Privacy Policy — Bandwidth Meals

Section 01

Who We Are

This Privacy Policy applies to BANDWIDTH (trading as Bandwidth Meals), a sole proprietorship providing daily tiffin subscription services at bandwidthmeals.com in the Newtown–Kolkata region.

80, Saradanagar Chandiberia, Krishnapur, Ward No-30, Bidhannagar-Rajarhat Municipal Corporation, North 24 Parganas, West Bengal – 700102

hello@bandwidthmeals.com

WhatsApp Support

Section 02

Information We Collect

We collect only what is necessary to deliver your meals and manage your subscription.

Information you provide directly:

Account details: Full name, email address, mobile number
Delivery information: Home or office address, GPS location (optional), delivery area
Meal preferences: Base choice (Rice / Roti / Other), dietary category (Omnivore / Egg-vore / Vegetarian), meal slot (Lunch / Dinner / Both)
Subscription data: Plan type, plan start and end dates, meals remaining, skip dates, rollover credits
Payment records: Transaction ID, amount paid, gateway used (Razorpay / Zaakpay). We do not store card numbers, CVV, or UPI PINs — these are handled entirely by our payment processor.

Information collected automatically:

Browser type and device type (for PWA compatibility)
Login timestamps and session data (for security)
App usage patterns (which screens you visit, button interactions)

Section 03

How We Use Your Information

Meal delivery: Your address and meal slot are shared with our kitchen and delivery staff to fulfil your daily order.
Subscription management: To track your plan, meals remaining, skip days, and renewal dates.
Payment processing: To initiate and verify payments via our gateway partners.
Communications: To send meal reminders, delivery confirmations, and subscription updates via WhatsApp and email.
Service improvement: Aggregate, anonymised usage data helps us improve delivery timings and menu options.
Legal compliance: To maintain records required under Indian tax and commercial law.

We do not sell, rent, or trade your personal data to any third party for marketing purposes — ever.

Section 04

Third-Party Services We Use

We use the following trusted third-party services to operate our platform. Each has its own privacy policy.

Firebase (Google LLC): Our database, authentication, and cloud infrastructure provider. Data is stored on Google's servers. Firebase Privacy Policy →
Razorpay / Zaakpay (Mobikwik): Payment processing. Your payment details are entered directly on their secure pages and governed by their policies.
WhatsApp (Meta Platforms): We send delivery and subscription notifications to your registered mobile number.
Google Maps: Used for address auto-complete and delivery location tracking. Subject to Google's Privacy Policy.

We only share the minimum data each service needs to perform its function. We do not authorise these providers to use your data for their own marketing purposes.

Section 05

Data Security

All data is transmitted over HTTPS (TLS encryption).
Your account is protected by Google Authentication (OAuth 2.0).
Payment credentials are handled exclusively by our PCI-DSS compliant payment partners — we never see or store them.
Admin access to customer data is restricted to authorised personnel only and protected by multi-factor authentication.
Firebase Security Rules enforce that customers can only access their own data.

Despite these measures, no system is 100% immune to breaches. In the event of a data breach that may affect you, we will notify you at your registered email address within 72 hours of becoming aware of it.

Section 06

Data Retention

Active account data is retained for the duration of your subscription.
Delivery and meal records are retained for 12 months after your last active subscription cycle.
Payment records are retained for 7 years as required under the Income Tax Act, 1961.
Inactive accounts with no subscription activity for 24 months may be deleted after prior notice.

Section 07

Your Rights

You have the right to:

Access: Request a copy of the personal data we hold about you.
Correction: Update inaccurate information directly from your dashboard profile or by contacting us.
Deletion: Request deletion of your account and personal data. Note that payment records required by law cannot be deleted within the statutory retention period.
Portability: Request your data in a machine-readable format.
Opt-out: Opt out of non-essential communications (e.g., promotional WhatsApp messages) by contacting us. Transactional notifications (delivery updates, renewal reminders) cannot be opted out of while your subscription is active.

To exercise any of these rights, contact us at hello@bandwidthmeals.com. We will respond within 7 business days.

Section 08

Cookies & Local Storage

Our web application uses minimal browser storage:

Authentication tokens: Stored in local storage to keep you logged in. Cleared on sign-out.
Preferences: Your meal base choice and UI preferences may be cached locally for faster loading.
PWA cache: Static assets (images, CSS, JS) are cached by the service worker to enable offline access.

We do not use advertising cookies, tracking pixels, or any third-party analytics that profile you across the web.

Section 09

Children's Privacy

Our service is not directed at persons under the age of 18. We do not knowingly collect personal data from minors. If you believe a child has provided us with personal information, please contact us at hello@bandwidthmeals.com and we will delete it promptly.

Section 10

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top and, for material changes, notify you via email or an in-app announcement. Continued use of our service after changes take effect constitutes your acceptance of the revised policy.

Section 11

Contact Us

For any privacy-related queries, requests, or concerns:

hello@bandwidthmeals.com

WhatsApp Support

80, Saradanagar Chandiberia, Krishnapur, Ward No-30, North 24 Parganas, West Bengal – 700102