This Policy applies to all current and former visitors, users, and others who access or use our Services. By accessing or using our Services, you understand and agree to the collection, use, sharing, and processing of Personal Information as described in this Policy.

By using our Services, you expressly provide free, specific, informed, and unambiguous consent to Honestly to collect, use, and disclose your Personal Information in accordance with this Policy. You have the right to withdraw this consent at any time. If you do not agree with the terms of this Policy, please do not use our Services.

Personal Information

Information that relates to a natural person, which, either directly or indirectly, in combination with other information, is capable of identifying such a person. This includes, but is not limited to:

• Contact Information: Mobile phone number, name, and profile picture.
• Order History: Product information imported from third-party e-commerce platforms (only product data is imported; no personal information from these platforms is collected).
• Contacts: Information from your contacts/address book when you choose to share it with us via "Contacts" permission.
• User Content: Searches, reviews, suggestions, edits to product information and imagery, collections, and other content you provide through the Services.
• Usage Data Information about how you use our Services, including interactions with content and other users.
• Search Data: Information you provide when using our search features, including search queries for products, brands, ingredients, skincare concerns, and other information provided is collected to personalize and improve your experience.

Sensitive Personal Data or Information (SPDI)

• Authentication Data: OTPs and related authentication information used during sign-up and login (managed by third-party services).
• Profile Information: Any demographic related, health-related information you may voluntarily provide in your searches or notes or reviews.

Non-Personal Information

Information that does not specifically identify an individual. This may include:

• Aggregated data on product popularity
• Anonymous usage statistics
• General demographic information not linked to individuals

We collect information in the following ways:

• Directly from You: When you register, update your account, upload a profile picture, create content (searches, reviews, collections), share your contacts, or communicate with us.
• Search Interactions: When you use our search feature, we automatically record the search queries you enter and the product details you view. This helps us provide better product recommendations and more relevant results.
• From Third Parties: When you import your order history from different e-commerce stores via third-party services (e.g., Reclaim Protocol at reclaimprotocol.org).
• Automatically: Through event tracking software, we collect information about your interactions with our Services. This helps us understand user behavior and improve our app functionality.
• Third-Party Services: We use several third-party services (e.g., for OTP authentication, data import, analytics) which may collect information as part of providing their services.

We use the collected information to:

• Provide and Improve Services: Deliver the functionalities of our app, including search and recommendation, browsing products, viewing ingredient information, creating and sharing collections, and collaborating with friends.
• Authentication: Verify your identity during sign-up and login using mobile number and OTP.
• Personalization: Customize your experience, such as showing you content based on your interests and interactions.
• Social Features: Enable you to collaborate with friends, view friends' notes/experiences, and share collections.
• Communication: Send you service-related notifications via WhatsApp, push notifications, or other means, which you can opt out of at any time.
• Security: Detect and prevent fraud, abuse, and other harmful activities.
• Legal Compliance: Comply with legal obligations and enforce our Terms of Service.

As a data principal under the DPDPA, you have the following rights:

• Right to Access: Request access to the personal data we hold about you.
• Right to Correction: Request correction of inaccurate or incomplete personal data.
• Right to Erasure: Request deletion of your personal data under certain circumstances.
• Right to Data Portability: Receive your personal data in a structured, commonly used, and machine-readable format.
• Right to Withdraw Consent: Withdraw your consent to processing at any time.
• Right to Nominate: Nominate a person to exercise your rights in the event of death or incapacity.
• Right to Grievance Redressa: Lodge a complaint with us or the Data Protection Board if your rights are violated.

To exercise these rights, please contact our Data Protection Officer at help@askhonestly.ai

As a data fiduciary, Honestly commits to:

• Fair and Lawful Processing: Process personal data fairly and reasonably, ensuring transparency.
• Purpose Limitation: Collect personal data only for specified, explicit, and legitimate purposes.
• Data Minimization: Limit the collection and storage of data to what is necessary for the purposes specified.
• Accuracy: Take reasonable steps to ensure that personal data is accurate, complete, and updated.
• Security Safeguards: Implement appropriate security measures to protect personal data against unauthorized access, alteration, disclosure, or destruction.
• Data Breach Notification: Notify the Data Protection Board and affected data principals in the event of a data breach.

