7. Children’s Privacy (COPPA)

   The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information, contact us and we will delete it consistent with law. (See FTC COPPA guidance and the FTC’s 2025 amendments emphasizing data minimization and deletion. Federal Trade Commission+1)

8. Marketing Communications

   • Email. We follow the CAN-SPAM Act. Marketing emails include an unsubscribe link; service emails (e.g., order confirmations) are transactional. Federal Trade Commission+1
   • SMS. We send marketing texts only with prior express written consent and maintain 1-to-1 seller consent per recent FCC rules; reply STOP to opt out. FCC Docsprivacyanddatasecurityinsight.comReuters

9. Data Security (Massachusetts WISP)

   We maintain a Written Information Security Program (WISP) and administrative, technical, and physical safeguards designed to protect Massachusetts residents’ personal information as required by 201 CMR 17.00 (e.g., access controls, encryption where appropriate, vendor due diligence, employee training). Mass.gov+1

10. Your Privacy Choices & State Rights

    A. Universal controls & advertising choices
    If we use data for targeted advertising or “sharing,” you may opt out via our site controls and, where applicable, we will honor Global Privacy Control (GPC) signals as required by certain state laws (e.g., California) and as they become effective in others (e.g., Connecticut). California DOJ+1CT.gov
    B. Access, deletion, correction & portability
    Depending on your state of residence and our applicability thresholds, you may have rights to access, delete, correct, or export your personal information, and to opt out of targeted ads/sale. These frameworks include:

    • California (CCPA/CPRA) – consumer rights and GPC opt-out requirements. California DOJ
    • Colorado (CPA) – opt out of targeted ads/sale; controller duties. Colorado Attorney General
    • Virginia (VCDPA) – consumer rights and appeals process. Virginia Office of the Attorney GeneralVirginia Law
    • Connecticut (CTDPA) – rights & (as of 2025) GPC-style opt-out signals; recent amendments refine data minimization. CT.gov+1Hunton Andrews Kurth

    How to submit a request. Email support@apnabazarma.com with the subject “Privacy Request” or use the link in our footer (when available). We will verify your request (e.g., by email or order info). You may use an authorized agent where permitted by law. If we deny your request, you may appeal by replying “Appeal” to our decision email (Virginia/Colorado/Connecticut processes).
    Note: Many state laws apply only if a business meets certain thresholds. We will still endeavor to honor reasonable requests and GPC signals in line with applicable law and our technical capabilities.

11. Data Retention

    We retain personal information only for as long as necessary for the purposes described above (e.g., tax/accounting, fraud prevention, warranty/returns), to comply with legal obligations, and to resolve disputes—after which we securely delete or de-identify it consistent with our WISP and applicable law.

12. Third-Party Links, Analytics & Social Features

    The Application may link to third-party sites or include third-party SDKs (e.g., analytics, crash reporting, maps). These parties’ privacy practices are governed by their policies. We are not responsible for third-party content or practices.

13. Massachusetts Data Breach Notice

    If we experience a data breach affecting MA residents, we will provide notices to the MA Attorney General and the Office of Consumer Affairs and Business Regulation (OCABR) and to affected residents as required by M.G.L. c. 93H and guidance—without including the nature of the breach in the consumer notice beyond what is permitted and with credit-monitoring information if required. Mass.govLewis Brisbois
     

14. International Users

    We are U.S.-based and primarily serve U.S. consumers. If you access the Services from outside the U.S., you consent to the transfer of your information to the U.S., where laws may differ from those in your jurisdiction.

15. Your Choices & Controls (Summary)

    • Account: Review/update your information in your account settings.
    • Email opt-out: Use the unsubscribe link in marketing emails.
    • SMS opt-out: Reply STOP.
    • Cookies/ads: Adjust browser/device settings; use our site preferences; send a GPC signal if supported by your browser. California DOJ

16. Do Not Track (DNT)

    Some browsers send DNT signals. There is no consensus on how to respond to DNT. We treat GPC as an opt-out signal where required (see Section 10). California DOJ

17. Security Limitations

    No system is 100% secure. We take reasonable and appropriate measures under 201 CMR 17.00 and industry standards to protect your information, but we cannot guarantee absolute security. Mass.gov

18. California “Shine the Light”

    We do not share personal information with third parties for their own direct marketing purposes. If this changes, we will update this Policy and provide a method to opt out.

19. Contact Us About Privacy

    Questions or requests? Email support@apnabazarma.com or write to: Privacy, Apna Bazar Woburn, 335 Washington St, Woburn, MA 01801, USA.