Privacy Policy

We collect the following types of information:

Personal Information:

• Full name
• Email address
• Phone number
• Delivery address (address line 1 & 2, city, state, pincode)

Financial Information:

• Payment transaction details (order ID, payment ID) — processed via Razorpay
• Booking details (gold quantity, locked rate, EMI plan)
• Payment history and status

Technical Information:

• IP address and device information
• Browser type and version
• Usage data and interaction with the platform
• Authentication data via Google OAuth

We use your information to:

• Process and manage your gold bookings and EMI payments
• Verify your identity and prevent fraud
• Deliver physical gold to your registered address
• Send important notifications about your bookings and payments
• Process referral rewards and cashbacks
• Improve our platform and user experience
• Comply with legal and regulatory obligations
• Respond to your queries and support requests

We share your data with trusted third-party service providers to operate our platform:

• Razorpay — Payment processing. Your payment details are handled directly by Razorpay and governed by their privacy policy. We do not store card or banking credentials.
• Supabase — Database and authentication infrastructure. Your data is stored securely on Supabase's servers in compliance with their data protection standards.
• MSG91 — SMS and WhatsApp notifications for booking confirmations, EMI reminders, and alerts.
• Google — Authentication via Google OAuth (Sign in with Google).
• Vercel — Platform hosting and deployment infrastructure.

We do not sell, rent, or trade your personal information to any third parties for marketing purposes.

Your data is stored on secure cloud servers with encryption at rest and in transit. We implement industry-standard security measures including:

• SSL/TLS encryption for all data transmission
• Row-level security on our database
• Secure authentication via Supabase Auth
• Regular security audits and updates

While we take every reasonable precaution, no internet transmission is 100% secure. We cannot guarantee absolute security of your data.

We retain your personal information for as long as your account is active or as needed to provide our services. Specifically:

• Account data is retained for the duration of your account
• Booking and payment records are retained for 7 years for legal and tax compliance
• Upon account deletion, personal data is anonymised within 30 days

As a user, you have the following rights regarding your personal data:

• Access — Request a copy of the personal data we hold about you
• Correction — Update or correct inaccurate personal information via your dashboard
• Deletion — Request deletion of your account and associated data
• Portability — Request your data in a structured, machine-readable format
• Objection — Object to the processing of your data for specific purposes

To exercise any of these rights, please contact us at support@invora.in. We will respond within 30 days.

Invora uses essential cookies to maintain your session and authentication state. We do not use tracking or advertising cookies. You may disable cookies in your browser settings, but this may affect the functionality of the platform.

Invora is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that a minor has provided us with personal data, we will delete it promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal reasons. We will notify you of significant changes via email or a prominent notice on the platform. Continued use of Invora after changes constitutes acceptance of the revised policy.

In accordance with the Information Technology Act, 2000 and the rules made thereunder, the name and contact details of the Grievance Officer are provided below:

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please reach out to us:

support@invora.in