Our Services are not intended for individuals under the age of 18. We do not knowingly collect or process personal data of children without verifiable parental consent. If you believe we have collected such data, please contact us immediately.

The Data Protection Board of India oversees the enforcement of the DPDPA. You have the right to approach the Board for any grievances not addressed satisfactorily by us.

We retain data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. All data is stored in an anonymized form, and data handling is conducted in an aggregated and anonymized manner. When we no longer need the data, we delete it.

We use automated decision-making processes for the following purposes:

• User Authentication: Verify your mobile number and OTP during sign-up and login (managed by third-party services).
• Order History Integration: Automatically integrate your order history from third-party platforms via Reclaim Protocol.
• Content Personalization: Provide personalized content and recommendations based on your interactions, including search queries and any skincare-related information you voluntarily provide.
• Social Connections: Use your shared contacts to connect you with friends and display their notes/experiences.
• Communications: Send automated notifications via WhatsApp and push notifications.

We ensure that automated decisions do not have legal or similarly significant effects without appropriate safeguards.

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the Data Protection Board without undue delay, typically within 72 hours of becoming aware of the breach.

For any grievances or queries regarding your personal data, please contact our Grievance Officer at v@askhonestly.ai. We will acknowledge your complaint within 24 hours and strive to resolve it within 15 days.

We may send you promotional communications based on your preferences. You have the right to opt out of these communications at any time by following the unsubscribe instructions or contacting us.

We may share your information with:

• Service Providers: Third-party vendors who assist us in providing our Services (e.g., authentication services, data import services, analytics providers).
• Social Features: Other users, when you share content or interact with friends (e.g., sharing collections, viewing friends' notes/experiences).
• Legal Obligations: Regulatory and legal authorities when required by law or to protect our rights.
• Business Transfers: In connection with a merger, acquisition, or sale of all or a portion of our assets.

We require that any third parties with whom we share data adhere to similar levels of data protection as required by the DPDPA.

We use event tracking software to monitor app usage, analyze user interactions, and enhance our Services. This data is collected in an anonymized and aggregated manner. You can control certain data collection preferences through your device settings.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing and against accidental loss, destruction, or damage. This includes encryption, secure storage, and access controls.

You have choices regarding the collection and use of your information:

• Communications: You can opt out of receiving promotional communications by following the unsubscribe instructions or contacting us.
• Contacts Sharing: You can choose not to share your contacts; however, this may limit certain social features.
• Notifications: You can manage push notifications and WhatsApp messages through your device settings or app preferences.
• Data Deletion: You can request deletion of your personal data under certain circumstances.

To exercise Data Deletion, please contact us at help@askhonestly.ai or use the in-app option on your settings page in order to proceed with the deletion. Your data will be deleted within 72 hours after your confirmation.

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices or content of these third parties. We encourage you to review the privacy policies of any third-party sites or services you use.

We may update this Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the new Policy on this page and updating the "Updated as on" date at the top. We encourage you to review this Policy periodically for any changes.

If you have any questions about this Privacy Policy, please contact us at:

MadRat 24 Labs Pvt Ltd

HD-189, WeWork Salarpuria Symbiosis, Venugopal Reddy Layout, Arekere, Bangalore, Karnataka 560076

Email: v@askhonestly.ai

Phone: +91-9818076312

For data protection inquiries, you can reach our Data Protection Officer at privacy@MADRAT24LABSPVTLTD.onmicrosoft.com. For grievances, please contact our Grievance Officer at help@askhonestly.ai

Effective Date: 7 April, 2025

Please note that by continuing to use our Services after any changes to this Policy, you accept the updated terms.